Re: EtherChannel alternatives(??) [7:33187]
One thing to remember if you do the etherchannel for this customer is the src/dst mac pairs and their respective flows may not be diverse enough to offer good load balancing. This is the case for most router to router subnets such as in customer hand-offs like you seem to have. Yes some of the cisco line does src/dst mac+IP (4) tuples which addresses this problem, but not every box does that. I too am interested in why the no VLAN policy in this (hosting?) environment, Darrell John McCartney wrote: > > It is a policy from our IP-Eng group, can't find it in writting but they > tell me it exists. I think because they like to have control. Oh well. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33276&t=33187 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: default-metric 64 vs 2.....why?? [7:33231]
Those values came from Caslow. I don't have mine at hand right now, so can't give you the exact page number. I believe it is under the Redistribution section though. I will try and locate my Caslow, and email you the page number. CM - Original Message - From: Kane, Christopher A. To: 'Charles Manafa' ; [EMAIL PROTECTED] Sent: Friday, January 25, 2002 10:59 PM Subject: RE: default-metric 64 vs 2.why?? [7:33231] I thought redistribution into any other protocol besides OSPF would have a metric of 0. 0 is not understood by EIGRP, IGRP or RIP and therefore won't work. Redistribution into OSPF always assumes 20 unless you specify otherwise. Charles, could you site your source? I'm concerned that I may not understand redistribution as well as I thought if your numbers are right and mine are wrong. Are you giving the "unreachable" numbers because the redistribution won't work or do you have something that specifically states those numbers (16 and -1)? Thanks, Chris -Original Message- From: Charles Manafa [mailto:[EMAIL PROTECTED]] Sent: Friday, January 25, 2002 4:15 PM To: [EMAIL PROTECTED] Subject: Re: default-metric 64 vs 2.why?? [7:33231] When metric is not supplied, and there is no default metric, then routes redistributed into RIP will have a metric of 16 (unreachable), routes redistributed into IGRP will have a metric of -1 (unreachable), and routes redistributed into OSPF will have a metric of 20. CM - Original Message - From: "Lupi, Guy" To: Sent: Friday, January 25, 2002 7:50 PM Subject: RE: default-metric 64 vs 2.why?? [7:33231] > It was a little confusing to me also while reading the new practical studies > book, he does state that without a default metric or metric specified in the > redistribution statement the redistribution won't work, and while this is > true with most protocols, I have never had to specify one, default or > otherwise with OSPF. I would be interested to see if anyone has an > explanation for this, is it something due to link state versus distance > vector? I haven't done much ISIS, I would be curious to see if you need to > specify a metric for that, since you don't with OSPF. > > -Original Message- > From: Vincent Miller [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 25, 2002 2:18 PM > To: [EMAIL PROTECTED] > Subject: RE: default-metric 64 vs 2.why?? [7:33231] > > > Remember, the metric on ospf is cost, the metric on rip is hops. > You always need a seed metric when redistributing, I can't explain why the > ospf continues to run, but thats what rip wo't work. Its the same with > EigrpIGRP, no metric, no work. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33278&t=33231 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Interface Reset? [7:33275]
Depends. Not normally a good sign, but can be various reasons for them. Number of resets has to be relative to the period. If it's over a long period it's probably nothing. I had a customer recently saying that interface resets were high. Got the show interface and the interface counters had not been reset for nearly two years. All of these could have happened during one day over a year ago. Have a look at what other errors are shown to give an idea of the cause (bad link etc). Could be just congestion stopping keep-alives on the interface. Do a clear counters if you haven't already. Or give us a show interface. Gaz ""norsyam ariffin"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi guys, > > Could somebody explain what is the meaning of interface reset? Does it mean > the interface is having a problem if the reading is high or it means > something else? > > > Thank in advance > > _ > MSN Photos is the easiest way to share and print your photos: > http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33279&t=33275 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
test [7:33280]
test Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33280&t=33280 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX [7:33281]
our company have two subnet need to go to internet. however, just one FE internal interface is availible, one is dmz and one is for internet. Since one FE interface can't bound two different subnet. Two subnet can't go to internet at the same time. Would anyone know how to solve the problem? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33281&t=33281 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX [7:33281]
WW wrote: > Since one FE interface can't bound two different subnet. Two subnet can't go > to internet at the same time. > > Would anyone know how to solve the problem? PIX != router. Which gives you the answer as well: use something in front of the PIX that is. Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33282&t=33281 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Which switch for CCNP home lab ? [7:33283]
Hi, Could anyone tell me which I should buy for a CCNP home lab, a Cisco 1912-EN or a 2950 XL EN. Or would you recommend something else ? Thanks, Graham. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33283&t=33283 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX [7:33281]
If your company already has two subnets, what are you using to route between them already? Connect your pix inside interface to one of the subnets directly and route to the other one as you do now. Gaz ""WW"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > our company have two subnet need to go to internet. however, just one FE > internal interface is availible, one is dmz and one is for internet. > > Since one FE interface can't bound two different subnet. Two subnet can't go > to internet at the same time. > > Would anyone know how to solve the problem? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33284&t=33281 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Interface Reset? [7:33275]
According to Laura Chappel's book on troubleshooting, the interface is reset (which is usually token ring) is a physical hardware problem Rich ""norsyam ariffin"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi guys, > > Could somebody explain what is the meaning of interface reset? Does it mean > the interface is having a problem if the reading is high or it means > something else? > > > Thank in advance > > _ > MSN Photos is the easiest way to share and print your photos: > http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33285&t=33275 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ACLs, TCP segements, and the "fragments" keyword [7:32922]
Thanks for the responses so far. One more variation to this question. What if there was an application on my network that instead of blocking, I wanted to control the amount of bandwidth it consumed. One might define an ACL to identify the traffic by L4 port and map this traffic to a rate-limiting mechanism. Now, if the application generates data in such a way that it causes the data to be mostly carried in IP fragements, this ACL will not identify all packets associated with the application. Rate-limiting will only manage the bandwidth of the first IP packet in each segement. This may or may not work in throttling the traffic. Does using the ACL "fragement" option help here or would this require moving to some other session identification mechanism? (I've got no idea how likely standard applications are to send segements sufficiently large so that IP fragementation occurs...) Thanks Sean Knox wrote: > > In addition to Priscilla's comments, sending IP/TCP/UDP fragments is a > useful way to fingerprint a host's OS. The response from the fragmented > packet(s) can be used as a clue to determine what OS/platform is running on > the other end. Nmap, among many other tools, has options to send fragmented > packets in a variety of ways. Check out http://www.insecure.org for some > informative white papers on OS fingerprinting. > > - Sean > > -Original Message- > From: bergenpeak [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 23, 2002 4:18 AM > To: [EMAIL PROTECTED] > Subject: ACLs, TCP segements, and the "fragments" keyword [7:32922] > > Looking at extended ACLs I see there's an option to define ACL > statements which can key on whether the IP packet contains a > fragment. > > Besides for NAT purposes, could someone provide me with a scenario > where one would need develop an ACL to key on IP packets carrying > fragements? I'd be particularly interested in situations where one > might want to block a TCP application and decided that one had to > block traffic to the TCP port as well as fragments going to the server. > > Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33286&t=32922 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
hi all !!! [7:33288]
Dear Group, I passed the CID montser yesterday the very tough exam i had ever seen harder the the Win2k 4 hours accelerated But i managed to pass it. Can anyone guide me what are the exams needed for CCNP security specialization, I recently installed a firewall and also vpn through that firewall I want to attempt this exam. Thanks. [GroupStudy.com removed an attachment of type image/jpeg which had a name of Glacier Bkgrd.jpg] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33288&t=33288 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Xmodem fails [7:33289]
After booting, at the console we got the rommon#> 1 prompt, and error messages that the image decompression had failed, invalid format, blah blah blah. Everything had been working fine for a couple of months, then this, just as this beast is to go into production. We tried to install new IOS on this new, isolated, stand-alone router, via Xmodem, because there was no other apparent way to do it. It failed, and Cisco said the only other way was to replace the flash with a factory installed IOS, which we will do. Anyone out there had similar problems (Xmodem failure)? We also do not have an identical or similar router with PCMCIA cards. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33289&t=33289 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EtherChannel alternatives(??) [7:33187]
Ditto on the no VLAN policy inquiry... But as far as answering your question, I think that you may be SOL as far as aggregation goes... You may not be able to aggregate, but you can use CEF per-packet LB in order to solve the problem of needing more bandwidth... - Original Message - From: "Darrell Newcomb" To: Sent: Saturday, January 26, 2002 3:35 AM Subject: Re: EtherChannel alternatives(??) [7:33187] > One thing to remember if you do the etherchannel for this customer is > the src/dst mac pairs and their respective flows may not be diverse > enough to offer good load balancing. This is the case for most router > to router subnets such as in customer hand-offs like you seem to have. > > Yes some of the cisco line does src/dst mac+IP (4) tuples which > addresses this problem, but not every box does that. > > I too am interested in why the no VLAN policy in this (hosting?) > environment, > Darrell > > John McCartney wrote: > > > > It is a policy from our IP-Eng group, can't find it in writting but they > > tell me it exists. I think because they like to have control. Oh well. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33290&t=33187 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Interface Reset? [7:33275]
It's the number of times an interface has been completely reset. This can happen if packets queued for transmission were not sent within several seconds. On a serial line, this can be caused by a malfunctioning modem that is not supplying the transmit clock signal, or by a cable problem. If the system notices that the carrier detect line of a serial interface is up, but the line protocol is down, it periodically resets the interface in an effort to restart it. Interface resets can also occur when an interface is looped back or shut down. Hope this helps Jeff -Original Message- From: norsyam ariffin [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 26, 2002 12:56 AM To: [EMAIL PROTECTED] Subject: Interface Reset? [7:33275] Hi guys, Could somebody explain what is the meaning of interface reset? Does it mean the interface is having a problem if the reading is high or it means something else? Thank in advance _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33291&t=33275 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NSG ISDN Emulator [7:33292]
Does anyone have experience with or information on the NSG ISDN-BRI 2-144EA? I am considering buying one, but I can't find any information on it. It looks a lot like a Merge 2000, so I'm wondering whether it is the same instrument, but branded by NSG. Can't find anything on the NSG Data web site. Also, I would be interested in opinions of the Merge 2000 vs. the Teltone ISDN simulators/emulators. Found some info in the archives, but not a lot. Thanks. Karl Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33292&t=33292 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cat 5K Modules [7:33293]
Hi , I wanted to know what would be the ideal modules to purchase for a catalyst 5000 with the software version for the purpose of setting up a CCIE lab for preparation . Would the Supervisor engine 1 do , or would it be advisable to go for SUP 2 . I have heard that this switch is going to be end of life , would it be worth investing in this switch or is there any other alternative to Catalyst 5K for the sole purpose of preparation . thanks in advance Navin Parwal [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33293&t=33293 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Custom Upgrade for Cat 5000 Switch [7:33294]
Hi All I am desperately looking for a custom upgrade for the Cat 5000 Switch Supervisor Engine 1. I cannot upgrade the software without it. Can anybody help me out here or even the cheapest place to get on. I am trying to get this for my home lab. The Product number is MSM-C5K-16M-Custom= Thanks in advance. Derek Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33294&t=33294 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: can't establish the ISDN connection [7:33177]
On Fri, 25 Jan 2002, John Neiberger wrote: > Also, what IOS are these routers using? There are some versions of IOS > with a LOT of ISDN-related bugs. I often see routers (generally 801s and 1003s) using basic-net3 that won't bring up layer one or get stuck in TEI_ASSIGNED until a call is placed or received, then they bring up MFE and behave happily. IOS ISDN is evil. Rgds, - I. -- Ian Henderson CCNA, CCNP Network Engineer, iiNet Limited Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33295&t=33177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Token Ring DB9 to RJ45 connector [7:33060]
You will need a token ring media filter which has a DB9 connector on one end, and an RJ-45 connector on the other. The media filter basically "filters" out noise on UTP cables. A picture of one is listed in the link below. http://www.pulsewan.com/rad/mf3.htm Hope this helps, Joseph J. Slawinski AT&T Global Networks Network Technician CCNP,CCNA,A+,Apple,HP,Canon Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33297&t=33060 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Acceptable light levels for fiber.... [7:31971]
Found this link while looking for something else. Hope this helps; http://www.cisco.com/warp/customer/534/21.html Kelsey Miller wrote: > > Hello All, > > I've been searching for the acceptable amount of Db loss for > multimode fiber > run. I've found a variety of information on core diameter, > operating > wavelength and fiber installation. I've also read TIA/EIA-568-A > and TSB-72, > standards for Centralized Fiber Cabling Guidelines. These > documents only > seem to outline installation/operational, rather than > functional, > specifications. I've also checked out sites like > cabletester.com with no > success. What am I missing, my CLR illustrates a run of > 100-200m. Any > resources or information provided will be greatly appreciated... > > Thank You - > Kelsey Miller, CCNP/CCDA > > > _ > Get your FREE download of MSN Explorer at > http://explorer.msn.com/intl.asp. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33298&t=31971 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX [7:33281]
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of WW Sent: Saturday, January 26, 2002 7:51 AM To: [EMAIL PROTECTED] Subject: PIX [7:33281] our company have two subnet need to go to internet. however, just one FE internal interface is availible, one is dmz and one is for internet. Since one FE interface can't bound two different subnet. Two subnet can't go to internet at the same time. Would anyone know how to solve the problem? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33299&t=33281 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Which switch for CCNP home lab ? [7:33283]
1912 should be plenty for a CCNP lab. a 2950 would be nice, but I think that would be overkill and there are better uses of your "study funds" then to waste it on that switch. thanks, -Brad Ellis CCIE#5796 (R&S / Security) Network Learning Inc [EMAIL PROTECTED] used Cisco gear: www.optsys.net CCIE Labs, racks, and classes: http://www.ccbootcamp.com/quicklinks.html ""Graham Andrew"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, > > Could anyone tell me which I should buy for a CCNP home lab, a Cisco 1912-EN > or a 2950 XL EN. Or would you recommend something else ? > > Thanks, > > Graham. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33296&t=33283 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: wic 1T [7:32133]
thank you , looks useful can I still use the other WIC port to run another link if that WIC port is not the one on the NM-2W but the one that comes with the 2600 chasis regards, suaveguru --- "Woods, Randall, SOBUS" wrote: > check it > > The WIC-2T provides two serial ports using the Smart > Serial connector. > > Asynchronous support with a maximum speed of 115.2 > Kbps, minimum 600 > bps. If you need to run at speeds lower than 600 > bps, use theAUX port > instead. > Synchronous support with a maximum speed of 2.048 > Mbps. > Supports one port at 8 Mbps when used in NM-1FE1R2W, > NM-1FE2W, NM-2FE2W, > or NM-2W or Cisco 2600 chassis WIC slots. All other > WIC ports on that > network module or Cisco 2600 chassis must not be > used. > > woody > > -Original Message- > From: suaveguru [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 18, 2002 10:28 AM > To: [EMAIL PROTECTED] > Subject: RE: wic 1T [7:32133] > > > anyone knows what WIC should I use on a 26xxx if I > want it to support 8mbps knowing that WIC-1T only > support up to 2mbps > --- Stefan Dozier wrote: > > Actually the WIC-1T can be used in asynchronous > mode > > on the > > 1600 and 1700 series platforms! > > > > The command you're looking for is "physical-layer > > async" > > > > In all other platforms, it operates in sychronous > > mode "only". > > > > Stefan > > > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of > > Daniel Cotts > > Sent: Wednesday, January 16, 2002 12:29 PM > > To: [EMAIL PROTECTED] > > Subject: RE: wic 1T [7:32133] > > > > > > The WIC-1T is synchronous only. > > > http://www.cisco.com/warp/public/107/hw_1t_wic.shtml > > > > If you want a WIC card that supports asynchronous > > serial then a WIC-2A/S > > would do. > > http://www.cisco.com/warp/public/107/wic-2as.shtml > > > > You mention modem support. Is your aux port free? > If > > so, any reason why it > > won't meet your needs? > > > > > -Original Message- > > > From: D'Wayne Saunders > > [mailto:[EMAIL PROTECTED]] > > > Sent: Wednesday, January 16, 2002 9:42 AM > > > To: [EMAIL PROTECTED] > > > Subject: wic 1T [7:32133] > > > > > > > > > Hi all > > > i have been searching on the cisco site for > some > > > information relating to > > > WIC1T. I have just installed one into a 1720 for > a > > modem > > > connection now by > > > cisco (or the information i can find ) the 1720 > > with this > > > module supports > > > both aysnc and sync's modes. > > > now my question is do i have to do anything > > special to get it > > > to work in > > > async mode . > > > by the way my ios is 12.0(3)T > > > > > > any help appreciated > > > > > > > > > D'Wayne Saunders, > > > Network Administrator > > > > > > Ph:08 89507742 > > > Fax:08 89521112 > > > Mobile: 0419 823 568 > > > > > > www.lasseters.com.au > > > > > > World's First Government Licensed and Regulated > > Online Casino... > > > > > > ** > > > > > > * > > > > > > This email message (and attachments) may contain > > information that is > > > confidential to Lasseters Online. If > > > you are not the intended recipient you cannot > use, > > distribute > > > or copy the > > > message or attachments. In such > > > a case, please notify the sender by return email > > immediately > > > and erase all > > > copies of the message and > > > attachments. Opinions, conclusions and other > > information in > > > this message > > > and attachments that do not > > > relate to the official business of Lasseters > > Online are > > > neither given nor > > > endorsed by it. > > > > > > ** > > > > > > * > [EMAIL PROTECTED] > > > __ > Do You Yahoo!? > Send FREE video emails in Yahoo! Mail! > http://promo.yahoo.com/videomail/ [EMAIL PROTECTED] __ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33277&t=32133 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
help me with the pix problem! [7:33287]
hi,everybody. My envirment is: the outside interface of pix 525 is connected to the fibre-ethernet transceiver ,no router availble, and the dmz interface of the pix is connected to several severs like www,dns,etc. The inside interface is connected to the lan, no proxy availble. When I finished my configure, I met some problem: 1 The dmz servers traffic can not be out. And at the same time,they can not ping the outside interface address correctly. 2 the inside lan nodes can not ping the dmz interface address,but can ping other server in the dmz correctly. I know I should use the nat commands to bring the traffic of dmz to the outside, but since the outside address provided by the isp are private ones, so I have to use NAT (dmz) 0, but why the dmz traffic can not be out? I hope the design is not wrong. the following is my config,help me,please. sh conf : Saved : PIX Version 6.0(1) nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 dmz security50 nameif ethernet3 intf3 security15 nameif ethernet4 intf4 security20 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names access-list acl_in permit tcp any host 202.99.33.69 eq smtp access-list acl_in permit tcp any host 202.99.33.72 eq www access-list acl_in permit tcp any host 202.99.33.66 eq domain access-list acl_in permit tcp any host 202.99.33.67 eq domain access-list acl_in permit icmp any any access-list ping_acl permit icmp any any pager lines 30 interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto interface ethernet3 auto shutdown interface ethernet4 auto shutdown mtu outside 1500 mtu inside 1500 mtu dmz 1500 mtu intf3 1500 mtu intf4 1500 ip address outside 210.82.34.29 255.255.255.0 ip address inside 192.168.4.1 255.255.255.0 ip address dmz 202.99.33.254 255.255.255.0 ip address intf3 127.0.0.1 255.255.255.255 ip address intf4 127.0.0.1 255.255.255.255 ip audit info action alarm ip audit attack action alarm no failover failover timeout 0:00:00 failover poll 15 failover ip address outside 0.0.0.0 failover ip address inside 0.0.0.0 failover ip address dmz 0.0.0.0 failover ip address intf3 0.0.0.0 failover ip address intf4 0.0.0.0 pdm history enable arp timeout 14400 global (dmz) 1 202.99.33.73 netmask 255.255.255.0 nat (inside) 1 192.168.4.250 255.255.255.255 0 0 nat (dmz) 0 202.99.33.0 255.255.255.0 0 0 static (dmz,outside) 202.99.33.69 202.99.33.69 netmask 255.255.255.255 0 0 static (dmz,outside) 202.99.33.72 202.99.33.72 netmask 255.255.255.255 0 0 static (dmz,outside) 202.99.33.66 202.99.33.66 netmask 255.255.255.255 0 0 static (dmz,outside) 202.99.33.67 202.99.33.67 netmask 255.255.255.255 0 0 access-group acl_in in interface outside access-group ping_acl in interface dmz access-group ping_acl in interface inside route outside 0.0.0.0 0.0.0.0 210.82.34.25 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable no sysopt route dnat telnet timeout 5 ssh timeout 5 terminal width 80 Cryptochecksum:3be86ece2c90058e0c9190f986717d63 pixfirewall# Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33287&t=33287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: pix problem [7:33184]
You guys may want to ask this on the CCIE Security list as well :-) http://www.groupstudy.com/list/security.html Paul ""Gaz"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Can't see anything wrong. Have you done a 'clear xlate', and if necessary a > reboot? > Otherwise can't see anything, as long as IP config is OK on devices on DMZ. > > Gaz > > ""cage"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > The following is my configure of pix 525, now the nodes in the dmz can not > > connect to the outside, why? > > and do i have to use the NAT command to the traffic from the dmz to the > > outside. It seem that the pix cant route the dmz traffic to the outside. > > help me! please! > > > > sh conf > > : Saved > > : > > PIX Version 6.0(1) > > nameif ethernet0 outside security0 > > nameif ethernet1 inside security100 > > nameif ethernet2 dmz security50 > > nameif ethernet3 intf3 security15 > > nameif ethernet4 intf4 security20 > > enable password 8Ry2YjIyt7RRXU24 encrypted > > passwd 2KFQnbNIdI.2KYOU encrypted > > hostname pixfirewall > > fixup protocol ftp 21 > > fixup protocol http 80 > > fixup protocol h323 1720 > > fixup protocol rsh 514 > > fixup protocol smtp 25 > > fixup protocol sqlnet 1521 > > fixup protocol sip 5060 > > fixup protocol skinny 2000 > > names > > access-list acl_in permit tcp any host 202.99.33.69 eq smtp > > access-list acl_in permit tcp any host 202.99.33.72 eq www > > access-list acl_in permit tcp any host 202.99.33.66 eq domain > > access-list acl_in permit tcp any host 202.99.33.67 eq domain > > access-list acl_in permit icmp any any > > access-list ping_acl permit icmp any any > > pager lines 30 > > interface ethernet0 auto > > interface ethernet1 auto > > interface ethernet2 auto > > > > > > interface ethernet3 auto shutdown > > interface ethernet4 auto shutdown > > mtu outside 1500 > > mtu inside 1500 > > mtu dmz 1500 > > mtu intf3 1500 > > mtu intf4 1500 > > ip address outside 210.82.34.29 255.255.255.0 > > ip address inside 192.168.4.1 255.255.255.0 > > ip address dmz 202.99.33.254 255.255.255.0 > > ip address intf3 127.0.0.1 255.255.255.255 > > ip address intf4 127.0.0.1 255.255.255.255 > > ip audit info action alarm > > ip audit attack action alarm > > no failover > > failover timeout 0:00:00 > > failover poll 15 > > failover ip address outside 0.0.0.0 > > failover ip address inside 0.0.0.0 > > failover ip address dmz 0.0.0.0 > > failover ip address intf3 0.0.0.0 > > failover ip address intf4 0.0.0.0 > > pdm history enable > > arp timeout 14400 > > global (dmz) 1 202.99.33.73 netmask 255.255.255.0 > > nat (inside) 1 0 0 > > nat (dmz) 0 202.99.33.0 255.255.255.0 0 0 > > static (dmz,outside) 202.99.33.69 202.99.33.69 netmask 255.255.255.255 0 0 > > static (dmz,outside) 202.99.33.72 202.99.33.72 netmask 255.255.255.255 0 0 > > static (dmz,outside) 202.99.33.66 202.99.33.66 netmask 255.255.255.255 0 0 > > > > > > static (dmz,outside) 202.99.33.67 202.99.33.67 netmask 255.255.255.255 0 0 > > access-group acl_in in interface outside > > access-group ping_acl in interface dmz > > route outside 0.0.0.0 0.0.0.0 210.82.34.25 1 > > timeout xlate 3:00:00 > > timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 > > 0:05:00 sip 0:30:00 sip_media 0:02:00 > > timeout uauth 0:05:00 absolute > > aaa-server TACACS+ protocol tacacs+ > > aaa-server RADIUS protocol radius > > no snmp-server location > > no snmp-server contact > > snmp-server community public > > no snmp-server enable traps > > floodguard enable > > no sysopt route dnat > > telnet timeout 5 > > ssh timeout 5 > > terminal width 80 > > Cryptochecksum:3be86ece2c90058e0c9190f986717d63 > > > > pixfirewall# Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33273&t=33184 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Custom Upgrade for Cat 5000 Switch [7:33294]
Derek- is this the odd memory upgrade for the early Sup1s? if so, I *may* have one around here.. let me know before I tear the office apart :) MikeS Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33300&t=33294 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX [7:33281]
One more time-- //www.cisco.com/warp/public/110/19b.html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Glenn Johnson Sent: Saturday, January 26, 2002 1:33 PM To: [EMAIL PROTECTED] Subject: RE: PIX [7:33281] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of WW Sent: Saturday, January 26, 2002 7:51 AM To: [EMAIL PROTECTED] Subject: PIX [7:33281] our company have two subnet need to go to internet. however, just one FE internal interface is availible, one is dmz and one is for internet. Since one FE interface can't bound two different subnet. Two subnet can't go to internet at the same time. Would anyone know how to solve the problem? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33301&t=33281 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Custom Upgrade for Cat 5000 Switch [7:33294]
I found it :) right on top of the piles Anyways.. the kit I have is for Supervisor cards models 73-1414-01 to 73-1414-08 ONLY. this is custom SIMM that is needed for softwaare upgrades from 2.1 The actual kit number is MEM-C5K-4M-V21 let me know if this is what you need MikeS Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33302&t=33294 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Custom Upgrade for Cat 5000 Switch [7:33294]
Found this on Cisco site: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/c5krn/sw_rns/78_3829.htm Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33303&t=33294 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Router problem inserting into token ring [7:33304]
I am having a problem I know most of you folks could help me with. I have two 2502 routers and two token ring hubs. The hubs are "dumb hubs," they have no network management capabilities. They don't even have external power supplies. The problem is I am able to hook up my computers to the hubs, the token ring cards will automatically attemt to insert themselves into the rings on the hubs. The relays light up every 15 seconds, so I know that is working ok. My problem is, I am unable to configure the routers to insert themselves into the ring. I have experience connecting hubs with network management modules into routers with no problems, but I somehow can't find a way to configure the routers to attach to these "dumb hubs." I know that I'm missing something key here. I was thinking maybe the media filters I am using are defective, but I can't be sure. I know this question may sound dumb, but I have nowhere else to turn. Thank you in advance for your help, Joseph J. Slawinski AT&T Global Networks Network Technician CCNP,CCNA,A+,Apple,HP,Canon Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33304&t=33304 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ACLs, TCP segements, and the "fragments" keyword [7:32922]
At 09:39 AM 1/26/02, bergenpeak wrote: >Thanks for the responses so far. One more variation to this question. >What if there was an application on my network that instead of blocking, >I wanted to control the amount of bandwidth it consumed. One might >define an ACL to identify the traffic by L4 port and map this traffic to >a rate-limiting mechanism. That sounds like custom queuing, which does have a fragment keyword. Look up "queue-list protocol" in the documentation index for more info, (although don't expect Cisco documentation to actually explain anything as advanced as this. ;-) Cisco also has numerous traffic policing and shaping features. I scanned a few of those documents and didn't find anything about fragments though. As you may know, an IP fragment doesn't have any Layer-4 identification in it. If the router includes the fragments in any fancy shaping or queuing algorithms, then it must keep track of the IP identification. The IP ID is the same on all the fragments. This would require the router to be stateful and possibly slow it down. Of course, if you're fooling with queuing, then the router is maybe already slow. A fast router with well-matched interface speeds doesn't need to queue packets. If you want a definite answer to this, you could try doing more research on Cisco's site (good luck!) or try some experimentation. You can cause fragmentation to happen by sending an oversized ping. In the real world, most applications don't send packets that need fragmentation. NFS used to. I don't think it does anymore. The example that people always use for fragmentation is a host on Token Ring sending to a host on Ethernet. In actuality, very few applications took advantage of Token Ring's ability to send larger frame sizes. Fragmentation is fraught with problems. It is generally avoided. Priscilla >Now, if the application generates data in such a way that it causes the >data to be mostly carried in IP fragements, this ACL will not identify >all >packets associated with the application. Rate-limiting will only >manage >the bandwidth of the first IP packet in each segement. This may or may >not >work in throttling the traffic. > >Does using the ACL "fragement" option help here or would this require >moving to >some other session identification mechanism? > >(I've got no idea how likely standard applications are to send segements >sufficiently large so that IP fragementation occurs...) > >Thanks > > >Sean Knox wrote: > > > > In addition to Priscilla's comments, sending IP/TCP/UDP fragments is a > > useful way to fingerprint a host's OS. The response from the fragmented > > packet(s) can be used as a clue to determine what OS/platform is running on > > the other end. Nmap, among many other tools, has options to send fragmented > > packets in a variety of ways. Check out http://www.insecure.org for some > > informative white papers on OS fingerprinting. > > > > - Sean > > > > -Original Message- > > From: bergenpeak [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, January 23, 2002 4:18 AM > > To: [EMAIL PROTECTED] > > Subject: ACLs, TCP segements, and the "fragments" keyword [7:32922] > > > > Looking at extended ACLs I see there's an option to define ACL > > statements which can key on whether the IP packet contains a > > fragment. > > > > Besides for NAT purposes, could someone provide me with a scenario > > where one would need develop an ACL to key on IP packets carrying > > fragements? I'd be particularly interested in situations where one > > might want to block a TCP application and decided that one had to > > block traffic to the TCP port as well as fragments going to the server. > > > > Thanks Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33305&t=32922 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Limit access to serial link to four users [7:33306]
Hi all, I'm after some ideas if you'd be so kind :-) A 2Mb link being used mainly for streaming media has about 15 potential users. The task is to limit the number of users at any one time to four, so they have half a Mb each (ish). My initial idea, which I must admit, I dont think is such a good one is to set up a NAT pool of four addresses, and drag the translation timeout down to about a minute (yet to be tested), so that the first four users to pass traffic will be translated and allowed through, but after that, they'll have to wait. I'm off to look at something like TACACS to see if I can control network authorization by number of users (shot in the dark). No equipment in place yet, so we have a clean drawing board. Anybody have any neat ideas please!! Thanks, Gaz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33306&t=33306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Config Maker Tutorial Error ! [7:33272]
Larn to do it the proper way thru TFTP, console and telnet. Solves all the runmaybesomtime errors Oz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33307&t=33272 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX [7:33281]
Have try using nat/pat to allow both subnets in the inside interface access to the internet? eg #nat (inside) 1 0 0 #global(outside) 1 216.72.201.1 Will allow all inside users to initiat an outbound connection to the internet using the public address 216.72.201.1 ie PAT. Regards. Oletu - Original Message - From: Glenn Johnson To: Sent: Saturday, January 26, 2002 10:32 AM Subject: RE: PIX [7:33281] > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > WW > Sent: Saturday, January 26, 2002 7:51 AM > To: [EMAIL PROTECTED] > Subject: PIX [7:33281] > > > our company have two subnet need to go to internet. however, just one FE > internal interface is availible, one is dmz and one is for internet. > > Since one FE interface can't bound two different subnet. Two subnet > can't go to internet at the same time. > > Would anyone know how to solve the problem? _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33312&t=33281 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router problem inserting into token ring [7:33304]
Have you checked the ring speed? CM - Original Message - From: "Joseph Slawinski" To: Sent: Saturday, January 26, 2002 8:26 PM Subject: Router problem inserting into token ring [7:33304] > I am having a problem I know most of you folks could help me with. I have > two 2502 routers and two token ring hubs. The hubs are "dumb hubs," they > have no network management capabilities. They don't even have external > power supplies. > > The problem is I am able to hook up my computers to the hubs, the token ring > cards will automatically attemt to insert themselves into the rings on the > hubs. The relays light up every 15 seconds, so I know that is working ok. > > My problem is, I am unable to configure the routers to insert themselves > into the ring. I have experience connecting hubs with network management > modules into routers with no problems, but I somehow can't find a way to > configure the routers to attach to these "dumb hubs." I know that I'm > missing something key here. I was thinking maybe the media filters I am > using are defective, but I can't be sure. > > I know this question may sound dumb, but I have nowhere else to turn. > > Thank you in advance for your help, > Joseph J. Slawinski > AT&T Global Networks > Network Technician > CCNP,CCNA,A+,Apple,HP,Canon Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33314&t=33304 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Limit access to serial link to four users [7:33306]
Is it H.323 media? Then you could set up a gatekeeper, and limit to 4 connections. Or, if you know the size of the bandwidth stream, you could create a PQ in LLQ that will only let enough bw for 4 users, then the rest wouldn't go through. ""Gaz"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all, > > I'm after some ideas if you'd be so kind :-) > > A 2Mb link being used mainly for streaming media has about 15 potential > users. The task is to limit the number of users at any one time to four, so > they have half a Mb each (ish). > > My initial idea, which I must admit, I dont think is such a good one is to > set up a NAT pool of four addresses, and drag the translation timeout down > to about a minute (yet to be tested), so that the first four users to pass > traffic will be translated and allowed through, but after that, they'll have > to wait. > > I'm off to look at something like TACACS to see if I can control network > authorization by number of users (shot in the dark). > > No equipment in place yet, so we have a clean drawing board. > > Anybody have any neat ideas please!! > > > Thanks, > > Gaz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33316&t=33306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Limit access to serial link to four users [7:33306]
If all of my responses get through this will be embarassing. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33318&t=33306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router problem inserting into token ring [7:33304]
Is the ring completed on the MAU, IE do you have a patch lead in the RI & RO to complete the ring? I had a similar issue using a MAU which had a similar description as yours, I sused it finally...used one patch lead in RI & RO...Bingo it all works. As Charlles said make sure there both either 4 or 16MB speed. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33320&t=33304 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco Works 2000 & Cisco Works for Windows [7:33321]
Hi Gang, Is there such a thing as an eval copy...I'd like to know what this thing looks like since I've heard/read so much about. Alos is there an eval copy for Cisco Works for Windows? All the best, Jon Mian Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33321&t=33321 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router problem inserting into token ring [7:33304]
I have checked the ring speed, its the same on the token ring cards and the router. The hub doesn't have a setting for ring speed though. Author: Charles Manafa (---.blueyonder.co.uk) Date: 01-26-02 17:26 Have you checked the ring speed? CM - Original Message - From: "Joseph Slawinski" To: Sent: Saturday, January 26, 2002 8:26 PM Subject: Router problem inserting into token ring [7:33304] > I am having a problem I know most of you folks could help me with. I have > two 2502 routers and two token ring hubs. The hubs are "dumb hubs," they > have no network management capabilities. They don't even have external > power supplies. > > The problem is I am able to hook up my computers to the hubs, the token ring > cards will automatically attemt to insert themselves into the rings on the > hubs. The relays light up every 15 seconds, so I know that is working ok. > > My problem is, I am unable to configure the routers to insert themselves > into the ring. I have experience connecting hubs with network management > modules into routers with no problems, but I somehow can't find a way to > configure the routers to attach to these "dumb hubs." I know that I'm > missing something key here. I was thinking maybe the media filters I am > using are defective, but I can't be sure. > > I know this question may sound dumb, but I have nowhere else to turn. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33322&t=33304 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router problem inserting into token ring [7:33304]
That would be my first guess, you can shut down a ring by mixing speeds on a MAU. Can 2 PC's see each other? On the rings that I've worked on, once a PC entered the ring the light stays on so I would question the 15 second blink. Also check the duplex settings. (sorry couldn't resist) - Original Message - From: "Charles Manafa" To: Sent: Saturday, January 26, 2002 5:26 PM Subject: Re: Router problem inserting into token ring [7:33304] > Have you checked the ring speed? > > CM > - Original Message - > From: "Joseph Slawinski" > To: > Sent: Saturday, January 26, 2002 8:26 PM > Subject: Router problem inserting into token ring [7:33304] > > > > I am having a problem I know most of you folks could help me with. I have > > two 2502 routers and two token ring hubs. The hubs are "dumb hubs," they > > have no network management capabilities. They don't even have external > > power supplies. > > > > The problem is I am able to hook up my computers to the hubs, the token > ring > > cards will automatically attemt to insert themselves into the rings on the > > hubs. The relays light up every 15 seconds, so I know that is working ok. > > > > My problem is, I am unable to configure the routers to insert themselves > > into the ring. I have experience connecting hubs with network management > > modules into routers with no problems, but I somehow can't find a way to > > configure the routers to attach to these "dumb hubs." I know that I'm > > missing something key here. I was thinking maybe the media filters I am > > using are defective, but I can't be sure. > > > > I know this question may sound dumb, but I have nowhere else to turn. > > > > Thank you in advance for your help, > > Joseph J. Slawinski > > AT&T Global Networks > > Network Technician > > CCNP,CCNA,A+,Apple,HP,Canon Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33324&t=33304 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco PIX firewall book [7:33216]
book seems to be pretty decent, but I have to admit, Ali is right. The manual that comes with a 515 is pretty good at getting right into what you need. Not very hard to read and has good examples. The Chapman book is a lot like the manual. bk sam sneed wrote: > Has anyone read the Cisco Secure PIX Firewalls by David W. Chapman Jr.? I > have no experience with PIX yet and need a good book to give me a > foundation. I don't trust the reviews on Amazon and feel I could get better > input from y'all. > > Thanks alot > > sam Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33325&t=33216 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router problem inserting into token ring [7:33304]
The MAU's speed cannot be changed, so I am guessing this is controlled between the token ring cards and the router, (they have to negotiate together). The 15 second blinking of the port light on the MAU is only when one PC is attached. I used this as an indicator to prove that the ports were working properly. When both PC's are connected to the MAU, the lights stay on because there is at least two devices that have created the ring. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33326&t=33304 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router problem inserting into token ring [7:33304]
Try the troubleshooting techniques from Cisco -> http://www.cisco.com/univercd/cc/td/doc/cisintwk/itg_v1/index.htm select Token-Ring and follow the instructions! If that doesn't give you any luck then turn on debug and check the status of the interface... Also if you have CCO then dump the TechReport from the 2503 -> https://www.cisco.com/cgi-bin/Support/OutputInterpreter/home.pl That will give you any field/bug fixes for your version of IOS... Hope this helps...infact the above could be used for practically any problem you have with Cisco hardware! :-/ At 18:21 26/01/2002 -0500, Joseph Slawinski wrote: >I have checked the ring speed, its the same on the token ring cards and the >router. The hub doesn't have a setting for ring speed though. > >Author: Charles Manafa (---.blueyonder.co.uk) >Date: 01-26-02 17:26 > >Have you checked the ring speed? > >CM >- Original Message - >From: "Joseph Slawinski" >To: >Sent: Saturday, January 26, 2002 8:26 PM >Subject: Router problem inserting into token ring [7:33304] > > > > I am having a problem I know most of you folks could help me with. I have > > two 2502 routers and two token ring hubs. The hubs are "dumb hubs," they > > have no network management capabilities. They don't even have external > > power supplies. > > > > The problem is I am able to hook up my computers to the hubs, the token >ring > > cards will automatically attemt to insert themselves into the rings on the > > hubs. The relays light up every 15 seconds, so I know that is working ok. > > > > My problem is, I am unable to configure the routers to insert themselves > > into the ring. I have experience connecting hubs with network management > > modules into routers with no problems, but I somehow can't find a way to > > configure the routers to attach to these "dumb hubs." I know that I'm > > missing something key here. I was thinking maybe the media filters I am > > using are defective, but I can't be sure. > > > > I know this question may sound dumb, but I have nowhere else to turn. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33327&t=33304 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Limit access to serial link to four users [7:33306]
I must admit I've not even touched on streaming media, H323, but apparently it's just RealPlayer 8.5 anyway. Your suggestions have led me to RSVP at the moment, so I have some reading to do. Thanks for idea's. Feel free to keep em coming. I'm off to get some reading done. Cheers, Gaz ""Steven A. Ridder"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Is it H.323 media? Then you could set up a gatekeeper, and limit to 4 > connections. Or, if you know the size of the bandwidth stream, you could > create a PQ in LLQ that will only let enough bw for 4 users, then the rest > wouldn't go through. > > > ""Gaz"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi all, > > > > I'm after some ideas if you'd be so kind :-) > > > > A 2Mb link being used mainly for streaming media has about 15 potential > > users. The task is to limit the number of users at any one time to four, > so > > they have half a Mb each (ish). > > > > My initial idea, which I must admit, I dont think is such a good one is to > > set up a NAT pool of four addresses, and drag the translation timeout down > > to about a minute (yet to be tested), so that the first four users to pass > > traffic will be translated and allowed through, but after that, they'll > have > > to wait. > > > > I'm off to look at something like TACACS to see if I can control network > > authorization by number of users (shot in the dark). > > > > No equipment in place yet, so we have a clean drawing board. > > > > Anybody have any neat ideas please!! > > > > > > Thanks, > > > > Gaz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33328&t=33306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router problem inserting into token ring [7:33304]
Are you running 4Mb or 16? Make sure all speeds are all the same. Are you plugging the routers into Ring-In or Ring-Out? (That's a no-no) You say the lights light up every 15 seconds. Does this mean they are only on for a few seconds? >>> "Joseph Slawinski" 01/26/02 02:26PM >>> I am having a problem I know most of you folks could help me with. I have two 2502 routers and two token ring hubs. The hubs are "dumb hubs," they have no network management capabilities. They don't even have external power supplies. The problem is I am able to hook up my computers to the hubs, the token ring cards will automatically attemt to insert themselves into the rings on the hubs. The relays light up every 15 seconds, so I know that is working ok. My problem is, I am unable to configure the routers to insert themselves into the ring. I have experience connecting hubs with network management modules into routers with no problems, but I somehow can't find a way to configure the routers to attach to these "dumb hubs." I know that I'm missing something key here. I was thinking maybe the media filters I am using are defective, but I can't be sure. I know this question may sound dumb, but I have nowhere else to turn. Thank you in advance for your help, Joseph J. Slawinski AT&T Global Networks Network Technician CCNP,CCNA,A+,Apple,HP,Canon Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33329&t=33304 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX % DNS Doctoring [7:33331]
Somebody knows how to do DNS doctoring on PIX I have the DNS on DMZ with static and the clients workstations are on inside interface. Dante This email has been scanned for all viruses by the MessageLabs service. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1&t=1 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
about the ping in pix ? [7:33333]
Is it true :"Traffic is ALWAYS allowed between from a higher security interface to a lower security interface without doing anything special?" If it is true,can I ping from the inside or dmz to outside without the configuring of the access-list icmp any any? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3&t=3 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
das [7:33334]
ada Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4&t=4 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Router problem inserting into token ring [7:33304]
It is possible that the MAUs are defective. Substitution is a good troubleshooting step. Do you know anyone who does have TR working? If so, substitute your MAU for theirs and see if it works for them. Try their MAU with your routers. > -Original Message- > From: Joseph Slawinski [mailto:[EMAIL PROTECTED]] > Sent: Saturday, January 26, 2002 2:27 PM > To: [EMAIL PROTECTED] > Subject: Router problem inserting into token ring [7:33304] > > > I am having a problem I know most of you folks could help me > with. I have > two 2502 routers and two token ring hubs. The hubs are "dumb > hubs," they > have no network management capabilities. They don't even > have external > power supplies. > > The problem is I am able to hook up my computers to the hubs, > the token ring > cards will automatically attemt to insert themselves into the > rings on the > hubs. The relays light up every 15 seconds, so I know that > is working ok. > > My problem is, I am unable to configure the routers to insert > themselves > into the ring. I have experience connecting hubs with > network management > modules into routers with no problems, but I somehow can't > find a way to > configure the routers to attach to these "dumb hubs." I know that I'm > missing something key here. I was thinking maybe the media > filters I am > using are defective, but I can't be sure. > > I know this question may sound dumb, but I have nowhere else to turn. > > Thank you in advance for your help, > Joseph J. Slawinski > AT&T Global Networks > Network Technician > CCNP,CCNA,A+,Apple,HP,Canon Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=5&t=33304 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Xmodem fails [7:33289]
Its possible on many platforms to tftp download from the rom monitor. If you have physical access and a laptop with ether, you are be back on the air pretty fast. Sounds like you talked with the TAC, and they should have told you if this was an option on your platform, but Jason Michael Smith wrote: > After booting, at the console we got the rommon#> 1 prompt, and error > messages that the image decompression had failed, invalid format, blah > blah blah. Everything had been working fine for a couple of months, then > this, just as this beast is to go into production. We tried to install > new IOS on this new, isolated, stand-alone router, via Xmodem, because > there was no other apparent way to do it. It failed, and Cisco said the > only other way was to replace the flash with a factory installed IOS, > which we will do. > > Anyone out there had similar problems (Xmodem failure)? We also do not > have an identical or similar router with PCMCIA cards. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6&t=33289 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco Works 2000 & Cisco Works for Windows [7:33321]
Going to get heck for this.. but here goes.. Ciscoworks has some cool features and maybe with a gadzillion routers it would help but if you have say 20 or so routers you do most of the Cisco works stuff with free and share ware. IF you have a CCO account you can get demo of some stuff or you can get the whole CW package and a pile of other stuff NFR for $450 US $ Oz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=7&t=33321 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Simple routing problem... [7:33262]
Nortel products unstable noo heh Kinda funny as shasta is a generic soda pop in the states and does make you burp a lot.. kinda fitting I guess Oz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=8&t=33262 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: about the ping in pix ? [7:33333]
No, though the PIX allow traffic from a higher security interface to a lower one, you cannot ping the dmz interface from the inside interface successfully because the echo-reply (response from the dmz interface) will be disallowed from entering the inside interface, so you will end up having time-outs. The only way to have a successful pinging is to implete the permit icmp any any command. The ping failed not becaused it did not get to the dmz interface, but because the PIX Adaptive Security Algorithm(ASA) disallow the response from coming back to you. The only way to go about it is to use the conduit or access-list command to create and exception for the ASA, so that it can allow the returned ping response. PIX#Conduit permit icmp any any 0.02 cents Regards. Oletu - Original Message - From: cage To: Sent: Saturday, January 26, 2002 5:08 PM Subject: about the ping in pix ? [7:3] > Is it true :"Traffic is ALWAYS allowed between from a higher security > interface to a lower security interface without doing anything special?" > If it is true,can I ping from the inside or dmz to outside without the > configuring of the access-list icmp any any? _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=9&t=3 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Routing Problem 2501's and 675 [7:33261]
Gaz, I tried to renumber my subnet to 10.0.1.0, 10.0.2.0 and 10.0.3.0 (mask 255.255.255.0) with those statements below and no luck. I received a suggestion to enable rfc1483 bridging. That did work, but then I lost my internet connection since I am in PPP mode for IP assignment. Any other suggestions would be very helpful. Thanks again. -Alan ""Gaz"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Dont know how the 675 reacts, but as you are using classless IP addressing > and subnet zero, it would be worth checking that you have: > > ip subnet-zero > ip classless > > Not sure on the 675 whether you would be stopped from entering the subnet > zero address if this were not configured, and not sure whether this is IOS > version dependant. > > Gaz > > > > ""Alan McEntee"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hello, > > > > I am having a routing problem and am hoping someone can point me in the > > right direction. Thanks in advance. > > > > Lab Setup: > > - I have a pair of 2501's (R1 and R2) hooked up via the serial ports. > > (10.0.1.1 and 10.0.1.2) > > - The eth0 port of R1 is connected to a switch with 5 PCs and a Cisco 675 > > DSL router (R1=10.0.0.100, PC1=10.0.0.13, 675=10.0.0.1) > > - The eth0 port of R2 connected to a hub and one PC. (R2=10.0.2.1 and > > PC2=10.0.2.2) > > > > Routing: > > I have setup static routes on R1, R2 and the 675 for all networks (see > > routing tables below) > > The 675 is the default gateway for the 10.0.0.0 network > > > > Problem: > > - From PC1 and R1 I can ping everything on the network (no problems) > > - From the PC2 and R2 I can ping everything except the 675 (10.0.0.1). > > - From 675 I can only ping 10.0.0.0 network. Cannot even ping serial > > interface on R1.(eth0=10.0.0.100, serial1=10.0.1.1) > > > > Questions: > > - The problem seems to lie in the way the 675 answers ping responses and > is > > there a setting that needs to be turned on to answer remote requests? > > - Could the problem be in the routes or default gateways? > > > > Thanks again > > > > -Alan > > -- > > Routing Tables: > > router1> > > Gateway of last resort is 10.0.0.1 to network 0.0.0.0 > > > > 10.0.0.0/24 is subnetted, 3 subnets > > S 10.0.2.0 [1/0] via 10.0.1.2 > > C 10.0.0.0 is directly connected, Ethernet0 > > C 10.0.1.0 is directly connected, Serial1 > > S* 0.0.0.0/0 [1/0] via 10.0.0.1 > > > > router2> > > Gateway of last resort is 10.0.1.1 to network 0.0.0.0 > > > > 10.0.0.0/24 is subnetted, 3 subnets > > C 10.0.2.0 is directly connected, Ethernet0 > > S 10.0.0.0 [1/0] via 10.0.1.1 > > C 10.0.1.0 is directly connected, Serial1 > > S* 0.0.0.0/0 [1/0] via 10.0.1.1 > > > > 675 Routing Table > > cbos>sh route > > [TARGET] [MASK] [GATEWAY] [M][P] [TYPE][IF] > > [AGE] > > 0.0.0.0 0.0.0.0 0.0.0.0 1 SA WAN0-0 > > 0 > > 10.0.0.0 255.255.255.00.0.0.0 1 LAETH0 > > 0 > > xxx.xxx.0.0 255.255.255.00.0.0.0 1 A WAN0-0 > > 0 > > 10.0.2.0 255.255.255.010.0.0.100 1 SAR ETH0 > > 0 > > 10.0.1.0 255.255.255.010.0.0.100 1 SAR ETH0 > > 0 > > > > WAN Interfaces... > > xxx.xxx.0.21 255.255.255.255 0.0.0.0 1 HA WAN0-0 > > 0 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33340&t=33261 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Works 2000 & Cisco Works for Windows [7:33321]
Oz, Could you elaborate on what packages you are talking about? I would like to try a few to see how they work. I only have a couple of routers to play with learning to use the the different tools helps me learn the technology :^) Thanks, -Joe- ""Ozzie Sutcliffe"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Going to get heck for this.. but here goes.. > Ciscoworks has some cool features and maybe with a gadzillion routers it > would help but if you have say 20 or so routers you do most of the Cisco > works stuff with free and share ware. > > IF you have a CCO account you can get demo of some stuff or you can get the > whole CW package and a pile of other stuff NFR for $450 US $ > > Oz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33341&t=33321 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX % DNS Doctoring [7:33331]
Hi, It really depends on what you want to do or implement for the DNS. The DNS guard on PIX is enabled by default and it cannot be disabled not configured. It help to prevent against DoS attacks by tearing down the UDP conduit on the PIX firewall as soon as the DNS response is received not waiting until thee the default UDO timer has expire which is 2 minutes( almost an eternity in the computer world). The other doctoring you can do on DNS is on CBAC (Context Based Access Control). Here you can alter the default DNS timeout which is 5 seconds by using: #IP inspect dns-timeout It simplyly specifies the length of time a DNS name lookup session will still be managed after no activity. In case you need further help, feel free to ask specific questions. Regards. Oletu - Original Message - From: Dante Martins To: Sent: Saturday, January 26, 2002 4:58 PM Subject: PIX % DNS Doctoring [7:1] > Somebody knows how to do DNS doctoring on PIX > I have the DNS on DMZ with static and the clients workstations are on > inside interface. > Dante > > > > This email has been scanned for all viruses by the MessageLabs service. _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33342&t=1 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Works 2000 & Cisco Works for Windows [7:33321]
It's on my to do list .. Which has a to do list of it's own.. I will be busy this weekend cabling up my lab and coaxing an old MGS back to life. And getting ready for a 2 week road trip . So maybe during the week if the beer is lousy in a bar I will put together a list of stuff.. So look next friday night and I will post it them.. Oz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33345&t=33321 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX % DNS Doctoring [7:33331]
Workstations should be in the highest security NIC & therefore should be able to connect to the DNS servers on a DMZ with no doctoring. In some cases people use an alias to translate the internal IP of the DNS server to the external for users inside the firewall trying to reach the DNS server. If that is your case, try looking up alias commands. Otherwise, it's all enabled outbound unless access-list commands are enabled from inside -> DMZ. - Original Message - From: "Godswill HO" To: Sent: Saturday, January 26, 2002 9:43 PM Subject: Re: PIX % DNS Doctoring [7:1] > Hi, > > It really depends on what you want to do or implement for the DNS. The DNS > guard on PIX is enabled by default and it cannot be disabled not configured. > It help to prevent against DoS attacks by tearing down the UDP conduit on > the PIX firewall as soon as the DNS response is received not waiting until > thee the default UDO timer has expire which is 2 minutes( almost an eternity > in the computer world). > > The other doctoring you can do on DNS is on CBAC (Context Based Access > Control). Here you can alter the default DNS timeout which is 5 seconds by > using: > > #IP inspect dns-timeout > > It simplyly specifies the length of time a DNS name lookup session will > still be managed after no activity. > > In case you need further help, feel free to ask specific questions. > > Regards. > Oletu > > - Original Message - > From: Dante Martins > To: > Sent: Saturday, January 26, 2002 4:58 PM > Subject: PIX % DNS Doctoring [7:1] > > > > Somebody knows how to do DNS doctoring on PIX > > I have the DNS on DMZ with static and the clients workstations are on > > inside interface. > > Dante > > > > > > > > This email has been scanned for all viruses by the MessageLabs service. > _ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33347&t=1 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Is CCIEprep on crack or what ? [7:32787]
On Jun 14, 2:36pm, "Tom Lisa" wrote: } } I've had that problem with my CCNA students. With a little effort it is } quite easy to } put a DB60 on upside down (even though I labled them "this side up"). The When it is upside down they can't see the "this side up" label, so you need to put a "this side down" label on the bottom. }-- End of excerpt from "Tom Lisa" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33348&t=32787 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Recovered Mail From 22 Jan 2002 [7:33349]
> From: "Darrell Newcomb" X-GroupStudy-Version: 3.1.1a X-GroupStudy: Network Technical To: [EMAIL PROTECTED] Subject: Re: Stupid Question [7:32591] Sender: [EMAIL PROTECTED] Reply-To: "Darrell Newcomb" Precedence: bulk With the key NT cheap shot being: It doesn't matter how coherent the file system is if the OS isn't executing code, but rather rebooting. 'least those crashes proves they wrote a reasonable filesystem. I really don't have anything against NT. Mainly since I'm not running it on any of my servers. :) Darrell Carroll Kong wrote: > > Reason being that NTFS is a journalled file system. Not sure on > NT 3.51's version of NTFS, but if you say so, probably true. (not meant to > be sarcastic, but sincere) > As for the SQL database, depending if it had good rollback > mechanisms to avoid corruption, it may or may not get corrupted, as you said. > As for the unix systems, most of them use UFS, which is not a > journalled file system. However, I do not know of many OSes or > distributions that let you add in a journalled fs. One that comes to mind > is linux with the reiserfs. (linux comes stock with ext2fs). (you can add > in journalled file systems afterwards, one commercial unix in mind that > comes stock and barrel with a journalled fs is the venerable Irix with it's > XFS). Go ahead, pull the plug on him, he won't care. No fsck on > startup. Just smooth rolling. > If you note the pattern here, it is a function of the file system > (or in the database's case, how it retains data and does integrity checks > and if it has rollback recovery to avoid data loss or undo bad transactions). > Not sure if I can give a definitive reason on why the cisco's do > not fear such things. Probably because it is not usually writing data very > often, and the data it writes is essentially a text file (NVRAM > configurations). The "OS" in itself is a static flash file that never > needs to be overwritten during normal runtime operation, only during > upgrades. This is totally different on a fully blown OS that has crazy > writes usually going on during operation. Or even if it did not, has a > good reason to double check for file integrity. The Cisco router was meant > to be more of an appliance like machine, so it's behavior makes sense, and > so does it's obvious resistance to the occasional power plug pull. > > At 06:42 PM 1/21/02 -0500, Mark Odette II wrote: > >H. > >Funny, last I checked, you could turn off in Mid-Boot process, Pull the plug > >in Mid-Shutdown process, or yank the power to the UPS (and no battery left) > >with all NT Machines running (NT3.51 - W2K), and the system would never miss > >a beat in start-up file system recovery. > > > >Now do that to NT servers with Oracle or some SQL-type application server > >running on it, and it may have data corruption- but that's only with the > >DB's ... and that happens, no matter WHAT the platform. > > > >Now, then again, try doing the above such listed tasks of brutality to a Sun > >Box, an SCO box, or an AT&T Unix box, and watch the games begin as "Inodes" > >fly everywhere and the file system checker starts griping about how unhappy > >it is and I wouldn't be surprised if an AIX or SGI box did the same. > >DB Server or not. > > > >Sorry... just gotta love those MickeySoft stabs that have no meaning other > >than for slander. > > > >-Original Message- > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > >Sent: Monday, January 21, 2002 12:42 PM > >To: [EMAIL PROTECTED] > >Subject: RE: Stupid Question [7:32591] > > > >Just turn them off or simply unplug them. > > > >Fortunately the IOS was not written by Microsoft and nothing will get > >corrupted!!! > > > >-Serge. > > > >Richard Tufaro wrote: > > > > > > What is the proper way to shutdown a router? not reload, but > > > shutdown? Just flick the switch? Seems to brutal to me. > > > > > > Richard Tufaro - MCSE - GSEC- CCNA > > > Network Engineer - Anda Inc. > > > [EMAIL PROTECTED] > > > MSN IM - [EMAIL PROTECTED] > -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33349&t=33349 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP ROUTING [7:33350]
Whats the best book for CCNP Routing exam ? RTING 640-503 looking to sit the exam and need a good study guide Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33350&t=33350 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
