Re: ISDN problems... [7:34324]
Stuart 180 seconds is normal, it depends if you have a minimum call charge from your telco. To see what causing the interface to dial use the debug dialer command: debug dialer [events | packets] - Displays DDR debugging information about the packets received on a dialer interface. Some more info' here http://www.cisco.com/warp/customer/793/access_dial/ddr_9347.html Regards Pat Laubstein, Stuart wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The dialer list command seems to be gone...I am going to add dialer-list 1 protocol ip permit This should work(at least to let everything threw). Or is there another way to do this which is more secure? I am also trying the debug command--they will not help this problem but have shown me another problem with the serial interfaces so thanks for that suggestion. Actually any suggestion on dialer-lists would alsom be welcome--ie what would it be a good idea and what kind of timeout is normal--I am using 50 seconds right now. stu -Urspr|ngliche Nachricht- Von: McCallum, Robert [mailto:[EMAIL PROTECTED]] Gesendet am: Monday, February 04, 2002 3:53 PM An: [EMAIL PROTECTED] Betreff: RE: ISDN problems... [7:34324] If the router is not seeing interesting traffic within your idle period then it should drop the line. What is in your dialer-list to define what is interesting traffic? -Original Message- From: Stuart Laubstein [mailto:[EMAIL PROTECTED]] Sent: 04 February 2002 14:20 To: [EMAIL PROTECTED] Subject: ISDN problems... [7:34324] I have a 3620 that has a problem with timing out. I have set the dialer idle-timoue to 180 seconds--the router will keep the interface open for 180 seconds and then drop it for 9 seconds. I set it to 55 seconds and it did the same timeout after 55 seconds--9 second drop. This only seems to happen when the remote router is a cisco router. I have tried debug isdn events--but can only see the interface coming back up. Any idea on things I can try would be much appreciated or on debug options that would narrow it for me... thanks stuart Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3t=34324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Where to place the loopback in an ospf environment [7:34445]
and if it doesn't tell you then DO NOT place the loopbacks into area 0 unless you find you may have to later on!!! Loopbacks as a general guide should never be placed into area 0 if it can be helped. -Original Message- From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] Sent: 05 February 2002 07:02 To: [EMAIL PROTECTED] Subject: Re: Where to place the loopback in an ospf environment [7:34441] when in the Lab, do as the folder ( and/or the proctor ) instructs :- Chuck wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi there, sorry for the posting on more. But I'm currently 4 weeks before the CCIE lab and I'm really confusedly about this. Some guys told me place it near the area 0 and other guys say it _dfepends_ Any guides for this ??? Mit freundlichen Gr|_en Udo Konstantin / koud , GS KA NEEF LAPPCOM GmbH Systemhaus f|r IT-Lvsungen Windeckstrasse 8 76135 Karlsruhe Tel: +49 721/8606-215 Mobil: +49 172/7271578 *215 Fax: +49 721/8606-264 E-Mail/Internet: [EMAIL PROTECTED] Notes: Udo Konstantin/Infra CS @SULZERINFRA Website: http://www.neef.de Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34445t=34445 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: logging the access on a router [7:34346]
Hello vincent is not exactly this form cause U have only the last login user viewing by sho run. I would like to se all user's connexions on the router. james at 00:05:35 Wed Nov 22 2000 steve at 00:07:05 Wed Nov 22 2000 Francis at 00:13:09 Wed Nov 22 2000 -Message d'origine- De : Vincent Miller [mailto:[EMAIL PROTECTED]] Envoyi : lundi 4 fivrier 2002 20:42 @ : [EMAIL PROTECTED] Objet : RE: logging the access on a router [7:34346] Importance : Faible Is this what you had in mind ? ! Last configuration change at 00:05:35 ECT Wed Nov 22 2000 ! NVRAM config last updated at 00:05:38 ECT Wed Nov 22 2000 ! version 12.0 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname xx ! logging buffered 4096 debugging the service timestamps will do the trick. you can create a local database of userids/passwords that can make changes, the userid will be included in the two lines at the top Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34446t=34346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Where to place the loopback in an ospf environ [7:34445]
Rob, Very interesting. I have my lab in 4 weeks too in Brussels. Is there anywhere on CCO that details anything to do with this and why loopbacks should not be used in Area0. ?Is this OSPF Specific or LAB specific? I'll try and think about this today and see if I can figure out why. Richard Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34447t=34445 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MAJOR OT: Free CCNPtraining for convicts [7:34039]
Errmmm... i wasn`t trying to start a flame war.and i appologise for introducing this to the list... MY BAD in responce to my own email... the point i was trying to get across..is this CISCOthere are other memebers of society who would benefit from this training just as much or even more so than convicts... i wish big companies would think abit more about what they do...and the feelings they will prevoke ... enough saidhey my friends !!!??? From: steve skinner Reply-To: steve skinner To: [EMAIL PROTECTED] Subject: MAJOR OT: Free CCNPtraining for convicts [7:34039] Date: Fri, 1 Feb 2002 07:46:41 -0500 guys, my boss has just told me that cisco are trailing a few prisons where they are offering free CCNP training to convicts man does that just bite the buscuit. i worked long and hard to pay for my exams.get some work experience and at my expence (bieng a tax payer)i am funding a convict to learn about cisco. i know about re-abilitation.but it is just a bit sick that i as an individual,could a) been robbed by this man ... my house is trashed and my insurence goes up (i pay ) b) funding him in prison to learn Cisco (i pay) c) comes out of prison and de-vaules a cert becuse he has no experience (i pay) does cisco want to have a useless cert system(except ofcourse the CCIE)because the more people who BLANTENTLY DONT have any experience witht these certs ...the less they mean... i`m sorry to rantbut sometimes i wish company`s would consider there future.. FACT (from Cisco) there will always be more jobs for NA/NP than IE`s 1)i get exams to be employable... 2)in order to get these exams i push the company`s kit .. i have recently installed some 4000`s over another companies kit,even thought the other kit is more than capable of doing the job..because i get a side benefit of learning about the equipment and increasing my CV value 3)if i am working at a company and i dont want a cisco cert because it is worthless..why would i push that companies products.. i would simply push another company`s products to get my certs in the there equipment ,to keep my employability 4) cisco dont sell as much equipment 5) certs become even more worthless.. 6) cisco sells even less equipment as no-one is trained anymore 7) cisco becomes Novell(my appologies to all novell staff)... a little for-thought is all that required... as my boss says... one of my main reson for buying kit is the amount of tech staff availible to install/fix the kit...if there`s no staff there no kit in a job market that is already depressed that last thing that is needed is a flood of Certified but unexperienced people on the market.. the it industry is like no other ,in that fact that we have to CONSTANTLY update our skills ...that takes time,money and personal sacrfisesomething i dont think cisco is at all concernd with... ahh welll. no chance of a [EMAIL PROTECTED] list starting any time soon...?? Sorry for the downer steve _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34448t=34039 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
4000 Series switch [7:34449]
First of all I would like to thank you who replied to my questions about VLans and how to set them up. Second. In the information I have been reading about VLans usually 2 classes of switches are referenced. The first being a lower model or switch 1900 series. The Vlan setup is mostly menu driven as I found out from my Cisco instructor in class yesterday. There were some problems we encountered when setting up a VLan on this type of switch. Third. Usually when ever I read about VLans and setting them up it uses a 5000 series switch as a reference, using the OSI command interface. Does the 4000 switch use the same setup or interface as the 5000? Does any one know ? Thank you very much, Steven M Aiello Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34449t=34449 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX activation key [7:34450]
I've just got a hold of a PIX 515UR and I want to upgrade to the lastest software, but when I do a show ver there is no activation key. Is this normal, or do I have to obtain one from somewhere? Dion Radford Mellon Site Services - Europe 71 Queen Victoria Street, London, EC4V 4DR +44 (0) 20 7653 2850 - Work +44 (0) 20 7653 2227 - Fax +44 (0) 794 092 8809 - Mobile Email: [EMAIL PROTECTED] * DISCLAIMER: The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained therein by any other person is not authorized. If you are not the intended recipient please notify us immediately by returning the e-mail to the originator. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34450t=34450 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX activation key [7:34450]
You need to get it from your supplier and enter it when you install your software, see below, this is an upgrade I did (I didn't install it this time though), you get prompted to install after you stick the image on the pix .. Received 2174976 bytes Cisco Secure PIX Firewall admin loader (3.0) #0: Tue Jul 3 21:50:29 PDT 2001 System Flash=E28F128J3 @ 0xfff0 BIOS Flash=e28f400b5t @ 0xd8000 Flash version 6.1.0.101, Install version 5.3.2 Installing to flash Serial Number: # Activation Key: 4 Do you want to enter a new activation key? [n] #Select no for this PIX - Original Message - From: Radford Dion Newsgroups: groupstudy.cisco Sent: Tuesday, February 05, 2002 11:28 AM Subject: PIX activation key [7:34450] I've just got a hold of a PIX 515UR and I want to upgrade to the lastest software, but when I do a show ver there is no activation key. Is this normal, or do I have to obtain one from somewhere? Dion Radford Mellon Site Services - Europe 71 Queen Victoria Street, London, EC4V 4DR +44 (0) 20 7653 2850 - Work +44 (0) 20 7653 2227 - Fax +44 (0) 794 092 8809 - Mobile Email: [EMAIL PROTECTED] * DISCLAIMER: The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained therein by any other person is not authorized. If you are not the intended recipient please notify us immediately by returning the e-mail to the originator. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34451t=34450 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Traffic type monitoring [7:34382]
On Mon, 4 Feb 2002, Sam Deckert wrote: by monitoring, i mean by protocol and possibly port..sorry, should have been more specific. Hi Sam (hooray for more Australians :)), Netflow sounds like what you're after. On the ingres interface you want to monitor, add 'ip route-cache flow'. Now you can 'show ip cache flow' to show how NetFlow is switching traffic - very handy for tracking DoS attacks - on one of our 7206VXRs, I can 'show ip cache flow' and hold down the space bar - if I see any address standing out, its generally because of a DoS. Example: (IP addresses changed to protect the... errr, not so innocent). SrcIf SrcIPaddressDstIf DstIPaddressPr SrcP DstP Pkts AT3/0.501 209.132.1.27Fa0/0.1 10.1.1.211 0035 0999 1 AT3/0.501 24.30.201.3 Fa0/0.1 192.168.1.1 11 0035 0819 12 AT3/0.501 209.71.218.87 Fa0/0.1 172.16.5.5 06 0050 040D 4 AT3/0.501 64.154.61.232 Fa0/0.1 10.11.10.1 06 1A0C 0440 1 AT3/0.501 66.61.73.34 Fa0/0.1 192.168.10.11 06 04BE 0454 10 All pretty obvious, save Pr (its protocol - 11 is UDP, 06 is TCP, see http://www.iana.org/assignments/protocol-numbers). SrcP and DstP are in hex, so 0035 really means 53, or DNS. Note that we've applied the 'ip route-cache flow' command to ATM3/0.501, but not FastEthernet0/0.1 - we're only seeing incoming traffic. If you want to monitor it both ways, add the command to both directions of interface (ie, Ethernet0 and Serial0 or whatever). The next thing is getting the information off the router. Do a search on freshmeat for cflowd, and look at the 'ip flow export x.x.x.x ' command. This is used to send Netflow accounting records to a remote host via UDP. To make it pretty, have a look at Cricket. I know very little about this, but have seen it produce really pretty graphs based on protocol, port, etcetera. Again, do a search on freshmeat (www.freshmeat.net). Rgds, - I. -- Ian Henderson CCNA, CCNP Network Engineer, iiNet Limited Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34452t=34382 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX activation key [7:34450]
Well, I've seen an R version and a U version but never a UR version. I have always been under the assumption that they were mutually exclusive. As for the lack of an activation key, that is odd. What is the current version of the OS? Have you tried to run an upgrade? When you apply for a feature license, such as the free 56-bit (DES) encryption feature, you will be given a new activation key generated via the serial number. I would apply for the 56-bit key and then do an upgrade to the latest code (6.1.1), which will prompt you for a new key if needed. Rik -Original Message- From: Radford Dion [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 5:28 AM To: [EMAIL PROTECTED] Subject: PIX activation key [7:34450] I've just got a hold of a PIX 515UR and I want to upgrade to the lastest software, but when I do a show ver there is no activation key. Is this normal, or do I have to obtain one from somewhere? Dion Radford Mellon Site Services - Europe 71 Queen Victoria Street, London, EC4V 4DR +44 (0) 20 7653 2850 - Work +44 (0) 20 7653 2227 - Fax +44 (0) 794 092 8809 - Mobile Email: [EMAIL PROTECTED] * DISCLAIMER: The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained therein by any other person is not authorized. If you are not the intended recipient please notify us immediately by returning the e-mail to the originator. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34453t=34450 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 4000 Series switch [7:34449]
The 4000 uses a very similar CLI to the 5000. The 4000 series is much newer so some of the features are different plus the 5000 was considered a core switch and the 4000 a closet switch. However, the 4000 is coming out of the closet and some cool new features are being released such as Layer 3 switching, making it something of a baby core switch. ;-} Rik -Original Message- From: Nisus [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 5:22 AM To: [EMAIL PROTECTED] Subject: 4000 Series switch [7:34449] First of all I would like to thank you who replied to my questions about VLans and how to set them up. Second. In the information I have been reading about VLans usually 2 classes of switches are referenced. The first being a lower model or switch 1900 series. The Vlan setup is mostly menu driven as I found out from my Cisco instructor in class yesterday. There were some problems we encountered when setting up a VLan on this type of switch. Third. Usually when ever I read about VLans and setting them up it uses a 5000 series switch as a reference, using the OSI command interface. Does the 4000 switch use the same setup or interface as the 5000? Does any one know ? Thank you very much, Steven M Aiello Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34454t=34449 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX activation key [7:34450]
If you're not changing the features, then you won't need to put a new activation key in. If you are changing the features then you will have a new activation key, so you don't need the existing one. I used to cut and paste the activation key all the time just in case but never used it. I seem to remember some images not showing the activation key in show ver. I don't think I ever found it. I just took what I thought was a risk at the time. The free DES image is a bit of a mystery to me at the moment. Used it a few times to allow PDM, but not sure why Cisco do it. Who knows - you could maybe even upgrade a Failover Pix using the DES image :-) Gaz Radford Dion wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've just got a hold of a PIX 515UR and I want to upgrade to the lastest software, but when I do a show ver there is no activation key. Is this normal, or do I have to obtain one from somewhere? Dion Radford Mellon Site Services - Europe 71 Queen Victoria Street, London, EC4V 4DR +44 (0) 20 7653 2850 - Work +44 (0) 20 7653 2227 - Fax +44 (0) 794 092 8809 - Mobile Email: [EMAIL PROTECTED] * DISCLAIMER: The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained therein by any other person is not authorized. If you are not the intended recipient please notify us immediately by returning the e-mail to the originator. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34455t=34450 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Long....RE: CCIE starting pay [7:33899]
If I may ask, why exactly is it a good thing that people can pass the lab with just books, lab gear, and groupstudy, without ever having touched a production network in his life? This kind of thing is precisely the enabler of all these lab-rat CCIE's that are starting to seriously water down the prestige of the program. Keyur Shah wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... To add onto it...experience helps you support such networks and high profile web sites and enterprise networks in real time, where downtime is counted in minutes and sometimes in seconds. It is impossible to do clear ip bgp * and get your bgp routes which one may do all the time while preparing in a home lab. In my personal opinion, today it is possible to pass ccie lab by simply studying in home lab with all the help from books, lab workbooks, bootcamps, home lab and group studies out there, which is very good thing. I am sure, it was not the case in 1998 when Paul B. (taking him as a example only) passed his test. I think cisco should remove some of the old technologies from the lab and add some of these cool real world scenarios to a reasobale extent that John mentioned below. May be have candidates log to syslog and ask them that they can not type clear ip bgp more than twice in the whole lab. That will make candidates think from real world angle. That is just an example, many such things come to mind. Impressive article John, you described ccie's day in real world very well. -Keyur Shah- CCIE# 4799 (Security; Routing and Switching) css1,scsa,scna,mct,mcse,cni,mcne Hello Computers Say Hello to Your Future! http://www.hellocomputers.com Toll-Free: 1.877.794.3556 Now offering CCIE Security Lab Workbook and remote bootcamp, http://www.hellocomputers.com/hellosuccess.html; -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Monday, February 04, 2002 10:25 AM To: [EMAIL PROTECTED] Subject: LongRE: CCIE starting pay [7:33899] After receiving an email from Joe, I would agree that he sounds like a very intelligent person with tremendous initiative. I'd like to differentiate between lab experience and OTJ experience. Learning to configure OSPF, EIGRP, and BGP at home is one thing. Going to a customer site who has 200 nodes, half of which were acquired from another company and are running OSPF while half are running EIGRP and all areas need to be able to communicate with each other and also have multiple redundant and area-diverse connections to different internet providers using BGP...that is experience. :-) Then, after a decision has been made to use a single IGP, make a choice between EIGRP and OSPF, or even IS-IS. Justify your reasoning and then determine a migration plan that minimizes customer downtime and guarantees that all areas have internet access at all times even if their local provider goes down. Help the customer to coordinate with ARIN and service providers to get the necessary address space and an assigned autonomous system number. When a given area has multiple connections to the same ISP, attempt to influence routing in the ISP so that it takes the closest entrance into your network for that user. Attempt to influence routing within each ISP so that you increase the chances that optimal routing will occur. Make certain that you only advertise the necessary prefixes while filtering all others. Configure routing within each area to take the closet exit possible, within reason. Provision and order the necessary circuits after getting quotes from several providers. Make a determination when and if point to point links could/should be used and where frame relay or ATM would be most suitable. Make sure that you have plenty of room for growth and enough bandwidth to support video conferencing over IP for certain sections of this network. Determine which type of traffic shaping, queueing, and/or rate limiting might be necessary and where it would be most useful. Upgrade routers and switches as necessary, making sure that you won't run into processor limitations during high traffic loads and you have enough WIC and NM slots available to support the connections you require. Make sure you select an IOS that supports those modules and software features you'll needwhile minimizing the number of bugs that might affect you. Determine a backup plan for each area and include ISDN backup links, making sure the backup links can pass both IP, IPX, and some DLSw+ but do not pass streaming video and other non-essential traffic. Create a network infrastructure disaster recovery plan for each area and document your procedures. And that's just the tip of the iceberg, and *that's* what I mean by experience. Certainly, your experience doesn't need to be this comprehensive and detailed, I'm simply exaggerating to make a point. There is a *huge* difference between learning to configure this
RE: PIX activation key [7:34450]
Thanks everyone for the replies. I upgraded it without any problems, and a new activation key was generated automatically. I just thought it was strange that it didn't have a key straight out of the box. -Original Message- From: Gaz [SMTP:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 1:28 PM To: [EMAIL PROTECTED] Subject: Re: PIX activation key [7:34450] If you're not changing the features, then you won't need to put a new activation key in. If you are changing the features then you will have a new activation key, so you don't need the existing one. I used to cut and paste the activation key all the time just in case but never used it. I seem to remember some images not showing the activation key in show ver. I don't think I ever found it. I just took what I thought was a risk at the time. The free DES image is a bit of a mystery to me at the moment. Used it a few times to allow PDM, but not sure why Cisco do it. Who knows - you could maybe even upgrade a Failover Pix using the DES image :-) Gaz Radford Dion wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've just got a hold of a PIX 515UR and I want to upgrade to the lastest software, but when I do a show ver there is no activation key. Is this normal, or do I have to obtain one from somewhere? Dion Radford Mellon Site Services - Europe 71 Queen Victoria Street, London, EC4V 4DR +44 (0) 20 7653 2850 - Work +44 (0) 20 7653 2227 - Fax +44 (0) 794 092 8809 - Mobile Email: [EMAIL PROTECTED] * DISCLAIMER: The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained therein by any other person is not authorized. If you are not the intended recipient please notify us immediately by returning the e-mail to the originator. * DISCLAIMER: The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained therein by any other person is not authorized. If you are not the intended recipient please notify us immediately by returning the e-mail to the originator. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34456t=34450 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX activation key [7:34450]
Dion, On the PIX 515 that we have, the activation key is listed directly under the serial number of the sh ver (the very last line). Perhaps you are running really old PIX code??? In the past I have successfully obtained the correct serial number by applying for the IPSec upgrade license for the PIX. You need the PIX serial number, but not the activation key. They will e-mail you a new activation key that works for the desired software version and will also have IPSec enabled (not 3DES though). - Tom In article , Radford Dion wrote: I've just got a hold of a PIX 515UR and I want to upgrade to the lastest software, but when I do a show ver there is no activation key. Is this normal, or do I have to obtain one from somewhere? Dion Radford Mellon Site Services - Europe 71 Queen Victoria Street, London, EC4V 4DR +44 (0) 20 7653 2850 - Work +44 (0) 20 7653 2227 - Fax +44 (0) 794 092 8809 - Mobile Email: [EMAIL PROTECTED] * DISCLAIMER: The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained therein by any other person is not authorized. If you are not the intended recipient please notify us immediately by returning the e-mail to the originator. misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34457t=34450 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF DR problem [7:34379]
Hello intervals are link specific. I'm not sure why varying hello timers on different links would be relevant. At 06:23 PM 2/4/2002 -0500, Walter Rogowski wrote: If you debug ospf adjacencies you might see complaints re mismatched hello intervals. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Baker, Jason Sent: 04 February 2002 22:51 To: [EMAIL PROTECTED] Subject: RE: OSPF DR problem [7:34379] hmmm in ospf NBMA network i thought when you specified point to point there was no DR, BDR election. so maybe playing with the priorities may have caused problems -Original Message- From: Kane, Christopher A. [SMTP:[EMAIL PROTECTED]] Sent: Tuesday, 5 February 2002 9:36 am To: [EMAIL PROTECTED] Subject: RE: OSPF DR problem [7:34379] Priscilla, Now that you have R1 as the DR, it's his responsibility to announce that network out to everyone else. Is R1 sending out LSAs (Network LSA, type 2) to wherever it is that you are trying to see that network? (Is it R3's routing table that you can't see the Ethernet segment of R1 and R2?) Does the network show up in the OSPF database but not the routing table? Or just the routing table? Chris -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Monday, February 04, 2002 4:31 PM To: [EMAIL PROTECTED] Subject: OSPF DR problem [7:34379] Hi Group Study, Playing with IP OSPF priority to influence which router became the Designated Router (DR) caused routing problems for me in a recent bout with a lab exercise. Can anyone help me understand if I did something wrong? I have 2 routers on an Ethernet LAN. Both of them also have WAN connections to remote sites. R1 has a Frame Relay link to the corporate cloud via its S0 port. S0 is configured as ip ospf network point-to-point. R2 has an ISDN link to yet another router, R3. This link is configured as an OSPF point-to-point demand circuit. R1 and R2 are connected via an Ethernet switch. My goal was to make sure R1 became the DR on Ethernet. Both routers have loopbacks, but R2's is higher, so to make sure R2 did not become the DR, I configured it with: ip ospf priority 0 R1 then did indeed become the DR on the Ethernet LAN because it was using the default priority 1. Now, finally to the question.. On the other side of the ISDN and across the Frame Relay cloud, I couldn't see the Ethernet LAN in the routing table. Routers formed adjacencies correctly and could reach most networks, but not that darn Ethernet LAN. R1 and R2 on the Ethernet LAN formed an adjacency and could see the rest of the internetwork. Could I have broken something by playing with the priority?? Thanks for your help. Priscilla Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34458t=34379 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF DR problem [7:34379]
This is why I didn't make too big of a deal about the two instances of area one. I know a discontiguous area 0 is bad, but I seemed to recall that it doesn't matter if there are multiple instances of other areas. I wasn't sure of that, though, it was just in the back of my mind. It will be interesting to see how this turns out. John Chuck Larrieu 2/5/02 12:07:24 AM Two comments: 1) so long as there is an area 0, and all other areas connect to it, those other areas can all be area 1 ( or any other arbitrary number ) and there will be no reachability problems. This assumes no overlapping subnets. Other than making summarization a bear, there is nothing wrong with doing it this way. Bad practice and bad design, but not bad behaviour. 2) I'm interested in your rationale as to why a discontiguous area 1 would in and of itself cause a problem with routers in either of the discontiguous areas such that they cannot see area 0 routes. I can't think of one myself, which may or may not mean anything. Chuck Dusty Harper wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Maybe Discontiguous is the wrong word for it.The problem I see with this design is that there is basically 2 Area 1s. The point -to- point connections would be fine, however in order for the Areas to function properly they need to know of each other ( all of Area 1 as a whole needs to know of the other) This is done via LSA Types 1 and 2. I know the reasoning for the Area 2, however I still stand behind the notion that if you were to change the Frame-Relay Area to 3 your problem would be solved You might also get around this by changing from point to point to a non-broadcast environment and specify all of your neighbors Router IDs' : R1 (S0) R2(BRI0) R9(S0) and R8(BRI0) on each of the routers. -Original Message- From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] Sent: Mon 2/4/2002 8:33 PM To: [EMAIL PROTECTED] Cc: Subject: Re: OSPF DR problem [7:34379] Cil, I drew this one out a little differently just to put a fresh perspective on it. Without seeing the requirements of the particular practice lab you are using, it's hard to say why you were seeing or not seeing what you did. area 0 -- || R1R2 || frame relay area 1 ISDN area 1 || R9R8 || -- - area 2 The discontiguous area 1's are irrelevant unless there is overlapping addressing. The area 2 is placed the way it is in order to force the creation of a virtual link - common in practice labs and study materials, as all us CCIE candidates know full well ;- I am inferring from other comments in other posts that you needed to use the IP ospf priority command on the R2 ethernet because the requirement is that R1 is the DR in area 0. So, given what I see ( not knowing the particulars of your addressing and various other things, there is no good reason why R9 and R8 should not see the ethernet network that is area 0. Along the trail of broken things, I have sometimes run across bizarre issues which are solved only by reloading routers. My humble pod of 2501's running enterprise 12.1.11 code sometimes have bizarre problems. I have a theory that these bloatware images just barely operate within the confined spaces of 16 megs of DRAM and sometimes you have to clear it out. I have had bizarre things happen when configuring and unconfiguring various routing protocols and features. Sometimes, admittedly, mistakes happen when you are tired, and you can't see straight to correct errors you have made. But other times, reloads have made magic happen. I am at the point where I am thinking about backloading to an IOS build that takes less space, just to see if the occasional weirdness disappears. Again, based upon what I have seen throughout this thread, and given that your areas and other configurations are correct, I see no reason why the area 0 network should not be visible from R9 and R8. Chuck PS as has been discussed here and elsewhere many a time, good practice and good design have little in common with the CCIE Lab ;- PPS which practice lab are you looking at? I have NLI, IPExpert, and SolutionLabs at my disposal. Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Remember, I think from a design point of view. I say for some reason there's an Area 2 because I think it's a bad design not because I was surprised to see it there in the show output. ;-) But thanks for replying, because it made me question my expectations.
info on blocking aol im [7:34459]
Looking to block aol im with pix and 2600s router. Seems to use multiple ports, etc Any advice on blocking this?... Matthew J. Walls Sr. Systems Engineer, Systems Development [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34459t=34459 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Interface errors [7:34461]
Hi, what could cause this errors? Serial0/0 is up, line protocol is up Hardware is DSCC4 Serial Internet address is 10.172.1.2/30 MTU 1500 bytes, BW 2048 Kbit, DLY 2 usec, reliability 255/255, txload 1/255, rxload 3/255 Encapsulation PPP, loopback not set Keepalive set (10 sec) LCP Open Listen: CDPCP Open: IPCP Last input 00:00:00, output 00:00:00, output hang never Last clearing of show interface counters 2w4d Input queue: 0/75/337 (size/max/drops); Total output drops: 21 Queueing strategy: weighted fair Output queue: 0/1000/64/21 (size/max total/threshold/drops) Conversations 0/60/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 29000 bits/sec, 8 packets/sec 5 minute output rate 12000 bits/sec, 9 packets/sec 13153011 packets input, 1756696209 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 4066 throttles 3230 input errors, 222 CRC, 3008 frame, 0 overrun, 0 ignored, 0 abort 12955327 packets output, 2923854785 bytes, 0 underruns 0 output errors, 0 collisions, 160 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up Thanks Joaquim Lopes Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34461t=34461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Interface errors [7:34461]
Mt first guess is a timing issue with CO or dirty line. Joaquim Lopes wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, what could cause this errors? Serial0/0 is up, line protocol is up Hardware is DSCC4 Serial Internet address is 10.172.1.2/30 MTU 1500 bytes, BW 2048 Kbit, DLY 2 usec, reliability 255/255, txload 1/255, rxload 3/255 Encapsulation PPP, loopback not set Keepalive set (10 sec) LCP Open Listen: CDPCP Open: IPCP Last input 00:00:00, output 00:00:00, output hang never Last clearing of show interface counters 2w4d Input queue: 0/75/337 (size/max/drops); Total output drops: 21 Queueing strategy: weighted fair Output queue: 0/1000/64/21 (size/max total/threshold/drops) Conversations 0/60/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 29000 bits/sec, 8 packets/sec 5 minute output rate 12000 bits/sec, 9 packets/sec 13153011 packets input, 1756696209 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 4066 throttles 3230 input errors, 222 CRC, 3008 frame, 0 overrun, 0 ignored, 0 abort 12955327 packets output, 2923854785 bytes, 0 underruns 0 output errors, 0 collisions, 160 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up Thanks Joaquim Lopes Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34462t=34461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 4000 Series switch [7:34449]
for the most part, cat os based switches are the same and ios based switches are the same...every once in a while you catch something different..but to answer you, the 4000 series and 5000 series are the same. -Patrick Nisus 02/05/02 05:21AM First of all I would like to thank you who replied to my questions about VLans and how to set them up. Second. In the information I have been reading about VLans usually 2 classes of switches are referenced. The first being a lower model or switch 1900 series. The Vlan setup is mostly menu driven as I found out from my Cisco instructor in class yesterday. There were some problems we encountered when setting up a VLan on this type of switch. Third. Usually when ever I read about VLans and setting them up it uses a 5000 series switch as a reference, using the OSI command interface. Does the 4000 switch use the same setup or interface as the 5000? Does any one know ? Thank you very much, Steven M Aiello Confidentiality Disclaimer This email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. (WellStar) and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34463t=34449 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MPLS MTU on 29XX/35XX-XL? [7:34464]
hi all, anyone know whether MPLS-size MTUs are supported on the 29XX/35XX-XL switches? and if so, from what IOS revision? thnx -andy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34464t=34464 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Milwaukee-area Cisco Users Group [7:34465]
The February 6 Milwaukee-area Cisco Users Group meeting has had a change of location to accommodate more attendees. The new location is Marquette University Cudahy Hall 1313 W. Wisconsin Ave. Room 401. The time is still 5 - 7pm. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34465t=34465 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Interface errors [7:34461]
Joaquim, I had a similar problem with CRC and Frame alignment errors that turned out to be a bad CSD/DSU. It looks like you might be experiencing this as well, especially given the number of interface resets. - Tom In article , Joaquim Lopes wrote: Hi, what could cause this errors? Serial0/0 is up, line protocol is up Hardware is DSCC4 Serial Internet address is 10.172.1.2/30 MTU 1500 bytes, BW 2048 Kbit, DLY 2 usec, reliability 255/255, txload 1/255, rxload 3/255 Encapsulation PPP, loopback not set Keepalive set (10 sec) LCP Open Listen: CDPCP Open: IPCP Last input 00:00:00, output 00:00:00, output hang never Last clearing of show interface counters 2w4d Input queue: 0/75/337 (size/max/drops); Total output drops: 21 Queueing strategy: weighted fair Output queue: 0/1000/64/21 (size/max total/threshold/drops) Conversations 0/60/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 29000 bits/sec, 8 packets/sec 5 minute output rate 12000 bits/sec, 9 packets/sec 13153011 packets input, 1756696209 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 4066 throttles 3230 input errors, 222 CRC, 3008 frame, 0 overrun, 0 ignored, 0 abort 12955327 packets output, 2923854785 bytes, 0 underruns 0 output errors, 0 collisions, 160 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up Thanks Joaquim Lopes misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34466t=34461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: info on blocking aol im [7:34459]
You need to block access to the login server IP's. If I remember it is login.oscar.aol.com. Just nslookup the ips associated and block them ( I do it via a route to null0) Same process with Yahoo IM, although you have to block about a million address's it seems like. Both services change IP's regularly and you will need to periodically check to see if new address's are brought on line. Be aware that the process of blocking YIM will sometimes break access to yahoo e-mail servers that are in the same range as the login servers. Also, Be sure to find the Java script client IP address of AOL and block it as well. I didn't know that it existed until I walked by someone's desk and they were just a chatting away. Man was I PO'd bout that one. It is not an easy process to block and keep them blocked. Both services are evolving and finding new ways around firewalls so you have to stay vigilant until you can get those that be to press down and say its not authorized and those using it will be disciplined. Larry -Original Message- From: Walls Matthew [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 10:13 AM To: [EMAIL PROTECTED] Subject: info on blocking aol im [7:34459] Looking to block aol im with pix and 2600s router. Seems to use multiple ports, etc Any advice on blocking this?... Matthew J. Walls Sr. Systems Engineer, Systems Development [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34467t=34459 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Interface errors [7:34461]
Make sure the dulplex is set correctly, full/half etc. -Original Message- From: Tom Martin [SMTP:[EMAIL PROTECTED]] Sent: 05 February 2002 15:58 To: Subject: Re: Interface errors [7:34461] Joaquim, I had a similar problem with CRC and Frame alignment errors that turned out to be a bad CSD/DSU. It looks like you might be experiencing this as well, especially given the number of interface resets. - Tom In article , Joaquim Lopes wrote: Hi, what could cause this errors? Serial0/0 is up, line protocol is up Hardware is DSCC4 Serial Internet address is 10.172.1.2/30 MTU 1500 bytes, BW 2048 Kbit, DLY 2 usec, reliability 255/255, txload 1/255, rxload 3/255 Encapsulation PPP, loopback not set Keepalive set (10 sec) LCP Open Listen: CDPCP Open: IPCP Last input 00:00:00, output 00:00:00, output hang never Last clearing of show interface counters 2w4d Input queue: 0/75/337 (size/max/drops); Total output drops: 21 Queueing strategy: weighted fair Output queue: 0/1000/64/21 (size/max total/threshold/drops) Conversations 0/60/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 29000 bits/sec, 8 packets/sec 5 minute output rate 12000 bits/sec, 9 packets/sec 13153011 packets input, 1756696209 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 4066 throttles 3230 input errors, 222 CRC, 3008 frame, 0 overrun, 0 ignored, 0 abort 12955327 packets output, 2923854785 bytes, 0 underruns 0 output errors, 0 collisions, 160 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up Thanks Joaquim Lopes misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34468t=34461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Interface errors [7:34461]
This is the Cisco definitive link on errors you see when doing a show interface serial x command. I have referenced it many times working with PacBell. http://www.cisco.com/warp/public/112/chapter15.htm Good luck! James Casey, Paul (6822) wrote: Make sure the dulplex is set correctly, full/half etc. -Original Message- From: Tom Martin [SMTP:[EMAIL PROTECTED]] Sent: 05 February 2002 15:58 To: Subject:Re: Interface errors [7:34461] Joaquim, I had a similar problem with CRC and Frame alignment errors that turned out to be a bad CSD/DSU. It looks like you might be experiencing this as well, especially given the number of interface resets. - Tom In article , Joaquim Lopes wrote: Hi, what could cause this errors? Serial0/0 is up, line protocol is up Hardware is DSCC4 Serial Internet address is 10.172.1.2/30 MTU 1500 bytes, BW 2048 Kbit, DLY 2 usec, reliability 255/255, txload 1/255, rxload 3/255 Encapsulation PPP, loopback not set Keepalive set (10 sec) LCP Open Listen: CDPCP Open: IPCP Last input 00:00:00, output 00:00:00, output hang never Last clearing of show interface counters 2w4d Input queue: 0/75/337 (size/max/drops); Total output drops: 21 Queueing strategy: weighted fair Output queue: 0/1000/64/21 (size/max total/threshold/drops) Conversations 0/60/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 29000 bits/sec, 8 packets/sec 5 minute output rate 12000 bits/sec, 9 packets/sec 13153011 packets input, 1756696209 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 4066 throttles 3230 input errors, 222 CRC, 3008 frame, 0 overrun, 0 ignored, 0 abort 12955327 packets output, 2923854785 bytes, 0 underruns 0 output errors, 0 collisions, 160 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up Thanks Joaquim Lopes misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34470t=34461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VLan accesability [7:34471]
First of all thanks again to you who have been replying to my questions. You all rock !!! Ok if you have an uplink port from a 4000 series switch to a 2610 router going out to a T1 included in a VLan along with port 27 (used for example). Will ports not in this VLan be able to get out to the router? If not is there any way I can include this uplink port in 2 VLans and not give access to port 27? or ? Should I segment port 27 on its own with out the uplink port, and if so will port 27 still be able to get out to the router? Any one know? Thanks you guys (and ladies) are great, Steven M Aiello Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34471t=34471 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: info on blocking aol im [7:34459]
or you can script the replacement od such services with an executable that reads The application is not allowed assuming you are scrupting logins that is This can be done in NT or novell... -Patrick Roberts, Larry 02/05/02 11:10AM You need to block access to the login server IP's. If I remember it is login.oscar.aol.com. Just nslookup the ips associated and block them ( I do it via a route to null0) Same process with Yahoo IM, although you have to block about a million address's it seems like. Both services change IP's regularly and you will need to periodically check to see if new address's are brought on line. Be aware that the process of blocking YIM will sometimes break access to yahoo e-mail servers that are in the same range as the login servers. Also, Be sure to find the Java script client IP address of AOL and block it as well. I didn't know that it existed until I walked by someone's desk and they were just a chatting away. Man was I PO'd bout that one. It is not an easy process to block and keep them blocked. Both services are evolving and finding new ways around firewalls so you have to stay vigilant until you can get those that be to press down and say its not authorized and those using it will be disciplined. Larry -Original Message- From: Walls Matthew [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 10:13 AM To: [EMAIL PROTECTED] Subject: info on blocking aol im [7:34459] Looking to block aol im with pix and 2600s router. Seems to use multiple ports, etc Any advice on blocking this?... Matthew J. Walls Sr. Systems Engineer, Systems Development [EMAIL PROTECTED] Confidentiality Disclaimer This email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. (WellStar) and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34472t=34459 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Long....RE: CCIE starting pay [7:33899]
I did not mean to say without touching production network. -keyur shah- -Original Message- From: nrf [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 5:27 AM To: [EMAIL PROTECTED] Subject: Re: LongRE: CCIE starting pay [7:33899] If I may ask, why exactly is it a good thing that people can pass the lab with just books, lab gear, and groupstudy, without ever having touched a production network in his life? This kind of thing is precisely the enabler of all these lab-rat CCIE's that are starting to seriously water down the prestige of the program. Keyur Shah wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... To add onto it...experience helps you support such networks and high profile web sites and enterprise networks in real time, where downtime is counted in minutes and sometimes in seconds. It is impossible to do clear ip bgp * and get your bgp routes which one may do all the time while preparing in a home lab. In my personal opinion, today it is possible to pass ccie lab by simply studying in home lab with all the help from books, lab workbooks, bootcamps, home lab and group studies out there, which is very good thing. I am sure, it was not the case in 1998 when Paul B. (taking him as a example only) passed his test. I think cisco should remove some of the old technologies from the lab and add some of these cool real world scenarios to a reasobale extent that John mentioned below. May be have candidates log to syslog and ask them that they can not type clear ip bgp more than twice in the whole lab. That will make candidates think from real world angle. That is just an example, many such things come to mind. Impressive article John, you described ccie's day in real world very well. -Keyur Shah- CCIE# 4799 (Security; Routing and Switching) css1,scsa,scna,mct,mcse,cni,mcne Hello Computers Say Hello to Your Future! http://www.hellocomputers.com Toll-Free: 1.877.794.3556 Now offering CCIE Security Lab Workbook and remote bootcamp, http://www.hellocomputers.com/hellosuccess.html; -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Monday, February 04, 2002 10:25 AM To: [EMAIL PROTECTED] Subject: LongRE: CCIE starting pay [7:33899] After receiving an email from Joe, I would agree that he sounds like a very intelligent person with tremendous initiative. I'd like to differentiate between lab experience and OTJ experience. Learning to configure OSPF, EIGRP, and BGP at home is one thing. Going to a customer site who has 200 nodes, half of which were acquired from another company and are running OSPF while half are running EIGRP and all areas need to be able to communicate with each other and also have multiple redundant and area-diverse connections to different internet providers using BGP...that is experience. :-) Then, after a decision has been made to use a single IGP, make a choice between EIGRP and OSPF, or even IS-IS. Justify your reasoning and then determine a migration plan that minimizes customer downtime and guarantees that all areas have internet access at all times even if their local provider goes down. Help the customer to coordinate with ARIN and service providers to get the necessary address space and an assigned autonomous system number. When a given area has multiple connections to the same ISP, attempt to influence routing in the ISP so that it takes the closest entrance into your network for that user. Attempt to influence routing within each ISP so that you increase the chances that optimal routing will occur. Make certain that you only advertise the necessary prefixes while filtering all others. Configure routing within each area to take the closet exit possible, within reason. Provision and order the necessary circuits after getting quotes from several providers. Make a determination when and if point to point links could/should be used and where frame relay or ATM would be most suitable. Make sure that you have plenty of room for growth and enough bandwidth to support video conferencing over IP for certain sections of this network. Determine which type of traffic shaping, queueing, and/or rate limiting might be necessary and where it would be most useful. Upgrade routers and switches as necessary, making sure that you won't run into processor limitations during high traffic loads and you have enough WIC and NM slots available to support the connections you require. Make sure you select an IOS that supports those modules and software features you'll needwhile minimizing the number of bugs that might affect you. Determine a backup plan for each area and include ISDN backup links, making sure the backup links can pass both IP, IPX, and some DLSw+ but do not pass streaming video and other non-essential traffic. Create a network infrastructure disaster recovery plan for each
Re: Route-map question [7:34431]
Hunt, You are correct, there is nothing filtering the routes entering from Router B, without local preference set higher on 10.1.1.1 (Router A?) for the routes, nothing will prevent AS 202 from being used for other destinations as well. More confusing to me is the configuration. I read the question as if Router B should only be used for packets _originating_ from AS 202, which should use the T1 connection. In this case an outbound filter would be appropriate, along with a community tag of no-export. Even if this the reverse is true (which the configuration seems to indicate), the as-path access-list is only setting local preference for the AS 300 destination! It seems like the following access-list should have been used: ip as-path access-list 1 permit ^202$ Then again, perhaps I have just totally misunderstood the question. Either way, I hope that this helps. - Tom On Mon, 04 Feb 2002 23:43:41 -0500, Hunt Lee wrote: I have a Route-Map question that I'm very confused about: The scenario is from Caslow (p840), it is as follows: Company A has a full T3 connection to the Internet thru the ISP AAA-101.NET. Company B has a T1 connection to the Internet thru the ISP BBB-202.Net. Company A acquires Company B, but Company A wants to keep both Internet connections, with the exception of packets originating from the AS of BBB-202.Net (BBB-202.Net's AS is 202). All traffic originating from AS 202 will use the T1 Internet connection. Caslow states in order to do this, the following configs should be used on RouterB router bgp 1000 neighbor 10.1.1.1 remote-as 1000 neighbor 172.16.1.100 remote-as 202 neighbor 172.16.1.100 route-map AS-200-IN in no ip classless ip as-path access-list 1 permit _300$ route-map AS-200-IN permit 10 match as-path 1 set local-preference 200 route-map AS-200-IN permit 20 What I don't understand is: With the set local-preference 200 statement, it directs the traffic (routes coming from AS 202 / neighbor 172.16.1.100) to go out via Router B. However, what makes the router not passing any other routes (not from AS 200)? Wouldn't they still be able to go out thru Router B as well? In consideration that the local preference has not been changed on the router. Any help will be greatly appreciated. Best Regards, Hunt Lee System Engineer WebCentral misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34474t=34431 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Port spanning question [7:34469]
Is it possible to do port spanning on a router, or is this just a layer 2 option? Thanks Steven Kell Bates Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34469t=34469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF DR problem [7:34379]
Priscilla Oppenheimer wrote: Remember, I think from a design point of view. I say for some reason there's an Area 2 because I think it's a bad design not because I was surprised to see it there in the show output. ;-) Well that certainly makes sense. I thought you were surprised by the area because you were using a remote practice lab and weren't certain of the state of the entire network. Nevermind. But thanks for replying, because it made me question my expectations. Here's what part of the network design looks like: ---R2---Area-1-ISDNR8---Area-1-Ethernet | Area 0 | Ethernet | | ---R1---Area-1-Frame Relay---R9---Area-2-Ethernet There was some back and forth about whether or not the partitioned area 1 was a problem. I think Moy says it best (RFC 2178, pgs 33 34)... (to save myself some typing, the discussion is centered on areas as being different colors, all meeting up with the edge of the backbone) ...When the AS topology changes, one of the areas may become partitioned. The graph of the AS will then have multiple regions of the same color (area ID). The routing in the Autonomous System will continue to function as long as these regions of the same color are connected by the single backbone region. When I did a show ip route on R9 and R8 I thought I would see the Ethernet LAN in Area 0. That was not a logical expectation? I should just see a default route on ABRs? Unless configured as stub areas (which would preclude using them as transit areas), I would think you should see the topology of the backbone. Unfortunately, the RFC only addresses virtual links as a means to repair a partitioned backbone. It does not address providing bacbone connectivity to a non-backbone area. Nor does the RFC discuss demand circuits, which, of course, is a Cisco implementation. So there may very well be a gottcha in there that simply isn't addressed in the official OSPF documentation. I guess the answer will most likely be revealed when you revisit the remote lab and do some magic with debug and show. Regards, Scott Thanks. Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34475t=34379 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Interface errors [7:34461]
Kick yourself...now..Serial Interface Casey, Paul (6822) wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Make sure the dulplex is set correctly, full/half etc. -Original Message- From: Tom Martin [SMTP:[EMAIL PROTECTED]] Sent: 05 February 2002 15:58 To: Subject: Re: Interface errors [7:34461] Joaquim, I had a similar problem with CRC and Frame alignment errors that turned out to be a bad CSD/DSU. It looks like you might be experiencing this as well, especially given the number of interface resets. - Tom In article , Joaquim Lopes wrote: Hi, what could cause this errors? Serial0/0 is up, line protocol is up Hardware is DSCC4 Serial Internet address is 10.172.1.2/30 MTU 1500 bytes, BW 2048 Kbit, DLY 2 usec, reliability 255/255, txload 1/255, rxload 3/255 Encapsulation PPP, loopback not set Keepalive set (10 sec) LCP Open Listen: CDPCP Open: IPCP Last input 00:00:00, output 00:00:00, output hang never Last clearing of show interface counters 2w4d Input queue: 0/75/337 (size/max/drops); Total output drops: 21 Queueing strategy: weighted fair Output queue: 0/1000/64/21 (size/max total/threshold/drops) Conversations 0/60/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 29000 bits/sec, 8 packets/sec 5 minute output rate 12000 bits/sec, 9 packets/sec 13153011 packets input, 1756696209 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 4066 throttles 3230 input errors, 222 CRC, 3008 frame, 0 overrun, 0 ignored, 0 abort 12955327 packets output, 2923854785 bytes, 0 underruns 0 output errors, 0 collisions, 160 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up Thanks Joaquim Lopes misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34477t=34461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Doyle on Stub and Totally Stubby areas [7:34478]
Hi, group. Please clarify this description by Doyle regarding stub and totally stubby areas. As indicated on page 480... ABRs at the edge of a stub area will use Network Summary LSAs [i.e. Type 3?] to advertise a single default route (destination 0.0.0.0) into the area. Then on page 482... The ABR of a totally stubby area will block not only AS External LSAs but also all Summary LSAs - with the exception of a single type 3 LSA to advertise the default route [i.e. 0.0.0.0, right?] So now there doesn't seem to be much difference between the two based on this explanation. I always uderstood that the main difference was that Stub areas get a default route for areas external to their AS while Totally stubby areas get a default route for areas external to their own area. Please someone clarify me on this. Thanks. Elmer Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34478t=34478 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Port spanning question [7:34469]
Steven, STP is a layer 2 only function and in general it is configured only on switches. It can be configured on a router if the router is configured to act as a transparent bridge. More info can be found on Cisco's web site at: http://www.cisco.com/univercd/cc/td/doc/product/software/ssr83/rpc_r/53998.htm - Tom On Tue, 05 Feb 2002 11:38:32 -0500, Bates, Steven (SIGNAL) wrote: Is it possible to do port spanning on a router, or is this just a layer 2 option? Thanks Steven Kell Bates misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34479t=34469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Doyle on Stub and Totally Stubby areas [7:34478]
Yes that wording, when directly compared, is a little confusing. But you have the right understanding. Stub areas only summarize the AS external routes, leaving all of the IA routes in tact. Totally stubby areas get only one outside route - whether IA or AS external - 0.0.0.0. Put in different terms, I think you can say that stub areas replace type 5 LSAs with a default and totally stubby areas replace both type 5 and 3 LSAs with with a default. I'm not sure that 0.0.0.0 itself exactly fits any of the LSA classifications. Seems to be kind of a hybird type 3/5 LSA. Cebuano wrote: Hi, group. Please clarify this description by Doyle regarding stub and totally stubby areas. As indicated on page 480... ABRs at the edge of a stub area will use Network Summary LSAs [i.e. Type 3?] to advertise a single default route (destination 0.0.0.0) into the area. Then on page 482... The ABR of a totally stubby area will block not only AS External LSAs but also all Summary LSAs - with the exception of a single type 3 LSA to advertise the default route [i.e. 0.0.0.0, right?] So now there doesn't seem to be much difference between the two based on this explanation. I always uderstood that the main difference was that Stub areas get a default route for areas external to their AS while Totally stubby areas get a default route for areas external to their own area. Please someone clarify me on this. Thanks. Elmer Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34480t=34478 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLan accesability [7:34471]
If I'm reading your question correctly, the link between your router and switch would be a trunk line. You would have to set the 2610's eth0 up with subinterfaces to route your VLAN, this is assuming you don't have a VLAN routing capable device somewhere else in your network already. This will allow your two VLAN's to access the router. HTH, Don Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34482t=34471 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Doyle on Stub and Totally Stubby areas [7:34478]
Elmer, In short, a totally stubby area blocks all Type 3, 4 and 5 LSAs from entering the stub area. A stub area blocks all Type 4 and 5 LSAs from entering the stub area. Both inject an additional Type 3 into the stub for the default route. From the perspective of a stub router, you will see all OSPF networks in all areas, but you will not see any external routes. From the perspective of a router in a totally stubby area, you will see all OSPF networks in the stub area only, but will not see any OSPF networks outside of the stub area. Both will have a single default gateway to the nearest ABR. I hope this helps, - Tom On Tue, 05 Feb 2002 12:29:31 -0500, Cebuano wrote: Hi, group. Please clarify this description by Doyle regarding stub and totally stubby areas. As indicated on page 480... ABRs at the edge of a stub area will use Network Summary LSAs [i.e. Type 3?] to advertise a single default route (destination 0.0.0.0) into the area. Then on page 482... The ABR of a totally stubby area will block not only AS External LSAs but also all Summary LSAs - with the exception of a single type 3 LSA to advertise the default route [i.e. 0.0.0.0, right?] So now there doesn't seem to be much difference between the two based on this explanation. I always uderstood that the main difference was that Stub areas get a default route for areas external to their AS while Totally stubby areas get a default route for areas external to their own area. Please someone clarify me on this. Thanks. Elmer misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34483t=34478 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLan accesability [7:34471]
Steven, I am not 100% clear on the question that you have asked. To get two VLANs communicated to the 2610 router would require trunking both the port on the switch and the port on the router. Unfortunately the 261x routers do not support trunking. The 262x routers do (with the Plus feature set). If you are attempting to segment the traffic to the 2610 router (in one VLAN) from other traffic (in other VLANs), you would need an additional router to route between the VLANs configured on the switch. If this is the case, you might be able to put the 2610 router on the same VLAN as all of the other traffic, then filter who has access using an access list. - Tom On Tue, 05 Feb 2002 11:21:01 -0500, Nisus wrote: First of all thanks again to you who have been replying to my questions. You all rock !!! Ok if you have an uplink port from a 4000 series switch to a 2610 router going out to a T1 included in a VLan along with port 27 (used for example). Will ports not in this VLan be able to get out to the router? If not is there any way I can include this uplink port in 2 VLans and not give access to port 27? or ? Should I segment port 27 on its own with out the uplink port, and if so will port 27 still be able to get out to the router? Any one know? Thanks you guys (and ladies) are great, Steven M Aiello misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34484t=34471 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Port spanning question [7:34469]
I believe it's just switch function. If I'm wrong, someone will correct me, but I'm 99.9% sure. Bates, Steven (SIGNAL) wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Is it possible to do port spanning on a router, or is this just a layer 2 option? Thanks Steven Kell Bates Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34476t=34469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IPX Routing problem-Conclusion [7:34485]
Ah, to be a network engineer!!! The fun!!! So here it is, 28 hours later I have fallen across the solution to the problem I posted yesterday where people were not able to access an IPX server. Users were actually able to access it but for no more than a few minutes at a time. Had to add the following command to interface that houses the server: interface TokenRing1/2 mac-address 0200.1099.81ca ip address 172.25.71.200 255.255.255.0 ip directed-broadcast ipx encapsulation SNAP ipx network A040 ipx update interval rip 300 ipx update interval sap 300 ring-speed 16 IPX update intervals for rip and sap seem to have solved the problem. Thought you might want to know. Thanks for the help! Now lets just hope I keep my job! Just kidding, I can blame it on only being with the company a few months. I'm the new guy, I can make mistakes and not get in troubleI think that's how it works. James Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34485t=34485 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLan accesability [7:34471]
Doh, I assumed all of the 2600 series routers had ports capable of trunking, forgot you need ports capable of 100mb in order to trunk =P Don Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34486t=34471 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLan accesability [7:34471]
The 261x series routers do not support trunking. 262x routers with the Plus feature-set do, but that won't help much here. - Tom On Tue, 05 Feb 2002 12:51:18 -0500, Don Nguyen wrote: If I'm reading your question correctly, the link between your router and switch would be a trunk line. You would have to set the 2610's eth0 up with subinterfaces to route your VLAN, this is assuming you don't have a VLAN routing capable device somewhere else in your network already. This will allow your two VLAN's to access the router. HTH, Don misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34487t=34471 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Port spanning question [7:34469]
Inherent port-spanning, no. You can bridge the ports, but your port will be pruned after it (the router acting as a bridge) learns the connect Mac Addresses. -Original Message- From: Tom Martin [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 12:41 PM To: [EMAIL PROTECTED] Subject: Re: Port spanning question [7:34469] Steven, STP is a layer 2 only function and in general it is configured only on switches. It can be configured on a router if the router is configured to act as a transparent bridge. More info can be found on Cisco's web site at: http://www.cisco.com/univercd/cc/td/doc/product/software/ssr83/rpc_r/53998.h tm - Tom On Tue, 05 Feb 2002 11:38:32 -0500, Bates, Steven (SIGNAL) wrote: Is it possible to do port spanning on a router, or is this just a layer 2 option? Thanks Steven Kell Bates misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34489t=34469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Doyle on Stub and Totally Stubby areas [7:34478]
Exactly. And to add to the LSA-confusion, NSSA'a get a default Type 7 with the command nssa no-redistribution default-information-originate. But for purely academic reasons, I'd like to know what bit is set to inform the neighboring routers in the Totally stubby area that we are now operating in totally stubby mode. Because as we all know, with stub the E-bit is set to 1. Thanks for the replies. Elmer - Original Message - From: s vermill To: Sent: Tuesday, February 05, 2002 12:41 PM Subject: RE: Doyle on Stub and Totally Stubby areas [7:34478] Yes that wording, when directly compared, is a little confusing. But you have the right understanding. Stub areas only summarize the AS external routes, leaving all of the IA routes in tact. Totally stubby areas get only one outside route - whether IA or AS external - 0.0.0.0. Put in different terms, I think you can say that stub areas replace type 5 LSAs with a default and totally stubby areas replace both type 5 and 3 LSAs with with a default. I'm not sure that 0.0.0.0 itself exactly fits any of the LSA classifications. Seems to be kind of a hybird type 3/5 LSA. Cebuano wrote: Hi, group. Please clarify this description by Doyle regarding stub and totally stubby areas. As indicated on page 480... ABRs at the edge of a stub area will use Network Summary LSAs [i.e. Type 3?] to advertise a single default route (destination 0.0.0.0) into the area. Then on page 482... The ABR of a totally stubby area will block not only AS External LSAs but also all Summary LSAs - with the exception of a single type 3 LSA to advertise the default route [i.e. 0.0.0.0, right?] So now there doesn't seem to be much difference between the two based on this explanation. I always uderstood that the main difference was that Stub areas get a default route for areas external to their AS while Totally stubby areas get a default route for areas external to their own area. Please someone clarify me on this. Thanks. Elmer Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34490t=34478 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Routing Exam [7:34491]
Hi all, Just wondering if you can point me to the right direction? Soon I will be taking my firs CCNP Routing exam. I have been studing BSCN by Catherine Paquet. Are there any good exams out there to practice? Thanks, Mir Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34491t=34491 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Windows code in Cisco devices WAS: Re: PAT'S RULE!!! [7:34492]
I contacted the author of the column and he was kind enough to reply. He first saw it on a security consulting gig in which the client (a big one) had their phone system taken out by Nimda, then at a multi-national law firm, which had been hit hard by Code Red. He's contacting others consultants and vendors to find out what which are implementing this. It may pop up in a future column. Chuck Larrieu 02/04/2002 4:04:37 PM my quick read is the concern that Unity and Call Manager run on the Windows NT platform only. Whether those are stand alone servers or blades in various convergence boxes. so yes, there is reason to be concerned. Chuck Sean Knox wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... After reading the article, the author didn't give any evidence to support his claim that Cisco is using Microsoft code... If he's right, I am certainly interested to know what platforms are using MS code. - Sean -Original Message- From: Patricia Leeb-Hart [mailto:[EMAIL PROTECTED]] Sent: Monday, February 04, 2002 2:23 PM To: [EMAIL PROTECTED] Subject: Re: PAT'S RULE!!! -- actual Cisco stuff mentioned [7:34392] Not only am I from CA, I'm from Oakland. But I don't actually think the game was unfair; I just like griping . I root for any team whose town I live in (the Warriors excepted) Has anyone read the recent article in Network Computing mag on Windows technology in Cisco gear? (http://www.networkcomputing.com/1303/1303colshipley.html). My God, stupidity and cupidity will never cease. It certainly would make me want to re-think migrating my voice system to VoIP on any platform that does this. I've already fired off an e-mail to the author asking about which platforms other than Cisco are adopting this. Must research further... And just to keep this on-topic, I'm starting my CCNP in a couple of weeks... Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34492t=34492 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Routing Exam [7:34491]
You can follow my RouterChief link below to see what I did, and what I will recommend. Hth, Ole ~~~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ -Original Message- From: sohail mir [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 1:01 PM To: [EMAIL PROTECTED] Subject: Routing Exam [7:34491] Hi all, Just wondering if you can point me to the right direction? Soon I will be taking my firs CCNP Routing exam. I have been studing BSCN by Catherine Paquet. Are there any good exams out there to practice? Thanks, Mir Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34493t=34491 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Doyle on Stub and Totally Stubby areas [7:34478]
Elmer, There are no bits set, TSSAs are Cisco-proprietary. TSSAs are configured only on the ABRs. Non-ABRs in the stub area have no idea that they are in a TSSA. - Tom On Tue, 05 Feb 2002 13:59:56 -0500, Cebuano wrote: Exactly. And to add to the LSA-confusion, NSSA'a get a default Type 7 with the command nssa no-redistribution default-information-originate. But for purely academic reasons, I'd like to know what bit is set to inform the neighboring routers in the Totally stubby area that we are now operating in totally stubby mode. Because as we all know, with stub the E-bit is set to 1. Thanks for the replies. Elmer - Original Message - From: s vermill To: Sent: Tuesday, February 05, 2002 12:41 PM Subject: RE: Doyle on Stub and Totally Stubby areas [7:34478] Yes that wording, when directly compared, is a little confusing. But you have the right understanding. Stub areas only summarize the AS external routes, leaving all of the IA routes in tact. Totally stubby areas get only one outside route - whether IA or AS external - 0.0.0.0. Put in different terms, I think you can say that stub areas replace type 5 LSAs with a default and totally stubby areas replace both type 5 and 3 LSAs with with a default. I'm not sure that 0.0.0.0 itself exactly fits any of the LSA classifications. Seems to be kind of a hybird type 3/5 LSA. Cebuano wrote: Hi, group. Please clarify this description by Doyle regarding stub and totally stubby areas. As indicated on page 480... ABRs at the edge of a stub area will use Network Summary LSAs [i.e. Type 3?] to advertise a single default route (destination 0.0.0.0) into the area. Then on page 482... The ABR of a totally stubby area will block not only AS External LSAs but also all Summary LSAs - with the exception of a single type 3 LSA to advertise the default route [i.e. 0.0.0.0, right?] So now there doesn't seem to be much difference between the two based on this explanation. I always uderstood that the main difference was that Stub areas get a default route for areas external to their AS while Totally stubby areas get a default route for areas external to their own area. Please someone clarify me on this. Thanks. Elmer misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34494t=34478 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CSPFA [7:34496]
any CSPFAs here ? tips on the exam please ? This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Any unauthorised review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly prohibited and may be unlawful. Visit us at http://www.cognizant.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34496t=34496 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Question [7:34497]
Guys, What the hell is up with cheet-sheets.com? I placed an order and they don't seem to answer their phones or emails. Are they down or out of business? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34497t=34497 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Please confirm (conf#0003fb09d5cd5ec7d70a3c3820ceb098) [7:34498]
Guys, What the hell is up with cheet-sheets.com? I placed an order and they don't seem to answer their phones or emails. Are they down or out of business? Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 2:42 PM To: [EMAIL PROTECTED] Subject: Please confirm (conf#0003fb09d5cd5ec7d70a3c3820ceb098) Hi, You have tried to post to GroupStudy.com's Professional mailing list. Because the server does not recognize you as a confirmed poster, you will be required to authenticate that you are using a valid e-mail address and are not a spammer. By confirming this e-mail you certify that you are not sending Unsolicited Bulk Email (UBE). By confirming this e-mail you also certify the following: 1. The message does NOT break Cisco's Non-Disclosure requirements. 2. The message is NOT designed to advertise a commercial product. 3. You understand all postings become property of GroupStudy.com 4. You have searched the archives prior to posting. 5. The message is NOT inflammatory. 6. The message is NOT a test message. To confirm, simply reply to this message. No editing is necessary. Once confirmed, you will be able to post without additional confirmations. Welcome to GroupStudy.com! --ORIGINAL MESSAGE- From [EMAIL PROTECTED] Tue Feb 5 14:41:50 2002 Received: from mailmmk1.fmr.com (mailmmk1.fmr.com [192.223.178.243]) by groupstudy.com (8.9.3/8.9.3) with ESMTP id OAA15763 GroupStudy Mailer; Tue, 5 Feb 2002 14:41:50 -0500 Received: from virmmk110nts.fmr.com (virmmk110nts.fmr.com [172.25.107.117]) by mailmmk1.fmr.com (Switch-2.2.0/Switch-2.2.0) with SMTP id g15Jh2G22530 for ; Tue, 5 Feb 2002 14:43:02 -0500 (EST) Received: by msgmmk102nts.fmr.com with Internet Mail Service (5.5.2654.89) id ; Tue, 5 Feb 2002 14:43:01 -0500 Message-ID: From: Kazan, Naim To: [EMAIL PROTECTED] Subject: Question Date: Tue, 5 Feb 2002 14:42:56 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2654.89) Content-Type: text/plain; charset=iso-8859-1 Guys, What the hell is up with cheet-sheets.com? I placed an order and they don't seem to answer their phones or emails. Are they down or out of business? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34498t=34498 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PBX [7:34499]
How can I connect a router to a PBX to get it to talk. In specific I'm implementing VoIP and want to connect it to my PBX. Do you use a specific PRI, EM or what type card and cabling between the two. Thanks. Tom _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34499t=34499 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPX Routing problem-Conclusion [7:34485]
Does anyone have any idea why this worked??? Setting the RIP and SAP timers on a __LAN__ link should have had no positive effect. It seems like the only perceivable change would be the flapping of remote networks and servers -- assuming that the timers were not modified on the server also. Any thoughts??? - Tom On Tue, 05 Feb 2002 13:21:55 -0500, Fraasch James wrote: Ah, to be a network engineer!!! The fun!!! So here it is, 28 hours later I have fallen across the solution to the problem I posted yesterday where people were not able to access an IPX server. Users were actually able to access it but for no more than a few minutes at a time. Had to add the following command to interface that houses the server: interface TokenRing1/2 mac-address 0200.1099.81ca ip address 172.25.71.200 255.255.255.0 ip directed-broadcast ipx encapsulation SNAP ipx network A040 ipx update interval rip 300 ipx update interval sap 300 ring-speed 16 IPX update intervals for rip and sap seem to have solved the problem. Thought you might want to know. Thanks for the help! Now lets just hope I keep my job! Just kidding, I can blame it on only being with the company a few months. I'm the new guy, I can make mistakes and not get in troubleI think that's how it works. James misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34500t=34485 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PBX [7:34499]
It really depends on the PBX interfaces available and the type of service you are trying to offer to/from the VoIP side. You will probably want EM or FXO. - Tom On Tue, 05 Feb 2002 14:47:46 -0500, Tom Richs wrote: How can I connect a router to a PBX to get it to talk. In specific I'm implementing VoIP and want to connect it to my PBX. Do you use a specific PRI, EM or what type card and cabling between the two. Thanks. Tom _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34501t=34499 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PBX [7:34499]
then you need dial-peers once you get the signaling right. Tom Martin wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... It really depends on the PBX interfaces available and the type of service you are trying to offer to/from the VoIP side. You will probably want EM or FXO. - Tom On Tue, 05 Feb 2002 14:47:46 -0500, Tom Richs wrote: How can I connect a router to a PBX to get it to talk. In specific I'm implementing VoIP and want to connect it to my PBX. Do you use a specific PRI, EM or what type card and cabling between the two. Thanks. Tom _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34502t=34499 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Doyle on Stub and Totally Stubby areas [7:34478]
After reading the first email I to though I understood all of this. So myself and a coworker just got on a white board to draw everything out hint the 5th grade approach :) pictures are always good. But where I got a good definition of this is in Bruce Caslow's book on page 395 it once again cleared up everything for me. Take a look at that and maybe that will help you out. Tom Martin Subject: Re: Doyle on Stub and Totally Stubby areas [7:34478] Sent by: nobody 02/05/2002 02:24 PM Please respond to Tom Martin Elmer, There are no bits set, TSSAs are Cisco-proprietary. TSSAs are configured only on the ABRs. Non-ABRs in the stub area have no idea that they are in a TSSA. - Tom On Tue, 05 Feb 2002 13:59:56 -0500, Cebuano wrote: Exactly. And to add to the LSA-confusion, NSSA'a get a default Type 7 with the command nssa no-redistribution default-information-originate. But for purely academic reasons, I'd like to know what bit is set to inform the neighboring routers in the Totally stubby area that we are now operating in totally stubby mode. Because as we all know, with stub the E-bit is set to 1. Thanks for the replies. Elmer - Original Message - From: s vermill To: Sent: Tuesday, February 05, 2002 12:41 PM Subject: RE: Doyle on Stub and Totally Stubby areas [7:34478] Yes that wording, when directly compared, is a little confusing. But you have the right understanding. Stub areas only summarize the AS external routes, leaving all of the IA routes in tact. Totally stubby areas get only one outside route - whether IA or AS external - 0.0.0.0. Put in different terms, I think you can say that stub areas replace type 5 LSAs with a default and totally stubby areas replace both type 5 and 3 LSAs with with a default. I'm not sure that 0.0.0.0 itself exactly fits any of the LSA classifications. Seems to be kind of a hybird type 3/5 LSA. Cebuano wrote: Hi, group. Please clarify this description by Doyle regarding stub and totally stubby areas. As indicated on page 480... ABRs at the edge of a stub area will use Network Summary LSAs [i.e. Type 3?] to advertise a single default route (destination 0.0.0.0) into the area. Then on page 482... The ABR of a totally stubby area will block not only AS External LSAs but also all Summary LSAs - with the exception of a single type 3 LSA to advertise the default route [i.e. 0.0.0.0, right?] So now there doesn't seem to be much difference between the two based on this explanation. I always uderstood that the main difference was that Stub areas get a default route for areas external to their AS while Totally stubby areas get a default route for areas external to their own area. Please someone clarify me on this. Thanks. Elmer misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34503t=34478 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Spam from Eric Tanaka at MLCP? [7:34488]
I just received the following spam and was wondering if anyone else here received it. I'm basically trying to figure out how they got my email address and I'm wondering if they are gleaning them from this list. This sort of spam--the type pretending to be 'helpful'--*really* irritates me. We received something similar on the HP OpenView mailing list and that company really got nailed for it by the list subscribers. :-) I am sorry for the inconvenience, but our telco is having temporary problems with our toll-free 800 telephone number. In the interim, please use +1 310 320 1451. Thank you. - Eric A. Tanaka MLCP - Multi-Link Communications Products WAN/ LAN Equipment: ADC-Kentrox Adtran Ascend Bay Networks Carrier Access Corp. Cascade Cisco / StrataCom Larscom Micom Motorola N.E.T. Newbridge Nortel Networks Paradyne Racal 3Com / US Robotics Verilink others tel.800 TO MULTI (800 866 8584), ext. 114 (NOTE new extension) tel.+1 310 320 1451 fax.+1 310 320 1551 email.. mailto:[EMAIL PROTECTED] URL http://www.mlcp.com Remit/Ship..2420 West Carson Street #110, Torrance, CA 90501 - Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34488t=34488 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VIP2 microcode [7:34504]
I have a vip2 rsm combo and I am unable to see an atm module in the vip2. This happened after I upgraded the IOS to 21.1(10) on the rsm. I have been doing some research and I think it may have to do with a microcode that is invalid for the 12.1 software. If so then were can I get an upgraded microcode. If I am way off base does anyone else have any ideas. Joe Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34504t=34504 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Port spanning question [7:34469]
I think he was asking about the Switched Port Analyzer (SPAN) feature that allows one to connect a protocol analyzer or RMON probe or other device to one switch port and monitor other ports. This is a switch feature, not a router feature. Priscilla At 12:40 PM 2/5/02, Tom Martin wrote: Steven, STP is a layer 2 only function and in general it is configured only on switches. It can be configured on a router if the router is configured to act as a transparent bridge. More info can be found on Cisco's web site at: http://www.cisco.com/univercd/cc/td/doc/product/software/ssr83/rpc_r/53998.htm - Tom On Tue, 05 Feb 2002 11:38:32 -0500, Bates, Steven (SIGNAL) wrote: Is it possible to do port spanning on a router, or is this just a layer 2 option? Thanks Steven Kell Bates misconduct and Nondisclosure violations to [EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34505t=34469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPX Routing problem-Conclusion [7:34485]
The server must be set with the non-standard 300 second timer also? That would be my theory. Priscilla At 02:50 PM 2/5/02, Tom Martin wrote: Does anyone have any idea why this worked??? Setting the RIP and SAP timers on a __LAN__ link should have had no positive effect. It seems like the only perceivable change would be the flapping of remote networks and servers -- assuming that the timers were not modified on the server also. Any thoughts??? - Tom On Tue, 05 Feb 2002 13:21:55 -0500, Fraasch James wrote: Ah, to be a network engineer!!! The fun!!! So here it is, 28 hours later I have fallen across the solution to the problem I posted yesterday where people were not able to access an IPX server. Users were actually able to access it but for no more than a few minutes at a time. Had to add the following command to interface that houses the server: interface TokenRing1/2 mac-address 0200.1099.81ca ip address 172.25.71.200 255.255.255.0 ip directed-broadcast ipx encapsulation SNAP ipx network A040 ipx update interval rip 300 ipx update interval sap 300 ring-speed 16 IPX update intervals for rip and sap seem to have solved the problem. Thought you might want to know. Thanks for the help! Now lets just hope I keep my job! Just kidding, I can blame it on only being with the company a few months. I'm the new guy, I can make mistakes and not get in troubleI think that's how it works. James misconduct and Nondisclosure violations to [EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34506t=34485 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: wireless problem. [7:34110]
I am working with Dell TrueMobile AP1100s, Dell TrueMobile 4800s and Cisco AP350s right now. I have my access points configured with hard coded IP addresses. The wireless users have their NICs configured for addressing via DHCP. So they get DNS, WINS and the like via their DHCP request when they boot up. Are you getting a default gateway along with your IP address? Go to a DOS prompt and type: ipconfig /all or winipcfg The access point can be a DHCP server too. Is yours configured that way? HTH Darren At 02:45 PM 2/1/2002 -0500, george gittins wrote: I have a aironet 340 access point which can obtain an ip address from my dhcp. I installed the pcmcia lan wireless card on my laptop and i can surf the net find.However i cant ping anything neither can i acess my routers , .i cant even ping my ip addresss, is something that im missing here? x$:0`0:$xx$:0`0:$xx$:0`0:$xx$:0`0:$xx$: Lucent Technologies - Enhanced Servies Sales NetworkCare Professional Services http//www.lucent.com/netcare/ Darren S. Crawford - CCNP, CCDP Distinguished Member of the Consulting Staff Northwest Region - Sacramento Office Voicemail (916) 859-5200 x310 Pager (800) 467-1467 mailto:[EMAIL PROTECTED] x$:0`0:$xx$:0`0:$xx$:0`0:$xx$:0`0:$xx$: Every Job is a Self-Portrait of the person Who Did It Autograph Your Work With EXCELLENCE! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34508t=34110 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VIP2 microcode [7:34504]
12 code requires additional DRAM and Flash on the VIP2s. You might want to check what you have vs what is required. Show diag should tell you what you have. -Original Message- From: wu343 [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 2:15 PM To: [EMAIL PROTECTED] Subject: VIP2 microcode [7:34504] I have a vip2 rsm combo and I am unable to see an atm module in the vip2. This happened after I upgraded the IOS to 21.1(10) on the rsm. I have been doing some research and I think it may have to do with a microcode that is invalid for the 12.1 software. If so then were can I get an upgraded microcode. If I am way off base does anyone else have any ideas. Joe Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34509t=34504 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPX Routing problem-Conclusion [7:34485]
was it traversing two separate vendors by the time it hit the server? I know with 3com and cisco, the defaults for rip and sap updates are different. 3com defaults to update on change only...where cisco's defaults are timed. When you connect both vendors together, cisco will send updates but 3com won't listen...and since 3com doesn't send updates, cisco with time the values out and clear routes/saps... -Patrick Priscilla Oppenheimer 02/05/02 03:25PM The server must be set with the non-standard 300 second timer also? That would be my theory. Priscilla At 02:50 PM 2/5/02, Tom Martin wrote: Does anyone have any idea why this worked??? Setting the RIP and SAP timers on a __LAN__ link should have had no positive effect. It seems like the only perceivable change would be the flapping of remote networks and servers -- assuming that the timers were not modified on the server also. Any thoughts??? - Tom On Tue, 05 Feb 2002 13:21:55 -0500, Fraasch James wrote: Ah, to be a network engineer!!! The fun!!! So here it is, 28 hours later I have fallen across the solution to the problem I posted yesterday where people were not able to access an IPX server. Users were actually able to access it but for no more than a few minutes at a time. Had to add the following command to interface that houses the server: interface TokenRing1/2 mac-address 0200.1099.81ca ip address 172.25.71.200 255.255.255.0 ip directed-broadcast ipx encapsulation SNAP ipx network A040 ipx update interval rip 300 ipx update interval sap 300 ring-speed 16 IPX update intervals for rip and sap seem to have solved the problem. Thought you might want to know. Thanks for the help! Now lets just hope I keep my job! Just kidding, I can blame it on only being with the company a few months. I'm the new guy, I can make mistakes and not get in troubleI think that's how it works. James misconduct and Nondisclosure violations to [EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com Confidentiality Disclaimer This email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. (WellStar) and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34510t=34485 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VIP2 microcode [7:34511]
Daniel thanks daniel I will take a look at that latter, but what about the microcode? Does that have anything to do with it? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34511t=34511 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
access-list in pix 520 [7:34512]
access-list 1 deny ip 10.1.0.0 255.255.0.0 host X.X.X.X access-group 1 in interface inside once i apply it i lose outside connectivity I imagine that the same rules apply as routers a explicit deny at the end so i would have to place a allow ip any any at the end right? well what if im creating another access-list 2 for example too should i also have to place another allow statement? any particular links refering to this issue would be greatly apreaciated Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34512t=34512 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPX Routing problem-Conclusion [7:34485]
It is Cisco to Cisco. 7204 to 2600. 'By changing the update interval from 1 minute to 5 minutes you are preventing the route and server from flapping and thereby keeping your connection to the server up.' This is what the Cisco tech said- AFTER I had already put the command in. I am not sure why it worked either. I would have thought with 1 minute SAP and RIP advertisements it would be better than 5 save for the amount of traffic it produces. I understand 'flapping' in the cable modem sense of the word but I hadnt seen it happen in this environment. To me, the flapping means that the cable modem is connecting and disconnecting at random intervals, sometimes due to incorrect power configurations. But in this sense I am gathering that it means the route to the particular server flapped. If that is the case then it would explain why users could intermittently connect to the server. Then the question becomes, why did the flapping occur in the first place? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34513t=34485 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PBX [7:34499]
We are looking at doing the same. I was hoping to use the T1 Voice trunk module to connect to the PBX. Other than signalling (ESF/B8ZS) what kinds of technical specs do I need to know about the PBX to make this work? Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34514t=34499 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PBX [7:34499]
if wink-start signaling, then the type (delay, immediate, wink, etc) Michael Williams wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... We are looking at doing the same. I was hoping to use the T1 Voice trunk module to connect to the PBX. Other than signalling (ESF/B8ZS) what kinds of technical specs do I need to know about the PBX to make this work? Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34515t=34499 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Port spanning question [7:34469]
Here's an interesting twist to that question: If your switch/router is a 6500 running Native IOS, can you span ports that are configured as router interfaces as opposed to switchports? I'm using a 6509 with Native IOS, and I have a server connected to a port configured as a switchport. I was able to monitor that port on another port, also configured as a switchport. I wonder if it's possible to monitor an ethernet port that's being used as a routing interface (i.e. not a switchport). Time to try it out. too bad that 6509 is a production box =) Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34518t=34469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Interface errors [7:34461]
Steven A. Ridder wrote: Mt first guess is a timing issue with CO or dirty line. Agreed. I would have the telco test the line with that many errors. It is possible that it's a bad CSU/DSU or even a bad cable (RJ-48 to the CSU/DSU or V.35 from the CSU to the router), but you can replace those things and if you still get the errors, call the telco. Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34519t=34461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Undocumented iBGP Behavior (Confirmed by Cisco) [7:34521]
Folks, Just to let you know, I ran across what looked like a bug in Cisco's BGP code... Turns out, this is undocumented new behavior. We just deployed a pair of 3640s for one of our customers, for dual-router, dual-homed Internet connectivity. We are taking full tables from Genuity (AS 1), and Worldcom (AS 701). Each router was learning 104,000+ prefixes from each of the external peers, but the iBGP peering was acting really strange. One of the routers was learning the full table from the other, but the second router was only taking like 700 prefixes. When we cleared the internal peer (soft or hard), we could see the whole table being transferred... It would climb as though it were going to learn them all, and then as it approached 100,000 prefixes, it would rapidly drop back down to 700. I debugged the iBGP peer, and saw it issuing withdrawls for all of these routes. We opened a ticket with the TAC, and they initially believed it to be a bug as well. Upon further review, they came back and told us that this was the desired behavior in the newer code (We are running 12.0(20) on these boxes). In order to conserve memory, and processor, if an iBGP peer learns that another iBGP peer already has a better route to a specific prefix, it will issue a withdrawl to that peer for the prefix(es). I spent quite a while second guessing what seemed to be a very simple, straighforward configuration. I have done several near identical deployments in the past. I guess the moral is this: If you know your config is correct, and the router behavior is not what you expect, do not hesitate to call the TAC. I hope they are as helpful on Monday, when I call them from the CCIE Lab in RTP. ;) Regards... Alan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34521t=34521 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Port spanning question [7:34469]
how are you liking ios? seen any problems or performance issues? Michael Williams 02/05/02 04:36PM Here's an interesting twist to that question: If your switch/router is a 6500 running Native IOS, can you span ports that are configured as router interfaces as opposed to switchports? I'm using a 6509 with Native IOS, and I have a server connected to a port configured as a switchport. I was able to monitor that port on another port, also configured as a switchport. I wonder if it's possible to monitor an ethernet port that's being used as a routing interface (i.e. not a switchport). Time to try it out. too bad that 6509 is a production box =) Mike W. Confidentiality Disclaimer This email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. (WellStar) and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34522t=34469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPX Routing problem-Conclusion [7:34485]
Yup, I made the changes on the TokenRing interface itself, not the WAN interface. The original config I posted listed just one of the routers that was connected via a serial interface (all T1 lines). There are actually 7 serial connections to this and five token rings. Each interface is its own separate network. I think the problem is like this: The Cisco router is looking for RIP and SAP updates every one or three minutes by default. If your server is configured to send out RIP and SAP updates at any interval greater than what Cisco is looking for, then Cisco forgets the route to the server. By matching the Cisco RIP and SAP update interval to whatever is set on the server on the network, there should never be an interval greater than what is allowed to keep the route. As to whether or not this command should be placed on the WAN interfaces or the LAN interface, well, it was already set on all the WAN interfaces so it looks like it has to be set on each interface where a SNA server is located. The only interface that did not have the command was one that went to another network that was all NT, no IPX at all. James Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34523t=34485 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Undocumented iBGP Behavior (Confirmed by Cisco) [7:34521]
ha! Is that allowed? W. Alan Robertson 02/05/02 04:40PM Folks, Just to let you know, I ran across what looked like a bug in Cisco's BGP code... Turns out, this is undocumented new behavior. We just deployed a pair of 3640s for one of our customers, for dual-router, dual-homed Internet connectivity. We are taking full tables from Genuity (AS 1), and Worldcom (AS 701). Each router was learning 104,000+ prefixes from each of the external peers, but the iBGP peering was acting really strange. One of the routers was learning the full table from the other, but the second router was only taking like 700 prefixes. When we cleared the internal peer (soft or hard), we could see the whole table being transferred... It would climb as though it were going to learn them all, and then as it approached 100,000 prefixes, it would rapidly drop back down to 700. I debugged the iBGP peer, and saw it issuing withdrawls for all of these routes. We opened a ticket with the TAC, and they initially believed it to be a bug as well. Upon further review, they came back and told us that this was the desired behavior in the newer code (We are running 12.0(20) on these boxes). In order to conserve memory, and processor, if an iBGP peer learns that another iBGP peer already has a better route to a specific prefix, it will issue a withdrawl to that peer for the prefix(es). I spent quite a while second guessing what seemed to be a very simple, straighforward configuration. I have done several near identical deployments in the past. I guess the moral is this: If you know your config is correct, and the router behavior is not what you expect, do not hesitate to call the TAC. I hope they are as helpful on Monday, when I call them from the CCIE Lab in RTP. ;) Regards... Alan Confidentiality Disclaimer This email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. (WellStar) and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34524t=34521 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: access-list in pix 520 [7:34512]
George, On PIX you can have only one acl can be applied inbound on a given interface (same as router, except router will allow one in and one out rule per interface). There is implicit deny at the end of acl just like router IOS. And pix does not use wildcard, it uses regular mask in acl. -Keyur Shah- CCIE# 4799 (Security; Routing and Switching) css1,scsa,scna,mct,mcse,cni,mcne Hello Computers Say Hello to Your Future! http://www.hellocomputers.com Toll-Free: 1.877.794.3556 Now offering CCIE Security Lab Workbook and remote bootcamp, http://www.hellocomputers.com/hellosuccess.html; -Original Message- From: george gittins [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 12:57 PM To: [EMAIL PROTECTED] Subject: access-list in pix 520 [7:34512] access-list 1 deny ip 10.1.0.0 255.255.0.0 host X.X.X.X access-group 1 in interface inside once i apply it i lose outside connectivity I imagine that the same rules apply as routers a explicit deny at the end so i would have to place a allow ip any any at the end right? well what if im creating another access-list 2 for example too should i also have to place another allow statement? any particular links refering to this issue would be greatly apreaciated Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34520t=34512 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
A Review of Hello Computers workbook for CCIE secu [7:34507]
Hello Computers recently published their Lab Workbook for Cisco CCIE Security Lab Exam Preparation. Keyur Shah from Hello Computers, Inc. asked me for feedback on the workbook. I decided to share my feedback with Group Study. The workbook is a great learning tool and a lot cheaper than buying equipment yourself. The lab rental service seems well run with good customer service. The workbook is available from Hello Computers or from CertificationZone. I did not receive compensation for this review. I have done work for CertificationZone in the past, but they did not know about this review. The workbook consists of sixteen labs that cover all the topics in the CCIE security lab test. The workbook costs $645 and includes 24 hours of remote lab rack access. It's worth the money. The labs are well-written and easy to follow, but challenging. The rack implements a complex network of 10 routers connected via Frame Relay, ISDN, Ethernet, and ATM; a Catalyst 5500 switch; and various security devices, such as PIX boxes, two Sun workstations with Solaris 8, and some NT servers that handle TACACS, TFTP, syslog, and so on. Hello Computers has been in the IT training business since 1996. They seem to be a robust and innovative company. Because they have had a few years in this business, they have had a chance to implement some new training technologies, such as distance learning and virtual labs. (With a WebEx player, you can actually attend an audio class remotely and see the configurations input by the instructor.) One of the best features of their service is the Live Person chat that you can open with tech support while doing a lab. I managed to gum up the Terminal Server (due to my ignorance not any fault of theirs! ;-) I started the chat and was immediately connected to someone who helped me. The CCIE Security workbook consists of four full-scale 100-point labs and twelve labs of 50 points each. The 100-point labs have instructions on all topics, whereas the shorter labs concentrate on a subset of topics. Each lab is divided into 5 sections: 1. Routing with EIGRP, RIP, OSPF, and BGP; switching with VLANs; and PIX fundamentals 2. Tasks aligned with the Managing Cisco Network Security (MCNS) class, such as avoiding DOS attacks, etc. 3. Advanced PIX 4. VPNs and IPSec 5. Intrusion Detection System Every lab has tips (hints) at the end. The workbook also comes with a CD that has initial configs such as IP addresses and other basic configurations that you might not want to waste your time on. The CD also includes solutions for each lab. The solutions have some minor mistakes, but Hello Computers plans to publish updates on their Web site. The lab network diagrams are in color and are laminated. Since I used them a lot, I was grateful for their sturdiness. Also the lamination means that you can write note on the diagrams with a dry erase marker. The first step in every lab tells you to redraw the network diagram. This is good advice. The network design is quite complex and more convoluted than typical real-world networks. Group Study readers have heard about my concerns regarding the OSPF virtual link and discontiguous Area 1. ;-) But I guess those are things you need to know for CCIE. I was confused at first that all sites in the internetwork are connected to the same Catalyst switch. Obviously this wouldn't be the case in the real world and perhaps that should be pointed out to people new to CCIE labs. Also, perhaps the labs would be more real-world if they specified why the customer wants all these complex features enabled. But this sort of additional information wouldn't help one prepare for CCIE, so I don't consider the lack of it a major fault. It's just my design bias showing. In summary, this is a classy product and service. I recommend it. Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34507t=34507 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: access-list in pix 520 [7:34512]
Yes there is an implicit deny any any at the end. You can only apply one access-list per interface. If you attempt to place a second one, it will just replace the first on. ( At least with 5.2 and earlier code ) Best link I can give you is: http://www.cisco.com/warp/public/110/pix_command_ref.shtml -Original Message- From: george gittins [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 3:57 PM To: [EMAIL PROTECTED] Subject: access-list in pix 520 [7:34512] access-list 1 deny ip 10.1.0.0 255.255.0.0 host X.X.X.X access-group 1 in interface inside once i apply it i lose outside connectivity I imagine that the same rules apply as routers a explicit deny at the end so i would have to place a allow ip any any at the end right? well what if im creating another access-list 2 for example too should i also have to place another allow statement? any particular links refering to this issue would be greatly apreaciated Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34525t=34512 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP Confederations [7:34526]
More clarifications needed... 1. Can you have route reflectors within a confederation if the IBGP peers don't have a full mesh? 2. Can you sub-confedrate a confederation like you do VLSM for IP addressing? I'm just curios because ... 1. I haven't come across the answers on Halabi's Case Studies on CCO or the IOS12.0 configuration guide. 2. I don't have enough routers to test this out. Thanks. Elmer Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34526t=34526 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VIP2 microcode [7:34511]
Don't think so. Latest microcode should come with the updated IOS. I would hope that they wouldn't break it. Here's two sources of Undocumented commands. Not sure what the commands I included will show. Hope that your box isn't in production - just in case. http://www.i-n-t.de/ccie/ios_commands.html see show controller vip log show controller vip tech http://www.boerland.com/dotu/ show controller vip log show controller vip tech -Original Message- From: wu343 [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 2:54 PM To: [EMAIL PROTECTED] Subject: VIP2 microcode [7:34511] Daniel thanks daniel I will take a look at that latter, but what about the microcode? Does that have anything to do with it? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34527t=34511 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Undocumented iBGP Behavior (Confirmed by Cisco) [7:34521]
I'm having trouble seeing this as good behavior. How does the iBGP peer that withdrew all those routes know if the route on the other peer has changed, perhaps for the worse? Let me restate the issue to make sure I understand what you're saying. [AS1] [AS701] | | | | [R1]--iBGP[R2] R1 learns a prefix from AS1, R2 learns the same prefix from AS701. They in turn advertise those prefixes to each other. R2, realizing the it just received an update that had a better path, issues a withdraw message to R1 for that prefix. In this current state, R2 has two paths in its BGP table but R1 only has one. If the routing information for that prefix changes, what happens? Let's say that AS1 stops advertising it to R1. Does R1 send a withdraw to R2, causing R2 to send an update at that point? Hmm...interesting. This makes sense. If the routing information changes for the worse on R1, it will send an update to R2. I'm assuming that R2 will then do another check against the information in the BGP table to determine if it should send a subsequent update back to R1. The more I think it through, the more sense it's starting to make. :-) Thanks for the info! I will file this into the category of things that are Good To Know (tm). John W. Alan Robertson 2/5/02 2:40:30 PM Folks, Just to let you know, I ran across what looked like a bug in Cisco's BGP code... Turns out, this is undocumented new behavior. We just deployed a pair of 3640s for one of our customers, for dual-router, dual-homed Internet connectivity. We are taking full tables from Genuity (AS 1), and Worldcom (AS 701). Each router was learning 104,000+ prefixes from each of the external peers, but the iBGP peering was acting really strange. One of the routers was learning the full table from the other, but the second router was only taking like 700 prefixes. When we cleared the internal peer (soft or hard), we could see the whole table being transferred... It would climb as though it were going to learn them all, and then as it approached 100,000 prefixes, it would rapidly drop back down to 700. I debugged the iBGP peer, and saw it issuing withdrawls for all of these routes. We opened a ticket with the TAC, and they initially believed it to be a bug as well. Upon further review, they came back and told us that this was the desired behavior in the newer code (We are running 12.0(20) on these boxes). In order to conserve memory, and processor, if an iBGP peer learns that another iBGP peer already has a better route to a specific prefix, it will issue a withdrawl to that peer for the prefix(es). I spent quite a while second guessing what seemed to be a very simple, straighforward configuration. I have done several near identical deployments in the past. I guess the moral is this: If you know your config is correct, and the router behavior is not what you expect, do not hesitate to call the TAC. I hope they are as helpful on Monday, when I call them from the CCIE Lab in RTP. ;) Regards... Alan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34528t=34521 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
kazaa / morpheus blocking / rate-limiting [7:34529]
Hi, Wondering if anyone has been using ACLs to block or rate-limit Kazaa/Morpheus traffic. I'd be interested in how well this worked. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34529t=34529 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPX Routing problem-Conclusion [7:34485]
Very interesting. I wonder why someone would tweak those values on the server in the first place. Unless all the devices on a LAN segment are using the same values, problems are going to arise. From the sounds of it, someone changed the server settings and didn't bother to let everyone else know! John Fraasch James 2/5/02 2:49:28 PM Yup, I made the changes on the TokenRing interface itself, not the WAN interface. The original config I posted listed just one of the routers that was connected via a serial interface (all T1 lines). There are actually 7 serial connections to this and five token rings. Each interface is its own separate network. I think the problem is like this: The Cisco router is looking for RIP and SAP updates every one or three minutes by default. If your server is configured to send out RIP and SAP updates at any interval greater than what Cisco is looking for, then Cisco forgets the route to the server. By matching the Cisco RIP and SAP update interval to whatever is set on the server on the network, there should never be an interval greater than what is allowed to keep the route. As to whether or not this command should be placed on the WAN interfaces or the LAN interface, well, it was already set on all the WAN interfaces so it looks like it has to be set on each interface where a SNA server is located. The only interface that did not have the command was one that went to another network that was all NT, no IPX at all. James Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34530t=34485 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Renting Cisco Equipment [7:34531]
Greetings, Does anybody on the list know of any companies that will rent or short-term lease Cisco equipment? I need an AS5400 temporarily to minimize the downtime of an ISP migration, and am having trouble finding companies that handle this type of thing. Thanks, Greg Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34531t=34531 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Your Password at GroupStudy! [7:34303]
I suggest the SECURITY Certification. :) http://www.cisco.com/warp/public/10/wwtraining/certprog/c_and_s/ccip/ http://www.cisco.com/warp/public/10/wwtraining/certprog/c_and_s/ccip/pop_sec urity_training.html watch word wrap Indra Moodley wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Any info on the CCIP Cetification Regards, Indra Moodley DNS Administrator Satellite Data Networks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, February 04, 2002 10:59 AM To: [EMAIL PROTECTED] Subject: Your Password at GroupStudy! Welcome to GroupStudy.com. Your username and password are as follows: Your Username: Lamagra Your Password: rkwfcnezvp You may login and change your password as desired. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34532t=34303 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPX Routing problem-Conclusion [7:34485]
Well, I wish it was as easy as saying someone tweaked with the timers on the server but for some reason all our servers are set the same way and so all of our routers have to be set the same way as well. Not only that, but if you look at that TokenRing interface, we are using administrative mac-addresses as well, that is, it is not the actual NIC address, it is something else entirely. And we have one OSPF area for over 100 routers that have to keep track of both IP and IPX routes. But hey, that is why I am here, to help clean up 20 years of bad network planning. Thanks again for everyone's help. I learned a ton! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34533t=34485 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Undocumented iBGP Behavior (Confirmed by Cisco) [7:34535]
Is there a STOP command? Something to let us turn that behaviour off? The way I see it is, if the router with the 104000+ routes suddenly dies, the other router (the one with 700 routes) has to then get all these routes from it's remote-as peer and that could take a while (if never, or until refreshed) Unless I missed something in your email, this is not what would like my routers to behave like... :-)) W. Alan Robertson wrote: Folks, Just to let you know, I ran across what looked like a bug in Cisco's BGP code... Turns out, this is undocumented new behavior. We just deployed a pair of 3640s for one of our customers, for dual-router, dual-homed Internet connectivity. We are taking full tables from Genuity (AS 1), and Worldcom (AS 701). Each router was learning 104,000+ prefixes from each of the external peers, but the iBGP peering was acting really strange. One of the routers was learning the full table from the other, but the second router was only taking like 700 prefixes. When we cleared the internal peer (soft or hard), we could see the whole table being transferred... It would climb as though it were going to learn them all, and then as it approached 100,000 prefixes, it would rapidly drop back down to 700. I debugged the iBGP peer, and saw it issuing withdrawls for all of these routes. We opened a ticket with the TAC, and they initially believed it to be a bug as well. Upon further review, they came back and told us that this was the desired behavior in the newer code (We are running 12.0(20) on these boxes). In order to conserve memory, and processor, if an iBGP peer learns that another iBGP peer already has a better route to a specific prefix, it will issue a withdrawl to that peer for the prefix(es). I spent quite a while second guessing what seemed to be a very simple, straighforward configuration. I have done several near identical deployments in the past. I guess the moral is this: If you know your config is correct, and the router behavior is not what you expect, do not hesitate to call the TAC. I hope they are as helpful on Monday, when I call them from the CCIE Lab in RTP. ;) Regards... Alan _ CCIE Security list: http://www.groupstudy.com/list/security.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34535t=34535 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Undocumented iBGP Behavior (Confirmed by Cisco) [7:34536]
Correct me if I am wrong but this: if an iBGP peer learns that another iBGP peer already has a better route to a specific prefix, it will issue a withdrawl to that peer for the prefix(es). is perfectly normal, standart behaviour. If your Genuity route is better, you will select this route in your routing table, and if by any chance before you had there UUNET route which you have advertised, you need to send update with new, better, selected route. BGP will never advertise both routes. This is distant vector after all. So if during convergence phase your route selection is shuffling your routes in your Loc-RIB, you should to expect series of updates to follow up. Przemek On Tue, 2002-02-05 at 16:45, W. Alan Robertson wrote: Folks, Just to let you know, I ran across what looked like a bug in Cisco's BGP code... Turns out, this is undocumented new behavior. We just deployed a pair of 3640s for one of our customers, for dual-router, dual-homed Internet connectivity. We are taking full tables from Genuity (AS 1), and Worldcom (AS 701). Each router was learning 104,000+ prefixes from each of the external peers, but the iBGP peering was acting really strange. One of the routers was learning the full table from the other, but the second router was only taking like 700 prefixes. When we cleared the internal peer (soft or hard), we could see the whole table being transferred... It would climb as though it were going to learn them all, and then as it approached 100,000 prefixes, it would rapidly drop back down to 700. I debugged the iBGP peer, and saw it issuing withdrawls for all of these routes. We opened a ticket with the TAC, and they initially believed it to be a bug as well. Upon further review, they came back and told us that this was the desired behavior in the newer code (We are running 12.0(20) on these boxes). In order to conserve memory, and processor, if an iBGP peer learns that another iBGP peer already has a better route to a specific prefix, it will issue a withdrawl to that peer for the prefix(es). I spent quite a while second guessing what seemed to be a very simple, straighforward configuration. I have done several near identical deployments in the past. I guess the moral is this: If you know your config is correct, and the router behavior is not what you expect, do not hesitate to call the TAC. I hope they are as helpful on Monday, when I call them from the CCIE Lab in RTP. ;) Regards... Alan _ CCIE Security list: http://www.groupstudy.com/list/security.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34536t=34536 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Concentrator 3030 RADIUS authentication [7:34537]
Hello, I'm trying to set up authenticating groups externally through RADIUS. I created a group and changed the type to External. On my RADIUS server (Safeword 5.1), I created a group with the same name on 3030. Users couldn't get authenticated. On 3030 log, it said user unspecific. Any thoughts? Thanks. Jim __ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34537t=34537 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Undocumented iBGP Behavior (Confirmed by Cisco) [7:34538]
Alan, This router with 700 routes via iBGP does have remaining 103300 routes, but from eBGP, right? Przemek On Tue, 2002-02-05 at 17:33, Manny Gonzalez wrote: Is there a STOP command? Something to let us turn that behaviour off? The way I see it is, if the router with the 104000+ routes suddenly dies, the other router (the one with 700 routes) has to then get all these routes from it's remote-as peer and that could take a while (if never, or until refreshed) Unless I missed something in your email, this is not what would like my routers to behave like... :-)) W. Alan Robertson wrote: Folks, Just to let you know, I ran across what looked like a bug in Cisco's BGP code... Turns out, this is undocumented new behavior. We just deployed a pair of 3640s for one of our customers, for dual-router, dual-homed Internet connectivity. We are taking full tables from Genuity (AS 1), and Worldcom (AS 701). Each router was learning 104,000+ prefixes from each of the external peers, but the iBGP peering was acting really strange. One of the routers was learning the full table from the other, but the second router was only taking like 700 prefixes. When we cleared the internal peer (soft or hard), we could see the whole table being transferred... It would climb as though it were going to learn them all, and then as it approached 100,000 prefixes, it would rapidly drop back down to 700. I debugged the iBGP peer, and saw it issuing withdrawls for all of these routes. We opened a ticket with the TAC, and they initially believed it to be a bug as well. Upon further review, they came back and told us that this was the desired behavior in the newer code (We are running 12.0(20) on these boxes). In order to conserve memory, and processor, if an iBGP peer learns that another iBGP peer already has a better route to a specific prefix, it will issue a withdrawl to that peer for the prefix(es). I spent quite a while second guessing what seemed to be a very simple, straighforward configuration. I have done several near identical deployments in the past. I guess the moral is this: If you know your config is correct, and the router behavior is not what you expect, do not hesitate to call the TAC. I hope they are as helpful on Monday, when I call them from the CCIE Lab in RTP. ;) Regards... Alan _ CCIE Security list: http://www.groupstudy.com/list/security.html _ CCIE Security list: http://www.groupstudy.com/list/security.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34538t=34538 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VIP2 microcode [7:34511]
Adding to my previous post. The slot number of the vip card should be included in the command after the word vip. -Original Message- From: Daniel Cotts [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 4:10 PM To: [EMAIL PROTECTED] Subject: RE: VIP2 microcode [7:34511] Don't think so. Latest microcode should come with the updated IOS. I would hope that they wouldn't break it. Here's two sources of Undocumented commands. Not sure what the commands I included will show. Hope that your box isn't in production - just in case. http://www.i-n-t.de/ccie/ios_commands.html see show controller vip log show controller vip tech http://www.boerland.com/dotu/ show controller vip log show controller vip tech -Original Message- From: wu343 [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 2:54 PM To: [EMAIL PROTECTED] Subject: VIP2 microcode [7:34511] Daniel thanks daniel I will take a look at that latter, but what about the microcode? Does that have anything to do with it? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34539t=34511 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Port spanning question [7:34469]
Actually what is going on is we are trying to get the port span feature going on a 6509 with native ios. As soon as I turn on the monitor session destination, the device that is plugged into the port can no longer ping, etc. If this is an IDS that is monitoring an egress pipe, how will it do session resets when appropriate? Steven Kell Bates Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34534t=34469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
700 in area! Re: IPX Routing problem-Conclusion [7:34485]
I saw the 100 routers in an area and had to share this! I had an instructor a couple of years ago that worked for IBM-Europe. He said they tried to keep European areas for countries. 1 Country = 1 Area. This all came up when another student asked, what is a good measure for the number of routers in an area. He responded with the above explanation and then said, but if you run into an East Germany and a West Germany that decide to become an Unified Germany, you could end up with 800, like we did. That is bad! just sharing! Fraasch James wrote: Well, I wish it was as easy as saying someone tweaked with the timers on the server but for some reason all our servers are set the same way and so all of our routers have to be set the same way as well. Not only that, but if you look at that TokenRing interface, we are using administrative mac-addresses as well, that is, it is not the actual NIC address, it is something else entirely. And we have one OSPF area for over 100 routers that have to keep track of both IP and IPX routes. But hey, that is why I am here, to help clean up 20 years of bad network planning. Thanks again for everyone's help. I learned a ton! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34540t=34485 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Undocumented iBGP Behavior (Confirmed by Cisco) [7:34541]
Yes, it does... So, if the Router with 104k routes from iBGP, and eBGP, loses one from his eBGP neighbor, he will issue a withdrawl to the iBGP peer. The iBGP peer will turn around an announce that it has a route to that prefix... I understand why this sounds, on the surface, like a terrible thing. In practice, however, it works very well, and makes a lot of sense. I didn't open the case directly (my co-worker did while I was staring at telnet sessions, and cursing under my breath), and I didn't get a chance to ask if this behavior could be disabled. The case is still open, and I'll find out tomorrow. If there's no switch to turn it off, I'll certainly ask for it to be added. Alan - Original Message - From: Przemyslaw Karwasiecki To: Manny Gonzalez Cc: W. Alan Robertson ; Groupstudy - CCIELAB ; Groupstudy - Cisco Certification Sent: Tuesday, February 05, 2002 5:50 PM Subject: Re: Undocumented iBGP Behavior (Confirmed by Cisco) Alan, This router with 700 routes via iBGP does have remaining 103300 routes, but from eBGP, right? Przemek On Tue, 2002-02-05 at 17:33, Manny Gonzalez wrote: Is there a STOP command? Something to let us turn that behaviour off? The way I see it is, if the router with the 104000+ routes suddenly dies, the other router (the one with 700 routes) has to then get all these routes from it's remote-as peer and that could take a while (if never, or until refreshed) Unless I missed something in your email, this is not what would like my routers to behave like... :-)) W. Alan Robertson wrote: Folks, Just to let you know, I ran across what looked like a bug in Cisco's BGP code... Turns out, this is undocumented new behavior. We just deployed a pair of 3640s for one of our customers, for dual-router, dual-homed Internet connectivity. We are taking full tables from Genuity (AS 1), and Worldcom (AS 701). Each router was learning 104,000+ prefixes from each of the external peers, but the iBGP peering was acting really strange. One of the routers was learning the full table from the other, but the second router was only taking like 700 prefixes. When we cleared the internal peer (soft or hard), we could see the whole table being transferred... It would climb as though it were going to learn them all, and then as it approached 100,000 prefixes, it would rapidly drop back down to 700. I debugged the iBGP peer, and saw it issuing withdrawls for all of these routes. We opened a ticket with the TAC, and they initially believed it to be a bug as well. Upon further review, they came back and told us that this was the desired behavior in the newer code (We are running 12.0(20) on these boxes). In order to conserve memory, and processor, if an iBGP peer learns that another iBGP peer already has a better route to a specific prefix, it will issue a withdrawl to that peer for the prefix(es). I spent quite a while second guessing what seemed to be a very simple, straighforward configuration. I have done several near identical deployments in the past. I guess the moral is this: If you know your config is correct, and the router behavior is not what you expect, do not hesitate to call the TAC. I hope they are as helpful on Monday, when I call them from the CCIE Lab in RTP. ;) Regards... Alan _ CCIE Security list: http://www.groupstudy.com/list/security.html _ CCIE Security list: http://www.groupstudy.com/list/security.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34541t=34541 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Renting Cisco Equipment [7:34531]
Call your local Cisco rep and explain your situation. I know here in the DC region, we have had to rob the Reston, VA lab many many times. Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Greg Harper Sent: Tuesday, February 05, 2002 5:17 PM To: [EMAIL PROTECTED] Subject: Renting Cisco Equipment [7:34531] Greetings, Does anybody on the list know of any companies that will rent or short-term lease Cisco equipment? I need an AS5400 temporarily to minimize the downtime of an ISP migration, and am having trouble finding companies that handle this type of thing. Thanks, Greg _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34542t=34531 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Undocumented iBGP Behavior (Confirmed by Cisco) [7:34543]
The 2nd router that only has 700 routes in it's routing table that it learned from it's IBGP still has the other 103k routes in it's adj-rib-in from it's ebgp peer right, they are just sitting dormant? So if the other router somehow lost it's ebgp peer, it'll send withdraws to the ibgp peer and the other guy will take over with 104k routes correct? Could you define what you meant buy if an iBGP peer learns that another iBGP peer already has a better route to a specific prefix, it will issue a withdrawl to that peer for the prefix(es). If both of those routers are receiving full routes, and without any other configuration, how would the routes learned from one provider be any better than the other? Thanks and great post! Tim -Original Message- From: W. Alan Robertson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 7:02 PM To: Przemyslaw Karwasiecki Cc: Groupstudy - CCIELAB; Groupstudy - Cisco Certification Subject: Re: Undocumented iBGP Behavior (Confirmed by Cisco) Yes, it does... So, if the Router with 104k routes from iBGP, and eBGP, loses one from his eBGP neighbor, he will issue a withdrawl to the iBGP peer. The iBGP peer will turn around an announce that it has a route to that prefix... I understand why this sounds, on the surface, like a terrible thing. In practice, however, it works very well, and makes a lot of sense. I didn't open the case directly (my co-worker did while I was staring at telnet sessions, and cursing under my breath), and I didn't get a chance to ask if this behavior could be disabled. The case is still open, and I'll find out tomorrow. If there's no switch to turn it off, I'll certainly ask for it to be added. Alan - Original Message - From: Przemyslaw Karwasiecki To: Manny Gonzalez Cc: W. Alan Robertson ; Groupstudy - CCIELAB ; Groupstudy - Cisco Certification Sent: Tuesday, February 05, 2002 5:50 PM Subject: Re: Undocumented iBGP Behavior (Confirmed by Cisco) Alan, This router with 700 routes via iBGP does have remaining 103300 routes, but from eBGP, right? Przemek On Tue, 2002-02-05 at 17:33, Manny Gonzalez wrote: Is there a STOP command? Something to let us turn that behaviour off? The way I see it is, if the router with the 104000+ routes suddenly dies, the other router (the one with 700 routes) has to then get all these routes from it's remote-as peer and that could take a while (if never, or until refreshed) Unless I missed something in your email, this is not what would like my routers to behave like... :-)) W. Alan Robertson wrote: Folks, Just to let you know, I ran across what looked like a bug in Cisco's BGP code... Turns out, this is undocumented new behavior. We just deployed a pair of 3640s for one of our customers, for dual-router, dual-homed Internet connectivity. We are taking full tables from Genuity (AS 1), and Worldcom (AS 701). Each router was learning 104,000+ prefixes from each of the external peers, but the iBGP peering was acting really strange. One of the routers was learning the full table from the other, but the second router was only taking like 700 prefixes. When we cleared the internal peer (soft or hard), we could see the whole table being transferred... It would climb as though it were going to learn them all, and then as it approached 100,000 prefixes, it would rapidly drop back down to 700. I debugged the iBGP peer, and saw it issuing withdrawls for all of these routes. We opened a ticket with the TAC, and they initially believed it to be a bug as well. Upon further review, they came back and told us that this was the desired behavior in the newer code (We are running 12.0(20) on these boxes). In order to conserve memory, and processor, if an iBGP peer learns that another iBGP peer already has a better route to a specific prefix, it will issue a withdrawl to that peer for the prefix(es). I spent quite a while second guessing what seemed to be a very simple, straighforward configuration. I have done several near identical deployments in the past. I guess the moral is this: If you know your config is correct, and the router behavior is not what you expect, do not hesitate to call the TAC. I hope they are as helpful on Monday, when I call them from the CCIE Lab in RTP. ;) Regards... Alan _ CCIE Security list: http://www.groupstudy.com/list/security.html _ CCIE Security list: http://www.groupstudy.com/list/security.html _ CCIE Security list: http://www.groupstudy.com/list/security.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34543t=34543 -- FAQ, list
Re: Undocumented iBGP Behavior (Confirmed by Cisco) [7:34544]
cisco by default prefers ebgp over ibgp. it should not, by default, enjoy the ibgp routes learned from the peer over the ebgp learned routes. At 05:37 PM 2/5/2002 -0500, Przemyslaw Karwasiecki wrote: Correct me if I am wrong but this: if an iBGP peer learns that another iBGP peer already has a better route to a specific prefix, it will issue a withdrawl to that peer for the prefix(es). is perfectly normal, standart behaviour. If your Genuity route is better, you will select this route in your routing table, and if by any chance before you had there UUNET route which you have advertised, you need to send update with new, better, selected route. BGP will never advertise both routes. This is distant vector after all. So if during convergence phase your route selection is shuffling your routes in your Loc-RIB, you should to expect series of updates to follow up. Przemek On Tue, 2002-02-05 at 16:45, W. Alan Robertson wrote: Folks, Just to let you know, I ran across what looked like a bug in Cisco's BGP code... Turns out, this is undocumented new behavior. We just deployed a pair of 3640s for one of our customers, for dual-router, dual-homed Internet connectivity. We are taking full tables from Genuity (AS 1), and Worldcom (AS 701). Each router was learning 104,000+ prefixes from each of the external peers, but the iBGP peering was acting really strange. One of the routers was learning the full table from the other, but the second router was only taking like 700 prefixes. When we cleared the internal peer (soft or hard), we could see the whole table being transferred... It would climb as though it were going to learn them all, and then as it approached 100,000 prefixes, it would rapidly drop back down to 700. I debugged the iBGP peer, and saw it issuing withdrawls for all of these routes. We opened a ticket with the TAC, and they initially believed it to be a bug as well. Upon further review, they came back and told us that this was the desired behavior in the newer code (We are running 12.0(20) on these boxes). In order to conserve memory, and processor, if an iBGP peer learns that another iBGP peer already has a better route to a specific prefix, it will issue a withdrawl to that peer for the prefix(es). I spent quite a while second guessing what seemed to be a very simple, straighforward configuration. I have done several near identical deployments in the past. I guess the moral is this: If you know your config is correct, and the router behavior is not what you expect, do not hesitate to call the TAC. I hope they are as helpful on Monday, when I call them from the CCIE Lab in RTP. ;) Regards... Alan _ CCIE Security list: http://www.groupstudy.com/list/security.html _ CCIE Security list: http://www.groupstudy.com/list/security.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34544t=34544 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question [7:34497]
I guess you are behind the news. I thin Cisco have pulled them to Court to answer some questions, that was few months ago. However, I have not heard anything about the final outcome of the case. Regards. Oletu - Original Message - From: Kazan, Naim To: Sent: Tuesday, February 05, 2002 11:43 AM Subject: Question [7:34497] Guys, What the hell is up with cheet-sheets.com? I placed an order and they don't seem to answer their phones or emails. Are they down or out of business? Thanks _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34545t=34497 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Undocumented iBGP Behavior (Confirmed by Cisco) [7:34546]
I mis-spoke... Naturally, only one of the routes will make it into the actual routing table (unless there are two equal cost paths, and you have enabled 'maximum-paths 2' or better). I should have said that these routes were not in the Loc-RIB table... A 'show ip bgp' revealed a single entry for each prefix, where there ought to have been two (one learned via the eBGP peer, and a second learned via the iBGP peer). Under normal circumstances, the eBGP learned prefix would be flagged with the '', indicating that it was the perferred route, and installed in the actual routing table. - Original Message - From: Przemyslaw Karwasiecki To: W. Alan Robertson Cc: Groupstudy - CCIELAB ; Groupstudy - Cisco Certification Sent: Tuesday, February 05, 2002 5:37 PM Subject: Re: Undocumented iBGP Behavior (Confirmed by Cisco) Correct me if I am wrong but this: if an iBGP peer learns that another iBGP peer already has a better route to a specific prefix, it will issue a withdrawl to that peer for the prefix(es). is perfectly normal, standart behaviour. If your Genuity route is better, you will select this route in your routing table, and if by any chance before you had there UUNET route which you have advertised, you need to send update with new, better, selected route. BGP will never advertise both routes. This is distant vector after all. So if during convergence phase your route selection is shuffling your routes in your Loc-RIB, you should to expect series of updates to follow up. Przemek On Tue, 2002-02-05 at 16:45, W. Alan Robertson wrote: Folks, Just to let you know, I ran across what looked like a bug in Cisco's BGP code... Turns out, this is undocumented new behavior. We just deployed a pair of 3640s for one of our customers, for dual-router, dual-homed Internet connectivity. We are taking full tables from Genuity (AS 1), and Worldcom (AS 701). Each router was learning 104,000+ prefixes from each of the external peers, but the iBGP peering was acting really strange. One of the routers was learning the full table from the other, but the second router was only taking like 700 prefixes. When we cleared the internal peer (soft or hard), we could see the whole table being transferred... It would climb as though it were going to learn them all, and then as it approached 100,000 prefixes, it would rapidly drop back down to 700. I debugged the iBGP peer, and saw it issuing withdrawls for all of these routes. We opened a ticket with the TAC, and they initially believed it to be a bug as well. Upon further review, they came back and told us that this was the desired behavior in the newer code (We are running 12.0(20) on these boxes). In order to conserve memory, and processor, if an iBGP peer learns that another iBGP peer already has a better route to a specific prefix, it will issue a withdrawl to that peer for the prefix(es). I spent quite a while second guessing what seemed to be a very simple, straighforward configuration. I have done several near identical deployments in the past. I guess the moral is this: If you know your config is correct, and the router behavior is not what you expect, do not hesitate to call the TAC. I hope they are as helpful on Monday, when I call them from the CCIE Lab in RTP. ;) Regards... Alan _ CCIE Security list: http://www.groupstudy.com/list/security.html _ CCIE Security list: http://www.groupstudy.com/list/security.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34546t=34546 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]