Routers for Sale [7:30650]
I have 3 routers and Hub for Sale. Just unwanted devices and need to sell. All in working order and very willing to negotiate. Please make an offer. I am in sydney australia. Thanks. Thomas Jreige Cisco 803 ISDN Router IOS 12.1 IP Plus + IPSEC 12M Physical Memory 8M Flash Cisco 2501 IOS 12.0 IP Plus 1 Ethernet / 2 Serial ports 16M Physical Memory 8M Flash Cisco 2501 IOS 11.3 IP Plus + 40-bit DES Image 1 Ethernet / 2 Serial ports 4M Physical Memory 8M Flash DTE - DCE Back to Back Serial Cable Netgear EN108 Hub Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30650t=30650 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Routers for sale [7:30651]
I have 3 routers and Hub for Sale. Just unwanted devices and need to sell. All in working order and very willing to negotiate. Please make an offer. I am in sydney australia. Thanks. Thomas Jreige Cisco 803 ISDN Router IOS 12.1 IP Plus + IPSEC 12M Physical Memory 8M Flash Cisco 2501 IOS 12.0 IP Plus 1 Ethernet / 2 Serial ports 16M Physical Memory 8M Flash Cisco 2501 IOS 11.3 IP Plus + 40-bit DES Image 1 Ethernet / 2 Serial ports 4M Physical Memory 8M Flash DTE - DCE Back to Back Serial Cable Netgear EN108 Hub Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30651t=30651 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT - Firewall performance Comparisons - is it quitting time [7:30652]
For quite a while CheckPoint is out performing every single Firewall in the market a specially in the CheckPoint Next Generation Firewall version and with the release of there SecureXL API. It is important to remember that performance is not everything that need to be compared while testing a Firewall. I love the Cisco PIX but the CheckPoint NG is amazing. Gil Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30652t=30652 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Passive Interface Help [7:30648]
Hi, When you make the ethernet interface passive, it means no igrp updates will be sent out on the ethernet interface. It doesn't stop the serial interface from advertising network 12.0.0.0 . Which explains why you can still ping to the ethernet interface. If for some reason you do not want network 12.0.0.0 to be advertised, remove the network 12.0.0.0 statement or use distribute-list to filter out the route. Regards, cheekin - Original Message - From: To: Sent: Wednesday, January 02, 2002 15:03 Subject: Passive Interface Help [7:30648] Happy New Year!! I need a little help on what a passive interface is. From what I can gather, a passive interface does not advertise its route to its neighbor ? Now if that is the case, why can I still ping an interface that is set to passive. Please note: This is excluding directly connected routes. For example, I set my Cisco 2509 ethernet interface to passive. Why can I still ping the ethernet address from my neighboring router Cisco 4000 ? I am running IGRP. Why does the ethernet network show up in its routing table for my Cisco 4000. From poking around with the passive interface command it seems that I can not ping my ethernet address only if I set the Serial interfaces to passive also. This seems odd. I thought if I made an ethernet interface passive, I should not be able to ping it from a neighboring router or any other router since it is not being advertised. Below is a sample of me being able to ping serial 1 off my Cisco 2509 from my Cisco 4000. Serial 1 is not directly connected. Serial 1 is being advertised. Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Cisco2509 ! enable password router ! ip subnet-zero ipx routing 0010.7be8.22f4 ! ! ! ! ! interface Ethernet0 ip address 12.11.12.1 255.255.255.240 no ip directed-broadcast delay 1000 ! interface Serial0 ip address 172.16.18.1 255.255.255.240 no ip directed-broadcast no ip mroute-cache ipx network 3 no fair-queue clockrate 100 ! interface Serial1 ip address 172.17.18.2 255.255.255.240 no ip directed-broadcast clockrate 400 ! router igrp 1 passive-interface Ethernet0 passive-interface Serial0 passive-interface Serial1 offset-list 2 out 11000 Serial0 network 12.0.0.0 network 172.16.0.0 network 172.17.0.0 ! ip classless ! access-list 2 deny 12.11.12.1 ! ! ! ! ! line con 0 transport input none line 1 8 line aux 0 line vty 0 4 password cisco login ! end Cisco2509# Cisco_4000ping 172.17.18.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.17.18.1, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 120/120/124 ms Cisco_4000ping 12.11.12.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.11.12.1, timeout is 2 seconds: . Success rate is 0 percent (0/5) Cisco_4000 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30653t=30648 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
DVD 2 CDR 3656 [7:30654]
COPY ANY DVD MOVIE!! With our revolutionary software you can copy virtually any DVD Movie using your existing equipment! Conventional DVD copying equipment can cost thousands of $$$ Our revolutionary software cost less than the price of 3 DVD Movies! CLICK HERE FOR MORE INFO If you wish to be removed simply Click Here Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30654t=30654 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Security specialisation - MCNS exam tips etc needed [7:30655]
Hi all Does anyone out there know where I can get some practise exams, dumps, web based study guides etc for this exam. All help is appreciated Regards Andrew Larkins BCom, CCNP, CCDA Bytes Technology Networks A Division of the Bytes Technology Group A Member of the Altron Group www.btgroup.co.za visit the press office @ www.itweb.co.za/office/bytes Tel : +27 11 800 9336 Fax : +27 11 800 9496 Mobile : +27 83 656 7214 Email : [EMAIL PROTECTED] OR [EMAIL PROTECTED] This message may contain information which is confidential and subject to legal privilege. If you are not the intended recipient, you may not peruse, use, disseminate, distribute or copy this message. If you have received this message in error, please notify the sender immediately by email, facsimile or telephone and return and/or destroy the original message. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30655t=30655 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
per-user ACL [7:30656]
Does Anybody install filter for dial-up users at 5X00? [GroupStudy.com removed an attachment of type image/gif which had a name of image001.gif] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30656t=30656 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ccna exam info [7:30657]
Hey group- I am interesting in taking the CCNA exam . I need web site information or links witch give example tests , Brain dumps , study guides , lab practices more ... thank you all HAPPY NEW YEAR Eli Aviv Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30657t=30657 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT - Firewall performance Comparisons - is it quitting time [7:30658]
A couple of points, and I will then get off of my soapbox... Checkpoint NG is STILL an application running on UNIX or NT, not a self contained appliance. Personally I love Microsoft (let the flames begin!), however, with the critical updates that I see getting installed on my 2000 and XP workstations I am POSITIVE that I would not want to trust my company security to it. Another point.. Have you ever installed and configured a Checkpoint firewall? You can have the PIX up and running with failover even before you get the OS half installed on the new server that you need to buy for it, thus raising the cost for an already more expensive solution in man-hours and equipment. The PIX is also very interoperable with other devices in the network. You can create PIX to PIX or PIX to IOS or PIX to 3000VPN site-to-site with other offices or home offices with built in 56bit DES or available 3DES . You can tunnel in VPN clients (free Cisco VPN client available). You can tunnel in Microsoft PPTP or L2TP sessions. And one last point, Have you ever had to get support from Checkpoint??? enough said about that one... If you would like to discuss further contact me offline... Tim - Original Message - From: [EMAIL PROTECTED] To: Sent: Wednesday, January 02, 2002 4:05 AM Subject: Re: OT - Firewall performance Comparisons - is it quitting time [7:30652] For quite a while CheckPoint is out performing every single Firewall in the market a specially in the CheckPoint Next Generation Firewall version and with the release of there SecureXL API. It is important to remember that performance is not everything that need to be compared while testing a Firewall. I love the Cisco PIX but the CheckPoint NG is amazing. Gil Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30658t=30658 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT - Firewall performance Comparisons - is it quitting time [7:30659]
Everything that you said is correct and I love that PIX and I have installed it many times with the failover option for high availability, never the less what about clustering, what about logging, and I don't mean Syslog data or the 512 lines that the PDM offers with limited information, I can go on and on about the pros and cons of using platforms like windows, Solaris, Linux. Don't forget the FreeBSD that the Nokia box is based upon which is tightly integrated with the firewall, scalability is the name of the game. I have a lot of experience with every product offered by CheckPoint and there competitors like Cisco, Netscreen and all the other solutions. The only Vendor that can give a good and complete security solution is CheckPoint and if you want to talk about clients, check the functionality of the CheckPoint SecuRemote client of the SecureClient by it self or together with the SCV function. I am not trying to prove the CheckPoint is better every case need a differant solution depends on the people operating the system and the companies specific need (I am an integrator). Personally I believe that CheckPoint has the best security solution on the market today even if I love Cisco's solutions. Gil Tim O'Brien cc: Sent by: Subject: Re: OT - Firewall performance Comparisons - is it quitting time [7:30658] nobody@groups tudy.com 01/02/2002 02:42 PM Please respond to Tim O'Brien A couple of points, and I will then get off of my soapbox... Checkpoint NG is STILL an application running on UNIX or NT, not a self contained appliance. Personally I love Microsoft (let the flames begin!), however, with the critical updates that I see getting installed on my 2000 and XP workstations I am POSITIVE that I would not want to trust my company security to it. Another point.. Have you ever installed and configured a Checkpoint firewall? You can have the PIX up and running with failover even before you get the OS half installed on the new server that you need to buy for it, thus raising the cost for an already more expensive solution in man-hours and equipment. The PIX is also very interoperable with other devices in the network. You can create PIX to PIX or PIX to IOS or PIX to 3000VPN site-to-site with other offices or home offices with built in 56bit DES or available 3DES . You can tunnel in VPN clients (free Cisco VPN client available). You can tunnel in Microsoft PPTP or L2TP sessions. And one last point, Have you ever had to get support from Checkpoint??? enough said about that one... If you would like to discuss further contact me offline... Tim - Original Message - From: [EMAIL PROTECTED] To: Sent: Wednesday, January 02, 2002 4:05 AM Subject: Re: OT - Firewall performance Comparisons - is it quitting time [7:30652] For quite a while CheckPoint is out performing every single Firewall in the market a specially in the CheckPoint Next Generation Firewall version and with the release of there SecureXL API. It is important to remember that performance is not everything that need to be compared while testing a Firewall. I love the Cisco PIX but the CheckPoint NG is amazing. Gil ** The contents of this email and any attachments are confidential. It is intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately and do not disclose the contents to any one or make copies. ** eSafe scanned this email for viruses, vandals and malicious content ** ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30659t=30659 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ccna exam info [7:30657]
If its braindumps your after your in the wrong place. For study guides try www.certificationzone.com. The archives on groupstudy.com will give you all the info you need !!! Phil. --- eli wrote: Hey group- I am interesting in taking the CCNA exam . I need web site information or links witch give example tests , Brain dumps , study guides , lab practices more ... thank you all HAPPY NEW YEAR Eli Aviv [EMAIL PROTECTED] __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30660t=30657 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ccna exam info [7:30657]
Try Wendel Odom's CCNA Exam Certification Guide. Please try to config a router a few times if you haven't yet before you take the CCNA. It will make your knowledge more concrete. For practice tests, try Boson.com, examcram.com, etc. Cisco even has some tests that have the real questions on them (they look real to me). I'm not afraid to show someone how to cheat on a test, as I belive the net is open and exists to share information, for good or bad, and even if you saw all the tasks on a CCIE lab, you're not going to pass without knowing all your stuff. There used to be braindumps on http://leuthard.ch/mcse/640-407.shtml but they were 3 years old by now. I beleive you can try the discussion boards on cramsession.com for more braindumps on all the test up to the CCIE lab. I have even seen CCIE lab braindumps from as recently as Dec. 28, 2001. eli wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hey group- I am interesting in taking the CCNA exam . I need web site information or links witch give example tests , Brain dumps , study guides , lab practices more ... thank you all HAPPY NEW YEAR Eli Aviv Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30661t=30657 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Autosense this ... (add to your knowledgebase) [7:30446]
Someone at Cisco was just telling me about a guy who came in from Korea to take the CCIE lab and during lunch, he called TAC on one of the problems. The TAC tech recognized the problem as a lab problem from his CCIE test, called down to the lab instructors to see if that person was taking the lab, and sure enough he was. He was busted and sent back home. I don't agree with what he did, but I find it amusing none the less. Steven A. Ridder wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Thanks. Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Yes, it's in IEEE 802.3. It's in Clause 28 of the IEEE 802.3 2000 Edition. It might have been in earlier versions too. Priscilla At 02:31 PM 12/31/01, Steven A. Ridder wrote: Is there any standardization for autonegotiation like 802.x or something. I have never heard of anything like it, and maybe that's half the problem? Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Auto-negotiation is infamous for not working as advertised! ;-) It's not just Cisco equipment. There is definitely a problem when introducing older 10BaseT equipment into the equation, which it sounds like Ole did. Perhaps one of the more hardware, physical-layer type engineers remembers more of the details than I do, but from what I understand the 100-Mbps fast link pulses used for auto-negotiation produce enough signal in the frequency band of the 10-Mbps link pulses such that the 10-Mbps chip thinks it sees a signal and doesn't re-negotiate or drop or establish link integrity as it should. It's definitely strange that STP noticed a problem when other applications didn't. I'll have to ponder that one.. Priscilla At 10:26 AM 12/31/01, [EMAIL PROTECTED] wrote: It's been more than once when I've encountered autonegotiation/autosense issues between a Cisco router and Cisco switch. I've even seen problems when both interfaces were 10/100 and both hard-coded to 100/full and the link wouldn't come up. This may a chink in the Cisco armor as I rarely encounter issues with autonegotiation/autosense with other equipment but when I install a new Cisco network, one thing I ALWAYS have to do is go through the 10/100 ports of every switch and look for duplex (and sometimes speed) mismatches. Crazy... Rik -Original Message- From: Kane, Christopher A. [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 29, 2001 11:02 PM To: [EMAIL PROTECTED] Subject: RE: Autosense this ... (add to your knowledgebase) [7:30446] It's unfortunate that sometimes when things break, they don't perform in expected ways. Rather it truly was an Autosense problem or not, who knows. But it brings up a chance to talk about Autosense. I've had it bite me more than once. I've had problems with Autosense that didn't show up until months after installation. It doesn't matter if its Cisco to Cisco or Cisco to another vendor, I've had to lock down ports at certain speeds and modes to solve problems on several occasions. Just to pass along some experience, you may always be better off hard setting your options. Nice persistence Mr. Jensen, it's cool to stick with something until you can make it work. Chris -Original Message- From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 29, 2001 6:14 PM To: [EMAIL PROTECTED] Subject: Re: Autosense this ... (add to your knowledgebase) [7:30446] An interesting read, particularly since I am reviewing Kennedy clark's cisco Lan Switching book prior to reviewing Cat5K and Cat 3920 configuration. I am somewhat surprised at both the phenomenon and the concludion. Spanning tree blocks for particular reasons. when you concluded that your configurations were identical at all offices, does that mean that your port negotiations were set to auto everywhere else? both on the routers and on the local switches? if so, I would expect to see similar problems elsewhere. is it possible that there was a duplicate mac someplace in another part of the bridged network, one that was being picked up by STP and interpreted as a loop? You mention changing macs of interfaces as part of your experimentation. Are you certain that this process was not part of the solution? To be frank, I'm hard pressed to come up with a reason why the FE port on the router would go into blocking. I can see that hapening on the serial port for reasons that have been discussed on this group in the past. I can't come up with a rationale as to why hard setting of speed and duplex would make a difference. I suppose one MIGHT
Re: Autosense this ... (add to your knowledgebase) [7:30446]
Thanks. Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Yes, it's in IEEE 802.3. It's in Clause 28 of the IEEE 802.3 2000 Edition. It might have been in earlier versions too. Priscilla At 02:31 PM 12/31/01, Steven A. Ridder wrote: Is there any standardization for autonegotiation like 802.x or something. I have never heard of anything like it, and maybe that's half the problem? Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Auto-negotiation is infamous for not working as advertised! ;-) It's not just Cisco equipment. There is definitely a problem when introducing older 10BaseT equipment into the equation, which it sounds like Ole did. Perhaps one of the more hardware, physical-layer type engineers remembers more of the details than I do, but from what I understand the 100-Mbps fast link pulses used for auto-negotiation produce enough signal in the frequency band of the 10-Mbps link pulses such that the 10-Mbps chip thinks it sees a signal and doesn't re-negotiate or drop or establish link integrity as it should. It's definitely strange that STP noticed a problem when other applications didn't. I'll have to ponder that one.. Priscilla At 10:26 AM 12/31/01, [EMAIL PROTECTED] wrote: It's been more than once when I've encountered autonegotiation/autosense issues between a Cisco router and Cisco switch. I've even seen problems when both interfaces were 10/100 and both hard-coded to 100/full and the link wouldn't come up. This may a chink in the Cisco armor as I rarely encounter issues with autonegotiation/autosense with other equipment but when I install a new Cisco network, one thing I ALWAYS have to do is go through the 10/100 ports of every switch and look for duplex (and sometimes speed) mismatches. Crazy... Rik -Original Message- From: Kane, Christopher A. [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 29, 2001 11:02 PM To: [EMAIL PROTECTED] Subject: RE: Autosense this ... (add to your knowledgebase) [7:30446] It's unfortunate that sometimes when things break, they don't perform in expected ways. Rather it truly was an Autosense problem or not, who knows. But it brings up a chance to talk about Autosense. I've had it bite me more than once. I've had problems with Autosense that didn't show up until months after installation. It doesn't matter if its Cisco to Cisco or Cisco to another vendor, I've had to lock down ports at certain speeds and modes to solve problems on several occasions. Just to pass along some experience, you may always be better off hard setting your options. Nice persistence Mr. Jensen, it's cool to stick with something until you can make it work. Chris -Original Message- From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 29, 2001 6:14 PM To: [EMAIL PROTECTED] Subject: Re: Autosense this ... (add to your knowledgebase) [7:30446] An interesting read, particularly since I am reviewing Kennedy clark's cisco Lan Switching book prior to reviewing Cat5K and Cat 3920 configuration. I am somewhat surprised at both the phenomenon and the concludion. Spanning tree blocks for particular reasons. when you concluded that your configurations were identical at all offices, does that mean that your port negotiations were set to auto everywhere else? both on the routers and on the local switches? if so, I would expect to see similar problems elsewhere. is it possible that there was a duplicate mac someplace in another part of the bridged network, one that was being picked up by STP and interpreted as a loop? You mention changing macs of interfaces as part of your experimentation. Are you certain that this process was not part of the solution? To be frank, I'm hard pressed to come up with a reason why the FE port on the router would go into blocking. I can see that hapening on the serial port for reasons that have been discussed on this group in the past. I can't come up with a rationale as to why hard setting of speed and duplex would make a difference. I suppose one MIGHT conclude that if the port is in full duplex, the STP process MIGHT see a loop occuring over the two different wire pairs. that's about the only wild rationale I can come up with. And that one is really stretching the point / bug / whatever. In any case, thanks for the good read. Chuck Ole Drews Jensen wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... After a fun evening last night, I have decided not to trust the autosensing on ethernet interfaces anymore. I was at a branch office where the users could not access the corporate network. The router, a 1720 setup
RE: Autosense this ... (add to your knowledgebase) [7:30446]
Auto-negotiation is infamous for not working as advertised! ;-) It's not just Cisco equipment. There is definitely a problem when introducing older 10BaseT equipment into the equation, which it sounds like Ole did. Perhaps one of the more hardware, physical-layer type engineers remembers more of the details than I do, but from what I understand the 100-Mbps fast link pulses used for auto-negotiation produce enough signal in the frequency band of the 10-Mbps link pulses such that the 10-Mbps chip thinks it sees a signal and doesn't re-negotiate or drop or establish link integrity as it should. It's definitely strange that STP noticed a problem when other applications didn't. I'll have to ponder that one.. Priscilla At 10:26 AM 12/31/01, [EMAIL PROTECTED] wrote: It's been more than once when I've encountered autonegotiation/autosense issues between a Cisco router and Cisco switch. I've even seen problems when both interfaces were 10/100 and both hard-coded to 100/full and the link wouldn't come up. This may a chink in the Cisco armor as I rarely encounter issues with autonegotiation/autosense with other equipment but when I install a new Cisco network, one thing I ALWAYS have to do is go through the 10/100 ports of every switch and look for duplex (and sometimes speed) mismatches. Crazy... Rik -Original Message- From: Kane, Christopher A. [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 29, 2001 11:02 PM To: [EMAIL PROTECTED] Subject: RE: Autosense this ... (add to your knowledgebase) [7:30446] It's unfortunate that sometimes when things break, they don't perform in expected ways. Rather it truly was an Autosense problem or not, who knows. But it brings up a chance to talk about Autosense. I've had it bite me more than once. I've had problems with Autosense that didn't show up until months after installation. It doesn't matter if its Cisco to Cisco or Cisco to another vendor, I've had to lock down ports at certain speeds and modes to solve problems on several occasions. Just to pass along some experience, you may always be better off hard setting your options. Nice persistence Mr. Jensen, it's cool to stick with something until you can make it work. Chris -Original Message- From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 29, 2001 6:14 PM To: [EMAIL PROTECTED] Subject: Re: Autosense this ... (add to your knowledgebase) [7:30446] An interesting read, particularly since I am reviewing Kennedy clark's cisco Lan Switching book prior to reviewing Cat5K and Cat 3920 configuration. I am somewhat surprised at both the phenomenon and the concludion. Spanning tree blocks for particular reasons. when you concluded that your configurations were identical at all offices, does that mean that your port negotiations were set to auto everywhere else? both on the routers and on the local switches? if so, I would expect to see similar problems elsewhere. is it possible that there was a duplicate mac someplace in another part of the bridged network, one that was being picked up by STP and interpreted as a loop? You mention changing macs of interfaces as part of your experimentation. Are you certain that this process was not part of the solution? To be frank, I'm hard pressed to come up with a reason why the FE port on the router would go into blocking. I can see that hapening on the serial port for reasons that have been discussed on this group in the past. I can't come up with a rationale as to why hard setting of speed and duplex would make a difference. I suppose one MIGHT conclude that if the port is in full duplex, the STP process MIGHT see a loop occuring over the two different wire pairs. that's about the only wild rationale I can come up with. And that one is really stretching the point / bug / whatever. In any case, thanks for the good read. Chuck Ole Drews Jensen wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... After a fun evening last night, I have decided not to trust the autosensing on ethernet interfaces anymore. I was at a branch office where the users could not access the corporate network. The router, a 1720 setup as a bridge with the same IP address for the FastEthernet as the Serial subinterface, both configured for bridge-group 1. It was connected to a 2620 at the corporate office via a Fractional Frame Relay connection. I changed the switch out with an old spare hub I had lying around, and connected only one workstation from the local network. After starting the router up, I could ping the local workstation, and I could ping devices on the corporate network, so both my FastEthernet and Serial interfaces were working fine. However, I could not ping anything on the corporate network from my workstation, nor could I from a telnet connection to my corporate router ping the workstation, so traffic was not being passed through between the interfaces. That looked like a typical routing
Re: Autosense this ... (add to your knowledgebase) [7:30446]
Is there any standardization for autonegotiation like 802.x or something. I have never heard of anything like it, and maybe that's half the problem? Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Auto-negotiation is infamous for not working as advertised! ;-) It's not just Cisco equipment. There is definitely a problem when introducing older 10BaseT equipment into the equation, which it sounds like Ole did. Perhaps one of the more hardware, physical-layer type engineers remembers more of the details than I do, but from what I understand the 100-Mbps fast link pulses used for auto-negotiation produce enough signal in the frequency band of the 10-Mbps link pulses such that the 10-Mbps chip thinks it sees a signal and doesn't re-negotiate or drop or establish link integrity as it should. It's definitely strange that STP noticed a problem when other applications didn't. I'll have to ponder that one.. Priscilla At 10:26 AM 12/31/01, [EMAIL PROTECTED] wrote: It's been more than once when I've encountered autonegotiation/autosense issues between a Cisco router and Cisco switch. I've even seen problems when both interfaces were 10/100 and both hard-coded to 100/full and the link wouldn't come up. This may a chink in the Cisco armor as I rarely encounter issues with autonegotiation/autosense with other equipment but when I install a new Cisco network, one thing I ALWAYS have to do is go through the 10/100 ports of every switch and look for duplex (and sometimes speed) mismatches. Crazy... Rik -Original Message- From: Kane, Christopher A. [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 29, 2001 11:02 PM To: [EMAIL PROTECTED] Subject: RE: Autosense this ... (add to your knowledgebase) [7:30446] It's unfortunate that sometimes when things break, they don't perform in expected ways. Rather it truly was an Autosense problem or not, who knows. But it brings up a chance to talk about Autosense. I've had it bite me more than once. I've had problems with Autosense that didn't show up until months after installation. It doesn't matter if its Cisco to Cisco or Cisco to another vendor, I've had to lock down ports at certain speeds and modes to solve problems on several occasions. Just to pass along some experience, you may always be better off hard setting your options. Nice persistence Mr. Jensen, it's cool to stick with something until you can make it work. Chris -Original Message- From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 29, 2001 6:14 PM To: [EMAIL PROTECTED] Subject: Re: Autosense this ... (add to your knowledgebase) [7:30446] An interesting read, particularly since I am reviewing Kennedy clark's cisco Lan Switching book prior to reviewing Cat5K and Cat 3920 configuration. I am somewhat surprised at both the phenomenon and the concludion. Spanning tree blocks for particular reasons. when you concluded that your configurations were identical at all offices, does that mean that your port negotiations were set to auto everywhere else? both on the routers and on the local switches? if so, I would expect to see similar problems elsewhere. is it possible that there was a duplicate mac someplace in another part of the bridged network, one that was being picked up by STP and interpreted as a loop? You mention changing macs of interfaces as part of your experimentation. Are you certain that this process was not part of the solution? To be frank, I'm hard pressed to come up with a reason why the FE port on the router would go into blocking. I can see that hapening on the serial port for reasons that have been discussed on this group in the past. I can't come up with a rationale as to why hard setting of speed and duplex would make a difference. I suppose one MIGHT conclude that if the port is in full duplex, the STP process MIGHT see a loop occuring over the two different wire pairs. that's about the only wild rationale I can come up with. And that one is really stretching the point / bug / whatever. In any case, thanks for the good read. Chuck Ole Drews Jensen wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... After a fun evening last night, I have decided not to trust the autosensing on ethernet interfaces anymore. I was at a branch office where the users could not access the corporate network. The router, a 1720 setup as a bridge with the same IP address for the FastEthernet as the Serial subinterface, both configured for bridge-group 1. It was connected to a 2620 at the corporate office via a Fractional Frame Relay connection. I changed the switch out with an old spare hub I had lying around, and connected only one workstation from the local network. After starting the router up, I could ping the local workstation, and I could ping devices on the corporate network, so both my
Re: Autosense this ... (add to your knowledgebase) [7:30446]
Yes, it's in IEEE 802.3. It's in Clause 28 of the IEEE 802.3 2000 Edition. It might have been in earlier versions too. Priscilla At 02:31 PM 12/31/01, Steven A. Ridder wrote: Is there any standardization for autonegotiation like 802.x or something. I have never heard of anything like it, and maybe that's half the problem? Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Auto-negotiation is infamous for not working as advertised! ;-) It's not just Cisco equipment. There is definitely a problem when introducing older 10BaseT equipment into the equation, which it sounds like Ole did. Perhaps one of the more hardware, physical-layer type engineers remembers more of the details than I do, but from what I understand the 100-Mbps fast link pulses used for auto-negotiation produce enough signal in the frequency band of the 10-Mbps link pulses such that the 10-Mbps chip thinks it sees a signal and doesn't re-negotiate or drop or establish link integrity as it should. It's definitely strange that STP noticed a problem when other applications didn't. I'll have to ponder that one.. Priscilla At 10:26 AM 12/31/01, [EMAIL PROTECTED] wrote: It's been more than once when I've encountered autonegotiation/autosense issues between a Cisco router and Cisco switch. I've even seen problems when both interfaces were 10/100 and both hard-coded to 100/full and the link wouldn't come up. This may a chink in the Cisco armor as I rarely encounter issues with autonegotiation/autosense with other equipment but when I install a new Cisco network, one thing I ALWAYS have to do is go through the 10/100 ports of every switch and look for duplex (and sometimes speed) mismatches. Crazy... Rik -Original Message- From: Kane, Christopher A. [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 29, 2001 11:02 PM To: [EMAIL PROTECTED] Subject: RE: Autosense this ... (add to your knowledgebase) [7:30446] It's unfortunate that sometimes when things break, they don't perform in expected ways. Rather it truly was an Autosense problem or not, who knows. But it brings up a chance to talk about Autosense. I've had it bite me more than once. I've had problems with Autosense that didn't show up until months after installation. It doesn't matter if its Cisco to Cisco or Cisco to another vendor, I've had to lock down ports at certain speeds and modes to solve problems on several occasions. Just to pass along some experience, you may always be better off hard setting your options. Nice persistence Mr. Jensen, it's cool to stick with something until you can make it work. Chris -Original Message- From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 29, 2001 6:14 PM To: [EMAIL PROTECTED] Subject: Re: Autosense this ... (add to your knowledgebase) [7:30446] An interesting read, particularly since I am reviewing Kennedy clark's cisco Lan Switching book prior to reviewing Cat5K and Cat 3920 configuration. I am somewhat surprised at both the phenomenon and the concludion. Spanning tree blocks for particular reasons. when you concluded that your configurations were identical at all offices, does that mean that your port negotiations were set to auto everywhere else? both on the routers and on the local switches? if so, I would expect to see similar problems elsewhere. is it possible that there was a duplicate mac someplace in another part of the bridged network, one that was being picked up by STP and interpreted as a loop? You mention changing macs of interfaces as part of your experimentation. Are you certain that this process was not part of the solution? To be frank, I'm hard pressed to come up with a reason why the FE port on the router would go into blocking. I can see that hapening on the serial port for reasons that have been discussed on this group in the past. I can't come up with a rationale as to why hard setting of speed and duplex would make a difference. I suppose one MIGHT conclude that if the port is in full duplex, the STP process MIGHT see a loop occuring over the two different wire pairs. that's about the only wild rationale I can come up with. And that one is really stretching the point / bug / whatever. In any case, thanks for the good read. Chuck Ole Drews Jensen wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... After a fun evening last night, I have decided not to trust the autosensing on ethernet interfaces anymore. I was at a branch office where the users could not access the corporate network. The router, a 1720 setup as a bridge with the same IP address for the FastEthernet as the Serial subinterface, both configured for bridge-group 1. It was connected to a 2620 at the corporate office via a Fractional Frame Relay
MSFC [7:30668]
I have a 6509 switch with 2 MSFC's. I would like to know if I can or should I have the same config on both MSFC's. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30668t=30668 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Autosense this ... (add to your knowledgebase) [7:30446]
It's been more than once when I've encountered autonegotiation/autosense issues between a Cisco router and Cisco switch. I've even seen problems when both interfaces were 10/100 and both hard-coded to 100/full and the link wouldn't come up. This may a chink in the Cisco armor as I rarely encounter issues with autonegotiation/autosense with other equipment but when I install a new Cisco network, one thing I ALWAYS have to do is go through the 10/100 ports of every switch and look for duplex (and sometimes speed) mismatches. Crazy... Rik -Original Message- From: Kane, Christopher A. [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 29, 2001 11:02 PM To: [EMAIL PROTECTED] Subject: RE: Autosense this ... (add to your knowledgebase) [7:30446] It's unfortunate that sometimes when things break, they don't perform in expected ways. Rather it truly was an Autosense problem or not, who knows. But it brings up a chance to talk about Autosense. I've had it bite me more than once. I've had problems with Autosense that didn't show up until months after installation. It doesn't matter if its Cisco to Cisco or Cisco to another vendor, I've had to lock down ports at certain speeds and modes to solve problems on several occasions. Just to pass along some experience, you may always be better off hard setting your options. Nice persistence Mr. Jensen, it's cool to stick with something until you can make it work. Chris -Original Message- From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 29, 2001 6:14 PM To: [EMAIL PROTECTED] Subject: Re: Autosense this ... (add to your knowledgebase) [7:30446] An interesting read, particularly since I am reviewing Kennedy clark's cisco Lan Switching book prior to reviewing Cat5K and Cat 3920 configuration. I am somewhat surprised at both the phenomenon and the concludion. Spanning tree blocks for particular reasons. when you concluded that your configurations were identical at all offices, does that mean that your port negotiations were set to auto everywhere else? both on the routers and on the local switches? if so, I would expect to see similar problems elsewhere. is it possible that there was a duplicate mac someplace in another part of the bridged network, one that was being picked up by STP and interpreted as a loop? You mention changing macs of interfaces as part of your experimentation. Are you certain that this process was not part of the solution? To be frank, I'm hard pressed to come up with a reason why the FE port on the router would go into blocking. I can see that hapening on the serial port for reasons that have been discussed on this group in the past. I can't come up with a rationale as to why hard setting of speed and duplex would make a difference. I suppose one MIGHT conclude that if the port is in full duplex, the STP process MIGHT see a loop occuring over the two different wire pairs. that's about the only wild rationale I can come up with. And that one is really stretching the point / bug / whatever. In any case, thanks for the good read. Chuck Ole Drews Jensen wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... After a fun evening last night, I have decided not to trust the autosensing on ethernet interfaces anymore. I was at a branch office where the users could not access the corporate network. The router, a 1720 setup as a bridge with the same IP address for the FastEthernet as the Serial subinterface, both configured for bridge-group 1. It was connected to a 2620 at the corporate office via a Fractional Frame Relay connection. I changed the switch out with an old spare hub I had lying around, and connected only one workstation from the local network. After starting the router up, I could ping the local workstation, and I could ping devices on the corporate network, so both my FastEthernet and Serial interfaces were working fine. However, I could not ping anything on the corporate network from my workstation, nor could I from a telnet connection to my corporate router ping the workstation, so traffic was not being passed through between the interfaces. That looked like a typical routing problem, but the only problem was that I was not routing, I was bridging, so ? I did a show bridge 1 group and saw that the FastEthernet was in a blocking state by the spanning tree, so something was wrong here. I cleared the arp table on the router and on all other routers and switches. I tried to assign a different mac address to the FE interface. I tried a different workstation. No matter what I did, it kept being in a blocking state. I went in and did a bridge-group 1 spanning-disabled on the interface, and it changed to forwarding state, but I could still not pass traffic through. This is when I called TAC, but after I guided them through to a telnet connection to my routers, they decided after three hours that something weird was going on with the router, and they
Re: Autosense this ... (add to your knowledgebase) [7:30446]
Is there any standardization for autonegotiation like 802.x or something. I have never heard of anything like it, and maybe that's half the problem? Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Auto-negotiation is infamous for not working as advertised! ;-) It's not just Cisco equipment. There is definitely a problem when introducing older 10BaseT equipment into the equation, which it sounds like Ole did. Perhaps one of the more hardware, physical-layer type engineers remembers more of the details than I do, but from what I understand the 100-Mbps fast link pulses used for auto-negotiation produce enough signal in the frequency band of the 10-Mbps link pulses such that the 10-Mbps chip thinks it sees a signal and doesn't re-negotiate or drop or establish link integrity as it should. It's definitely strange that STP noticed a problem when other applications didn't. I'll have to ponder that one.. Priscilla At 10:26 AM 12/31/01, [EMAIL PROTECTED] wrote: It's been more than once when I've encountered autonegotiation/autosense issues between a Cisco router and Cisco switch. I've even seen problems when both interfaces were 10/100 and both hard-coded to 100/full and the link wouldn't come up. This may a chink in the Cisco armor as I rarely encounter issues with autonegotiation/autosense with other equipment but when I install a new Cisco network, one thing I ALWAYS have to do is go through the 10/100 ports of every switch and look for duplex (and sometimes speed) mismatches. Crazy... Rik -Original Message- From: Kane, Christopher A. [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 29, 2001 11:02 PM To: [EMAIL PROTECTED] Subject: RE: Autosense this ... (add to your knowledgebase) [7:30446] It's unfortunate that sometimes when things break, they don't perform in expected ways. Rather it truly was an Autosense problem or not, who knows. But it brings up a chance to talk about Autosense. I've had it bite me more than once. I've had problems with Autosense that didn't show up until months after installation. It doesn't matter if its Cisco to Cisco or Cisco to another vendor, I've had to lock down ports at certain speeds and modes to solve problems on several occasions. Just to pass along some experience, you may always be better off hard setting your options. Nice persistence Mr. Jensen, it's cool to stick with something until you can make it work. Chris -Original Message- From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 29, 2001 6:14 PM To: [EMAIL PROTECTED] Subject: Re: Autosense this ... (add to your knowledgebase) [7:30446] An interesting read, particularly since I am reviewing Kennedy clark's cisco Lan Switching book prior to reviewing Cat5K and Cat 3920 configuration. I am somewhat surprised at both the phenomenon and the concludion. Spanning tree blocks for particular reasons. when you concluded that your configurations were identical at all offices, does that mean that your port negotiations were set to auto everywhere else? both on the routers and on the local switches? if so, I would expect to see similar problems elsewhere. is it possible that there was a duplicate mac someplace in another part of the bridged network, one that was being picked up by STP and interpreted as a loop? You mention changing macs of interfaces as part of your experimentation. Are you certain that this process was not part of the solution? To be frank, I'm hard pressed to come up with a reason why the FE port on the router would go into blocking. I can see that hapening on the serial port for reasons that have been discussed on this group in the past. I can't come up with a rationale as to why hard setting of speed and duplex would make a difference. I suppose one MIGHT conclude that if the port is in full duplex, the STP process MIGHT see a loop occuring over the two different wire pairs. that's about the only wild rationale I can come up with. And that one is really stretching the point / bug / whatever. In any case, thanks for the good read. Chuck Ole Drews Jensen wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... After a fun evening last night, I have decided not to trust the autosensing on ethernet interfaces anymore. I was at a branch office where the users could not access the corporate network. The router, a 1720 setup as a bridge with the same IP address for the FastEthernet as the Serial subinterface, both configured for bridge-group 1. It was connected to a 2620 at the corporate office via a Fractional Frame Relay connection. I changed the switch out with an old spare hub I had lying around, and connected only one workstation from the local network. After starting the router up, I could ping the local workstation, and I could ping devices on the corporate network, so both my
RE: Autosense this ... (add to your knowledgebase) [7:30446]
Auto-negotiation is infamous for not working as advertised! ;-) It's not just Cisco equipment. There is definitely a problem when introducing older 10BaseT equipment into the equation, which it sounds like Ole did. Perhaps one of the more hardware, physical-layer type engineers remembers more of the details than I do, but from what I understand the 100-Mbps fast link pulses used for auto-negotiation produce enough signal in the frequency band of the 10-Mbps link pulses such that the 10-Mbps chip thinks it sees a signal and doesn't re-negotiate or drop or establish link integrity as it should. It's definitely strange that STP noticed a problem when other applications didn't. I'll have to ponder that one.. Priscilla At 10:26 AM 12/31/01, [EMAIL PROTECTED] wrote: It's been more than once when I've encountered autonegotiation/autosense issues between a Cisco router and Cisco switch. I've even seen problems when both interfaces were 10/100 and both hard-coded to 100/full and the link wouldn't come up. This may a chink in the Cisco armor as I rarely encounter issues with autonegotiation/autosense with other equipment but when I install a new Cisco network, one thing I ALWAYS have to do is go through the 10/100 ports of every switch and look for duplex (and sometimes speed) mismatches. Crazy... Rik -Original Message- From: Kane, Christopher A. [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 29, 2001 11:02 PM To: [EMAIL PROTECTED] Subject: RE: Autosense this ... (add to your knowledgebase) [7:30446] It's unfortunate that sometimes when things break, they don't perform in expected ways. Rather it truly was an Autosense problem or not, who knows. But it brings up a chance to talk about Autosense. I've had it bite me more than once. I've had problems with Autosense that didn't show up until months after installation. It doesn't matter if its Cisco to Cisco or Cisco to another vendor, I've had to lock down ports at certain speeds and modes to solve problems on several occasions. Just to pass along some experience, you may always be better off hard setting your options. Nice persistence Mr. Jensen, it's cool to stick with something until you can make it work. Chris -Original Message- From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 29, 2001 6:14 PM To: [EMAIL PROTECTED] Subject: Re: Autosense this ... (add to your knowledgebase) [7:30446] An interesting read, particularly since I am reviewing Kennedy clark's cisco Lan Switching book prior to reviewing Cat5K and Cat 3920 configuration. I am somewhat surprised at both the phenomenon and the concludion. Spanning tree blocks for particular reasons. when you concluded that your configurations were identical at all offices, does that mean that your port negotiations were set to auto everywhere else? both on the routers and on the local switches? if so, I would expect to see similar problems elsewhere. is it possible that there was a duplicate mac someplace in another part of the bridged network, one that was being picked up by STP and interpreted as a loop? You mention changing macs of interfaces as part of your experimentation. Are you certain that this process was not part of the solution? To be frank, I'm hard pressed to come up with a reason why the FE port on the router would go into blocking. I can see that hapening on the serial port for reasons that have been discussed on this group in the past. I can't come up with a rationale as to why hard setting of speed and duplex would make a difference. I suppose one MIGHT conclude that if the port is in full duplex, the STP process MIGHT see a loop occuring over the two different wire pairs. that's about the only wild rationale I can come up with. And that one is really stretching the point / bug / whatever. In any case, thanks for the good read. Chuck Ole Drews Jensen wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... After a fun evening last night, I have decided not to trust the autosensing on ethernet interfaces anymore. I was at a branch office where the users could not access the corporate network. The router, a 1720 setup as a bridge with the same IP address for the FastEthernet as the Serial subinterface, both configured for bridge-group 1. It was connected to a 2620 at the corporate office via a Fractional Frame Relay connection. I changed the switch out with an old spare hub I had lying around, and connected only one workstation from the local network. After starting the router up, I could ping the local workstation, and I could ping devices on the corporate network, so both my FastEthernet and Serial interfaces were working fine. However, I could not ping anything on the corporate network from my workstation, nor could I from a telnet connection to my corporate router ping the workstation, so traffic was not being passed through between the interfaces. That looked like a typical routing
Re: Autosense this ... (add to your knowledgebase) [7:30446]
Someone at Cisco was just telling me about a guy who came in from Korea to take the CCIE lab and during lunch, he called TAC on one of the problems. The TAC tech recognized the problem as a lab problem from his CCIE test, called down to the lab instructors to see if that person was taking the lab, and sure enough he was. He was busted and sent back home. I don't agree with what he did, but I find it amusing none the less. Steven A. Ridder wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Thanks. Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Yes, it's in IEEE 802.3. It's in Clause 28 of the IEEE 802.3 2000 Edition. It might have been in earlier versions too. Priscilla At 02:31 PM 12/31/01, Steven A. Ridder wrote: Is there any standardization for autonegotiation like 802.x or something. I have never heard of anything like it, and maybe that's half the problem? Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Auto-negotiation is infamous for not working as advertised! ;-) It's not just Cisco equipment. There is definitely a problem when introducing older 10BaseT equipment into the equation, which it sounds like Ole did. Perhaps one of the more hardware, physical-layer type engineers remembers more of the details than I do, but from what I understand the 100-Mbps fast link pulses used for auto-negotiation produce enough signal in the frequency band of the 10-Mbps link pulses such that the 10-Mbps chip thinks it sees a signal and doesn't re-negotiate or drop or establish link integrity as it should. It's definitely strange that STP noticed a problem when other applications didn't. I'll have to ponder that one.. Priscilla At 10:26 AM 12/31/01, [EMAIL PROTECTED] wrote: It's been more than once when I've encountered autonegotiation/autosense issues between a Cisco router and Cisco switch. I've even seen problems when both interfaces were 10/100 and both hard-coded to 100/full and the link wouldn't come up. This may a chink in the Cisco armor as I rarely encounter issues with autonegotiation/autosense with other equipment but when I install a new Cisco network, one thing I ALWAYS have to do is go through the 10/100 ports of every switch and look for duplex (and sometimes speed) mismatches. Crazy... Rik -Original Message- From: Kane, Christopher A. [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 29, 2001 11:02 PM To: [EMAIL PROTECTED] Subject: RE: Autosense this ... (add to your knowledgebase) [7:30446] It's unfortunate that sometimes when things break, they don't perform in expected ways. Rather it truly was an Autosense problem or not, who knows. But it brings up a chance to talk about Autosense. I've had it bite me more than once. I've had problems with Autosense that didn't show up until months after installation. It doesn't matter if its Cisco to Cisco or Cisco to another vendor, I've had to lock down ports at certain speeds and modes to solve problems on several occasions. Just to pass along some experience, you may always be better off hard setting your options. Nice persistence Mr. Jensen, it's cool to stick with something until you can make it work. Chris -Original Message- From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 29, 2001 6:14 PM To: [EMAIL PROTECTED] Subject: Re: Autosense this ... (add to your knowledgebase) [7:30446] An interesting read, particularly since I am reviewing Kennedy clark's cisco Lan Switching book prior to reviewing Cat5K and Cat 3920 configuration. I am somewhat surprised at both the phenomenon and the concludion. Spanning tree blocks for particular reasons. when you concluded that your configurations were identical at all offices, does that mean that your port negotiations were set to auto everywhere else? both on the routers and on the local switches? if so, I would expect to see similar problems elsewhere. is it possible that there was a duplicate mac someplace in another part of the bridged network, one that was being picked up by STP and interpreted as a loop? You mention changing macs of interfaces as part of your experimentation. Are you certain that this process was not part of the solution? To be frank, I'm hard pressed to come up with a reason why the FE port on the router would go into blocking. I can see that hapening on the serial port for reasons that have been discussed on this group in the past. I can't come up with a rationale as to why hard setting of speed and duplex would make a difference. I suppose one MIGHT
NAT syntax under subinterface. [7:30672]
If you have a serial0.1 interface and are using this for ip nat outside, what is the correct syntax in defining your PAT or pool of addresses? 1. ip nat inside source list 1 interface serial0.1 overload 2. ip nat inside source list 1 interface serial0:1 overload ? Or does it not matter at all? __ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30672t=30672 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MSFC [7:30668]
You have three choices. 1 Treat the two MSFC's as two individual routers 2 Config-sync, basically you configure the routers individually but from the active router 3 SRM, single router mode, you have a single router config, one active one standby. of coarse this is ASSuming your running hybrid mode In Native mode the box is just a big router and if you have two MSFCs one is active the other standby. see http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_6_3/confg_gd/redund.htm Dave [EMAIL PROTECTED] wrote: I have a 6509 switch with 2 MSFC's. I would like to know if I can or should I have the same config on both MSFC's. -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30673t=30668 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP Exam [7:30674]
Hi all, I have passed Remote Access exam today , there are 77 Questions with 2 hour time. There are appox. 10 questions on typing command but you need not memorize the command because there are list of choices to be selected. I plan to take CIT next month, is there any useful information that could be supplied to me ? Best Regards, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30674t=30674 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT - Firewall performance Comparisons - is it quitting time [7:30675]
Funky Unix exploits tend to only happen when people for some odd reason, decide to open up public services on those machines. The same problem exists with NT, but usually it has silly libraries sploits as well. Any decent security admin can lock down any box running any OS. The problem I would fear of using an OS based vs appliance based is making sure they cannot do more damage with it. A hacked unix box can do oodles more damage than a hacked windows box. Of course, you can lockdown the amount of binaries on the machine to make it very hard to continue attacking. These are super hardened boxes. Disabling services, any good admin can do in his sleep. Hardening the box by removing specific binaries is a bit more difficult. Have you checked the Nokia 440s or 330s appliance like boxes? They run a BSD variant (IIRC), and are quite secure OS wise. Yes, checkpoint runs on them as well. Now, Checkpoint's security issues, that's a different story. You will find most of the security holes in checkpoint are because of checkpoint itself, not the OS. As for running it under NT, all I can say to the man who suggested it is, What are you thinking?. On the side, Pix has flaws too. To be fair, I do not think there has been any firewall product released without a security exploit either in it's rule handling or in it's management interface. I think checkpoint can interoperate between some other devices as well. So this is not a big deal. Supposedly, skip checkpoint specific tech support and get it from Nokia. Nokia surprisingly has better checkpoint guys than checkpoint themselves. I agree that anything command line based can be configured far faster. I think we all know the reason why people still go with checkpoint. For some odd reason, some companies either believe that having an easier to use firewall will allow for a more secure network. (insert your laughter here). Or they believe that command line firewalls are too hard to use. (insert more laughter) Sigh. My take on it. If you do not understand firewalling theory, you will not understand it with or without a GUI. Syntax aside, but that's trivial. Ask any programmer who can make this analogy. The key is understanding fundamentals, not understanding mouse clicks. Finally, I am not arguing for or against the Pix or Checkpoint. Personally, I find they both have glaring problems that I am shocked to find. They also have their own specific advantages. However, I find some of your points are not necessarily valid. At 07:42 AM 1/2/02 -0500, Tim O'Brien wrote: A couple of points, and I will then get off of my soapbox... Checkpoint NG is STILL an application running on UNIX or NT, not a self contained appliance. Personally I love Microsoft (let the flames begin!), however, with the critical updates that I see getting installed on my 2000 and XP workstations I am POSITIVE that I would not want to trust my company security to it. Another point.. Have you ever installed and configured a Checkpoint firewall? You can have the PIX up and running with failover even before you get the OS half installed on the new server that you need to buy for it, thus raising the cost for an already more expensive solution in man-hours and equipment. The PIX is also very interoperable with other devices in the network. You can create PIX to PIX or PIX to IOS or PIX to 3000VPN site-to-site with other offices or home offices with built in 56bit DES or available 3DES . You can tunnel in VPN clients (free Cisco VPN client available). You can tunnel in Microsoft PPTP or L2TP sessions. And one last point, Have you ever had to get support from Checkpoint??? enough said about that one... If you would like to discuss further contact me offline... Tim - Original Message - From: [EMAIL PROTECTED] To: Sent: Wednesday, January 02, 2002 4:05 AM Subject: Re: OT - Firewall performance Comparisons - is it quitting time [7:30652] For quite a while CheckPoint is out performing every single Firewall in the market a specially in the CheckPoint Next Generation Firewall version and with the release of there SecureXL API. It is important to remember that performance is not everything that need to be compared while testing a Firewall. I love the Cisco PIX but the CheckPoint NG is amazing. Gil -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30675t=30675 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNPR640-519 test [7:30677]
I need to re certify for CCNP this comming June 2002. Has anyone taken the (CCNPR640-519) test? How did you prepare for this test? I don't see any specific study books for this. Thanks -- John A. Gesualdi,CCNP, CCDP, MCSE 2000 [EMAIL PROTECTED] The Providence Journal Company Phone (401)277-8133 Pager (401)785-6938 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30677t=30677 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Passive Interface Help [7:30648]
The passive-interface command stops routing updates from exiting that interface or--in the case of EIGRP, OSPF, and IS-IS--it stop hello packets from exiting which keeps neighbor relationships from forming. This command won't keep a connected network from showing up in your routing table. If you are connected to another router via ethernet, the ethernet network is directly connected and does not need to be advertised by a routing protocol to show up in your routing table. To test this, add a loopback address on the remote router that is in the same major network as the ethernet address. You shouldn't be able to ping that because your local router should not be aware of it. HTH, John [EMAIL PROTECTED] 1/2/02 12:03:49 AM Happy New Year!! I need a little help on what a passive interface is. From what I can gather, a passive interface does not advertise its route to its neighbor ? Now if that is the case, why can I still ping an interface that is set to passive. Please note: This is excluding directly connected routes. For example, I set my Cisco 2509 ethernet interface to passive. Why can I still ping the ethernet address from my neighboring router Cisco 4000 ? I am running IGRP. Why does the ethernet network show up in its routing table for my Cisco 4000. From poking around with the passive interface command it seems that I can not ping my ethernet address only if I set the Serial interfaces to passive also. This seems odd. I thought if I made an ethernet interface passive, I should not be able to ping it from a neighboring router or any other router since it is not being advertised. Below is a sample of me being able to ping serial 1 off my Cisco 2509 from my Cisco 4000. Serial 1 is not directly connected. Serial 1 is being advertised. Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Cisco2509 ! enable password router ! ip subnet-zero ipx routing 0010.7be8.22f4 ! ! ! ! ! interface Ethernet0 ip address 12.11.12.1 255.255.255.240 no ip directed-broadcast delay 1000 ! interface Serial0 ip address 172.16.18.1 255.255.255.240 no ip directed-broadcast no ip mroute-cache ipx network 3 no fair-queue clockrate 100 ! interface Serial1 ip address 172.17.18.2 255.255.255.240 no ip directed-broadcast clockrate 400 ! router igrp 1 passive-interface Ethernet0 passive-interface Serial0 passive-interface Serial1 offset-list 2 out 11000 Serial0 network 12.0.0.0 network 172.16.0.0 network 172.17.0.0 ! ip classless ! access-list 2 deny 12.11.12.1 ! ! ! ! ! line con 0 transport input none line 1 8 line aux 0 line vty 0 4 password cisco login ! end Cisco2509# Cisco_4000ping 172.17.18.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.17.18.1, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 120/120/124 ms Cisco_4000ping 12.11.12.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.11.12.1, timeout is 2 seconds: . Success rate is 0 percent (0/5) Cisco_4000 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30676t=30648 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco LRE ( Long Reach Ethernet ) [7:30678]
I actually saw a quite humorous demo of this on an IP Telephony seminar in mid october. The network cabling was made up of a pair of car battery cables (including clamps and all) linked to two huge rolls of barbed wire, old band cable (the white, semi- transparent twowire thingys used as radio and tv antennaes once upon a time) and other non-category 5 cable plus a number of nails, spikes and screws to attach everything. Over this they did the IP Telephony demo with three IP phones of various models and the IP phone software etc. The most fun was seeing all the jaws dropping and hearing (quite) a few versions of Wht the... EoBW - Ethernet over Barbed Wire :-) ** Tony Stohne Relacom AB email: [EMAIL PROTECTED] tel: +46 70 58 34 504 ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30678t=30678 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NAT problems. [7:30679]
I set up nat with basic statements ip nat inside (fast 0) ip nat outside (serial 0.1) ip nat inside soure list 1 interface serial0.1 overload access-list 1 permit 10.0.0.0 0.0.0.255 (This is the only access-list on the box) If I do a show ip nat translations I can see internal external local and global mappings but only for icmp (when the user pings something) and udp - no tcp connections. So, NATPAT is working. The problem is Internet Explorer times out. Can I totally rule out NAT? Anyone had this type of problem? __ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30679t=30679 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NAT syntax under subinterface. [7:30672]
this is the small document that may help you a lot regards, Gabriel Barrios INVENSYS PROCESS SYSTEMS VENEZUELA T: 58-212-2675868 ext. 105 F: 58-212-2670964 M: 58-416-8.235171 C: [EMAIL PROTECTED] -Original Message- From: Larry Brown [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 02, 2002 10:30 AM To: [EMAIL PROTECTED] Subject: NAT syntax under subinterface. [7:30672] If you have a serial0.1 interface and are using this for ip nat outside, what is the correct syntax in defining your PAT or pool of addresses? 1. ip nat inside source list 1 interface serial0.1 overload 2. ip nat inside source list 1 interface serial0:1 overload ? Or does it not matter at all? __ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com [GroupStudy.com removed an attachment of type application/octet-stream which had a name of Cisco - Sample Configuration Using the ip nat outside source list Command.mht] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30680t=30672 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
dialer interface: dial string and time-range [7:30681]
With reference to archive entry: RE: Fail over to 2 ISDN Provider. [7:9899] posted 06/26/2001 I am trying to configure a VPN edge router (801/12.0.7T as it happens). The router has been assigned a static, public IP address for the dialer interface. It is running an encrypted tunnel to another public IP address, as well as NAT between the internet and the internal ethernet interface. I need to optimise the dialing, such that different numbers are dialed at different times of the day. The example quoted above will not work, as the policy routing only applies to the e0 interface, and not to the packets generated by the tunnel. My thoughts are as follows:- 1) Use loopback0 as the fixed IP address. Use 2 dialer interfaces with ip unnumbered loopback0 and dialer-groups using access lists with time-range. How does the routing process cope with this? 2) Use loopback0 as the fixed IP address. Use policy routing on loopback0 to 2 dialer interfaces. Can policy routing be applied to loopback interfaces ?? 3) Use 2 dialer interfaces, each with ip address negotiated, but with different dialer-group and dialer string statements. Then use 2 equal cost static routes. I suspect that this will result in 50% packet loss, as both interfaces spoof as being up. Does Cisco do anything clever here? 4) Use 2 dialer interfaces etc. as before. Use 2 static routes with high metric(AD) as floating statics. Run another routing protocol. Redistribute static routes into the routing protocol, using a distribute-list with an access-list containing time-range statements to perform the filtering. I will try these in my lab this evening. Any thoughts or comments? Chris Read Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30681t=30681 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT - Firewall performance Comparisons - is it quitting time [7:30682]
Having work with both Cisco PIX and Checkpoint Firewall running Nokia platforms, even though I am NOT an expert in both, let me make a few comments: 1) Checkpoint Firewall, even though it is an application, if you run Checkpoint on Nokia Platforms which uses IPSO (netBSD kernel-like), it is very robust, powerful and secure. The Nokia platform is a NAP, just like Cisco PIX. Let me also add that the BSD platform is the most secure platform is the most secure platform one can find. Now, if someone is stupid running Firewall on a general- purpose platform such as Solaris and NT, then he/she should not be in the Firewall business in the first place, 2) Configure Checkpoint/IPSO on Nokia platform is very easy. I use Perl/Expect scripts to setup the nokia ipso box. This task takes less than 10 minutes and very robust. As far as checkpoint is concerns, the point-and-click makes it very easy, 3) If you are working in an Enterprise environment and you have a few PIXes to manage, that might not be so bad. However, if you have at least twenty PIXes to manage, good luck. There is no good management software for PIXes at the moment. Don't talk to me about the CSPM crap running on Windows platforms. May be Cisco will incorporate PIX support in the next release of its Hosting Solution Engine. On the other hand, Checkpoint MDS is second to none. It allows you to manage up to 200 Checkpoint per MDS, 4) You can create VPN between Checkpoint and other vendors such as Netscreen, PIX and other vendors out there and tunnel PPTP and L2TP VPN clients as well. Again, if you are using PPTP as VPN then you should NOT be a Firewall Engineer in the first place, 5) With Cisco PIX, you can not use RSA key authentication, only password is supported. Furthermore, since we are talking about security, PIX uses tftp to upload/download configuration file (clear text). Now tell me if that is good security practices. Furthemore, if you read security bulletin lately, there are lot of holes in version 1 of Secure Shell which PIX supports (Pix does NOT support version 2). With Nokia platforms, you can Secure Copy (scp) to upload/download configuration. The new version of Nokia even supports DSA and SSH version 2 which is very secure, 4) Cisco PIX is pretty much a packet-filtering firewall to me (I don't care what anyone might say otherwise). It is using the same access-list just like Cisco routers. It does have some stateful inspection capabilities but not as much as Checkpoint. If you are looking for a firewall with sheer performance in term of packet-filtering and limited 'stateful' inspection, then PIX might be the right choice. I like the PIX-535 model a lot in term of performance, 5) Yes, support from Checkpoint sucks. Support from Cisco is much better, 6) One thing I like about the PIXes is that it takes about 2 minutes to restore PIX firewall if one happens to crash (due to hardware). It takes about 10 mins to do so with Nokia/Checkpoint, 7) PIX Firewall version 6.0(1) and 6.1(1) and pdm1.1(2) have quite a few security holes especially with the Secure Shell and Secure Socket Layer (SSL) for its Pix Device Manager (PDM). I am saying that PIX is a bad product and Nokia/Checkpoint is a good one. If you are familiar with Unix, you will like Nokia/Checkpoint. On the other hand, if you are already familiar with routers/switches and come from a Windows background, then you will like Cisco PIX. Contact me off-line if you want to discuss this further. - Original Message - From: Tim O'Brien To: Sent: Wednesday, January 02, 2002 7:42 AM Subject: Re: OT - Firewall performance Comparisons - is it quitting time [7:30658] A couple of points, and I will then get off of my soapbox... Checkpoint NG is STILL an application running on UNIX or NT, not a self contained appliance. Personally I love Microsoft (let the flames begin!), however, with the critical updates that I see getting installed on my 2000 and XP workstations I am POSITIVE that I would not want to trust my company security to it. Another point.. Have you ever installed and configured a Checkpoint firewall? You can have the PIX up and running with failover even before you get the OS half installed on the new server that you need to buy for it, thus raising the cost for an already more expensive solution in man-hours and equipment. The PIX is also very interoperable with other devices in the network. You can create PIX to PIX or PIX to IOS or PIX to 3000VPN site-to-site with other offices or home offices with built in 56bit DES or available 3DES . You can tunnel in VPN clients (free Cisco VPN client available). You can tunnel in Microsoft PPTP or L2TP sessions. And one last point, Have you ever had to get support from Checkpoint??? enough said about that one... If you would like to discuss further contact me offline... Tim - Original Message - From: [EMAIL PROTECTED] To: Sent: Wednesday, January 02, 2002 4:05 AM
Re: NAT problems. [7:30679]
I rarely totally rule out anything, it'll come back and bite ya in the arse but I would definately verify your IE setup. If you want to verify TCP telnet to something like route-views.oregon-ix.net Dave Larry Brown wrote: I set up nat with basic statements ip nat inside (fast 0) ip nat outside (serial 0.1) ip nat inside soure list 1 interface serial0.1 overload access-list 1 permit 10.0.0.0 0.0.0.255 (This is the only access-list on the box) If I do a show ip nat translations I can see internal external local and global mappings but only for icmp (when the user pings something) and udp - no tcp connections. So, NATPAT is working. The problem is Internet Explorer times out. Can I totally rule out NAT? Anyone had this type of problem? __ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30683t=30679 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NAT problems. [7:30679]
Could be DNS problem. Try going to http://198.133.219.25/ This is Cisco.com. Probably not a NAT/PAT issue. Regards, Eric -Original Message- From: Larry Brown [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 02, 2002 9:44 AM To: [EMAIL PROTECTED] Subject: NAT problems. [7:30679] I set up nat with basic statements ip nat inside (fast 0) ip nat outside (serial 0.1) ip nat inside soure list 1 interface serial0.1 overload access-list 1 permit 10.0.0.0 0.0.0.255 (This is the only access-list on the box) If I do a show ip nat translations I can see internal external local and global mappings but only for icmp (when the user pings something) and udp - no tcp connections. So, NATPAT is working. The problem is Internet Explorer times out. Can I totally rule out NAT? Anyone had this type of problem? __ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30684t=30679 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: E1 Terms [7:30645]
So far my memory goes...i remember this : a) Multichannel E1 Normal E1 A:A sum of differents speeds to have the total you are paying for. It is similiar to the Letter B. b) Fractional E1 Channelized E1 B:With the 30 channels. You have a portion of the 30 channels this means that you have 256Kbps or a ?fraction? of the 2 MB. it all depends on how much you want to spend. c) Clear Channel unchannelized E1 C:Clear channel= without compression .Without channels in it. All BW available. Line CHSpeed E1 30 2.048 E2 120 8.448 E3 480 34.368 E4 1.920 139.264 T1 24 1.544 T2 96 6.312 T3 672 44.736 T4 4.032 274.176 i expect this may help a little...:-) Regards, Gabriel Gabriel Barrios INVENSYS PROCESS SYSTEMS VENEZUELA T: 58-212-2675868 ext. 105 F: 58-212-2670964 M: 58-416-8.235171 C: [EMAIL PROTECTED] -Original Message- From: amarjeet singh [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 02, 2002 1:25 AM To: [EMAIL PROTECTED] Subject: RE: E1 Terms [7:30645] Dear group, I am confused for some of the terms related to E1 lines. Can some one tell me the differences between these terms. a) Multichannel E1 Normal E1 b) Fractional E1 Channelized E1 c) Clear Channel unchannelized E1 Thanx in advance Amar Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30685t=30645 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Solaris braindumps/exam MC/ material/ web link wanted, I have [7:30688]
Solaris braindumps/exam MC/ material/ web link wanted, I use CCNP/CCNA/MCSE2000 for trade Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30688t=30688 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
test [7:30686]
test Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30686t=30686 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Solaris braindumps/exam MC/ material/ web link wanted, I have [7:30687]
Interested email me Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30687t=30687 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Sniffing my broadband connection to my ISP ??? [7:30689]
Hi Group, I have been sniffing my broadband connection to my ISP today and have a few questions. My main gripe is that I'm being sent around 100 Arp requests per minute, which obviously I cannot resolve. These ARP requests are all originating from my default G/W at the ISP trying to resolve MAC addresses of various users. Can anyone confirm if this is usual or unusual. I cannot see this being correct since if I set my router up to be one of these IP addresses I can resolve it to my MAC address Eth 0 int' or any other mac-address for that matter. They also send me DHCP requests, IGMP requests for group 224.0.0.1 (Which I wish I could join) but cannot and lots of their private address information via the above mentioned ARP's. I also captured an attemt at an inbound TCP connection on a dynamic port which my router RST, thankfully. Are they wasting my B/W ? Thanx, Phil __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30689t=30689 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sniffing my broadband connection to my ISP ??? [7:30689]
Cable modem is a shared medium and you do not have the bandwidth on your segment to yourself. You could compare it to ethernet for practical purposes. The k1d Phil Barker wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Group, I have been sniffing my broadband connection to my ISP today and have a few questions. My main gripe is that I'm being sent around 100 Arp requests per minute, which obviously I cannot resolve. These ARP requests are all originating from my default G/W at the ISP trying to resolve MAC addresses of various users. Can anyone confirm if this is usual or unusual. I cannot see this being correct since if I set my router up to be one of these IP addresses I can resolve it to my MAC address Eth 0 int' or any other mac-address for that matter. They also send me DHCP requests, IGMP requests for group 224.0.0.1 (Which I wish I could join) but cannot and lots of their private address information via the above mentioned ARP's. I also captured an attemt at an inbound TCP connection on a dynamic port which my router RST, thankfully. Are they wasting my B/W ? Thanx, Phil __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30690t=30689 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DHCP, WK2 and default gateway PROBLEM [7:29732]
Just my $.02 ... secondary addresses cover this quite well!! , and then again as we phased providers out ... Thanks! TJ -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 19, 2001 11:26 PM To: [EMAIL PROTECTED] Subject:Re: DHCP, WK2 and default gateway PROBLEMMM + [7:29732] The default gateway has to be on the same subnet as the clients that use it, as you probably know. What is the default gateway? Is it a Cisco router? You could give it a secondary address on the new 192.168.40.0. network. Then use that address for the clients on the 192.168.40.0 subnet as their default gateway. Another thought: what is the subnet mask? I'm assuming it's 255.255.255.0. You could change it temporarily to 255.255.0.0 while doing the changeover. That way 192.168.50.0 and 192.168.40.0 are on the same subnet. Clients with addresses that start with 192.168.40.0 could still use 192.168.50.7 as their default gateway. Priscilla At 10:43 PM 12/19/01, Juan Blanco wrote: Team, I am working in a project for a company that has almost 600 users with static ip. What I have to do is move everyone to a dynamic ip environment, without affecting the current network functionality. The problem that I am having is when I created my new scope in wk2 I am not able to provide the default gateway to my clients because the DG is not the same network like the one in the scope DHCP server(w2k) which is not able to provide my default My scope = 192.168.40.50 .. 100 New segment ip is 192.168.40 DG for the segment is the DG for the others users in the same segment MY DG = 192.168.50.7 How will I be able to define two IP address to the same interface in which both IP address can be define as the DG Thanks, JB Priscilla Oppenheimer http://www.priscilla.com * The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30691t=29732 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Epilog to SPEED DUPLEX settings [7:30692]
As an epilog to my recent e-mail warning about using the AUTO feature of SPEED and/or DUPLEX settings on LAN interfaces, I would like to give you a little extra information: I looked at all the interfaces on my 3548 switch today, and found that the interface that was connected to a 2620 and the interface that was connected to a 2924 was both in 100 mbps half duplex detected by the auto feature. This was the case even thought both the 2620 and the 2924 was manually set to 100 mbps full duplex. This was the case also on an interface connected to a 3COM 100 mbps HUB that I have connected in a room as a test. The Cisco 3548 auto sence feature on that interface had placed it in 100/half. So, the lesson to learn here is that even though both devices are Cisco, you cannot trust the auto sense feature. I will now go the slow but safe way, and manually configure all my LAN interfaces on all my equipment. So, place a big sticker on all your network equipment: NO AUTO SETTINGS. Hth, Ole ~~~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30692t=30692 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco LRE ( Long Reach Ethernet ) [7:30553]
Most local Cisco office have been demo'ing LRE for a few months now. My local office has a demostration kit consisting of a piece of plywood with 3 foot lenths of the following wires connected together: Cat5, Cat3, House Grade wiring used for outlets, and Barbed Wire used in barnyard around the country. Interesting!!! David L. Blair Chuck Larrieu wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Is it slow at work today or what? I was browsing CCO and ran across something called long reach ethernet http://newsroom.cisco.com/dlls/ts_122701.html http://www.cisco.com/warp/public/779/servpro/solutions/long_ethernet/ lots more. Interesting product and market. Interesting, because on the surface, it doesn't seem like it would be less expensive than re-wiring, but if one looks at someplace like a hotel, where ripping walls out to string a new wiring infrastructure would be exceedingly disruptive, it makes sense. Anyone looked into this? done it? this appears to be a very new product to Cisco. the web docs are dated within the last few weeks. Chuck Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30693t=30553 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
question about VPN-IPSEC and NAT [7:30694]
Hello, I have in my organization a cisco router 2600 running NAT and IPSEC56. I want to configure two access-lists. One for inbound access and another one for outbound access and apply it in the same serial line. Does anyone know what are the ports I have to permit to work that job successfull as much inbound as outbound? I had success in configuring internet access and it4s working fine but over IPSEC my users from the other side of VPN can not access my exchange server using VPN. but they can ping it... thanks. Leonardo Borda. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30694t=30694 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Passive Interface Help [7:30648]
Thank you for the info. Now I am a little confused still on the passive interface. If it prevents routing updates from being sent out, why would one want a passive interface. From my understanding, a passive interface would not advertise is routing updates to its neighbor. If that is the case, I am perplexed on why I can ping a passive interface that is being advertised thru a routing protocol. In my case, my neighbor router is seeing an IGRP update for the Ethernet network. Why would you make the Ethernet passive if you can still ping it and see its routing update from a neighboring router via the show ip route ? This is where I get confused by the definition of passive. Any help..I am a rookie as you can see David - Original Message - From: cheekin To: ; Sent: Wednesday, January 02, 2002 4:43 AM Subject: Re: Passive Interface Help [7:30648] Hi, When you make the ethernet interface passive, it means no igrp updates will be sent out on the ethernet interface. It doesn't stop the serial interface from advertising network 12.0.0.0 . Which explains why you can still ping to the ethernet interface. If for some reason you do not want network 12.0.0.0 to be advertised, remove the network 12.0.0.0 statement or use distribute-list to filter out the route. Regards, cheekin - Original Message - From: To: Sent: Wednesday, January 02, 2002 15:03 Subject: Passive Interface Help [7:30648] Happy New Year!! I need a little help on what a passive interface is. From what I can gather, a passive interface does not advertise its route to its neighbor ? Now if that is the case, why can I still ping an interface that is set to passive. Please note: This is excluding directly connected routes. For example, I set my Cisco 2509 ethernet interface to passive. Why can I still ping the ethernet address from my neighboring router Cisco 4000 ? I am running IGRP. Why does the ethernet network show up in its routing table for my Cisco 4000. From poking around with the passive interface command it seems that I can not ping my ethernet address only if I set the Serial interfaces to passive also. This seems odd. I thought if I made an ethernet interface passive, I should not be able to ping it from a neighboring router or any other router since it is not being advertised. Below is a sample of me being able to ping serial 1 off my Cisco 2509 from my Cisco 4000. Serial 1 is not directly connected. Serial 1 is being advertised. Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Cisco2509 ! enable password router ! ip subnet-zero ipx routing 0010.7be8.22f4 ! ! ! ! ! interface Ethernet0 ip address 12.11.12.1 255.255.255.240 no ip directed-broadcast delay 1000 ! interface Serial0 ip address 172.16.18.1 255.255.255.240 no ip directed-broadcast no ip mroute-cache ipx network 3 no fair-queue clockrate 100 ! interface Serial1 ip address 172.17.18.2 255.255.255.240 no ip directed-broadcast clockrate 400 ! router igrp 1 passive-interface Ethernet0 passive-interface Serial0 passive-interface Serial1 offset-list 2 out 11000 Serial0 network 12.0.0.0 network 172.16.0.0 network 172.17.0.0 ! ip classless ! access-list 2 deny 12.11.12.1 ! ! ! ! ! line con 0 transport input none line 1 8 line aux 0 line vty 0 4 password cisco login ! end Cisco2509# Cisco_4000ping 172.17.18.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.17.18.1, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 120/120/124 ms Cisco_4000ping 12.11.12.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.11.12.1, timeout is 2 seconds: . Success rate is 0 percent (0/5) Cisco_4000 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30695t=30648 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: question about VPN-IPSEC and NAT [7:30694]
IP protocol 50 and UDP port 500. If you are doing AH you also need ip protocol 51. -Eric -Original Message- From: Leonardo Borda [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 02, 2002 12:55 PM To: [EMAIL PROTECTED] Subject: question about VPN-IPSEC and NAT [7:30694] Hello, I have in my organization a cisco router 2600 running NAT and IPSEC56. I want to configure two access-lists. One for inbound access and another one for outbound access and apply it in the same serial line. Does anyone know what are the ports I have to permit to work that job successfull as much inbound as outbound? I had success in configuring internet access and it4s working fine but over IPSEC my users from the other side of VPN can not access my exchange server using VPN. but they can ping it... thanks. Leonardo Borda. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30696t=30694 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Passive Interface Help [7:30648]
All part of traffic control. Why waste bandwidth for updates that are not required. example: OSPF domainrouter--IGRP domain the OSPF domain does not require direct knowledge of the IGRP domain, so why send IGRP updates out the interface into the OSPF domain? or visa versa. also, as a matter of basic security design, suppose you have: bunch of usersethernet_interface-router--routing_domain one might consider preventing routing advertisements into the user ethernet domain as a precaution against users who may be running routing protocols on their workstations and creating havoc as a result. I worked on a VPN/RLAN project for a major technology company a few months back. The company had several thousand users on this network, most of whom were engineers. The company had ongoing problems with these engineers testing equipment and services and creating situations where the engineering work caused major problems on their production network. So they opted for static routing to the end user, and suppression of all routing advertisements out any of the VPN tunnels and RLAN connections. Make sense? Chuck CCIEn2002 wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Thank you for the info. Now I am a little confused still on the passive interface. If it prevents routing updates from being sent out, why would one want a passive interface. From my understanding, a passive interface would not advertise is routing updates to its neighbor. If that is the case, I am perplexed on why I can ping a passive interface that is being advertised thru a routing protocol. In my case, my neighbor router is seeing an IGRP update for the Ethernet network. Why would you make the Ethernet passive if you can still ping it and see its routing update from a neighboring router via the show ip route ? This is where I get confused by the definition of passive. Any help..I am a rookie as you can see David - Original Message - From: cheekin To: ; Sent: Wednesday, January 02, 2002 4:43 AM Subject: Re: Passive Interface Help [7:30648] Hi, When you make the ethernet interface passive, it means no igrp updates will be sent out on the ethernet interface. It doesn't stop the serial interface from advertising network 12.0.0.0 . Which explains why you can still ping to the ethernet interface. If for some reason you do not want network 12.0.0.0 to be advertised, remove the network 12.0.0.0 statement or use distribute-list to filter out the route. Regards, cheekin - Original Message - From: To: Sent: Wednesday, January 02, 2002 15:03 Subject: Passive Interface Help [7:30648] Happy New Year!! I need a little help on what a passive interface is. From what I can gather, a passive interface does not advertise its route to its neighbor ? Now if that is the case, why can I still ping an interface that is set to passive. Please note: This is excluding directly connected routes. For example, I set my Cisco 2509 ethernet interface to passive. Why can I still ping the ethernet address from my neighboring router Cisco 4000 ? I am running IGRP. Why does the ethernet network show up in its routing table for my Cisco 4000. From poking around with the passive interface command it seems that I can not ping my ethernet address only if I set the Serial interfaces to passive also. This seems odd. I thought if I made an ethernet interface passive, I should not be able to ping it from a neighboring router or any other router since it is not being advertised. Below is a sample of me being able to ping serial 1 off my Cisco 2509 from my Cisco 4000. Serial 1 is not directly connected. Serial 1 is being advertised. Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Cisco2509 ! enable password router ! ip subnet-zero ipx routing 0010.7be8.22f4 ! ! ! ! ! interface Ethernet0 ip address 12.11.12.1 255.255.255.240 no ip directed-broadcast delay 1000 ! interface Serial0 ip address 172.16.18.1 255.255.255.240 no ip directed-broadcast no ip mroute-cache ipx network 3 no fair-queue clockrate 100 ! interface Serial1 ip address 172.17.18.2 255.255.255.240 no ip directed-broadcast clockrate 400 ! router igrp 1 passive-interface Ethernet0 passive-interface Serial0 passive-interface Serial1 offset-list 2 out 11000 Serial0 network 12.0.0.0 network 172.16.0.0 network 172.17.0.0 ! ip classless ! access-list 2 deny 12.11.12.1 ! ! ! ! ! line con 0 transport input none line 1 8 line aux 0 line vty 0 4 password cisco login ! end Cisco2509# Cisco_4000ping
Re: Re: Passive Interface Help [7:30648]
As I mentioned in my first reply, the passive-interface command operates a little differently depending on the protocol you're using. For protocols that need to establish neighbors--such as EIGRP, OSPF, and IS-IS--this command stops those relationships from forming so no routes will ever be exchanged. In RIP and IGRP, no neighbor relationship is formed. The passive-interface command simply stops the router from sending updates out that interface but it will *not* stop updates from coming in on that interface. This can be a handy feature if you only want to receive routes but not send them. If you are receiving IGRP routes that you don't want to receive, then you need to make sure that you apply this command to both sides of the connection. HTH, John Get your own 800 number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag On Wed, 2 Jan 2002, CCIEn2002 ([EMAIL PROTECTED]) wrote: Thank you for the info. Now I am a little confused still on the passive interface. If it prevents routing updates from being sent out, why would one want a passive interface. From my understanding, a passive interface would not advertise is routing updates to its neighbor. If that is the case, I am perplexed on why I can ping a passive interface that is being advertised thru a routing protocol. In my case, my neighbor router is seeing an IGRP update for the Ethernet network. Why would you make the Ethernet passive if you can still ping it and see its routing update from a neighboring router via the show ip route ? This is where I get confused by the definition of passive. Any help..I am a rookie as you can see David - Original Message - From: cheekin To: ; Sent: Wednesday, January 02, 2002 4:43 AM Subject: Re: Passive Interface Help [7:30648] Hi, When you make the ethernet interface passive, it means no igrp updates will be sent out on the ethernet interface. It doesn't stop the serial interface from advertising network 12.0.0.0 . Which explains why you can still ping to the ethernet interface. If for some reason you do not want network 12.0.0.0 to be advertised, remove the network 12.0.0.0 statement or use distribute-list to filter out the route. Regards, cheekin - Original Message - From: To: Sent: Wednesday, January 02, 2002 15:03 Subject: Passive Interface Help [7:30648] Happy New Year!! I need a little help on what a passive interface is. From what I can gather, a passive interface does not advertise its route to its neighbor ? Now if that is the case, why can I still ping an interface that is set to passive. Please note: This is excluding directly connected routes. For example, I set my Cisco 2509 ethernet interface to passive. Why can I still ping the ethernet address from my neighboring router Cisco 4000 ? I am running IGRP. Why does the ethernet network show up in its routing table for my Cisco 4000. From poking around with the passive interface command it seems that I can not ping my ethernet address only if I set the Serial interfaces to passive also. This seems odd. I thought if I made an ethernet interface passive, I should not be able to ping it from a neighboring router or any other router since it is not being advertised. Below is a sample of me being able to ping serial 1 off my Cisco 2509 from my Cisco 4000. Serial 1 is not directly connected. Serial 1 is being advertised. Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Cisco2509 ! enable password router ! ip subnet-zero ipx routing 0010.7be8.22f4 ! ! ! ! ! interface Ethernet0 ip address 12.11.12.1 255.255.255.240 no ip directed-broadcast delay 1000 ! interface Serial0 ip address 172.16.18.1 255.255.255.240 no ip directed-broadcast no ip mroute-cache ipx network 3 no fair-queue clockrate 100 ! interface Serial1 ip address 172.17.18.2 255.255.255.240 no ip directed-broadcast clockrate 400 ! router igrp 1 passive-interface Ethernet0 passive-interface Serial0 passive-interface Serial1 offset-list 2 out 11000 Serial0 network 12.0.0.0 network 172.16.0.0 network 172.17.0.0 ! ip classless ! access-list 2 deny 12.11.12.1 ! ! ! ! ! line con 0 transport input none line 1 8 line aux 0 line vty 0 4 password cisco login ! end Cisco2509# Cisco_4000ping 172.17.18.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.17.18.1, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 120/120/124
Re: Passive Interface Help [7:30648]
Are these routers directly connected? If so, that explains why you would still be able to ping. Did you try to use loopback interfaces and see if those routes are being announced? ms --- CCIEn2002 wrote: Thank you for the info. Now I am a little confused still on the passive interface. If it prevents routing updates from being sent out, why would one want a passive interface. From my understanding, a passive interface would not advertise is routing updates to its neighbor. If that is the case, I am perplexed on why I can ping a passive interface that is being advertised thru a routing protocol. In my case, my neighbor router is seeing an IGRP update for the Ethernet network. Why would you make the Ethernet passive if you can still ping it and see its routing update from a neighboring router via the show ip route ? This is where I get confused by the definition of passive. Any help..I am a rookie as you can see David - Original Message - From: cheekin To: ; Sent: Wednesday, January 02, 2002 4:43 AM Subject: Re: Passive Interface Help [7:30648] Hi, When you make the ethernet interface passive, it means no igrp updates will be sent out on the ethernet interface. It doesn't stop the serial interface from advertising network 12.0.0.0 . Which explains why you can still ping to the ethernet interface. If for some reason you do not want network 12.0.0.0 to be advertised, remove the network 12.0.0.0 statement or use distribute-list to filter out the route. Regards, cheekin - Original Message - From: To: Sent: Wednesday, January 02, 2002 15:03 Subject: Passive Interface Help [7:30648] Happy New Year!! I need a little help on what a passive interface is. From what I can gather, a passive interface does not advertise its route to its neighbor ? Now if that is the case, why can I still ping an interface that is set to passive. Please note: This is excluding directly connected routes. For example, I set my Cisco 2509 ethernet interface to passive. Why can I still ping the ethernet address from my neighboring router Cisco 4000 ? I am running IGRP. Why does the ethernet network show up in its routing table for my Cisco 4000. From poking around with the passive interface command it seems that I can not ping my ethernet address only if I set the Serial interfaces to passive also. This seems odd. I thought if I made an ethernet interface passive, I should not be able to ping it from a neighboring router or any other router since it is not being advertised. Below is a sample of me being able to ping serial 1 off my Cisco 2509 from my Cisco 4000. Serial 1 is not directly connected. Serial 1 is being advertised. Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Cisco2509 ! enable password router ! ip subnet-zero ipx routing 0010.7be8.22f4 ! ! ! ! ! interface Ethernet0 ip address 12.11.12.1 255.255.255.240 no ip directed-broadcast delay 1000 ! interface Serial0 ip address 172.16.18.1 255.255.255.240 no ip directed-broadcast no ip mroute-cache ipx network 3 no fair-queue clockrate 100 ! interface Serial1 ip address 172.17.18.2 255.255.255.240 no ip directed-broadcast clockrate 400 ! router igrp 1 passive-interface Ethernet0 passive-interface Serial0 passive-interface Serial1 offset-list 2 out 11000 Serial0 network 12.0.0.0 network 172.16.0.0 network 172.17.0.0 ! ip classless ! access-list 2 deny 12.11.12.1 ! ! ! ! ! line con 0 transport input none line 1 8 line aux 0 line vty 0 4 password cisco login ! end Cisco2509# Cisco_4000ping 172.17.18.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.17.18.1, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 120/120/124 ms Cisco_4000ping 12.11.12.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.11.12.1, timeout is 2 seconds: . Success rate is 0 percent (0/5) Cisco_4000 [EMAIL PROTECTED] __ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30699t=30648 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Passive Interface Help [7:30648]
I should also mention that in the ISP environment, this is particularly useful and particularly necessary. According to my reading, ISP's will habitually place all interfaces to the customer side as passive ( for the ISP IGP ) and will then specifically activate interfaces where route and routing protocol advertising should occur. All of the examples surrounding the passive-interface default command ( available in IOS 12.0 and higher ) that I have seen on CCO specifically reference ISP requirements. Essentially, why advertise internal routes and updates out every dial up and DSL connection? Why do your average Joe customers require this? So save their bandwidth for the things they really want - transferring megabytes of pictures via e-mail ;- Chuck Chuck Larrieu wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... All part of traffic control. Why waste bandwidth for updates that are not required. example: OSPF domainrouter--IGRP domain the OSPF domain does not require direct knowledge of the IGRP domain, so why send IGRP updates out the interface into the OSPF domain? or visa versa. also, as a matter of basic security design, suppose you have: bunch of usersethernet_interface-router--routing_domain one might consider preventing routing advertisements into the user ethernet domain as a precaution against users who may be running routing protocols on their workstations and creating havoc as a result. I worked on a VPN/RLAN project for a major technology company a few months back. The company had several thousand users on this network, most of whom were engineers. The company had ongoing problems with these engineers testing equipment and services and creating situations where the engineering work caused major problems on their production network. So they opted for static routing to the end user, and suppression of all routing advertisements out any of the VPN tunnels and RLAN connections. Make sense? Chuck CCIEn2002 wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Thank you for the info. Now I am a little confused still on the passive interface. If it prevents routing updates from being sent out, why would one want a passive interface. From my understanding, a passive interface would not advertise is routing updates to its neighbor. If that is the case, I am perplexed on why I can ping a passive interface that is being advertised thru a routing protocol. In my case, my neighbor router is seeing an IGRP update for the Ethernet network. Why would you make the Ethernet passive if you can still ping it and see its routing update from a neighboring router via the show ip route ? This is where I get confused by the definition of passive. Any help..I am a rookie as you can see David - Original Message - From: cheekin To: ; Sent: Wednesday, January 02, 2002 4:43 AM Subject: Re: Passive Interface Help [7:30648] Hi, When you make the ethernet interface passive, it means no igrp updates will be sent out on the ethernet interface. It doesn't stop the serial interface from advertising network 12.0.0.0 . Which explains why you can still ping to the ethernet interface. If for some reason you do not want network 12.0.0.0 to be advertised, remove the network 12.0.0.0 statement or use distribute-list to filter out the route. Regards, cheekin - Original Message - From: To: Sent: Wednesday, January 02, 2002 15:03 Subject: Passive Interface Help [7:30648] Happy New Year!! I need a little help on what a passive interface is. From what I can gather, a passive interface does not advertise its route to its neighbor ? Now if that is the case, why can I still ping an interface that is set to passive. Please note: This is excluding directly connected routes. For example, I set my Cisco 2509 ethernet interface to passive. Why can I still ping the ethernet address from my neighboring router Cisco 4000 ? I am running IGRP. Why does the ethernet network show up in its routing table for my Cisco 4000. From poking around with the passive interface command it seems that I can not ping my ethernet address only if I set the Serial interfaces to passive also. This seems odd. I thought if I made an ethernet interface passive, I should not be able to ping it from a neighboring router or any other router since it is not being advertised. Below is a sample of me being able to ping serial 1 off my Cisco 2509 from my Cisco 4000. Serial 1 is not directly connected. Serial 1 is being advertised. Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Cisco2509 ! enable password router
OT: SCO System V/386 [7:30701]
Hey guys/gals I know this is really OT but I thought I would throw it out there to see if anyone has any ideas. Iv got a SCO V/386 System and apparently the thing is old that no one remembers the password to itOR is even with the company anymore. Is there a way that I can boot with a floppy into a low level of the OS to extract and passwd file and crack it offline? Anyone know of a program that does this? Any help would be appreciated. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30701t=30701 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cheap lab equipment [7:30702]
Does anyone have recommendations for purchasing cisco lab equipment? I thought I saw a post about a terminal server for ~$650 recently, but can not find it now. Any suggestions? Dan Lockwood Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30702t=30702 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT problems. [7:30679]
I agree. I can say with 100% certainty that it's not NAT/PAT if you have those exact configs in the router. It's IE. Lange, Eric wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Could be DNS problem. Try going to http://198.133.219.25/ This is Cisco.com. Probably not a NAT/PAT issue. Regards, Eric -Original Message- From: Larry Brown [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 02, 2002 9:44 AM To: [EMAIL PROTECTED] Subject: NAT problems. [7:30679] I set up nat with basic statements ip nat inside (fast 0) ip nat outside (serial 0.1) ip nat inside soure list 1 interface serial0.1 overload access-list 1 permit 10.0.0.0 0.0.0.255 (This is the only access-list on the box) If I do a show ip nat translations I can see internal external local and global mappings but only for icmp (when the user pings something) and udp - no tcp connections. So, NATPAT is working. The problem is Internet Explorer times out. Can I totally rule out NAT? Anyone had this type of problem? __ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30703t=30679 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: SCO System V/386 [7:30701]
Google is your friend: http://www.google.com/search?hl=enq=lost+root+password+%2BSCO -Original Message- From: Richard Tufaro [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 02, 2002 12:12 PM To: [EMAIL PROTECTED] Subject: OT: SCO System V/386 [7:30701] Hey guys/gals I know this is really OT but I thought I would throw it out there to see if anyone has any ideas. Iv got a SCO V/386 System and apparently the thing is old that no one remembers the password to itOR is even with the company anymore. Is there a way that I can boot with a floppy into a low level of the OS to extract and passwd file and crack it offline? Anyone know of a program that does this? Any help would be appreciated. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30704t=30701 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Practical Studies by Cisco Press [7:30243]
I haven't read the book yet but I used to work with the author and happily recommend anything that he puts his name to. Knowing the amount of time he put into the book, I'd say that $70 is a steal ! Feargal Feargal Ledwidge [EMAIL PROTECTED] Manager of Network Systems Administration TeraGlobal Communications -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 27, 2001 6:44 PM To: [EMAIL PROTECTED] Subject: Re: CCIE Practical Studies by Cisco Press [7:30243] I hope that we can get someone to do an in-depth review of the book and let us know if it's worth it to add to the library :-) -junovtv _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30705t=30243 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cheap lab equipment [7:30702]
Network hardware is selling 2509's for $595. I purchased one a month ago, and it works great. Also comes with a warranty. Here's the link http://www.networkhardware.com/shopping_weekly.html Shawn - Original Message - From: Dan Lockwood To: Sent: Wednesday, January 02, 2002 3:22 PM Subject: Cheap lab equipment [7:30702] Does anyone have recommendations for purchasing cisco lab equipment? I thought I saw a post about a terminal server for ~$650 recently, but can not find it now. Any suggestions? Dan Lockwood Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30706t=30702 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Passive Interface Help [7:30648]
For that matter, why advertise routes on any leaf network that only has end nodes? In the IP world, most end nodes (workstations) don't care about routing updates. (It could be argued that it would be better if they did so you wouldn't need kludges like HSRP, but in fact, most workstation operating systems don't understand routing updates.) Priscilla At 03:06 PM 1/2/02, Chuck Larrieu wrote: I should also mention that in the ISP environment, this is particularly useful and particularly necessary. According to my reading, ISP's will habitually place all interfaces to the customer side as passive ( for the ISP IGP ) and will then specifically activate interfaces where route and routing protocol advertising should occur. All of the examples surrounding the passive-interface default command ( available in IOS 12.0 and higher ) that I have seen on CCO specifically reference ISP requirements. Essentially, why advertise internal routes and updates out every dial up and DSL connection? Why do your average Joe customers require this? So save their bandwidth for the things they really want - transferring megabytes of pictures via e-mail ;- Chuck Chuck Larrieu wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... All part of traffic control. Why waste bandwidth for updates that are not required. example: OSPF domainrouter--IGRP domain the OSPF domain does not require direct knowledge of the IGRP domain, so why send IGRP updates out the interface into the OSPF domain? or visa versa. also, as a matter of basic security design, suppose you have: bunch of usersethernet_interface-router--routing_domain one might consider preventing routing advertisements into the user ethernet domain as a precaution against users who may be running routing protocols on their workstations and creating havoc as a result. I worked on a VPN/RLAN project for a major technology company a few months back. The company had several thousand users on this network, most of whom were engineers. The company had ongoing problems with these engineers testing equipment and services and creating situations where the engineering work caused major problems on their production network. So they opted for static routing to the end user, and suppression of all routing advertisements out any of the VPN tunnels and RLAN connections. Make sense? Chuck CCIEn2002 wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Thank you for the info. Now I am a little confused still on the passive interface. If it prevents routing updates from being sent out, why would one want a passive interface. From my understanding, a passive interface would not advertise is routing updates to its neighbor. If that is the case, I am perplexed on why I can ping a passive interface that is being advertised thru a routing protocol. In my case, my neighbor router is seeing an IGRP update for the Ethernet network. Why would you make the Ethernet passive if you can still ping it and see its routing update from a neighboring router via the show ip route ? This is where I get confused by the definition of passive. Any help..I am a rookie as you can see David - Original Message - From: cheekin To: ; Sent: Wednesday, January 02, 2002 4:43 AM Subject: Re: Passive Interface Help [7:30648] Hi, When you make the ethernet interface passive, it means no igrp updates will be sent out on the ethernet interface. It doesn't stop the serial interface from advertising network 12.0.0.0 . Which explains why you can still ping to the ethernet interface. If for some reason you do not want network 12.0.0.0 to be advertised, remove the network 12.0.0.0 statement or use distribute-list to filter out the route. Regards, cheekin - Original Message - From: To: Sent: Wednesday, January 02, 2002 15:03 Subject: Passive Interface Help [7:30648] Happy New Year!! I need a little help on what a passive interface is. From what I can gather, a passive interface does not advertise its route to its neighbor ? Now if that is the case, why can I still ping an interface that is set to passive. Please note: This is excluding directly connected routes. For example, I set my Cisco 2509 ethernet interface to passive. Why can I still ping the ethernet address from my neighboring router Cisco 4000 ? I am running IGRP. Why does the ethernet network show up in its routing table for my Cisco 4000. From poking around with the passive interface command it seems that I can not ping my ethernet address only if I set the Serial interfaces to passive also. This seems odd. I thought if I made an ethernet interface passive, I should not be able to
Re: Sniffing my broadband connection to my ISP ??? [7:30689]
It sounds like you are sharing the broadcast domain with a bunch of other stations. The network is bridging on the edge. I think this is normal for cable modem systems. Is that what you are on? Priscilla At 12:23 PM 1/2/02, Phil Barker wrote: Hi Group, I have been sniffing my broadband connection to my ISP today and have a few questions. My main gripe is that I'm being sent around 100 Arp requests per minute, which obviously I cannot resolve. These ARP requests are all originating from my default G/W at the ISP trying to resolve MAC addresses of various users. Can anyone confirm if this is usual or unusual. I cannot see this being correct since if I set my router up to be one of these IP addresses I can resolve it to my MAC address Eth 0 int' or any other mac-address for that matter. They also send me DHCP requests, IGMP requests for group 224.0.0.1 (Which I wish I could join) but cannot and lots of their private address information via the above mentioned ARP's. I also captured an attemt at an inbound TCP connection on a dynamic port which my router RST, thankfully. Are they wasting my B/W ? Thanx, Phil __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30708t=30689 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RIF RC Field Question [7:30637]
The Length field in the RC field indicates the total length of the RIF. Length values will be even values between 2 and 30 inclusive. Source-route bridging is documented in Annex C of IEEE 802.1D MAC Bridges. You can get it for free now from IEEE. There's no need to rely on the sloppy work of authors who pump out multiple books per year. ;-) Get the IEEE docs here: http://standards.ieee.org/getieee802/ Priscilla At 08:04 PM 1/1/02, Jason wrote: All, Is the length field in the RC of a RIF the total size of the RIF or the total size of the RD? According to the Rossi paper it is the total length of the RIF. Pg 5 Bits 12-8 (next 5) bits descrige the total length of the RIF represented in bytes Example from the Rossi paper : 0830 00a1 014f 01e0 (Page 5) However, in the Lammle/Swartz Study guide it is the total length of the RD. Pg 694 The Length field is the number of bytes used by the route descriptors. Example from the Study Guide : 0490 020b 1000 (answer C question 20) Any and all help would be appreciated. Thanks js Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30709t=30637 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: DSL with PPPoE [7:30710]
Just a quick note about my DSL connection with Southwestern Bell. I have read some e-mails in the past about using a SMC router for PPPoE instead of the (crappy) software that comes with the DSL modem (Enternet). I went ahead and installed the SMC Barricade broadband router, and it only took me about 10 minutes to get the router up and configured with my DSL modem and the Enternet software removed. I now have a constant connection to the Internet, so when I turn on my PC, I do not have to login to anything - the Internet is available and ready right away. This SMC router can be purchased for $79.- and among the features I like are: - PPPoE - 4 port LAN connection, so you don't have to use a hub/switch for multiple PC's - Build-in print server with DB25 jack - Build-in com port for use with modem backup dial - Build-in firewall features - Build-in NAT feature I was hoping to do this with a Cisco router, but you just can't compete with the price. Watch for word wrap: http://shopper.cnet.com/shopping/resellers/1,10231,0-7085-311-2319870,00.htm l Hth, Ole ~~~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30710t=30710 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Aeropoint - Cisco CSS 11000 Content switch [7:30711]
Hello- Can anyone share any successes stories and problem areas with the Cisco CSS 11000 Content Services Switch? We're about to begin a migration of dual Local Directors (supporting large ASP model web farm) moving to the CSS 11000. We're upgrading due to bugs and instability we've experienced with the LDs. Would very much appreciate any experiences with the CSS 11000 product. thx kindly.Byron _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30711t=30711 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sniffing my broadband connection to my ISP ??? [7:30689]
Hi, Just to expand on this... The 224.0.0.1 multicast query you're seeing is coming from the cable modem I bet. I have a Surfboard 3100 cable modem and it sends out IGMP queries on 224.0.0.1 frequently. I'm not sure why the cable modem is doing multicast and haven't really looked into it. I think it may only be local to the LAN interface toward your PC but not 100% positive. You can use your web browser to view the log and status of the SB3100 cable modem by the way, you can see the IP in the sniffer trace. If the ARP requests are originating from the ISP default-gateway (first hop router for you) then maybe they have proxy arp enabled. The DHCP requests could be from other users on your segment, or maybe forwarded to a DHCP server on your segment from another segment. Also, since you're on a shared segment with others they may have set up their own networks, etc with their own address space, etc that you might see packets from. Erick --- Priscilla Oppenheimer wrote: It sounds like you are sharing the broadcast domain with a bunch of other stations. The network is bridging on the edge. I think this is normal for cable modem systems. Is that what you are on? Priscilla At 12:23 PM 1/2/02, Phil Barker wrote: Hi Group, I have been sniffing my broadband connection to my ISP today and have a few questions. My main gripe is that I'm being sent around 100 Arp requests per minute, which obviously I cannot resolve. These ARP requests are all originating from my default G/W at the ISP trying to resolve MAC addresses of various users. Can anyone confirm if this is usual or unusual. I cannot see this being correct since if I set my router up to be one of these IP addresses I can resolve it to my MAC address Eth 0 int' or any other mac-address for that matter. They also send me DHCP requests, IGMP requests for group 224.0.0.1 (Which I wish I could join) but cannot and lots of their private address information via the above mentioned ARP's. I also captured an attemt at an inbound TCP connection on a dynamic port which my router RST, thankfully. Are they wasting my B/W ? Thanx, Phil __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com Priscilla Oppenheimer http://www.priscilla.com [EMAIL PROTECTED] __ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30712t=30689 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Configuration Register Question [7:30713]
I was working on a 2611 router and noticed that the configuration register was set to 0x3962 !!! I tried to change it to 0x2102 but says it will change to 0x3922 at the next reload. Just curious if anyone has seen this before and what it means. When I looked at CCO I noticed that they didn't have any information on 0x3000, only 0x1000, 0x2000, 0x4000, and 0x8000. Shawn K. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30713t=30713 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Aeropoint - Cisco CSS 11000 Content switch [7:30711]
We've got one of the original Arrowpoint CSS 100 switches and I love it. They're pretty easy to configure and very reliable. However, we're going to be redesigning that portion of our network and we're seriously considering moving to the competing product by F5. They have a new model that is just coming out called the Big IP 3000 that is exactly what we need. Pricey, but I've heard nothing but great things about them. As far as the Cisco stuff goes, I'm sure you'd be happy with it. I definitely love the one we have. HTH, John Byron 1/2/02 3:16:04 PM Hello- Can anyone share any successes stories and problem areas with the Cisco CSS 11000 Content Services Switch? We're about to begin a migration of dual Local Directors (supporting large ASP model web farm) moving to the CSS 11000. We're upgrading due to bugs and instability we've experienced with the LDs. Would very much appreciate any experiences with the CSS 11000 product. thx kindly.Byron _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30714t=30711 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re : Configuration Register Question [7:30715]
check this url out.. http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/cis4000/4000m/4000sig/vconfig.htm#41058 It has some good info on standard and so called non-std. config. register info. hth Nick _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30715t=30715 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Passive Interface Help [7:30648]
Kludge!!! I'd rather refer to these features as job security :-) Dave Priscilla Oppenheimer wrote: For that matter, why advertise routes on any leaf network that only has end nodes? In the IP world, most end nodes (workstations) don't care about routing updates. (It could be argued that it would be better if they did so you wouldn't need kludges like HSRP, but in fact, most workstation operating systems don't understand routing updates.) Priscilla David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30716t=30648 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sniffing my broadband connection to my ISP ??? [7:30689]
Having proxy ARP enabled on the router would cause the router to send ARP replies not requests. The fact that he sees ARP requests isn't surprising. He's on a shared network. On a shared network you see all the ARP requests from your local router to devices on your network. Priscilla At 05:24 PM 1/2/02, Erick B. wrote: Hi, Just to expand on this... The 224.0.0.1 multicast query you're seeing is coming from the cable modem I bet. I have a Surfboard 3100 cable modem and it sends out IGMP queries on 224.0.0.1 frequently. I'm not sure why the cable modem is doing multicast and haven't really looked into it. I think it may only be local to the LAN interface toward your PC but not 100% positive. You can use your web browser to view the log and status of the SB3100 cable modem by the way, you can see the IP in the sniffer trace. If the ARP requests are originating from the ISP default-gateway (first hop router for you) then maybe they have proxy arp enabled. The DHCP requests could be from other users on your segment, or maybe forwarded to a DHCP server on your segment from another segment. Also, since you're on a shared segment with others they may have set up their own networks, etc with their own address space, etc that you might see packets from. Erick --- Priscilla Oppenheimer wrote: It sounds like you are sharing the broadcast domain with a bunch of other stations. The network is bridging on the edge. I think this is normal for cable modem systems. Is that what you are on? Priscilla At 12:23 PM 1/2/02, Phil Barker wrote: Hi Group, I have been sniffing my broadband connection to my ISP today and have a few questions. My main gripe is that I'm being sent around 100 Arp requests per minute, which obviously I cannot resolve. These ARP requests are all originating from my default G/W at the ISP trying to resolve MAC addresses of various users. Can anyone confirm if this is usual or unusual. I cannot see this being correct since if I set my router up to be one of these IP addresses I can resolve it to my MAC address Eth 0 int' or any other mac-address for that matter. They also send me DHCP requests, IGMP requests for group 224.0.0.1 (Which I wish I could join) but cannot and lots of their private address information via the above mentioned ARP's. I also captured an attemt at an inbound TCP connection on a dynamic port which my router RST, thankfully. Are they wasting my B/W ? Thanx, Phil __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com Priscilla Oppenheimer http://www.priscilla.com [EMAIL PROTECTED] __ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30717t=30689 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Configuration Register Question [7:30713]
It means the baud rate to was set to 38400 bps the other end to which it is connected to - either a PC configured using Hyperterminal or a Terminal server. Let me know if you need anything. Thanks Rajesh Kaminski, Shawn G wrote: I was working on a 2611 router and noticed that the configuration register was set to 0x3962 !!! I tried to change it to 0x2102 but says it will change to 0x3922 at the next reload. Just curious if anyone has seen this before and what it means. When I looked at CCO I noticed that they didn't have any information on 0x3000, only 0x1000, 0x2000, 0x4000, and 0x8000. Shawn K. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30718t=30713 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Aeropoint - Cisco CSS 11000 Content switch [7:30711]
Personally, I hate the CSS... many issues, especially if you use it to distribute load for applications other than HTTP; SQL comes to mind... Not to mention that in my experience, Cisco support doesn't seem to know the box too well... I'm a big Foundry fan... BigIP is also a very solid product line... -Brant - Original Message - From: John Neiberger To: Sent: Wednesday, January 02, 2002 5:39 PM Subject: Re: Aeropoint - Cisco CSS 11000 Content switch [7:30711] We've got one of the original Arrowpoint CSS 100 switches and I love it. They're pretty easy to configure and very reliable. However, we're going to be redesigning that portion of our network and we're seriously considering moving to the competing product by F5. They have a new model that is just coming out called the Big IP 3000 that is exactly what we need. Pricey, but I've heard nothing but great things about them. As far as the Cisco stuff goes, I'm sure you'd be happy with it. I definitely love the one we have. HTH, John Byron 1/2/02 3:16:04 PM Hello- Can anyone share any successes stories and problem areas with the Cisco CSS 11000 Content Services Switch? We're about to begin a migration of dual Local Directors (supporting large ASP model web farm) moving to the CSS 11000. We're upgrading due to bugs and instability we've experienced with the LDs. Would very much appreciate any experiences with the CSS 11000 product. thx kindly.Byron _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30719t=30711 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sniffing my broadband connection to my ISP ??? [7:30689]
Erick, you are seeing 224.0.0.1 Multicast Queries because 224.0.0.1 is reserved for all systems on segment. This is the IP that the IGMP queries are going out to allowing the Router to determine if it needs to request upstream for any Multicast Streams. It is pretty common to see that.. Mike Erick B. wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Just to expand on this... The 224.0.0.1 multicast query you're seeing is coming from the cable modem I bet. I have a Surfboard 3100 cable modem and it sends out IGMP queries on 224.0.0.1 frequently. I'm not sure why the cable modem is doing multicast and haven't really looked into it. I think it may only be local to the LAN interface toward your PC but not 100% positive. You can use your web browser to view the log and status of the SB3100 cable modem by the way, you can see the IP in the sniffer trace. If the ARP requests are originating from the ISP default-gateway (first hop router for you) then maybe they have proxy arp enabled. The DHCP requests could be from other users on your segment, or maybe forwarded to a DHCP server on your segment from another segment. Also, since you're on a shared segment with others they may have set up their own networks, etc with their own address space, etc that you might see packets from. Erick --- Priscilla Oppenheimer wrote: It sounds like you are sharing the broadcast domain with a bunch of other stations. The network is bridging on the edge. I think this is normal for cable modem systems. Is that what you are on? Priscilla At 12:23 PM 1/2/02, Phil Barker wrote: Hi Group, I have been sniffing my broadband connection to my ISP today and have a few questions. My main gripe is that I'm being sent around 100 Arp requests per minute, which obviously I cannot resolve. These ARP requests are all originating from my default G/W at the ISP trying to resolve MAC addresses of various users. Can anyone confirm if this is usual or unusual. I cannot see this being correct since if I set my router up to be one of these IP addresses I can resolve it to my MAC address Eth 0 int' or any other mac-address for that matter. They also send me DHCP requests, IGMP requests for group 224.0.0.1 (Which I wish I could join) but cannot and lots of their private address information via the above mentioned ARP's. I also captured an attemt at an inbound TCP connection on a dynamic port which my router RST, thankfully. Are they wasting my B/W ? Thanx, Phil __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com Priscilla Oppenheimer http://www.priscilla.com [EMAIL PROTECTED] __ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30720t=30689 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Configuration Register Question [7:30713]
Boson's Config Register Calculater (free at www.boson.com) says that your console linespeed is 115200 instead of 9600. Console port speed is set with the higher bits. Berry At 05:38 PM 1/2/2002 -0500, you wrote: I was working on a 2611 router and noticed that the configuration register was set to 0x3962 !!! I tried to change it to 0x2102 but says it will change to 0x3922 at the next reload. Just curious if anyone has seen this before and what it means. When I looked at CCO I noticed that they didn't have any information on 0x3000, only 0x1000, 0x2000, 0x4000, and 0x8000. Shawn K. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30721t=30713 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Sniffing my broadband connection to my ISP ??? [7:30689]
Priscilla, Wouldn't proxy ARP generate an ARP request and an ARP reply if the source and target networks were directly connected to the router? -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 02, 2002 3:54 PM To: [EMAIL PROTECTED] Subject: Re: Sniffing my broadband connection to my ISP ??? [7:30689] Having proxy ARP enabled on the router would cause the router to send ARP replies not requests. The fact that he sees ARP requests isn't surprising. He's on a shared network. On a shared network you see all the ARP requests from your local router to devices on your network. Priscilla At 05:24 PM 1/2/02, Erick B. wrote: Hi, Just to expand on this... The 224.0.0.1 multicast query you're seeing is coming from the cable modem I bet. I have a Surfboard 3100 cable modem and it sends out IGMP queries on 224.0.0.1 frequently. I'm not sure why the cable modem is doing multicast and haven't really looked into it. I think it may only be local to the LAN interface toward your PC but not 100% positive. You can use your web browser to view the log and status of the SB3100 cable modem by the way, you can see the IP in the sniffer trace. If the ARP requests are originating from the ISP default-gateway (first hop router for you) then maybe they have proxy arp enabled. The DHCP requests could be from other users on your segment, or maybe forwarded to a DHCP server on your segment from another segment. Also, since you're on a shared segment with others they may have set up their own networks, etc with their own address space, etc that you might see packets from. Erick --- Priscilla Oppenheimer wrote: It sounds like you are sharing the broadcast domain with a bunch of other stations. The network is bridging on the edge. I think this is normal for cable modem systems. Is that what you are on? Priscilla At 12:23 PM 1/2/02, Phil Barker wrote: Hi Group, I have been sniffing my broadband connection to my ISP today and have a few questions. My main gripe is that I'm being sent around 100 Arp requests per minute, which obviously I cannot resolve. These ARP requests are all originating from my default G/W at the ISP trying to resolve MAC addresses of various users. Can anyone confirm if this is usual or unusual. I cannot see this being correct since if I set my router up to be one of these IP addresses I can resolve it to my MAC address Eth 0 int' or any other mac-address for that matter. They also send me DHCP requests, IGMP requests for group 224.0.0.1 (Which I wish I could join) but cannot and lots of their private address information via the above mentioned ARP's. I also captured an attemt at an inbound TCP connection on a dynamic port which my router RST, thankfully. Are they wasting my B/W ? Thanx, Phil __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com Priscilla Oppenheimer http://www.priscilla.com [EMAIL PROTECTED] __ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30722t=30689 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Problem with VPN over PPPoE ADSL [7:30723]
I have a customer with an ADSL line which uses PPPoE. They are able to establish a VPN tunnel over the DSL line, but they are only able to ping through the tunnel. TCP, UDP and other higher protocols will not work. I heard that there is an issue with doing VPNs over PPPoE ADSL. Does anyone know what the issue is and if there is a solution? Bruce Williams mailto:[EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30723t=30723 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: SSL Accelerators [7:30724]
We are looking at buying some new load balancing switches and new cache engines and somewhere in that mix we want to add SSL acceleration. One vendor that we're looking at sells load balancing switches with SSL acceleration built-in. Of course, they really like their way of doing this. The other vendor has a cache engine with SSL acceleration and they say there is a significant performance increase by caching content in SSL-ready format. Do any of you have any thoughts here? The first vendor is F5 and I really like the looks of their Big IP series. The second vendor is Stratacache and I really don't know much about them despite having talked to them about this. :-) Any tips? Thanks, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30724t=30724 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sniffing my broadband connection to my ISP ??? [7:30689]
As everyone else has said, this is normal for a shared access netowrk. Look for routing protocol updates and other things as well . On ATT's cable-modem network you can see the ospf hello updates, who the DR and BDR is and other things. It can be fun. Try dsniff or some other program and you can see all the traffic on that network :) Be careful though because you will probably get slammed and don't forget to reroute the traffic back out or else someone will know something is wrong. Phil Barker wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Group, I have been sniffing my broadband connection to my ISP today and have a few questions. My main gripe is that I'm being sent around 100 Arp requests per minute, which obviously I cannot resolve. These ARP requests are all originating from my default G/W at the ISP trying to resolve MAC addresses of various users. Can anyone confirm if this is usual or unusual. I cannot see this being correct since if I set my router up to be one of these IP addresses I can resolve it to my MAC address Eth 0 int' or any other mac-address for that matter. They also send me DHCP requests, IGMP requests for group 224.0.0.1 (Which I wish I could join) but cannot and lots of their private address information via the above mentioned ARP's. I also captured an attemt at an inbound TCP connection on a dynamic port which my router RST, thankfully. Are they wasting my B/W ? Thanx, Phil __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30725t=30689 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Configuration Register Question [7:30713]
Thanks for all the replies. Berry, thanks for the link to the Config Register Calculator! You were correct regarding the console linespeed. It was set at 115200. I changed it before the holidays but forgot that I had done this when I got back to the office today! Changed it back to 9600 and all is well! Shawn K. -Original Message- From: Berry Mobley [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 02, 2002 6:37 PM To: Kaminski Shawn G; [EMAIL PROTECTED] Subject: Re: Configuration Register Question [7:30713] Boson's Config Register Calculater (free at www.boson.com) says that your console linespeed is 115200 instead of 9600. Console port speed is set with the higher bits. Berry At 05:38 PM 1/2/2002 -0500, you wrote: I was working on a 2611 router and noticed that the configuration register was set to 0x3962 !!! I tried to change it to 0x2102 but says it will change to 0x3922 at the next reload. Just curious if anyone has seen this before and what it means. When I looked at CCO I noticed that they didn't have any information on 0x3000, only 0x1000, 0x2000, 0x4000, and 0x8000. Shawn K. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30726t=30713 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Configuration Register Question [7:30713]
I need to do more studying on this topic, so forgive me for asking, but why does the conf. reg change according to line console speed?? I thought the confreg was just a setting telling the router whare to boot from? Does it do more? Kaminski, Shawn G wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Thanks for all the replies. Berry, thanks for the link to the Config Register Calculator! You were correct regarding the console linespeed. It was set at 115200. I changed it before the holidays but forgot that I had done this when I got back to the office today! Changed it back to 9600 and all is well! Shawn K. -Original Message- From: Berry Mobley [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 02, 2002 6:37 PM To: Kaminski Shawn G; [EMAIL PROTECTED] Subject: Re: Configuration Register Question [7:30713] Boson's Config Register Calculater (free at www.boson.com) says that your console linespeed is 115200 instead of 9600. Console port speed is set with the higher bits. Berry At 05:38 PM 1/2/2002 -0500, you wrote: I was working on a 2611 router and noticed that the configuration register was set to 0x3962 !!! I tried to change it to 0x2102 but says it will change to 0x3922 at the next reload. Just curious if anyone has seen this before and what it means. When I looked at CCO I noticed that they didn't have any information on 0x3000, only 0x1000, 0x2000, 0x4000, and 0x8000. Shawn K. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30727t=30713 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISL Trunking [7:30728]
Is it possible to remove default Vlans 1, 1002-1005 from ISL trunking? I am setting up a ISL trunking between Catalyst 2924 and 3640 router. I am running IOS on Catalyst XL 2924 and only want certain vlan on my link. IOS does it, but then it also inserts default vlan 1 and 1002-1005 automatically. The IOS accepts the remove command to remove vlans from the current list, but will not remove default vlans. Ali Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30728t=30728 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: SSL Accelerators [7:30724]
Check out the Click Array products.(www.clickarray.com) Though one of the younger vendors in this space they have a very good engineering team. I should note I've not used any of their products nor am I affiliated with the company. I've just had involved conversations and know some of the employees. The decisions and their basis tend to be very sound. John Neiberger wrote: We are looking at buying some new load balancing switches and new cache engines and somewhere in that mix we want to add SSL acceleration. One vendor that we're looking at sells load balancing switches with SSL acceleration built-in. Of course, they really like their way of doing this. The other vendor has a cache engine with SSL acceleration and they say there is a significant performance increase by caching content in SSL-ready format. Do any of you have any thoughts here? The first vendor is F5 and I really like the looks of their Big IP series. The second vendor is Stratacache and I really don't know much about them despite having talked to them about this. :-) Any tips? Thanks, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30729t=30724 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE prep [7:30730]
FYI -- To those out there that are looking for cheap rack rentals. Rack rental are for 8 hour increments so you do no pay for a full 24 hours when you only may need 8-16 hours of rack time Here is the link: www.ccrouters.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30730t=30730 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Sniffing my broadband connection to my ISP ??? [7:30689]
At 04:37 PM 1/2/02, Jim Brown wrote: Priscilla, Wouldn't proxy ARP generate an ARP request and an ARP reply if the source and target networks were directly connected to the router? No. Proxy ARP causes the router to generate ARP replies. It has no effect on ARP requests. ARP requests are generated by normal ARP when a node tries to find the MAC address of another station. They are generated by end stations and by the router. The router has to find the MAC address just like any other station does. He is sniffing on the broadband connection which presumably is shared by all hosts in his area (sometimes called a node in cable modem designs). He can see their ARPs and he can see the router's ARPs. Proxy ARP allows devices to communicate with devices on the other side of the router without having to know that the router is there. In this case, end stations send ARP requests for local and non-local devices. For non-local addresses, the router responds with its own MAC address. Priscilla -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 02, 2002 3:54 PM To: [EMAIL PROTECTED] Subject: Re: Sniffing my broadband connection to my ISP ??? [7:30689] Having proxy ARP enabled on the router would cause the router to send ARP replies not requests. The fact that he sees ARP requests isn't surprising. He's on a shared network. On a shared network you see all the ARP requests from your local router to devices on your network. Priscilla At 05:24 PM 1/2/02, Erick B. wrote: Hi, Just to expand on this... The 224.0.0.1 multicast query you're seeing is coming from the cable modem I bet. I have a Surfboard 3100 cable modem and it sends out IGMP queries on 224.0.0.1 frequently. I'm not sure why the cable modem is doing multicast and haven't really looked into it. I think it may only be local to the LAN interface toward your PC but not 100% positive. You can use your web browser to view the log and status of the SB3100 cable modem by the way, you can see the IP in the sniffer trace. If the ARP requests are originating from the ISP default-gateway (first hop router for you) then maybe they have proxy arp enabled. The DHCP requests could be from other users on your segment, or maybe forwarded to a DHCP server on your segment from another segment. Also, since you're on a shared segment with others they may have set up their own networks, etc with their own address space, etc that you might see packets from. Erick --- Priscilla Oppenheimer wrote: It sounds like you are sharing the broadcast domain with a bunch of other stations. The network is bridging on the edge. I think this is normal for cable modem systems. Is that what you are on? Priscilla At 12:23 PM 1/2/02, Phil Barker wrote: Hi Group, I have been sniffing my broadband connection to my ISP today and have a few questions. My main gripe is that I'm being sent around 100 Arp requests per minute, which obviously I cannot resolve. These ARP requests are all originating from my default G/W at the ISP trying to resolve MAC addresses of various users. Can anyone confirm if this is usual or unusual. I cannot see this being correct since if I set my router up to be one of these IP addresses I can resolve it to my MAC address Eth 0 int' or any other mac-address for that matter. They also send me DHCP requests, IGMP requests for group 224.0.0.1 (Which I wish I could join) but cannot and lots of their private address information via the above mentioned ARP's. I also captured an attemt at an inbound TCP connection on a dynamic port which my router RST, thankfully. Are they wasting my B/W ? Thanx, Phil __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com Priscilla Oppenheimer http://www.priscilla.com [EMAIL PROTECTED] __ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com Priscilla Oppenheimer http://www.priscilla.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30731t=30689 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sniffing my broadband connection to my ISP ??? [7:30689]
At 06:42 PM 1/2/02, Steven A. Ridder wrote: As everyone else has said, this is normal for a shared access netowrk. Look for routing protocol updates and other things as well . On ATT's cable-modem network you can see the ospf hello updates, who the DR and BDR is and other things. Yep, that's true. So now we have synergy between this thread and the Passive Interface thread! I like that! ;-) Making the cable interface a passive interface seems like a good idea for many reasons, including security and not just bandwidth usage. (The bandwidth used by Hellos has gotta be pretty minimal!) It can be fun. A lot of people report seeing other broadcasts too, including NetBIOS, AppleTalk, etc. It's kind of scary. Try dsniff or some other program and you can see all the traffic on that network :) Be careful though because you will probably get slammed and don't forget to reroute the traffic back out or else someone will know something is wrong. What's dsniff? What does that let you see? And what's this about having to reroute? Can you tell us more? THANKS Priscilla Phil Barker wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Group, I have been sniffing my broadband connection to my ISP today and have a few questions. My main gripe is that I'm being sent around 100 Arp requests per minute, which obviously I cannot resolve. These ARP requests are all originating from my default G/W at the ISP trying to resolve MAC addresses of various users. Can anyone confirm if this is usual or unusual. I cannot see this being correct since if I set my router up to be one of these IP addresses I can resolve it to my MAC address Eth 0 int' or any other mac-address for that matter. They also send me DHCP requests, IGMP requests for group 224.0.0.1 (Which I wish I could join) but cannot and lots of their private address information via the above mentioned ARP's. I also captured an attemt at an inbound TCP connection on a dynamic port which my router RST, thankfully. Are they wasting my B/W ? Thanx, Phil __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30732t=30689 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: SSL Accelerators [7:30724]
Not providing many/any answers here I'm afraid - just asking more questions. Is SSL that suitable for caching? I would have thought that most SSL traffic would be unique (Session ID's/transaction info etc). That's not a cocky question, I really don't know. I suppose there will be static content within the SSL pages. I've used Intel SSL accelerators which seem to perform pretty well. We also do a fair bit of load balancing with Foundry Networks kit (Server Irons/Big Irons) and they're pretty nippy and pretty cheap compared to Cisco, and have the advantage that their CLI is very close to Cisco. I suppose it depends what scale you're doing it on. From what I've seen of the Cisco CSS (Arrowpoint kit) they seem to offer greater functionality/flexibility than Foundry, but not seen much of them working in anger yet. Be interesting to hear what Stratacache really mean by caching content in SSL-ready format. Gaz John Neiberger wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... We are looking at buying some new load balancing switches and new cache engines and somewhere in that mix we want to add SSL acceleration. One vendor that we're looking at sells load balancing switches with SSL acceleration built-in. Of course, they really like their way of doing this. The other vendor has a cache engine with SSL acceleration and they say there is a significant performance increase by caching content in SSL-ready format. Do any of you have any thoughts here? The first vendor is F5 and I really like the looks of their Big IP series. The second vendor is Stratacache and I really don't know much about them despite having talked to them about this. :-) Any tips? Thanks, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30733t=30724 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem with VPN over PPPoE ADSL [7:30723]
a wild guess, packet frag issues? Try to ping with larger packets to test this.. Brian Sonic Whalen Success = Preparation + Opportunity On Wed, 2 Jan 2002, Bruce Williams wrote: I have a customer with an ADSL line which uses PPPoE. They are able to establish a VPN tunnel over the DSL line, but they are only able to ping through the tunnel. TCP, UDP and other higher protocols will not work. I heard that there is an issue with doing VPNs over PPPoE ADSL. Does anyone know what the issue is and if there is a solution? Bruce Williams mailto:[EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30734t=30723 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE prep [7:30730]
GROUPSTUDY MEMBERS: PLEASE DO NOT CONFUSE THIS SITE WITH CCBOOTCAMP. They are NOT affiliated with us in any way. Michael, couple things: Your first post to the group (or at least in the past two months) and your spamming your site, not good. Why would anyone want to pay $100 for 16 hours of racktime without ATM when they can get the same type of gear for $80 (rack2) for a full 24 hours from us? Just curious. thanks, -Brad Ellis CCIE#5796 (RS / Security) Network Learning Inc [EMAIL PROTECTED] used Cisco gear: www.optsys.net CCIE Labs, racks, and classes: http://www.ccbootcamp.com/quicklinks.html Michael Lea wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... FYI -- To those out there that are looking for cheap rack rentals. Rack rental are for 8 hour increments so you do no pay for a full 24 hours when you only may need 8-16 hours of rack time Here is the link: Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30735t=30730 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: SSL Accelerators [7:30724]
Personnally I have used the Alteon series loadbalancers with their ISD ssl accelerator. I can't complain...they have worked like a champ. Just another option for ya :) ms --- Gaz wrote: Not providing many/any answers here I'm afraid - just asking more questions. Is SSL that suitable for caching? I would have thought that most SSL traffic would be unique (Session ID's/transaction info etc). That's not a cocky question, I really don't know. I suppose there will be static content within the SSL pages. I've used Intel SSL accelerators which seem to perform pretty well. We also do a fair bit of load balancing with Foundry Networks kit (Server Irons/Big Irons) and they're pretty nippy and pretty cheap compared to Cisco, and have the advantage that their CLI is very close to Cisco. I suppose it depends what scale you're doing it on. From what I've seen of the Cisco CSS (Arrowpoint kit) they seem to offer greater functionality/flexibility than Foundry, but not seen much of them working in anger yet. Be interesting to hear what Stratacache really mean by caching content in SSL-ready format. Gaz John Neiberger wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... We are looking at buying some new load balancing switches and new cache engines and somewhere in that mix we want to add SSL acceleration. One vendor that we're looking at sells load balancing switches with SSL acceleration built-in. Of course, they really like their way of doing this. The other vendor has a cache engine with SSL acceleration and they say there is a significant performance increase by caching content in SSL-ready format. Do any of you have any thoughts here? The first vendor is F5 and I really like the looks of their Big IP series. The second vendor is Stratacache and I really don't know much about them despite having talked to them about this. :-) Any tips? Thanks, John [EMAIL PROTECTED] __ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30737t=30724 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sniffing my broadband connection to my ISP ??? [7:30689]
Dsniff uses icmp default gateway redirects (the ICMP message that tells hosts that a differnt router has a better path to the destination network). This will automatically make the user's PC redirect all traffic to your PC dynamically (the client never knows about it), because he thinks you are a router and that you'd be a better default gateway. You just have to have a multihomed PC because you still need to forward the traffic to the destination, otherwise you'll get caught. It's a pretty good hacking tool and has been ported from *nix to Windows for years. Makes switches just like hubs again. Use this with L0phtCrack and you can get NT PW's, etc.. Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... At 06:42 PM 1/2/02, Steven A. Ridder wrote: As everyone else has said, this is normal for a shared access netowrk. Look for routing protocol updates and other things as well . On ATT's cable-modem network you can see the ospf hello updates, who the DR and BDR is and other things. Yep, that's true. So now we have synergy between this thread and the Passive Interface thread! I like that! ;-) Making the cable interface a passive interface seems like a good idea for many reasons, including security and not just bandwidth usage. (The bandwidth used by Hellos has gotta be pretty minimal!) It can be fun. A lot of people report seeing other broadcasts too, including NetBIOS, AppleTalk, etc. It's kind of scary. Try dsniff or some other program and you can see all the traffic on that network :) Be careful though because you will probably get slammed and don't forget to reroute the traffic back out or else someone will know something is wrong. What's dsniff? What does that let you see? And what's this about having to reroute? Can you tell us more? THANKS Priscilla Phil Barker wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Group, I have been sniffing my broadband connection to my ISP today and have a few questions. My main gripe is that I'm being sent around 100 Arp requests per minute, which obviously I cannot resolve. These ARP requests are all originating from my default G/W at the ISP trying to resolve MAC addresses of various users. Can anyone confirm if this is usual or unusual. I cannot see this being correct since if I set my router up to be one of these IP addresses I can resolve it to my MAC address Eth 0 int' or any other mac-address for that matter. They also send me DHCP requests, IGMP requests for group 224.0.0.1 (Which I wish I could join) but cannot and lots of their private address information via the above mentioned ARP's. I also captured an attemt at an inbound TCP connection on a dynamic port which my router RST, thankfully. Are they wasting my B/W ? Thanx, Phil __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30736t=30689 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISL Trunking [7:30728]
You can clear the trunks for anything 2-1005 and 1025-4096 (6000 series) but I don't believe it will allow you to do that with the default VLAN. HTH Darren At 06:59 PM 1/2/2002 -0500, Ali, Abbas wrote: Is it possible to remove default Vlans 1, 1002-1005 from ISL trunking? I am setting up a ISL trunking between Catalyst 2924 and 3640 router. I am running IOS on Catalyst XL 2924 and only want certain vlan on my link. IOS does it, but then it also inserts default vlan 1 and 1002-1005 automatically. The IOS accepts the remove command to remove vlans from the current list, but will not remove default vlans. Ali x$:0`0:$xx$:0`0:$xx$:0`0:$xx$: Lucent Technologies NetworkCare Professional Services http//www.lucent.com/netcare/ Darren S. Crawford - CCNP, CCDP, CCIE TBA Northwest Region - Sacramento Office Voicemail (916) 859-5200 x310 Pager (800) 467-1467 mailto:[EMAIL PROTECTED] x$:0`0:$xx$:0`0:$xx$:0`0:$xx$: You always have time for things you put first - Tucker Resources Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30739t=30728 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Need advice [7:30742]
Hi everybody, I am a network engineer (CCNP) who has just lost his job. I am wondering if I should start preparing for the CCIE. Are CCIEs still able to find jobs? I look forward to your inputs. Thanks Stephane Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30742t=30742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: SSL Accelerators [7:30724]
tell you what the f5 bigip still works very nice... -Original Message- From: matt shiite [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 02, 2002 07:44 PM To: [EMAIL PROTECTED] Subject: Re: SSL Accelerators [7:30724] Personnally I have used the Alteon series loadbalancers with their ISD ssl accelerator. I can't complain...they have worked like a champ. Just another option for ya :) ms --- Gaz wrote: Not providing many/any answers here I'm afraid - just asking more questions. Is SSL that suitable for caching? I would have thought that most SSL traffic would be unique (Session ID's/transaction info etc). That's not a cocky question, I really don't know. I suppose there will be static content within the SSL pages. I've used Intel SSL accelerators which seem to perform pretty well. We also do a fair bit of load balancing with Foundry Networks kit (Server Irons/Big Irons) and they're pretty nippy and pretty cheap compared to Cisco, and have the advantage that their CLI is very close to Cisco. I suppose it depends what scale you're doing it on. From what I've seen of the Cisco CSS (Arrowpoint kit) they seem to offer greater functionality/flexibility than Foundry, but not seen much of them working in anger yet. Be interesting to hear what Stratacache really mean by caching content in SSL-ready format. Gaz John Neiberger wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... We are looking at buying some new load balancing switches and new cache engines and somewhere in that mix we want to add SSL acceleration. One vendor that we're looking at sells load balancing switches with SSL acceleration built-in. Of course, they really like their way of doing this. The other vendor has a cache engine with SSL acceleration and they say there is a significant performance increase by caching content in SSL-ready format. Do any of you have any thoughts here? The first vendor is F5 and I really like the looks of their Big IP series. The second vendor is Stratacache and I really don't know much about them despite having talked to them about this. :-) Any tips? Thanks, John [EMAIL PROTECTED] __ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30741t=30724 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE prep [7:30730]
the idea of 24 hour rack rental can be attractive. especially for doing those full blown practice labs. OTOH, smaller increments make sense for a lot of reasons as well. Suppose I want to spend the last couple of weeks before the test doing certain specific things - voice, ATM, Cat configuration, for example? A couple of 8 hour sessions ( or less ) might be just the thing. Also, Brad, at present your racks require how much lead time to schedule? Last time I looked, it was weeks to months. One other place I looked it was days to a couple of weeks. I don't know at what point it makes it worth yours or any competitor's operation to add more racks, and I am not sure what the tolerance is for long lead times to get access. Supply and demand meet impatience. :- I will say that in my experience, it has always been easy to reach someone in your office to check out various things, or to do voice testing. This is not always true elsewhere. JMHO Chuck Brad Ellis wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... GROUPSTUDY MEMBERS: PLEASE DO NOT CONFUSE THIS SITE WITH CCBOOTCAMP. They are NOT affiliated with us in any way. Michael, couple things: Your first post to the group (or at least in the past two months) and your spamming your site, not good. Why would anyone want to pay $100 for 16 hours of racktime without ATM when they can get the same type of gear for $80 (rack2) for a full 24 hours from us? Just curious. thanks, -Brad Ellis CCIE#5796 (RS / Security) Network Learning Inc [EMAIL PROTECTED] used Cisco gear: www.optsys.net CCIE Labs, racks, and classes: http://www.ccbootcamp.com/quicklinks.html Michael Lea wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... FYI -- To those out there that are looking for cheap rack rentals. Rack rental are for 8 hour increments so you do no pay for a full 24 hours when you only may need 8-16 hours of rack time Here is the link: Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30740t=30730 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sniffing my broadband connection to my ISP ??? [7:30689]
I read up on it. It appears to have been developed for beneficial purposes but is also a hacker tool. The written material says its a set of tools actually The relevant one uses ARP, not ICMP. (There was no mention of ICMP being used.) It sends an ARP reply for the IP address of the default gateway. Actually it can send an ARP reply for anything. There's no need to be multihomed, but IP forwarding must be enabled or you'll get caught, as you say, (plus you wouldn't see anything because the target would loose its connections). Priscilla At 07:43 PM 1/2/02, Steven A. Ridder wrote: Dsniff uses icmp default gateway redirects (the ICMP message that tells hosts that a differnt router has a better path to the destination network). This will automatically make the user's PC redirect all traffic to your PC dynamically (the client never knows about it), because he thinks you are a router and that you'd be a better default gateway. You just have to have a multihomed PC because you still need to forward the traffic to the destination, otherwise you'll get caught. It's a pretty good hacking tool and has been ported from *nix to Windows for years. Makes switches just like hubs again. Use this with L0phtCrack and you can get NT PW's, etc.. Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... At 06:42 PM 1/2/02, Steven A. Ridder wrote: As everyone else has said, this is normal for a shared access netowrk. Look for routing protocol updates and other things as well . On ATT's cable-modem network you can see the ospf hello updates, who the DR and BDR is and other things. Yep, that's true. So now we have synergy between this thread and the Passive Interface thread! I like that! ;-) Making the cable interface a passive interface seems like a good idea for many reasons, including security and not just bandwidth usage. (The bandwidth used by Hellos has gotta be pretty minimal!) It can be fun. A lot of people report seeing other broadcasts too, including NetBIOS, AppleTalk, etc. It's kind of scary. Try dsniff or some other program and you can see all the traffic on that network :) Be careful though because you will probably get slammed and don't forget to reroute the traffic back out or else someone will know something is wrong. What's dsniff? What does that let you see? And what's this about having to reroute? Can you tell us more? THANKS Priscilla Phil Barker wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Group, I have been sniffing my broadband connection to my ISP today and have a few questions. My main gripe is that I'm being sent around 100 Arp requests per minute, which obviously I cannot resolve. These ARP requests are all originating from my default G/W at the ISP trying to resolve MAC addresses of various users. Can anyone confirm if this is usual or unusual. I cannot see this being correct since if I set my router up to be one of these IP addresses I can resolve it to my MAC address Eth 0 int' or any other mac-address for that matter. They also send me DHCP requests, IGMP requests for group 224.0.0.1 (Which I wish I could join) but cannot and lots of their private address information via the above mentioned ARP's. I also captured an attemt at an inbound TCP connection on a dynamic port which my router RST, thankfully. Are they wasting my B/W ? Thanx, Phil __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com Priscilla Oppenheimer http://www.priscilla.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30743t=30689 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Protocol type codes and SAP's [7:30744]
Can anyone explain the ethernet and token ring protocol type codes for me? I know you can filter DLSw and SRB using them but I don't really understand what they are, I found a table containing all the popular ones. IBM SNA is 80D5, does that mean that all SNA traffic has this type code, and that if you denied it in an access list all SNA traffic would be denied? Also, SAP's follow the format 0x, each of the 0s representing one byte of data, the first 2 digits after the x are the DSAP, the last 2 are the SSAP, is this correct? I would really appreciate it if someone could point me to where I could find some good information on this type of stuff. I would hate to just memorize the common values without knowing why and how they work. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30744t=30744 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: question about VPN-IPSEC and NAT [7:30694]
This is a remote access vpn situation? If you can ping the server then we can assume that the tunnel was set up correctly and it is not a situation where IPSec protocols are being blocked. Try playing with the IPSec over NAT setting on the client itself. From: Leonardo Borda Reply-To: Leonardo Borda To: [EMAIL PROTECTED] Subject: question about VPN-IPSEC and NAT [7:30694] Date: Wed, 2 Jan 2002 13:55:14 -0500 Hello, I have in my organization a cisco router 2600 running NAT and IPSEC56. I want to configure two access-lists. One for inbound access and another one for outbound access and apply it in the same serial line. Does anyone know what are the ports I have to permit to work that job successfull as much inbound as outbound? I had success in configuring internet access and it4s working fine but over IPSEC my users from the other side of VPN can not access my exchange server using VPN. but they can ping it... thanks. Leonardo Borda. _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30745t=30694 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Routers for Sale [7:30747]
I am in Sydney Australia - Number is +61 417224884 Web site is http://www.geocities.com/thomasjreige Email is [EMAIL PROTECTED] Items for Sale !! Equipment Cisco 803 ISDN Router Cisco IOS 12.1 IP Plus + IPSec Software Image 4 port hub + 1 BRI Interface + 2 POTS 12M RAM + 8M Flash $700 ono Cisco 2501 Router Cisco IOS 12.0 IP Plus Software Image 1 Ethernet + 2 Serial + 1 Aux 16M RAM + 8M Flash $1200 ono Cisco 2501 Router Cisco IOS 11.3 40-bit DES Software Image 1 Ethernet + 2 Serial + 1 Aux 4MB RAM + 8MB Flash $900 ono Cisco DTE - DCE Back-to-Back Serial Cable $200 ono Netgear EN108 Hub $100 ono Books - Make an offer Mastering HTML 4.0 Exam Cram - CCNP Switching Cisco Press - Cisco IOS 12.0 Dial Solutions Cisco Press - Cisco IOS 12.0 Solutions for Network Protocols Volume 2 IP Mastering Linux 6.0 Premium Edition Sybex CCNP LAN Switching Exam Notes Sybex CCDA Exam Notes Exam Cram - CCNP Routing Caslow - Cisco Certification, Bridges, Routers and Switches for CCIE's Cisco Press - Designing Cisco Networks Cisco Press - CCNP Building Cisco Scalable Switched Networks McGraw Hill - Building Scalable Cisco Networks Mastering Perl 5 The Cabling Handbook Multiprotocol Network Design and Troubleshooting Linux - A network solution for your office Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30747t=30747 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
setting SPAN on Cat 1900 [7:30746]
Dear all, Is is possible to set SPAN on a catalyst 1900? If yes, how? Thankyou. Cheers, Alvin Chong IT-NCS Mobile: 016- 3304503 Fixed: 03 - 7211595 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30746t=30746 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Error message on 4000 router [7:30748]
I just bought a 4000-m router for practice and I keep getting the folling error messages whille booting up. It really slows down the bootup process. How can I get rid of these error messages. Warning: flash:null does not exist. Command retained. Warning: flash:flash does not exist. Command retained. %Error opening tftp://255.255.255.255/network-confg (Timed out) %Error opening tftp://255.255.255.255/cisconet.cfg (Timed out) %Error opening tftp://255.255.255.255/test-confg (Timed out) %Error opening tftp://255.255.255.255/test.cfg (Timed out) _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30748t=30748 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: setting SPAN on Cat 1900 [7:30746]
The Catalyst 1900 doesn't call it SPAN but you can do the same functionality with the monitor-port command. You should first enter the command to enable the monitoring feature and then configure two parameters - the port where the analyzer resides and the ports that will be monitored. Good luck! Priscilla At 09:49 PM 1/2/02, Chong Chun Wei (Central) wrote: Dear all, Is is possible to set SPAN on a catalyst 1900? If yes, how? Thankyou. Cheers, Alvin Chong IT-NCS Mobile: 016- 3304503 Fixed: 03 - 7211595 Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30749t=30746 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Passive Interface Help [7:30648]
Dave, If you want job security, become a tenured professor. Low pay but lots of security! :) Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco Regional Networking Academy MADMAN wrote: Kludge!!! I'd rather refer to these features as job security :-) Dave Priscilla Oppenheimer wrote: For that matter, why advertise routes on any leaf network that only has end nodes? In the IP world, most end nodes (workstations) don't care about routing updates. (It could be argued that it would be better if they did so you wouldn't need kludges like HSRP, but in fact, most workstation operating systems don't understand routing updates.) Priscilla David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30750t=30648 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]