Re: ISDN problems... [7:34324]

[Patrick Donlon]

Stuart

180 seconds is normal, it depends if you have a minimum call charge from
your telco. To see what causing the interface to dial use the debug dialer
command:
debug dialer [events | packets] - Displays DDR debugging information about
the packets received on a dialer interface.
Some more info' here
http://www.cisco.com/warp/customer/793/access_dial/ddr_9347.html

Regards

Pat




Laubstein, Stuart  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 The dialer list command seems to be gone...I am going to add


 dialer-list 1 protocol ip permit

 This should work(at least to let everything threw). Or is there another
way
 to do this which is more secure? I am also trying the debug command--they
 will not help this problem but have shown me another problem with the
serial
 interfaces so thanks for that suggestion. Actually any suggestion on
 dialer-lists would alsom be welcome--ie what would it be a good idea and
 what kind of timeout is normal--I am using 50 seconds right now.

 stu


 -Urspr|ngliche Nachricht-
 Von: McCallum, Robert [mailto:[EMAIL PROTECTED]]
 Gesendet am: Monday, February 04, 2002 3:53 PM
 An: [EMAIL PROTECTED]
 Betreff: RE: ISDN problems... [7:34324]

 If the router is not seeing interesting traffic within your idle period
then
 it should drop the line.  What is in your dialer-list to define what is
 interesting traffic?

 -Original Message-
 From: Stuart Laubstein [mailto:[EMAIL PROTECTED]]
 Sent: 04 February 2002 14:20
 To: [EMAIL PROTECTED]
 Subject: ISDN problems... [7:34324]


 I have  a 3620 that has a problem with timing out. I have set the dialer
 idle-timoue to 180 seconds--the router will keep the interface open for
180
 seconds and then drop it for 9 seconds. I set it to 55 seconds and it did
 the same timeout after 55 seconds--9 second drop. This only seems to
happen
 when the  remote router is a cisco router. I have tried debug isdn
 events--but can only see the interface coming back up. Any idea on things
I
 can try would be much appreciated or on debug options that would narrow it
 for me...

 thanks



 stuart




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=3t=34324
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Where to place the loopback in an ospf environment [7:34445]

[McCallum, Robert]

and if it doesn't tell you then DO NOT place the loopbacks into area 0
unless you find you may have to later on!!!  Loopbacks as a general guide
should never be placed into area 0 if it can be helped.

-Original Message-
From: Chuck Larrieu [mailto:[EMAIL PROTECTED]]
Sent: 05 February 2002 07:02
To: [EMAIL PROTECTED]
Subject: Re: Where to place the loopback in an ospf environment
[7:34441]


when in the Lab, do as the folder ( and/or the proctor ) instructs :-

Chuck


 wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi there,

 sorry for the posting on more.
 But I'm currently 4 weeks before the CCIE lab and I'm really confusedly
about
 this.
 Some guys told me place it near the area 0 and other guys say it
_dfepends_

 Any guides for this ???

 Mit freundlichen Gr|_en

 Udo Konstantin / koud , GS KA
 NEEF LAPPCOM GmbH
 Systemhaus f|r IT-Lvsungen
 Windeckstrasse 8  76135 Karlsruhe
 Tel: +49 721/8606-215  Mobil: +49 172/7271578   *215
 Fax: +49 721/8606-264
 E-Mail/Internet: [EMAIL PROTECTED]
 Notes: Udo Konstantin/Infra CS @SULZERINFRA
 Website: http://www.neef.de




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34445t=34445
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: logging the access on a router [7:34346]

[Dion, Thierry]

Hello vincent

is not exactly this form cause U have only the last login user viewing by
sho run.
I would like to se all user's connexions on the router.

james at 00:05:35 Wed Nov 22 2000
steve at 00:07:05 Wed Nov 22 2000
Francis at 00:13:09 Wed Nov 22 2000



-Message d'origine-
De : Vincent Miller [mailto:[EMAIL PROTECTED]]
Envoyi : lundi 4 fivrier 2002 20:42
@ : [EMAIL PROTECTED]
Objet : RE: logging the access on a router [7:34346]
Importance : Faible


Is this what you had in mind ?

! Last configuration change at 00:05:35 ECT Wed Nov 22 2000
! NVRAM config last updated at 00:05:38 ECT Wed Nov 22 2000
!
version 12.0
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname xx
!
logging buffered 4096 debugging

the service timestamps will do the trick. you can create a local database of
userids/passwords that can make changes, the userid will
be included in the two lines at the top




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34446t=34346
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Where to place the loopback in an ospf environ [7:34445]

[Richard Botham]

Rob,
Very interesting.
I have my lab in 4 weeks too in Brussels.
Is there anywhere on CCO that details anything to do with this and why
loopbacks should not be used in Area0.

?Is this OSPF Specific or LAB specific?

I'll try and think about this today and see if I can figure out why.

Richard



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34447t=34445
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: MAJOR OT: Free CCNPtraining for convicts [7:34039]

[steve skinner]

Errmmm...

i wasn`t trying to start a flame war.and i appologise for introducing 
this to the list...

MY BAD


in responce to my own email...

the point i was trying to get across..is this

CISCOthere are other memebers of society who would benefit from this 
training just as much or even more so than convicts...

i wish big companies would think abit more about what they do...and the 
feelings they will prevoke
...

enough saidhey my friends !!!???





From: steve skinner 
Reply-To: steve skinner 
To: [EMAIL PROTECTED]
Subject: MAJOR  OT: Free CCNPtraining for convicts [7:34039]
Date: Fri, 1 Feb 2002 07:46:41 -0500

guys,

my boss has just told me that cisco are trailing a few prisons where they
are offering free CCNP training to convicts

man does that just bite the buscuit.

i worked long and hard to pay for my exams.get some work experience
and at my expence (bieng a tax payer)i am funding a convict to learn
about cisco.

i know about re-abilitation.but it is just a bit sick that i as an
individual,could

a) been robbed by this man ... my house is trashed and my insurence goes up
(i pay )
b) funding him in prison to learn Cisco (i pay)
c) comes out of prison and de-vaules a cert becuse he has no experience (i
pay)


does cisco want to have a useless cert system(except ofcourse the
CCIE)because the more people who BLANTENTLY DONT have any experience
witht these certs ...the less they mean...


i`m  sorry to rantbut sometimes i wish company`s would consider there
future..

FACT (from Cisco) there will always be more jobs for NA/NP than IE`s

1)i get exams to be employable...
2)in order to get these exams i push the company`s kit ..

i have recently installed some 4000`s over another companies kit,even
thought the other kit is more than capable of doing the job..because i get 
a
side benefit of learning about the equipment and increasing my CV value


3)if i am working at a company and i dont want a cisco cert because it is
worthless..why would i push that companies products..

i would simply push another company`s products to get my certs in the there
equipment ,to keep my employability

4) cisco dont sell as much equipment 
5) certs become even more worthless..
6) cisco sells even less equipment as no-one is trained anymore
7) cisco becomes Novell(my appologies to all novell staff)...

a little for-thought is all that required...

as my boss says...

 one of my main reson for buying kit is the amount of tech staff availible
to install/fix the kit...if there`s no staff there no kit

in a job market that is already depressed that last thing that is needed is
a flood of Certified but unexperienced people on the market..

the it industry is like no other ,in that fact that we have to CONSTANTLY
update our skills ...that takes time,money and personal
sacrfisesomething i dont think cisco is at all concernd with...

ahh welll.

no chance of a [EMAIL PROTECTED] list starting any time soon...??

Sorry for the downer

steve



_
Join the worlds largest e-mail service with MSN Hotmail.
http://www.hotmail.com
_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34448t=34039
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

4000 Series switch [7:34449]

[Nisus]

First of all I would like to thank you who replied to my questions about
VLans and how to set them up.

Second.  In the information I have been reading about VLans usually 2
classes of switches are referenced.
The first being a lower model or switch 1900 series.  The Vlan setup is
mostly menu driven as I found out from my Cisco instructor in class
yesterday.  There were some problems we encountered when setting up a VLan
on this type of switch.

Third.  Usually when ever I read about VLans and setting them up it uses a
5000 series switch as a reference, using the OSI command interface.

Does the 4000 switch use the same setup or interface as the 5000?

Does any one know ?

Thank you very much,
Steven M Aiello




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34449t=34449
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX activation key [7:34450]

[Radford Dion]

I've just got a hold of a PIX 515UR and I want to upgrade to the lastest
software, but when I do a show ver there is no activation key. 

Is this normal, or do I have to obtain one from somewhere?

Dion Radford
Mellon Site Services - Europe
71 Queen Victoria Street, London, EC4V 4DR 
+44 (0) 20 7653 2850 - Work
+44 (0) 20 7653 2227 - Fax
+44 (0) 794 092 8809 - Mobile
Email: [EMAIL PROTECTED]

*
DISCLAIMER:   The information contained in this e-mail may be confidential
and is intended solely for the use of the named addressee.  Access, copying
or re-use of the e-mail or any information contained therein by any other
person is not authorized.  If you are not the intended recipient please
notify us immediately by returning the e-mail to the originator.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34450t=34450
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX activation key [7:34450]

[Pat Donlon]

You need to get it from your supplier and enter it when you install your
software, see below, this is an upgrade I did (I didn't install it this time
though), you get prompted to install after you stick the image on the pix



..
Received 2174976 bytes

Cisco Secure PIX Firewall admin loader (3.0) #0: Tue Jul  3 21:50:29 PDT
2001
System Flash=E28F128J3 @ 0xfff0
BIOS Flash=e28f400b5t @ 0xd8000
Flash version 6.1.0.101, Install version 5.3.2

Installing to flash

Serial Number: #
Activation Key: 4
Do you want to enter a new activation key? [n]

#Select no for this PIX 



- Original Message -
From: Radford Dion 
Newsgroups: groupstudy.cisco
Sent: Tuesday, February 05, 2002 11:28 AM
Subject: PIX activation key [7:34450]


 I've just got a hold of a PIX 515UR and I want to upgrade to the lastest
 software, but when I do a show ver there is no activation key.

 Is this normal, or do I have to obtain one from somewhere?

 Dion Radford
 Mellon Site Services - Europe
 71 Queen Victoria Street, London, EC4V 4DR
 +44 (0) 20 7653 2850 - Work
 +44 (0) 20 7653 2227 - Fax
 +44 (0) 794 092 8809 - Mobile
 Email: [EMAIL PROTECTED]

 *
 DISCLAIMER:   The information contained in this e-mail may be confidential
 and is intended solely for the use of the named addressee.  Access,
copying
 or re-use of the e-mail or any information contained therein by any other
 person is not authorized.  If you are not the intended recipient please
 notify us immediately by returning the e-mail to the originator.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34451t=34450
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Traffic type monitoring [7:34382]

[Ian Henderson]

On Mon, 4 Feb 2002, Sam Deckert wrote:

 by monitoring, i mean by protocol and possibly port..sorry, should have
 been more specific.

Hi Sam (hooray for more Australians :)),

Netflow sounds like what you're after. On the ingres interface you want to
monitor, add 'ip route-cache flow'. Now you can 'show ip cache flow' to
show how NetFlow is switching traffic - very handy for tracking DoS
attacks - on one of our 7206VXRs, I can 'show ip cache flow' and hold down
the space bar - if I see any address standing out, its generally because
of a DoS.

Example: (IP addresses changed to protect the... errr, not so innocent).

SrcIf SrcIPaddressDstIf DstIPaddressPr SrcP DstP 
Pkts
AT3/0.501 209.132.1.27Fa0/0.1   10.1.1.211 0035 0999
1
AT3/0.501 24.30.201.3 Fa0/0.1   192.168.1.1 11 0035 0819   
12
AT3/0.501 209.71.218.87   Fa0/0.1   172.16.5.5  06 0050 040D
4
AT3/0.501 64.154.61.232   Fa0/0.1   10.11.10.1  06 1A0C 0440
1
AT3/0.501 66.61.73.34 Fa0/0.1   192.168.10.11   06 04BE 0454   
10

All pretty obvious, save Pr (its protocol - 11 is UDP, 06 is TCP, see
http://www.iana.org/assignments/protocol-numbers). SrcP and DstP are in
hex, so 0035 really means 53, or DNS.

Note that we've applied the 'ip route-cache flow' command to ATM3/0.501,
but not FastEthernet0/0.1 - we're only seeing incoming traffic. If you
want to monitor it both ways, add the command to both directions of
interface (ie, Ethernet0 and Serial0 or whatever).

The next thing is getting the information off the router. Do a search on
freshmeat for cflowd, and look at the 'ip flow export x.x.x.x '
command. This is used to send Netflow accounting records to a remote host
via UDP.

To make it pretty, have a look at Cricket. I know very little about this,
but have seen it produce really pretty graphs based on protocol, port,
etcetera. Again, do a search on freshmeat (www.freshmeat.net).

Rgds,



- I.

--
Ian Henderson CCNA, CCNP
Network Engineer, iiNet Limited




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34452t=34382
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX activation key [7:34450]

[Rik Guyler]

Well, I've seen an R version and a U version but never a UR version.
I have always been under the assumption that they were mutually exclusive.
As for the lack of an activation key, that is odd.  What is the current
version of the OS?  Have you tried to run an upgrade?  When you apply for a
feature license, such as the free 56-bit (DES) encryption feature, you will
be given a new activation key generated via the serial number.  

I would apply for the 56-bit key and then do an upgrade to the latest code
(6.1.1), which will prompt you for a new key if needed.

Rik

-Original Message-
From: Radford Dion [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 05, 2002 5:28 AM
To: [EMAIL PROTECTED]
Subject: PIX activation key [7:34450]


I've just got a hold of a PIX 515UR and I want to upgrade to the lastest
software, but when I do a show ver there is no activation key. 

Is this normal, or do I have to obtain one from somewhere?

Dion Radford
Mellon Site Services - Europe
71 Queen Victoria Street, London, EC4V 4DR 
+44 (0) 20 7653 2850 - Work
+44 (0) 20 7653 2227 - Fax
+44 (0) 794 092 8809 - Mobile
Email: [EMAIL PROTECTED]

*
DISCLAIMER:   The information contained in this e-mail may be confidential
and is intended solely for the use of the named addressee.  Access, copying
or re-use of the e-mail or any information contained therein by any other
person is not authorized.  If you are not the intended recipient please
notify us immediately by returning the e-mail to the originator.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34453t=34450
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 4000 Series switch [7:34449]

[Rik Guyler]

The 4000 uses a very similar CLI to the 5000.  The 4000 series is much newer
so some of the features are different plus the 5000 was considered a core
switch and the 4000 a closet switch.  However, the 4000 is coming out of the
closet and some cool new features are being released such as Layer 3
switching, making it something of a baby core switch.  ;-}

Rik



-Original Message-
From: Nisus [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 05, 2002 5:22 AM
To: [EMAIL PROTECTED]
Subject: 4000 Series switch [7:34449]


First of all I would like to thank you who replied to my questions about
VLans and how to set them up.

Second.  In the information I have been reading about VLans usually 2
classes of switches are referenced.
The first being a lower model or switch 1900 series.  The Vlan setup is
mostly menu driven as I found out from my Cisco instructor in class
yesterday.  There were some problems we encountered when setting up a VLan
on this type of switch.

Third.  Usually when ever I read about VLans and setting them up it uses a
5000 series switch as a reference, using the OSI command interface.

Does the 4000 switch use the same setup or interface as the 5000?

Does any one know ?

Thank you very much,
Steven M Aiello




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34454t=34449
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX activation key [7:34450]

[Gaz]

If you're not changing the features, then you won't need to put a new
activation key in.
If you are changing the features then you will have a new activation key, so
you don't need the existing one.
I used to cut and paste the activation key all the time just in case but
never used it.
I seem to remember some images not showing the activation key in show ver. I
don't think I ever found it. I just took what I thought was a risk at the
time.

The free DES image is a bit of a mystery to me at the moment. Used it a few
times to allow PDM, but not sure why Cisco do it. Who knows - you could
maybe even upgrade a Failover Pix using the DES image :-)


Gaz

Radford Dion  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I've just got a hold of a PIX 515UR and I want to upgrade to the lastest
 software, but when I do a show ver there is no activation key.

 Is this normal, or do I have to obtain one from somewhere?

 Dion Radford
 Mellon Site Services - Europe
 71 Queen Victoria Street, London, EC4V 4DR
 +44 (0) 20 7653 2850 - Work
 +44 (0) 20 7653 2227 - Fax
 +44 (0) 794 092 8809 - Mobile
 Email: [EMAIL PROTECTED]

 *
 DISCLAIMER:   The information contained in this e-mail may be confidential
 and is intended solely for the use of the named addressee.  Access,
copying
 or re-use of the e-mail or any information contained therein by any other
 person is not authorized.  If you are not the intended recipient please
 notify us immediately by returning the e-mail to the originator.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34455t=34450
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Long....RE: CCIE starting pay [7:33899]

[nrf]

If I may ask, why exactly is it a good thing that people can pass the lab
with just books, lab gear, and groupstudy, without ever having touched a
production network in his life?  This kind of thing is precisely the enabler
of all these lab-rat CCIE's that are starting to seriously water down the
prestige of the program.



Keyur Shah  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 To add onto it...experience helps you support such networks and high
profile
 web sites and enterprise networks in real time, where downtime is counted
in
 minutes and sometimes in seconds. It is impossible to do clear ip bgp *
and
 get your bgp routes which one may do all the time while preparing in a
home
 lab.

 In my personal opinion, today it is possible to pass ccie lab by simply
 studying in home lab with all the help from books, lab workbooks,
bootcamps,
 home lab and group studies out there, which is very good thing. I am sure,
 it was not the case in 1998 when Paul B. (taking him as a example only)
 passed his test. I think cisco should remove some of the old technologies
 from the lab and add some of these cool real world scenarios to a
reasobale
 extent that John mentioned below. May be have candidates log to syslog and
 ask them that they can not type clear ip bgp more than twice in the whole
 lab. That will make candidates think from real world angle. That is just
an
 example, many such things come to mind.

 Impressive article John, you described ccie's day in real world very well.

 -Keyur Shah-
 CCIE# 4799 (Security; Routing and Switching)
 css1,scsa,scna,mct,mcse,cni,mcne
 Hello Computers
 Say Hello to Your Future!
 http://www.hellocomputers.com
 Toll-Free: 1.877.794.3556
 Now offering CCIE Security Lab Workbook and remote bootcamp,
 http://www.hellocomputers.com/hellosuccess.html;

 -Original Message-
 From: John Neiberger [mailto:[EMAIL PROTECTED]]
 Sent: Monday, February 04, 2002 10:25 AM
 To: [EMAIL PROTECTED]
 Subject: LongRE: CCIE starting pay [7:33899]


 After receiving an email from Joe, I would agree that he sounds like a
very
 intelligent person with tremendous initiative.  I'd like to differentiate
 between lab experience and OTJ experience.

 Learning to configure OSPF, EIGRP, and BGP at home is one thing.

 Going to a customer site who has 200 nodes, half of which were acquired
from
 another company and are running OSPF while half are running EIGRP and all
 areas need to be able to communicate with each other and also have
multiple
 redundant and area-diverse connections to different internet providers
using
 BGP...that is experience.  :-)

 Then, after a decision has been made to use a single IGP, make a choice
 between EIGRP and OSPF, or even IS-IS.  Justify your reasoning and then
 determine a migration plan that minimizes customer downtime and guarantees
 that all areas have internet access at all times even if their local
 provider goes down.

 Help the customer to coordinate with ARIN and service providers to get the
 necessary address space and an assigned autonomous system number.

 When a given area has multiple connections to the same ISP, attempt to
 influence routing in the ISP so that it takes the closest entrance into
your
 network for that user.  Attempt to influence routing within each ISP so
that
 you increase the chances that optimal routing will occur.
 Make certain that you only advertise the necessary prefixes while
filtering
 all others.  Configure routing within each area to take the closet exit
 possible, within reason.

 Provision and order the necessary circuits after getting quotes from
several
 providers.  Make a determination when and if point to point links
 could/should be used and where frame relay or ATM would be most suitable.
 Make sure that you have plenty of room for growth and enough bandwidth to
 support video conferencing over IP for certain sections of this network.
 Determine which type of traffic shaping, queueing, and/or rate limiting
 might be necessary and where it would be most useful.

 Upgrade routers and switches as necessary, making sure that you won't run
 into processor limitations during high traffic loads and you have enough
WIC
 and NM slots available to support the connections you require.  Make sure
 you select an IOS that supports those modules and software features you'll
 needwhile minimizing the number of bugs that might affect you.

 Determine a backup plan for each area and include ISDN backup links,
making
 sure the backup links can pass both IP, IPX, and some DLSw+  but do not
pass
 streaming video and other non-essential traffic.  Create a network
 infrastructure disaster recovery plan for each area and document your
 procedures.

 And that's just the tip of the iceberg, and *that's* what I mean by
 experience.  Certainly, your experience doesn't need to be this
 comprehensive and detailed, I'm simply exaggerating to make a point.
 There is a *huge* difference between learning to configure this 

RE: PIX activation key [7:34450]

[Radford Dion]

Thanks everyone for the replies.

I upgraded it without any problems, and a new activation key was generated
automatically.

I just thought it was strange that it didn't have a key straight out of the
box.

 -Original Message-
 From: Gaz [SMTP:[EMAIL PROTECTED]]
 Sent: Tuesday, February 05, 2002 1:28 PM
 To:   [EMAIL PROTECTED]
 Subject:  Re: PIX activation key [7:34450]
 
 If you're not changing the features, then you won't need to put a new
 activation key in.
 If you are changing the features then you will have a new activation key,
 so
 you don't need the existing one.
 I used to cut and paste the activation key all the time just in case but
 never used it.
 I seem to remember some images not showing the activation key in show ver.
 I
 don't think I ever found it. I just took what I thought was a risk at the
 time.
 
 The free DES image is a bit of a mystery to me at the moment. Used it a
 few
 times to allow PDM, but not sure why Cisco do it. Who knows - you could
 maybe even upgrade a Failover Pix using the DES image :-)
 
 
 Gaz
 
 Radford Dion  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  I've just got a hold of a PIX 515UR and I want to upgrade to the lastest
  software, but when I do a show ver there is no activation key.
 
  Is this normal, or do I have to obtain one from somewhere?
 
  Dion Radford
  Mellon Site Services - Europe
  71 Queen Victoria Street, London, EC4V 4DR
  +44 (0) 20 7653 2850 - Work
  +44 (0) 20 7653 2227 - Fax
  +44 (0) 794 092 8809 - Mobile
  Email: [EMAIL PROTECTED]
 
  *
  DISCLAIMER:   The information contained in this e-mail may be
 confidential
  and is intended solely for the use of the named addressee.  Access,
 copying
  or re-use of the e-mail or any information contained therein by any
 other
  person is not authorized.  If you are not the intended recipient please
  notify us immediately by returning the e-mail to the originator.
*
DISCLAIMER:   The information contained in this e-mail may be confidential
and is intended solely for the use of the named addressee.  Access, copying
or re-use of the e-mail or any information contained therein by any other
person is not authorized.  If you are not the intended recipient please
notify us immediately by returning the e-mail to the originator.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34456t=34450
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX activation key [7:34450]

[Tom Martin]

Dion,

On the PIX 515 that we have, the activation key is listed directly under
the serial number of the sh ver (the very last line).  Perhaps you are
running really old PIX code???

In the past I have successfully obtained the correct serial number by
applying for the IPSec upgrade license for the PIX.  You need the PIX
serial number, but not the activation key.  They will e-mail you a new
activation key that works for the desired software version and will also
have IPSec enabled (not 3DES though).

- Tom


In article , Radford Dion
 wrote:

 I've just got a hold of a PIX 515UR and I want to upgrade to the lastest
 software, but when I do a show ver there is no activation key.
 
 Is this normal, or do I have to obtain one from somewhere?
 
 Dion Radford
 Mellon Site Services - Europe
 71 Queen Victoria Street, London, EC4V 4DR +44 (0) 20 7653 2850 - Work
 +44 (0) 20 7653 2227 - Fax
 +44 (0) 794 092 8809 - Mobile
 Email: [EMAIL PROTECTED]
 
 *
 DISCLAIMER:   The information contained in this e-mail may be
 confidential and is intended solely for the use of the named addressee. 
 Access, copying or re-use of the e-mail or any information contained
 therein by any other person is not authorized.  If you are not the
 intended recipient please notify us immediately by returning the e-mail
 to the originator.
 misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34457t=34450
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OSPF DR problem [7:34379]

[Peter van Oene]

Hello intervals are link specific.  I'm not sure why varying hello timers 
on different links would be relevant.


At 06:23 PM 2/4/2002 -0500, Walter Rogowski wrote:
If you debug ospf adjacencies you might see complaints re mismatched
hello intervals.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Baker, Jason
Sent: 04 February 2002 22:51
To: [EMAIL PROTECTED]
Subject: RE: OSPF DR problem [7:34379]


hmmm in ospf NBMA network i thought when you specified point to point
there was no DR, BDR election.

so maybe playing with the priorities may have caused problems


  -Original Message-
  From: Kane, Christopher A. [SMTP:[EMAIL PROTECTED]]
  Sent: Tuesday, 5 February 2002 9:36 am
  To:   [EMAIL PROTECTED]
  Subject:  RE: OSPF DR problem [7:34379]
 
  Priscilla,
 
  Now that you have R1 as the DR, it's his responsibility to announce
  that network out to everyone else. Is R1 sending out LSAs (Network
  LSA, type 2) to wherever it is that you are trying to see that
  network? (Is it R3's routing table that you can't see the Ethernet
  segment of R1 and R2?) Does the network show up in the OSPF database
  but not the routing table? Or just the routing table?
 
  Chris
 
  -Original Message-
  From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
  Sent: Monday, February 04, 2002 4:31 PM
  To: [EMAIL PROTECTED]
  Subject: OSPF DR problem [7:34379]
 
 
  Hi Group Study,
 
  Playing with IP OSPF priority to influence which router became the
  Designated Router (DR) caused routing problems for me in a recent bout

  with a lab exercise. Can anyone help me understand if I did something
  wrong?
 
  I have 2 routers on an Ethernet LAN. Both of them also have WAN
  connections to remote sites. R1 has a Frame Relay link to the
  corporate cloud via its
  S0 port. S0 is configured as ip ospf network point-to-point.
 
  R2 has an ISDN link to yet another router, R3. This link is configured

  as an OSPF point-to-point demand circuit.
 
  R1 and R2 are connected via an Ethernet switch. My goal was to make
  sure R1 became the DR on Ethernet. Both routers have loopbacks, but
  R2's is higher,
  so to make sure R2 did not become the DR, I configured it with:
 
  ip ospf priority 0
 
  R1 then did indeed become the DR on the Ethernet LAN because it was
  using the default priority 1.
 
  Now, finally to the question.. On the other side of the ISDN and
  across the Frame Relay cloud, I couldn't see the Ethernet LAN in the
  routing table. Routers formed adjacencies correctly and could reach
  most networks,
 
  but not that darn Ethernet LAN. R1 and R2 on the Ethernet LAN formed
  an adjacency and could see the rest of the internetwork.
 
  Could I have broken something by playing with the priority??
 
  Thanks for your help.
 
  Priscilla
 
 
 
  
 
  Priscilla Oppenheimer
  http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34458t=34379
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSPF DR problem [7:34379]

[John Neiberger]

This is why I didn't make too big of a deal about the two instances of
area one.  I know a discontiguous area 0 is bad, but I seemed to recall
that it doesn't matter if there are multiple instances of other areas. 
I wasn't sure of that, though, it was just in the back of my mind.

It will be interesting to see how this turns out.

John

 Chuck Larrieu  2/5/02 12:07:24 AM 
Two comments:

1) so long as there is an area 0, and all other areas connect to it,
those
other areas can all be area 1 ( or any other arbitrary number ) and
there
will be no reachability problems. This assumes no overlapping subnets.
Other
than making summarization a bear, there is nothing wrong with doing
it
this way. Bad practice and bad design, but not bad behaviour.

2) I'm interested in your rationale as to why a discontiguous area 1
would
in and of itself cause a problem with routers in either of the
discontiguous
areas such that they cannot see area 0 routes. I can't think of one
myself,
which may or may not mean anything.

Chuck


Dusty Harper  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Maybe Discontiguous is the wrong word for it.The problem I see
with
this
 design is that there is basically 2 Area 1s.  The point -to- point
 connections would be fine, however in order for the Areas to
function
 properly they need to know of each other ( all of Area 1 as a whole
needs
to
 know of the other)  This is done via LSA Types 1 and 2.  I know the
 reasoning for the Area 2, however I still stand behind the notion
that if
 you were to change the Frame-Relay Area to 3 your problem would be
solved

 You might also get around this by changing from point to point to a
 non-broadcast environment and specify all of your neighbors Router
IDs'  :
 R1 (S0) R2(BRI0) R9(S0) and R8(BRI0) on each of the routers.

 -Original Message-
 From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] 
 Sent: Mon 2/4/2002 8:33 PM
 To: [EMAIL PROTECTED] 
 Cc:
 Subject: Re: OSPF DR problem [7:34379]



 Cil, I drew this one out a little differently just to put a fresh
 perspective on it.  Without seeing the requirements of the
particular
 practice lab you are using, it's hard to say why you were seeing or
not
 seeing what you did.

 area 0
 --
 ||
   R1R2
 ||
 frame relay   area 1  ISDN area 1
 ||
   R9R8
 ||
 --  -
 area 2


 The discontiguous area 1's are irrelevant unless there is
overlapping
 addressing. The area 2 is placed the way it is in order to force the
 creation of a virtual link - common in practice labs and study
materials,
as
 all us CCIE candidates know full well ;-

 I am inferring from other comments in other posts that you needed to
use
the
 IP ospf priority command on the R2 ethernet because the requirement
is
that
 R1 is the DR in area 0.

 So, given what I see ( not knowing the particulars of your addressing
and
 various other things, there is no good reason why R9 and R8 should
not see
 the ethernet network that is area 0.

 Along the trail of broken things, I have sometimes run across
bizarre
issues
 which are solved only by reloading routers. My humble pod of 2501's
running
 enterprise 12.1.11 code sometimes have bizarre problems. I have a
theory
 that these bloatware images just barely operate within the confined
spaces
 of 16 megs of DRAM and sometimes you have to clear it out. I have
had
 bizarre things happen when configuring and unconfiguring various
routing
 protocols and features. Sometimes, admittedly, mistakes happen when
you
are
 tired, and you can't see straight to correct errors you have made.
But
other
 times, reloads have made magic happen. I am at the point where I am
thinking
 about backloading to an IOS build that takes less space, just to see
if
the
 occasional weirdness disappears.

 Again, based upon what I have seen throughout this thread, and given
that
 your areas and other configurations are correct, I see no reason why 
the
 area 0 network should not be visible from R9 and R8.

 Chuck

 PS as has been discussed here and elsewhere many a time, good
practice and
 good design have little in common with the CCIE Lab ;-

 PPS which practice lab are you looking at? I have NLI, IPExpert, and
 SolutionLabs at my disposal.






 Priscilla Oppenheimer  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Remember, I think from a design point of view. I say for some
reason
  there's an Area 2 because I think it's a bad design not because I
was
  surprised to see it there in the show output. ;-) But thanks for
replying,
  because it made me question my expectations.
 

info on blocking aol im [7:34459]

[Walls Matthew]

Looking to block aol im with pix and 2600s router.  Seems to use multiple
ports, etc

Any advice on blocking this?...

 

 

Matthew J. Walls
Sr. Systems Engineer, Systems Development
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34459t=34459
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Interface errors [7:34461]

[Joaquim Lopes]

Hi, what could cause this errors?


Serial0/0 is up, line protocol is up 
  Hardware is DSCC4 Serial
  Internet address is 10.172.1.2/30
  MTU 1500 bytes, BW 2048 Kbit, DLY 2 usec, 
 reliability 255/255, txload 1/255, rxload 3/255
  Encapsulation PPP, loopback not set
  Keepalive set (10 sec)
  LCP Open
  Listen: CDPCP
  Open: IPCP
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of show interface counters 2w4d
  Input queue: 0/75/337 (size/max/drops); Total output drops: 21
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/21 (size/max total/threshold/drops) 
 Conversations  0/60/256 (active/max active/max total)
 Reserved Conversations 0/0 (allocated/max allocated)
  5 minute input rate 29000 bits/sec, 8 packets/sec
  5 minute output rate 12000 bits/sec, 9 packets/sec
 13153011 packets input, 1756696209 bytes, 0 no buffer
 Received 0 broadcasts, 0 runts, 0 giants, 4066 throttles
 3230 input errors, 222 CRC, 3008 frame, 0 overrun, 0 ignored, 0 abort
 12955327 packets output, 2923854785 bytes, 0 underruns
 0 output errors, 0 collisions, 160 interface resets
 0 output buffer failures, 0 output buffers swapped out
 0 carrier transitions
 DCD=up  DSR=up  DTR=up  RTS=up  CTS=up

Thanks
Joaquim Lopes




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34461t=34461
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Interface errors [7:34461]

[Steven A. Ridder]

Mt first guess is a timing issue with CO or dirty line.
Joaquim Lopes  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi, what could cause this errors?


 Serial0/0 is up, line protocol is up
   Hardware is DSCC4 Serial
   Internet address is 10.172.1.2/30
   MTU 1500 bytes, BW 2048 Kbit, DLY 2 usec,
  reliability 255/255, txload 1/255, rxload 3/255
   Encapsulation PPP, loopback not set
   Keepalive set (10 sec)
   LCP Open
   Listen: CDPCP
   Open: IPCP
   Last input 00:00:00, output 00:00:00, output hang never
   Last clearing of show interface counters 2w4d
   Input queue: 0/75/337 (size/max/drops); Total output drops: 21
   Queueing strategy: weighted fair
   Output queue: 0/1000/64/21 (size/max total/threshold/drops)
  Conversations  0/60/256 (active/max active/max total)
  Reserved Conversations 0/0 (allocated/max allocated)
   5 minute input rate 29000 bits/sec, 8 packets/sec
   5 minute output rate 12000 bits/sec, 9 packets/sec
  13153011 packets input, 1756696209 bytes, 0 no buffer
  Received 0 broadcasts, 0 runts, 0 giants, 4066 throttles
  3230 input errors, 222 CRC, 3008 frame, 0 overrun, 0 ignored, 0 abort
  12955327 packets output, 2923854785 bytes, 0 underruns
  0 output errors, 0 collisions, 160 interface resets
  0 output buffer failures, 0 output buffers swapped out
  0 carrier transitions
  DCD=up  DSR=up  DTR=up  RTS=up  CTS=up

 Thanks
 Joaquim Lopes




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34462t=34461
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 4000 Series switch [7:34449]

[Patrick Ramsey]

for the most part, cat os based switches are the same and ios based switches
are the same...every once in a while you catch something different..but to
answer you, the 4000 series and 5000 series are the same.

-Patrick

 Nisus  02/05/02 05:21AM 
First of all I would like to thank you who replied to my questions about
VLans and how to set them up.

Second.  In the information I have been reading about VLans usually 2
classes of switches are referenced.
The first being a lower model or switch 1900 series.  The Vlan setup is
mostly menu driven as I found out from my Cisco instructor in class
yesterday.  There were some problems we encountered when setting up a VLan
on this type of switch.

Third.  Usually when ever I read about VLans and setting them up it uses a
5000 series switch as a reference, using the OSI command interface.

Does the 4000 switch use the same setup or interface as the 5000?

Does any one know ?

Thank you very much,
Steven M Aiello
  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. (WellStar) and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34463t=34449
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

MPLS MTU on 29XX/35XX-XL? [7:34464]

[Andy Harding]

hi all,

anyone know whether MPLS-size MTUs are supported on the 29XX/35XX-XL
switches?  and if so, from what IOS revision?

thnx

-andy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34464t=34464
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Milwaukee-area Cisco Users Group [7:34465]

[Davis, Scott [ISE/RAC]]

The February 6 Milwaukee-area Cisco Users Group meeting has had a change of
location to accommodate more attendees. The new location is Marquette
University Cudahy Hall 1313 W. Wisconsin Ave. Room 401. The time is still 5
- 7pm.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34465t=34465
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Interface errors [7:34461]

[Tom Martin]

Joaquim,

I had a similar problem with CRC and Frame alignment errors that turned
out to be a bad CSD/DSU.  It looks like you might be experiencing this as
well, especially given the number of interface resets.

- Tom

In article , Joaquim Lopes
 wrote:

 Hi, what could cause this errors?
 
 
 Serial0/0 is up, line protocol is up
   Hardware is DSCC4 Serial
   Internet address is 10.172.1.2/30
   MTU 1500 bytes, BW 2048 Kbit, DLY 2 usec,
  reliability 255/255, txload 1/255, rxload 3/255
   Encapsulation PPP, loopback not set
   Keepalive set (10 sec)
   LCP Open
   Listen: CDPCP
   Open: IPCP
   Last input 00:00:00, output 00:00:00, output hang never Last clearing
   of show interface counters 2w4d Input queue: 0/75/337
   (size/max/drops); Total output drops: 21 Queueing strategy: weighted
   fair
   Output queue: 0/1000/64/21 (size/max total/threshold/drops)
  Conversations  0/60/256 (active/max active/max total) Reserved
  Conversations 0/0 (allocated/max allocated)
   5 minute input rate 29000 bits/sec, 8 packets/sec 5 minute output rate
   12000 bits/sec, 9 packets/sec
  13153011 packets input, 1756696209 bytes, 0 no buffer Received 0
  broadcasts, 0 runts, 0 giants, 4066 throttles 3230 input errors,
  222 CRC, 3008 frame, 0 overrun, 0 ignored, 0 abort 12955327 packets
  output, 2923854785 bytes, 0 underruns 0 output errors, 0
  collisions, 160 interface resets 0 output buffer failures, 0 output
  buffers swapped out 0 carrier transitions DCD=up  DSR=up  DTR=up
  RTS=up  CTS=up
 
 Thanks
 Joaquim Lopes
 misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34466t=34461
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: info on blocking aol im [7:34459]

[Roberts, Larry]

You need to block access to the login server IP's.
If I remember it is login.oscar.aol.com. Just nslookup the ips associated
and block them ( I do it via a route to null0)

Same process with Yahoo IM, although you have to block about a million
address's it seems like.

Both services change IP's regularly and you will need to periodically check
to see if new address's are brought on line. Be aware that the process of
blocking YIM will sometimes break access to yahoo e-mail servers that are in
the same range as the login servers.

Also,

Be sure to find the Java script client IP address of AOL and block it as
well. I didn't know that it existed until I walked by someone's desk and
they were just a chatting away. Man was I PO'd bout that one.

It is not an easy process to block and keep them blocked. Both services are
evolving and finding new ways around firewalls so you have to stay vigilant
until you can get those that be to press down and say its not authorized and
those using it will be disciplined.


Larry 

-Original Message-
From: Walls Matthew [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, February 05, 2002 10:13 AM
To: [EMAIL PROTECTED]
Subject: info on blocking aol im [7:34459]


Looking to block aol im with pix and 2600s router.  Seems to use multiple
ports, etc

Any advice on blocking this?...

 

 

Matthew J. Walls
Sr. Systems Engineer, Systems Development [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34467t=34459
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Interface errors [7:34461]

[Casey, Paul (6822)]

Make sure the dulplex is set correctly, full/half etc.


 -Original Message-
 From: Tom Martin [SMTP:[EMAIL PROTECTED]]
 Sent: 05 February 2002 15:58
 To:   
 Subject:  Re: Interface errors [7:34461]
 
 Joaquim,
 
 I had a similar problem with CRC and Frame alignment errors that turned
 out to be a bad CSD/DSU.  It looks like you might be experiencing this as
 well, especially given the number of interface resets.
 
 - Tom
 
 In article , Joaquim Lopes
  wrote:
 
  Hi, what could cause this errors?
  
  
  Serial0/0 is up, line protocol is up
Hardware is DSCC4 Serial
Internet address is 10.172.1.2/30
MTU 1500 bytes, BW 2048 Kbit, DLY 2 usec,
   reliability 255/255, txload 1/255, rxload 3/255
Encapsulation PPP, loopback not set
Keepalive set (10 sec)
LCP Open
Listen: CDPCP
Open: IPCP
Last input 00:00:00, output 00:00:00, output hang never Last clearing
of show interface counters 2w4d Input queue: 0/75/337
(size/max/drops); Total output drops: 21 Queueing strategy: weighted
fair
Output queue: 0/1000/64/21 (size/max total/threshold/drops)
   Conversations  0/60/256 (active/max active/max total) Reserved
   Conversations 0/0 (allocated/max allocated)
5 minute input rate 29000 bits/sec, 8 packets/sec 5 minute output rate
12000 bits/sec, 9 packets/sec
   13153011 packets input, 1756696209 bytes, 0 no buffer Received 0
   broadcasts, 0 runts, 0 giants, 4066 throttles 3230 input errors,
   222 CRC, 3008 frame, 0 overrun, 0 ignored, 0 abort 12955327 packets
   output, 2923854785 bytes, 0 underruns 0 output errors, 0
   collisions, 160 interface resets 0 output buffer failures, 0 output
   buffers swapped out 0 carrier transitions DCD=up  DSR=up  DTR=up
   RTS=up  CTS=up
  
  Thanks
  Joaquim Lopes
  misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34468t=34461
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Interface errors [7:34461]

[Fraasch James]

This is the Cisco definitive link on errors you see when doing a show
interface serial x command.  I have referenced it many times working with
PacBell.

http://www.cisco.com/warp/public/112/chapter15.htm

Good luck!

James

Casey, Paul (6822) wrote:
 
 Make sure the dulplex is set correctly, full/half etc.
 
 
  -Original Message-
  From:   Tom Martin [SMTP:[EMAIL PROTECTED]]
  Sent:   05 February 2002 15:58
  To: 
  Subject:Re: Interface errors [7:34461]
  
  Joaquim,
  
  I had a similar problem with CRC and Frame alignment errors
 that turned
  out to be a bad CSD/DSU.  It looks like you might be
 experiencing this as
  well, especially given the number of interface resets.
  
  - Tom
  
  In article , Joaquim Lopes
   wrote:
  
   Hi, what could cause this errors?
   
   
   Serial0/0 is up, line protocol is up
 Hardware is DSCC4 Serial
 Internet address is 10.172.1.2/30
 MTU 1500 bytes, BW 2048 Kbit, DLY 2 usec,
reliability 255/255, txload 1/255, rxload 3/255
 Encapsulation PPP, loopback not set
 Keepalive set (10 sec)
 LCP Open
 Listen: CDPCP
 Open: IPCP
 Last input 00:00:00, output 00:00:00, output hang never
 Last clearing
 of show interface counters 2w4d Input queue: 0/75/337
 (size/max/drops); Total output drops: 21 Queueing
 strategy: weighted
 fair
 Output queue: 0/1000/64/21 (size/max
 total/threshold/drops)
Conversations  0/60/256 (active/max active/max total)
 Reserved
Conversations 0/0 (allocated/max allocated)
 5 minute input rate 29000 bits/sec, 8 packets/sec 5
 minute output rate
 12000 bits/sec, 9 packets/sec
13153011 packets input, 1756696209 bytes, 0 no buffer
 Received 0
broadcasts, 0 runts, 0 giants, 4066 throttles 3230
 input errors,
222 CRC, 3008 frame, 0 overrun, 0 ignored, 0 abort
 12955327 packets
output, 2923854785 bytes, 0 underruns 0 output errors,
 0
collisions, 160 interface resets 0 output buffer
 failures, 0 output
buffers swapped out 0 carrier transitions DCD=up 
 DSR=up  DTR=up
RTS=up  CTS=up
   
   Thanks
   Joaquim Lopes
   misconduct and Nondisclosure violations to
 [EMAIL PROTECTED]
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34470t=34461
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

VLan accesability [7:34471]

[Nisus]

First of all thanks again to you who have been replying to my questions.
You all rock !!!

Ok if you have an uplink port from a 4000 series switch to a 2610 router
going out to a T1 included in a VLan along with port 27 (used for example).
Will ports not in this VLan be able to get out to the router?  If not is
there any way I can include this uplink port in 2 VLans and not give access
to port 27?

or ?

Should I segment port 27 on its own with out the uplink port, and if so will
port 27 still be able to get out to the router?

Any one know?

Thanks you guys (and ladies) are great,
Steven M Aiello




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34471t=34471
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: info on blocking aol im [7:34459]

[Patrick Ramsey]

or you can script the replacement od such services with an executable that
reads The application is not allowed

assuming you are scrupting logins that is

This can be done in NT or novell...

-Patrick

 Roberts, Larry  02/05/02 11:10AM 
You need to block access to the login server IP's.
If I remember it is login.oscar.aol.com. Just nslookup the ips associated
and block them ( I do it via a route to null0)

Same process with Yahoo IM, although you have to block about a million
address's it seems like.

Both services change IP's regularly and you will need to periodically check
to see if new address's are brought on line. Be aware that the process of
blocking YIM will sometimes break access to yahoo e-mail servers that are in
the same range as the login servers.

Also,

Be sure to find the Java script client IP address of AOL and block it as
well. I didn't know that it existed until I walked by someone's desk and
they were just a chatting away. Man was I PO'd bout that one.

It is not an easy process to block and keep them blocked. Both services are
evolving and finding new ways around firewalls so you have to stay vigilant
until you can get those that be to press down and say its not authorized and
those using it will be disciplined.


Larry 

-Original Message-
From: Walls Matthew [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, February 05, 2002 10:13 AM
To: [EMAIL PROTECTED] 
Subject: info on blocking aol im [7:34459]


Looking to block aol im with pix and 2600s router.  Seems to use multiple
ports, etc

Any advice on blocking this?...

 

 

Matthew J. Walls
Sr. Systems Engineer, Systems Development [EMAIL PROTECTED] 
  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. (WellStar) and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34472t=34459
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Long....RE: CCIE starting pay [7:33899]

[Keyur Shah]

I did not mean to say without touching production network. 

-keyur shah-

-Original Message-
From: nrf [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, February 05, 2002 5:27 AM
To: [EMAIL PROTECTED]
Subject: Re: LongRE: CCIE starting pay [7:33899]


If I may ask, why exactly is it a good thing that people can pass the lab
with just books, lab gear, and groupstudy, without ever having touched a
production network in his life?  This kind of thing is precisely the enabler
of all these lab-rat CCIE's that are starting to seriously water down the
prestige of the program.



Keyur Shah  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 To add onto it...experience helps you support such networks and high
profile
 web sites and enterprise networks in real time, where downtime is 
 counted
in
 minutes and sometimes in seconds. It is impossible to do clear ip bgp 
 *
and
 get your bgp routes which one may do all the time while preparing in a
home
 lab.

 In my personal opinion, today it is possible to pass ccie lab by 
 simply studying in home lab with all the help from books, lab 
 workbooks,
bootcamps,
 home lab and group studies out there, which is very good thing. I am 
 sure, it was not the case in 1998 when Paul B. (taking him as a 
 example only) passed his test. I think cisco should remove some of the 
 old technologies from the lab and add some of these cool real world 
 scenarios to a
reasobale
 extent that John mentioned below. May be have candidates log to syslog 
 and ask them that they can not type clear ip bgp more than twice in 
 the whole lab. That will make candidates think from real world angle. 
 That is just
an
 example, many such things come to mind.

 Impressive article John, you described ccie's day in real world very 
 well.

 -Keyur Shah-
 CCIE# 4799 (Security; Routing and Switching) 
 css1,scsa,scna,mct,mcse,cni,mcne Hello Computers
 Say Hello to Your Future!
 http://www.hellocomputers.com
 Toll-Free: 1.877.794.3556
 Now offering CCIE Security Lab Workbook and remote bootcamp,
 http://www.hellocomputers.com/hellosuccess.html;

 -Original Message-
 From: John Neiberger [mailto:[EMAIL PROTECTED]]
 Sent: Monday, February 04, 2002 10:25 AM
 To: [EMAIL PROTECTED]
 Subject: LongRE: CCIE starting pay [7:33899]


 After receiving an email from Joe, I would agree that he sounds like a
very
 intelligent person with tremendous initiative.  I'd like to 
 differentiate between lab experience and OTJ experience.

 Learning to configure OSPF, EIGRP, and BGP at home is one thing.

 Going to a customer site who has 200 nodes, half of which were 
 acquired
from
 another company and are running OSPF while half are running EIGRP and 
 all areas need to be able to communicate with each other and also have
multiple
 redundant and area-diverse connections to different internet providers
using
 BGP...that is experience.  :-)

 Then, after a decision has been made to use a single IGP, make a 
 choice between EIGRP and OSPF, or even IS-IS.  Justify your reasoning 
 and then determine a migration plan that minimizes customer downtime 
 and guarantees that all areas have internet access at all times even 
 if their local provider goes down.

 Help the customer to coordinate with ARIN and service providers to get 
 the necessary address space and an assigned autonomous system number.

 When a given area has multiple connections to the same ISP, attempt to 
 influence routing in the ISP so that it takes the closest entrance 
 into
your
 network for that user.  Attempt to influence routing within each ISP 
 so
that
 you increase the chances that optimal routing will occur. Make certain 
 that you only advertise the necessary prefixes while
filtering
 all others.  Configure routing within each area to take the closet 
 exit possible, within reason.

 Provision and order the necessary circuits after getting quotes from
several
 providers.  Make a determination when and if point to point links 
 could/should be used and where frame relay or ATM would be most 
 suitable. Make sure that you have plenty of room for growth and enough 
 bandwidth to support video conferencing over IP for certain sections 
 of this network. Determine which type of traffic shaping, queueing, 
 and/or rate limiting might be necessary and where it would be most 
 useful.

 Upgrade routers and switches as necessary, making sure that you won't 
 run into processor limitations during high traffic loads and you have 
 enough
WIC
 and NM slots available to support the connections you require.  Make 
 sure you select an IOS that supports those modules and software 
 features you'll needwhile minimizing the number of bugs that might 
 affect you.

 Determine a backup plan for each area and include ISDN backup links,
making
 sure the backup links can pass both IP, IPX, and some DLSw+  but do 
 not
pass
 streaming video and other non-essential traffic.  Create a network 
 infrastructure disaster recovery plan for each 

Re: Route-map question [7:34431]

[Tom Martin]

Hunt,

You are correct, there is nothing filtering the routes entering from
Router B, without local preference set higher on 10.1.1.1 (Router A?) for
the routes, nothing will prevent AS 202 from being used for other
destinations as well.

More confusing to me is the configuration.

I read the question as if Router B should only be used for packets
_originating_ from AS 202, which should use the T1 connection.  In this
case an outbound filter would be appropriate, along with a community tag
of no-export.

Even if this the reverse is true (which the configuration seems to
indicate), the as-path access-list is only setting local preference for
the AS 300 destination!  It seems like the following access-list should
have been used:

  ip as-path access-list 1 permit ^202$

Then again, perhaps I have just totally misunderstood the question. Either
way, I hope that this helps.

- Tom


On Mon, 04 Feb 2002 23:43:41 -0500, Hunt Lee wrote:

 I have a Route-Map question that I'm very confused about:
 
 The scenario is from Caslow (p840), it is as follows:
 
 Company A has a full T3 connection to the Internet thru the ISP
 AAA-101.NET. Company B  has a T1 connection to the Internet thru the ISP
 BBB-202.Net. Company A acquires Company B, but Company A wants to keep
 both Internet connections, with the exception of packets originating
 from the AS of BBB-202.Net (BBB-202.Net's AS is 202).  All traffic
 originating from AS 202 will use the T1 Internet connection.
 
 Caslow states in order to do this, the following configs should be used
 on RouterB
 
 router bgp 1000
 neighbor 10.1.1.1 remote-as 1000
 neighbor 172.16.1.100 remote-as 202
 neighbor 172.16.1.100 route-map AS-200-IN in
 
 no ip classless
 ip as-path access-list 1 permit _300$
 
 route-map AS-200-IN permit 10
 match as-path 1
 set local-preference 200
 
 route-map AS-200-IN permit 20
 
 What I don't understand is:
 
 With the set local-preference 200 statement, it directs the traffic
 (routes coming from AS 202 / neighbor 172.16.1.100) to go out via Router
 B. However, what makes the router not passing any other routes (not from
 AS 200)? Wouldn't they still be able to go out thru Router B as well? In
 consideration that the local preference has not been changed on the
 router.
 
 Any help will be greatly appreciated.
 
 Best Regards,
 Hunt Lee
 System Engineer
 WebCentral
 misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34474t=34431
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Port spanning question [7:34469]

[Bates, Steven (SIGNAL)]

Is it possible to do port spanning on a router, or is this just a layer 2
option?

Thanks

Steven Kell Bates




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34469t=34469
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSPF DR problem [7:34379]

[s vermill]

Priscilla Oppenheimer wrote:
 
 Remember, I think from a design point of view. I say for some
 reason
 there's an Area 2 because I think it's a bad design not
 because I was
 surprised to see it there in the show output. ;-) 

Well that certainly makes sense.  I thought you were surprised by the area
because you were using a remote practice lab and weren't certain of the
state of the entire network.  Nevermind.

 But thanks
 for replying,
 because it made me question my expectations.
 
 Here's what part of the network design looks like:
 
   ---R2---Area-1-ISDNR8---Area-1-Ethernet
   |
   Area 0  |
 Ethernet |
   |
   ---R1---Area-1-Frame Relay---R9---Area-2-Ethernet

There was some back and forth about whether or not the partitioned area 1
was a problem.  I think Moy says it best (RFC 2178, pgs 33  34)...

(to save myself some typing, the discussion is centered on areas as being
different colors, all meeting up with the edge of the backbone)

...When the AS topology changes, one of the areas may become partitioned. 
The graph of the AS will then have multiple regions of the same color (area
ID). The routing in the Autonomous System will continue to function as long
as these regions of the same color are connected by the single backbone
region.

 
 When I did a show ip route on R9 and R8 I thought I would see
 the
 Ethernet LAN in Area 0. That was not a logical expectation? I
 should just
 see a default route on ABRs?
 

Unless configured as stub areas (which would preclude using them as transit
areas), I would think you should see the topology of the backbone. 
Unfortunately, the RFC only addresses virtual links as a means to repair a
partitioned backbone.  It does not address providing bacbone connectivity to
a non-backbone area.  Nor does the RFC discuss demand circuits, which, of
course, is a Cisco implementation.  So there may very well be a gottcha in
there that simply isn't addressed in the official OSPF documentation.  I
guess the answer will most likely be revealed when you revisit the remote
lab and do some magic with debug and show.

Regards,

Scott

 Thanks.
 
 Priscilla



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34475t=34379
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Interface errors [7:34461]

[Gaz]

Kick yourself...now..Serial Interface


Casey, Paul (6822)  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Make sure the dulplex is set correctly, full/half etc.


  -Original Message-
  From: Tom Martin [SMTP:[EMAIL PROTECTED]]
  Sent: 05 February 2002 15:58
  To:
  Subject: Re: Interface errors [7:34461]
 
  Joaquim,
 
  I had a similar problem with CRC and Frame alignment errors that turned
  out to be a bad CSD/DSU.  It looks like you might be experiencing this
as
  well, especially given the number of interface resets.
 
  - Tom
 
  In article , Joaquim Lopes
   wrote:
 
   Hi, what could cause this errors?
  
  
   Serial0/0 is up, line protocol is up
 Hardware is DSCC4 Serial
 Internet address is 10.172.1.2/30
 MTU 1500 bytes, BW 2048 Kbit, DLY 2 usec,
reliability 255/255, txload 1/255, rxload 3/255
 Encapsulation PPP, loopback not set
 Keepalive set (10 sec)
 LCP Open
 Listen: CDPCP
 Open: IPCP
 Last input 00:00:00, output 00:00:00, output hang never Last
clearing
 of show interface counters 2w4d Input queue: 0/75/337
 (size/max/drops); Total output drops: 21 Queueing strategy: weighted
 fair
 Output queue: 0/1000/64/21 (size/max total/threshold/drops)
Conversations  0/60/256 (active/max active/max total) Reserved
Conversations 0/0 (allocated/max allocated)
 5 minute input rate 29000 bits/sec, 8 packets/sec 5 minute output
rate
 12000 bits/sec, 9 packets/sec
13153011 packets input, 1756696209 bytes, 0 no buffer Received 0
broadcasts, 0 runts, 0 giants, 4066 throttles 3230 input errors,
222 CRC, 3008 frame, 0 overrun, 0 ignored, 0 abort 12955327
packets
output, 2923854785 bytes, 0 underruns 0 output errors, 0
collisions, 160 interface resets 0 output buffer failures, 0
output
buffers swapped out 0 carrier transitions DCD=up  DSR=up  DTR=up
RTS=up  CTS=up
  
   Thanks
   Joaquim Lopes
   misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34477t=34461
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Doyle on Stub and Totally Stubby areas [7:34478]

[Cebuano]

Hi, group.
Please clarify this description by Doyle regarding stub
and totally stubby areas. As indicated on page 480...
ABRs at the edge of a stub area will use Network Summary
LSAs [i.e. Type 3?] to advertise a single default route
(destination 0.0.0.0) into the area.

Then on page 482...
The ABR of a totally stubby area will block not only AS
External LSAs but also all Summary LSAs - with the
exception of a single type 3 LSA to advertise the default
route [i.e. 0.0.0.0, right?]

So now there doesn't seem to be much difference between the two based on this
explanation.
I always uderstood that the main difference was that
Stub areas get a default route for areas external to their AS
while Totally stubby areas get a default route for areas external to their
own
area.

Please someone clarify me on this.
Thanks.

Elmer




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34478t=34478
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Port spanning question [7:34469]

[Tom Martin]

Steven,

STP is a layer 2 only function and in general it is configured only on
switches.  It can be configured on a router if the router is configured to
act as a transparent bridge.  More info can be found on Cisco's web site
at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ssr83/rpc_r/53998.htm

- Tom

On Tue, 05 Feb 2002 11:38:32 -0500, Bates, Steven (SIGNAL) wrote:

 Is it possible to do port spanning on a router, or is this just a layer
 2 option?
 
 Thanks
 
 Steven Kell Bates
 misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34479t=34469
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Doyle on Stub and Totally Stubby areas [7:34478]

[s vermill]

Yes that wording, when directly compared, is a little confusing.  But you
have the right understanding.  Stub areas only summarize the AS external
routes, leaving all of the IA routes in tact.  Totally stubby areas get only
one outside route - whether IA or AS external - 0.0.0.0.

Put in different terms, I think you can say that stub areas replace type 5
LSAs with a default and totally stubby areas replace both type 5 and 3 LSAs
with with a default.  I'm not sure that 0.0.0.0 itself exactly fits any of
the LSA classifications.  Seems to be kind of a hybird type 3/5 LSA.

Cebuano wrote:
 
 Hi, group.
 Please clarify this description by Doyle regarding stub
 and totally stubby areas. As indicated on page 480...
 ABRs at the edge of a stub area will use Network Summary
 LSAs [i.e. Type 3?] to advertise a single default route
 (destination 0.0.0.0) into the area.
 
 Then on page 482...
 The ABR of a totally stubby area will block not only AS
 External LSAs but also all Summary LSAs - with the
 exception of a single type 3 LSA to advertise the default
 route [i.e. 0.0.0.0, right?]
 
 So now there doesn't seem to be much difference between the two
 based on this
 explanation.
 I always uderstood that the main difference was that
 Stub areas get a default route for areas external to their AS
 while Totally stubby areas get a default route for areas
 external to their own
 area.
 
 Please someone clarify me on this.
 Thanks.
 
 Elmer
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34480t=34478
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VLan accesability [7:34471]

[Don Nguyen]

If I'm reading your question correctly, the link between your router and
switch would be a trunk line.  You would have to set the 2610's eth0 up with
subinterfaces to route your VLAN, this is assuming you don't have a VLAN
routing capable device somewhere else in your network already.  This will
allow your two VLAN's to access the router.

HTH,
Don


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34482t=34471
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Doyle on Stub and Totally Stubby areas [7:34478]

[Tom Martin]

Elmer,

In short, a totally stubby area blocks all Type 3, 4 and 5 LSAs from
entering the stub area.  A stub area blocks all Type 4 and 5 LSAs from
entering the stub area.  Both inject an additional Type 3 into the stub
for the default route.

From the perspective of a stub router, you will see all OSPF networks in
all areas, but you will not see any external routes.  From the perspective
of a router in a totally stubby area, you will see all OSPF networks in
the stub area only, but will not see any OSPF networks outside of the
stub area.  Both will have a single default gateway to the nearest ABR.

I hope this helps,

- Tom

On Tue, 05 Feb 2002 12:29:31 -0500, Cebuano wrote:

 Hi, group.
 Please clarify this description by Doyle regarding stub and totally
 stubby areas. As indicated on page 480... ABRs at the edge of a stub
 area will use Network Summary LSAs [i.e. Type 3?] to advertise a single
 default route (destination 0.0.0.0) into the area.
 
 Then on page 482...
 The ABR of a totally stubby area will block not only AS External LSAs
 but also all Summary LSAs - with the exception of a single type 3 LSA to
 advertise the default route [i.e. 0.0.0.0, right?]
 
 So now there doesn't seem to be much difference between the two based on
 this explanation.
 I always uderstood that the main difference was that Stub areas get a
 default route for areas external to their AS while Totally stubby areas
 get a default route for areas external to their own area.
 
 Please someone clarify me on this.
 Thanks.
 
 Elmer
 misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34483t=34478
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VLan accesability [7:34471]

[Tom Martin]

Steven,

I am not 100% clear on the question that you have asked.  To get two VLANs
communicated to the 2610 router would require trunking both the port on
the switch and the port on the router.  Unfortunately the 261x routers do
not support trunking.  The 262x routers do (with the Plus feature set).

If you are attempting to segment the traffic to the 2610 router (in one
VLAN) from other traffic (in other VLANs), you would need an additional
router to route between the VLANs configured on the switch.  If this is
the case, you might be able to put the 2610 router on the same VLAN as all
of the other traffic, then filter who has access using an access list.

- Tom

On Tue, 05 Feb 2002 11:21:01 -0500, Nisus wrote:

 First of all thanks again to you who have been replying to my questions.
 You all rock !!!
 
 Ok if you have an uplink port from a 4000 series switch to a 2610 router
 going out to a T1 included in a VLan along with port 27 (used for
 example). Will ports not in this VLan be able to get out to the router?
 If not is there any way I can include this uplink port in 2 VLans and
 not give access to port 27?
 
 or ?
 
 Should I segment port 27 on its own with out the uplink port, and if so
 will port 27 still be able to get out to the router?
 
 Any one know?
 
 Thanks you guys (and ladies) are great, Steven M Aiello
 misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34484t=34471
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Port spanning question [7:34469]

[Steven A. Ridder]

I believe it's just switch function.  If I'm wrong, someone will correct me,
but I'm 99.9% sure.
Bates, Steven (SIGNAL)  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Is it possible to do port spanning on a router, or is this just a layer 2
 option?

 Thanks

 Steven Kell Bates




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34476t=34469
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IPX Routing problem-Conclusion [7:34485]

[Fraasch James]

Ah, to be a network engineer!!! The fun!!!

So here it is, 28 hours later I have fallen across the solution to the
problem I posted yesterday where people were not able to access an IPX
server.  Users were actually able to access it but for no more than a few
minutes at a time.

Had to add the following command to interface that houses the server:

interface TokenRing1/2
 mac-address 0200.1099.81ca
 ip address 172.25.71.200 255.255.255.0
 ip directed-broadcast
 ipx encapsulation SNAP
 ipx network A040
 ipx update interval rip 300
 ipx update interval sap 300
 ring-speed 16

IPX update intervals for rip and sap seem to have solved the problem.  

Thought you might want to know.

Thanks for the help! Now lets just hope I keep my job! Just kidding, I can
blame it on only being with the company a few months. I'm the new guy, I can
make mistakes and not get in troubleI think that's how it works.

James




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34485t=34485
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VLan accesability [7:34471]

[Don Nguyen]

Doh, I assumed all of the 2600 series routers had ports capable of trunking,
forgot you need ports capable of 100mb in order to trunk =P


Don


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34486t=34471
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VLan accesability [7:34471]

[Tom Martin]

The 261x series routers do not support trunking. 262x routers with the
Plus feature-set do, but that won't help much here.

- Tom

On Tue, 05 Feb 2002 12:51:18 -0500, Don Nguyen wrote:

 If I'm reading your question correctly, the link between your router and
 switch would be a trunk line.  You would have to set the 2610's eth0 up
 with subinterfaces to route your VLAN, this is assuming you don't have a
 VLAN routing capable device somewhere else in your network already. This
 will allow your two VLAN's to access the router.
 
 HTH,
 Don
 misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34487t=34471
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Port spanning question [7:34469]

[Hire, Ejay]

Inherent port-spanning, no.  You can bridge the ports, but your port will be
pruned after it (the router acting as a bridge) learns the connect Mac
Addresses.

-Original Message-
From: Tom Martin [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 05, 2002 12:41 PM
To: [EMAIL PROTECTED]
Subject: Re: Port spanning question [7:34469]


Steven,

STP is a layer 2 only function and in general it is configured only on
switches.  It can be configured on a router if the router is configured to
act as a transparent bridge.  More info can be found on Cisco's web site
at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ssr83/rpc_r/53998.h
tm

- Tom

On Tue, 05 Feb 2002 11:38:32 -0500, Bates, Steven (SIGNAL) wrote:

 Is it possible to do port spanning on a router, or is this just a layer
 2 option?
 
 Thanks
 
 Steven Kell Bates
 misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34489t=34469
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Doyle on Stub and Totally Stubby areas [7:34478]

[Cebuano]

Exactly. And to add to the LSA-confusion, NSSA'a get a default Type 7 with
the command
nssa no-redistribution default-information-originate.
But for purely academic reasons,
I'd like to know what bit is set to inform the neighboring routers in the
Totally stubby area that we are now
operating in totally stubby mode. Because as we all know, with stub the
E-bit is set to 1.

Thanks for the replies.
Elmer
- Original Message -
From: s vermill 
To: 
Sent: Tuesday, February 05, 2002 12:41 PM
Subject: RE: Doyle on Stub and Totally Stubby areas [7:34478]


 Yes that wording, when directly compared, is a little confusing.  But you
 have the right understanding.  Stub areas only summarize the AS external
 routes, leaving all of the IA routes in tact.  Totally stubby areas get
only
 one outside route - whether IA or AS external - 0.0.0.0.

 Put in different terms, I think you can say that stub areas replace type 5
 LSAs with a default and totally stubby areas replace both type 5 and 3
LSAs
 with with a default.  I'm not sure that 0.0.0.0 itself exactly fits any of
 the LSA classifications.  Seems to be kind of a hybird type 3/5 LSA.

 Cebuano wrote:
 
  Hi, group.
  Please clarify this description by Doyle regarding stub
  and totally stubby areas. As indicated on page 480...
  ABRs at the edge of a stub area will use Network Summary
  LSAs [i.e. Type 3?] to advertise a single default route
  (destination 0.0.0.0) into the area.
 
  Then on page 482...
  The ABR of a totally stubby area will block not only AS
  External LSAs but also all Summary LSAs - with the
  exception of a single type 3 LSA to advertise the default
  route [i.e. 0.0.0.0, right?]
 
  So now there doesn't seem to be much difference between the two
  based on this
  explanation.
  I always uderstood that the main difference was that
  Stub areas get a default route for areas external to their AS
  while Totally stubby areas get a default route for areas
  external to their own
  area.
 
  Please someone clarify me on this.
  Thanks.
 
  Elmer




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34490t=34478
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Routing Exam [7:34491]

[sohail mir]

Hi all,
Just wondering if you can point me to the right direction?  Soon I will be
taking my firs CCNP Routing exam.  I have been studing BSCN by Catherine
Paquet.  Are there any good exams out there to practice?

Thanks,
Mir



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34491t=34491
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Windows code in Cisco devices WAS: Re: PAT'S RULE!!! [7:34492]

[Patricia Leeb-Hart]

I contacted the author of the column and he was kind enough to reply.  He
first saw it on a security consulting gig in which the client (a big one)
had their phone system taken out by Nimda, then at a multi-national law
firm, which had been hit hard by Code Red.  He's contacting others
consultants and vendors to find out what which are implementing this.  It
may pop up in a future column.

 Chuck Larrieu  02/04/2002 4:04:37 PM 
my quick read is the concern that Unity and Call Manager run on the Windows
NT platform only. Whether those are stand alone servers or blades in various
convergence boxes.

so yes, there is reason to be concerned.

Chuck


Sean Knox  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 After reading the article, the author didn't give any evidence to support
 his claim that Cisco is using Microsoft code... If he's right, I am
 certainly interested to know what platforms are using MS code.

 - Sean

 -Original Message-
 From: Patricia Leeb-Hart [mailto:[EMAIL PROTECTED]] 
 Sent: Monday, February 04, 2002 2:23 PM
 To: [EMAIL PROTECTED] 
 Subject: Re: PAT'S RULE!!! -- actual Cisco stuff mentioned [7:34392]


 Not only am I from CA, I'm from Oakland.  But I don't actually think the
 game was unfair; I just like griping .  I root for any team whose town I
 live in (the Warriors excepted)

 Has anyone read the recent article in Network Computing mag on Windows
 technology in Cisco gear?
 (http://www.networkcomputing.com/1303/1303colshipley.html).   My God,
 stupidity and cupidity will never cease.  It certainly would make me want
to
 re-think migrating my voice system to VoIP on any platform that does this.
 I've already fired off an e-mail to the author asking about which platforms
 other than Cisco are adopting this. Must research further...

 And just to keep this on-topic, I'm starting my CCNP in a couple of weeks...




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34492t=34492
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Routing Exam [7:34491]

[Ole Drews Jensen]

You can follow my RouterChief link below to see what I did, and what I will
recommend.

Hth,

Ole

~~~
 Ole Drews Jensen
 Systems Network Manager
 CCNP, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]
~~~ 
 http://www.RouterChief.com
~~~
 NEED A JOB ???
 http://www.oledrews.com/job
~~~


-Original Message-
From: sohail mir [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 05, 2002 1:01 PM
To: [EMAIL PROTECTED]
Subject: Routing Exam [7:34491]


Hi all,
Just wondering if you can point me to the right direction?  Soon I will be
taking my firs CCNP Routing exam.  I have been studing BSCN by Catherine
Paquet.  Are there any good exams out there to practice?

Thanks,
Mir




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34493t=34491
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Doyle on Stub and Totally Stubby areas [7:34478]

[Tom Martin]

Elmer,

There are no bits set, TSSAs are Cisco-proprietary.  TSSAs are configured
only on the ABRs.  Non-ABRs in the stub area have no idea that they are
in a TSSA.

- Tom

On Tue, 05 Feb 2002 13:59:56 -0500, Cebuano wrote:

 Exactly. And to add to the LSA-confusion, NSSA'a get a default Type 7
 with the command
 nssa no-redistribution default-information-originate. But for purely
 academic reasons,
 I'd like to know what bit is set to inform the neighboring routers in
 the Totally stubby area that we are now operating in totally stubby
 mode. Because as we all know, with stub the E-bit is set to 1.
 
 Thanks for the replies.
 Elmer
 - Original Message -
 From: s vermill
 To:
 Sent: Tuesday, February 05, 2002 12:41 PM Subject: RE: Doyle on Stub and
 Totally Stubby areas [7:34478]
 
 
 Yes that wording, when directly compared, is a little confusing.  But
 you have the right understanding.  Stub areas only summarize the AS
 external routes, leaving all of the IA routes in tact.  Totally stubby
 areas get
 only
 one outside route - whether IA or AS external - 0.0.0.0.

 Put in different terms, I think you can say that stub areas replace
 type 5 LSAs with a default and totally stubby areas replace both type 5
 and 3
 LSAs
 with with a default.  I'm not sure that 0.0.0.0 itself exactly fits any
 of the LSA classifications.  Seems to be kind of a hybird type 3/5 LSA.

 Cebuano wrote:
 
  Hi, group.
  Please clarify this description by Doyle regarding stub and totally
  stubby areas. As indicated on page 480... ABRs at the edge of a stub
  area will use Network Summary LSAs [i.e. Type 3?] to advertise a
  single default route (destination 0.0.0.0) into the area.
 
  Then on page 482...
  The ABR of a totally stubby area will block not only AS External
  LSAs but also all Summary LSAs - with the exception of a single type
  3 LSA to advertise the default route [i.e. 0.0.0.0, right?]
 
  So now there doesn't seem to be much difference between the two based
  on this
  explanation.
  I always uderstood that the main difference was that Stub areas get a
  default route for areas external to their AS while Totally stubby
  areas get a default route for areas external to their own area.
 
  Please someone clarify me on this.
  Thanks.
 
  Elmer
 misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34494t=34478
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CSPFA [7:34496]

[Ragavendran K Rao (Cognizant)]

any CSPFAs here ? tips on the exam please ?
This e-mail and any files transmitted with it are for the sole use of the
intended recipient(s) and may contain confidential and privileged information.
If you are not the intended recipient, please contact the sender by reply
e-mail and destroy all copies of the original message.
Any unauthorised review, use, disclosure, dissemination, forwarding,
printing or copying of this email or any action taken in reliance on this
e-mail is strictly
prohibited and may be unlawful.

Visit us at http://www.cognizant.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34496t=34496
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Question [7:34497]

[Kazan, Naim]

Guys,


What the hell is up with cheet-sheets.com? I placed an order and they don't
seem to answer their phones or emails.  Are they down or out of business?


Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34497t=34497
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Please confirm (conf#0003fb09d5cd5ec7d70a3c3820ceb098) [7:34498]

[Kazan, Naim]

Guys,


What the hell is up with cheet-sheets.com? I placed an order and they don't
seem to answer their phones or emails.  Are they down or out of business?


Thanks

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 05, 2002 2:42 PM
To: [EMAIL PROTECTED]
Subject: Please confirm (conf#0003fb09d5cd5ec7d70a3c3820ceb098)


Hi,

You have tried to post to GroupStudy.com's Professional mailing list.
Because
the server does not recognize you as a confirmed poster, you will be
required
to authenticate that you are using a valid e-mail address and are not a
spammer. By confirming this e-mail you certify that you are not sending
Unsolicited Bulk Email (UBE).

By confirming this e-mail you also certify the following:

1. The message does NOT break Cisco's Non-Disclosure requirements.

2. The message is NOT designed to advertise a commercial product.

3. You understand all postings become property of GroupStudy.com

4. You have searched the archives prior to posting.

5. The message is NOT inflammatory.

6. The message is NOT a test message.

To confirm, simply reply to this message.  No editing is necessary.  Once
confirmed, you will be able to post without additional confirmations.


Welcome to GroupStudy.com!


--ORIGINAL MESSAGE-

From [EMAIL PROTECTED]  Tue Feb  5 14:41:50 2002
Received: from mailmmk1.fmr.com (mailmmk1.fmr.com [192.223.178.243])
by groupstudy.com (8.9.3/8.9.3) with ESMTP id OAA15763
GroupStudy Mailer; Tue, 5 Feb 2002 14:41:50 -0500
Received: from virmmk110nts.fmr.com (virmmk110nts.fmr.com [172.25.107.117])
by mailmmk1.fmr.com (Switch-2.2.0/Switch-2.2.0) with SMTP id
g15Jh2G22530
for ; Tue, 5 Feb 2002 14:43:02 -0500 (EST)
Received: by msgmmk102nts.fmr.com with Internet Mail Service (5.5.2654.89)
id ; Tue, 5 Feb 2002 14:43:01 -0500
Message-ID: 
From: Kazan, Naim 
To: [EMAIL PROTECTED]
Subject: Question
Date: Tue, 5 Feb 2002 14:42:56 -0500 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2654.89)
Content-Type: text/plain;
charset=iso-8859-1



Guys,


What the hell is up with cheet-sheets.com? I placed an order and they don't
seem to answer their phones or emails.  Are they down or out of business?


Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34498t=34498
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PBX [7:34499]

[Tom Richs]

How can I connect a router to a PBX to get it to talk.  In specific I'm 
implementing VoIP and want to connect it to my PBX.  Do you use a specific 
PRI, EM or what type card and cabling between the two.

Thanks.

Tom

_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34499t=34499
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IPX Routing problem-Conclusion [7:34485]

[Tom Martin]

Does anyone have any idea why this worked???  Setting the RIP and SAP
timers on a __LAN__ link should have had no positive effect.  It seems
like the only perceivable change would be the flapping of remote networks
and servers -- assuming that the timers were not modified on the server
also.

Any thoughts???

- Tom

On Tue, 05 Feb 2002 13:21:55 -0500, Fraasch James wrote:

 Ah, to be a network engineer!!! The fun!!!
 
 So here it is, 28 hours later I have fallen across the solution to the
 problem I posted yesterday where people were not able to access an IPX
 server.  Users were actually able to access it but for no more than a
 few minutes at a time.
 
 Had to add the following command to interface that houses the server:
 
 interface TokenRing1/2
  mac-address 0200.1099.81ca
  ip address 172.25.71.200 255.255.255.0 ip directed-broadcast ipx
  encapsulation SNAP
  ipx network A040
  ipx update interval rip 300
  ipx update interval sap 300
  ring-speed 16
 
 IPX update intervals for rip and sap seem to have solved the problem.
 
 Thought you might want to know.
 
 Thanks for the help! Now lets just hope I keep my job! Just kidding, I
 can blame it on only being with the company a few months. I'm the new
 guy, I can make mistakes and not get in troubleI think that's how it
 works.
 
 James
 misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34500t=34485
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PBX [7:34499]

[Tom Martin]

It really depends on the PBX interfaces available and the type of service
you are trying to offer to/from the VoIP side.  You will probably want EM
or FXO.

- Tom

On Tue, 05 Feb 2002 14:47:46 -0500, Tom Richs wrote:

 How can I connect a router to a PBX to get it to talk.  In specific I'm
 implementing VoIP and want to connect it to my PBX.  Do you use a
 specific PRI, EM or what type card and cabling between the two.
 
 Thanks.
 
 Tom
 
 _ Get
 your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
 misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34501t=34499
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PBX [7:34499]

[Steven A. Ridder]

then you need dial-peers once you get the signaling right.
Tom Martin  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 It really depends on the PBX interfaces available and the type of service
 you are trying to offer to/from the VoIP side.  You will probably want EM
 or FXO.

 - Tom

 On Tue, 05 Feb 2002 14:47:46 -0500, Tom Richs wrote:

  How can I connect a router to a PBX to get it to talk.  In specific I'm
  implementing VoIP and want to connect it to my PBX.  Do you use a
  specific PRI, EM or what type card and cabling between the two.
 
  Thanks.
 
  Tom
 
  _ Get
  your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
  misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34502t=34499
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Doyle on Stub and Totally Stubby areas [7:34478]

[[EMAIL PROTECTED]]

After reading the first email I to though I understood all of this. So
myself and a coworker just got on a white board to draw everything out hint
the 5th grade approach :) pictures are always good. But where I got a good
definition of this is in Bruce Caslow's book on page 395 it once again
cleared up everything for me. Take a look at that and maybe that will help
you out.


   

Tom
Martin
   Subject: Re: Doyle on Stub and
Totally Stubby areas [7:34478]
Sent
by:
   
nobody
   

   

   
02/05/2002
02:24
PM
   
Please
respond
to
Tom
Martin
   

   





Elmer,

There are no bits set, TSSAs are Cisco-proprietary.  TSSAs are configured
only on the ABRs.  Non-ABRs in the stub area have no idea that they are
in a TSSA.

- Tom

On Tue, 05 Feb 2002 13:59:56 -0500, Cebuano wrote:

 Exactly. And to add to the LSA-confusion, NSSA'a get a default Type 7
 with the command
 nssa no-redistribution default-information-originate. But for purely
 academic reasons,
 I'd like to know what bit is set to inform the neighboring routers in
 the Totally stubby area that we are now operating in totally stubby
 mode. Because as we all know, with stub the E-bit is set to 1.

 Thanks for the replies.
 Elmer
 - Original Message -
 From: s vermill
 To:
 Sent: Tuesday, February 05, 2002 12:41 PM Subject: RE: Doyle on Stub and
 Totally Stubby areas [7:34478]


 Yes that wording, when directly compared, is a little confusing.  But
 you have the right understanding.  Stub areas only summarize the AS
 external routes, leaving all of the IA routes in tact.  Totally stubby
 areas get
 only
 one outside route - whether IA or AS external - 0.0.0.0.

 Put in different terms, I think you can say that stub areas replace
 type 5 LSAs with a default and totally stubby areas replace both type 5
 and 3
 LSAs
 with with a default.  I'm not sure that 0.0.0.0 itself exactly fits any
 of the LSA classifications.  Seems to be kind of a hybird type 3/5 LSA.

 Cebuano wrote:
 
  Hi, group.
  Please clarify this description by Doyle regarding stub and totally
  stubby areas. As indicated on page 480... ABRs at the edge of a stub
  area will use Network Summary LSAs [i.e. Type 3?] to advertise a
  single default route (destination 0.0.0.0) into the area.
 
  Then on page 482...
  The ABR of a totally stubby area will block not only AS External
  LSAs but also all Summary LSAs - with the exception of a single type
  3 LSA to advertise the default route [i.e. 0.0.0.0, right?]
 
  So now there doesn't seem to be much difference between the two based
  on this
  explanation.
  I always uderstood that the main difference was that Stub areas get a
  default route for areas external to their AS while Totally stubby
  areas get a default route for areas external to their own area.
 
  Please someone clarify me on this.
  Thanks.
 
  Elmer
 misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34503t=34478
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: Spam from Eric Tanaka at MLCP? [7:34488]

[John Neiberger]

I just received the following spam and was wondering if anyone else here
received it.  I'm basically trying to figure out how they got my email
address and I'm wondering if they are gleaning them from this list.  

This sort of spam--the type pretending to be 'helpful'--*really*
irritates me.  We received something similar on the HP OpenView mailing
list and that company really got nailed for it by the list subscribers. 
:-)



I am sorry for the inconvenience, but our telco is having temporary
problems with our toll-free 800 telephone number.

In the interim, please use +1 310 320 1451.

Thank you.
-
Eric A. Tanaka
MLCP - Multi-Link Communications Products 
 
WAN/ LAN Equipment:
ADC-Kentrox  Adtran  Ascend  Bay Networks  Carrier Access Corp.  
Cascade  Cisco / StrataCom  Larscom  Micom  Motorola  N.E.T.  
Newbridge  Nortel Networks  Paradyne  Racal 3Com / US Robotics 
Verilink  others
 
tel.800 TO MULTI  (800 866 8584), ext. 114 (NOTE new
extension)
tel.+1 310 320 1451
fax.+1 310 320 1551
email.. mailto:[EMAIL PROTECTED] 
URL http://www.mlcp.com  
Remit/Ship..2420 West Carson Street #110, Torrance, CA  90501
-




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34488t=34488
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

VIP2 microcode [7:34504]

[wu343]

I have a vip2 rsm combo and I am unable to see an atm module in the vip2.
This
happened after I upgraded the IOS to 21.1(10) on the rsm. I have been doing
some research and I think it may have to do with a microcode that is invalid
for the 12.1 software. If so then were can I get an upgraded microcode. If I
am way off base does anyone else have any ideas.

Joe




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34504t=34504
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Port spanning question [7:34469]

[Priscilla Oppenheimer]

I think he was asking about the Switched Port Analyzer (SPAN) feature that 
allows one to connect a protocol analyzer or RMON probe or other device to 
one switch port and monitor other ports. This is a switch feature, not a 
router feature.

Priscilla

At 12:40 PM 2/5/02, Tom Martin wrote:
Steven,

STP is a layer 2 only function and in general it is configured only on
switches.  It can be configured on a router if the router is configured to
act as a transparent bridge.  More info can be found on Cisco's web site
at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ssr83/rpc_r/53998.htm

- Tom

On Tue, 05 Feb 2002 11:38:32 -0500, Bates, Steven (SIGNAL) wrote:

  Is it possible to do port spanning on a router, or is this just a layer
  2 option?
 
  Thanks
 
  Steven Kell Bates
  misconduct and Nondisclosure violations to [EMAIL PROTECTED]


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34505t=34469
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IPX Routing problem-Conclusion [7:34485]

[Priscilla Oppenheimer]

The server must be set with the non-standard 300 second timer also? That 
would be my theory.

Priscilla

At 02:50 PM 2/5/02, Tom Martin wrote:
Does anyone have any idea why this worked???  Setting the RIP and SAP
timers on a __LAN__ link should have had no positive effect.  It seems
like the only perceivable change would be the flapping of remote networks
and servers -- assuming that the timers were not modified on the server
also.

Any thoughts???

- Tom

On Tue, 05 Feb 2002 13:21:55 -0500, Fraasch James wrote:

  Ah, to be a network engineer!!! The fun!!!
 
  So here it is, 28 hours later I have fallen across the solution to the
  problem I posted yesterday where people were not able to access an IPX
  server.  Users were actually able to access it but for no more than a
  few minutes at a time.
 
  Had to add the following command to interface that houses the server:
 
  interface TokenRing1/2
   mac-address 0200.1099.81ca
   ip address 172.25.71.200 255.255.255.0 ip directed-broadcast ipx
   encapsulation SNAP
   ipx network A040
   ipx update interval rip 300
   ipx update interval sap 300
   ring-speed 16
 
  IPX update intervals for rip and sap seem to have solved the problem.
 
  Thought you might want to know.
 
  Thanks for the help! Now lets just hope I keep my job! Just kidding, I
  can blame it on only being with the company a few months. I'm the new
  guy, I can make mistakes and not get in troubleI think that's how it
  works.
 
  James
  misconduct and Nondisclosure violations to [EMAIL PROTECTED]


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34506t=34485
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: wireless problem. [7:34110]

[Darren Crawford]

I am working with Dell TrueMobile AP1100s, Dell TrueMobile 4800s and Cisco
AP350s right now.  I have my access points configured with hard coded IP
addresses.  The wireless users have their NICs configured for addressing
via DHCP.  So they get DNS, WINS and the like via their DHCP request when
they boot up.
Are you getting a default gateway along with your IP address?  Go to a DOS
prompt and type:

ipconfig /all or winipcfg

The access point can be a DHCP server too.  Is yours configured that way?

HTH

Darren


At 02:45 PM 2/1/2002 -0500, george gittins wrote:
I have a aironet 340 access point which can obtain an ip address from my
dhcp. I installed the pcmcia lan wireless card on my laptop and i can surf
the net find.However i cant ping
anything neither can i acess my routers , .i cant even ping my ip
addresss, is something that im missing here?
x$:0`0:$xx$:0`0:$xx$:0`0:$xx$:0`0:$xx$:
Lucent Technologies -  Enhanced Servies  Sales
NetworkCare Professional Services
http//www.lucent.com/netcare/
Darren S. Crawford - CCNP, CCDP

Distinguished Member of the Consulting Staff

Northwest Region - Sacramento Office
Voicemail (916) 859-5200 x310
Pager (800) 467-1467
mailto:[EMAIL PROTECTED]
x$:0`0:$xx$:0`0:$xx$:0`0:$xx$:0`0:$xx$:

Every Job is a Self-Portrait of the person Who Did It 
Autograph Your Work With EXCELLENCE!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34508t=34110
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VIP2 microcode [7:34504]

[Daniel Cotts]

12 code requires additional DRAM and Flash on the VIP2s. You might want to
check what you have vs what is required. Show diag should tell you what you
have.

 -Original Message-
 From: wu343 [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, February 05, 2002 2:15 PM
 To: [EMAIL PROTECTED]
 Subject: VIP2 microcode [7:34504]
 
 
 I have a vip2 rsm combo and I am unable to see an atm module 
 in the vip2.
 This
 happened after I upgraded the IOS to 21.1(10) on the rsm. I 
 have been doing
 some research and I think it may have to do with a microcode 
 that is invalid
 for the 12.1 software. If so then were can I get an upgraded 
 microcode. If I
 am way off base does anyone else have any ideas.
 
 Joe




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34509t=34504
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IPX Routing problem-Conclusion [7:34485]

[Patrick Ramsey]

was it traversing two separate vendors by the time it hit the server?

I know with 3com and cisco, the defaults for rip and sap updates are
different.  3com defaults to update on change only...where cisco's defaults
are timed.  When you connect both vendors together, cisco will send updates
but 3com won't listen...and since 3com doesn't send updates, cisco with time
the values out and clear routes/saps...

-Patrick

 Priscilla Oppenheimer  02/05/02 03:25PM 
The server must be set with the non-standard 300 second timer also? That 
would be my theory.

Priscilla

At 02:50 PM 2/5/02, Tom Martin wrote:
Does anyone have any idea why this worked???  Setting the RIP and SAP
timers on a __LAN__ link should have had no positive effect.  It seems
like the only perceivable change would be the flapping of remote networks
and servers -- assuming that the timers were not modified on the server
also.

Any thoughts???

- Tom

On Tue, 05 Feb 2002 13:21:55 -0500, Fraasch James wrote:

  Ah, to be a network engineer!!! The fun!!!
 
  So here it is, 28 hours later I have fallen across the solution to the
  problem I posted yesterday where people were not able to access an IPX
  server.  Users were actually able to access it but for no more than a
  few minutes at a time.
 
  Had to add the following command to interface that houses the server:
 
  interface TokenRing1/2
   mac-address 0200.1099.81ca
   ip address 172.25.71.200 255.255.255.0 ip directed-broadcast ipx
   encapsulation SNAP
   ipx network A040
   ipx update interval rip 300
   ipx update interval sap 300
   ring-speed 16
 
  IPX update intervals for rip and sap seem to have solved the problem.
 
  Thought you might want to know.
 
  Thanks for the help! Now lets just hope I keep my job! Just kidding, I
  can blame it on only being with the company a few months. I'm the new
  guy, I can make mistakes and not get in troubleI think that's how it
  works.
 
  James
  misconduct and Nondisclosure violations to [EMAIL PROTECTED] 


Priscilla Oppenheimer
http://www.priscilla.com 
  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. (WellStar) and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34510t=34485
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

VIP2 microcode [7:34511]

[wu343]

Daniel

thanks daniel I will take a look at that latter, but what about the
microcode? Does that have anything to do with it?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34511t=34511
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

access-list in pix 520 [7:34512]

[george gittins]

access-list 1 deny ip 10.1.0.0 255.255.0.0 host X.X.X.X
 access-group 1 in interface inside
once i apply it i lose outside connectivity
I imagine that the same rules apply as routers a explicit deny at the end
so i would have to place a allow ip any any
at the end right?
well what if im creating another access-list 2 for example too should i
also have to place  another allow statement?
any particular links refering to this issue would be greatly apreaciated




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34512t=34512
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IPX Routing problem-Conclusion [7:34485]

[Fraasch James]

It is Cisco to Cisco. 7204 to 2600.

'By changing the update interval from 1 minute to 5 minutes you are
preventing the route and server from flapping and thereby keeping your
connection to the server up.'

This is what the Cisco tech said- AFTER I had already put the command in. I
am not sure why it worked either.  I would have thought with 1 minute SAP
and RIP advertisements it would be better than 5 save for the amount of
traffic it produces.

I understand 'flapping' in the cable modem sense of the word but I hadnt
seen it happen in this environment.  To me, the flapping means that the
cable modem is connecting and disconnecting at random intervals, sometimes
due to incorrect power configurations.  But in this sense I am gathering
that it means the route to the particular server flapped.  If that is the
case then it would explain why users could intermittently connect to the
server. Then the question becomes, why did the flapping occur in the first
place?


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34513t=34485
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PBX [7:34499]

[Michael Williams]

We are looking at doing the same.  I was hoping to use the T1 Voice trunk
module to connect to the PBX.  Other than signalling (ESF/B8ZS) what kinds
of technical specs do I need to know about the PBX to make this work?

Mike W.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34514t=34499
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PBX [7:34499]

[Steven A. Ridder]

if wink-start signaling, then the type (delay, immediate, wink, etc)


Michael Williams  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 We are looking at doing the same.  I was hoping to use the T1 Voice trunk
 module to connect to the PBX.  Other than signalling (ESF/B8ZS) what kinds
 of technical specs do I need to know about the PBX to make this work?

 Mike W.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34515t=34499
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Port spanning question [7:34469]

[Michael Williams]

Here's an interesting twist to that question:  If your switch/router is a
6500 running Native IOS, can you span ports that are configured as router
interfaces as opposed to switchports?

I'm using a 6509 with Native IOS, and I have a server connected to a port
configured as a switchport.  I was able to monitor that port on another
port, also configured as a switchport.  I wonder if it's possible to
monitor an ethernet port that's being used as a routing interface (i.e.
not a switchport).  Time to try it out. too bad that 6509 is a
production box =)

Mike W.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34518t=34469
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Interface errors [7:34461]

[Michael Williams]

Steven A. Ridder wrote:
 
 Mt first guess is a timing issue with CO or dirty line.

Agreed.  I would have the telco test the line with that many errors.  It is
possible that it's a bad CSU/DSU or even a bad cable (RJ-48 to the CSU/DSU
or V.35 from the CSU to the router), but you can replace those things and if
you still get the errors, call the telco.

Mike W.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34519t=34461
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Undocumented iBGP Behavior (Confirmed by Cisco) [7:34521]

[W. Alan Robertson]

Folks,

Just to let you know, I ran across what looked like a bug in Cisco's
BGP code...  Turns out, this is undocumented new behavior.

We just deployed a pair of 3640s for one of our customers, for
dual-router, dual-homed Internet connectivity.  We are taking full
tables from Genuity (AS 1), and Worldcom (AS 701).

Each router was learning 104,000+ prefixes from each of the external
peers, but the iBGP peering was acting really strange.  One of the
routers was learning the full table from the other, but the second
router was only taking like 700 prefixes.

When we cleared the internal peer (soft or hard), we could see the
whole table being transferred...  It would climb as though it were
going to learn them all, and then as it approached 100,000 prefixes,
it would rapidly drop back down to 700.  I debugged the iBGP peer, and
saw it issuing withdrawls for all of these routes.

We opened a ticket with the TAC, and they initially believed it to be
a bug as well.  Upon further review, they came back and told us that
this was the desired behavior in the newer code (We are running
12.0(20) on these boxes).  In order to conserve memory, and processor,
if an iBGP peer learns that another iBGP peer already has a better
route to a specific prefix,  it will issue a withdrawl to that peer
for the prefix(es).

I spent quite a while second guessing what seemed to be a very simple,
straighforward configuration.  I have done several near identical
deployments in the past.

I guess the moral is this:  If you know your config is correct, and
the router behavior is not what you expect, do not hesitate to call
the TAC.

I hope they are as helpful on Monday, when I call them from the CCIE
Lab in RTP.  ;)

Regards...

Alan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34521t=34521
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Port spanning question [7:34469]

[Patrick Ramsey]

how are you liking ios?  seen any problems or performance issues?

 Michael Williams  02/05/02 04:36PM 
Here's an interesting twist to that question:  If your switch/router is a
6500 running Native IOS, can you span ports that are configured as router
interfaces as opposed to switchports?

I'm using a 6509 with Native IOS, and I have a server connected to a port
configured as a switchport.  I was able to monitor that port on another
port, also configured as a switchport.  I wonder if it's possible to
monitor an ethernet port that's being used as a routing interface (i.e.
not a switchport).  Time to try it out. too bad that 6509 is a
production box =)

Mike W.
  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. (WellStar) and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34522t=34469
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IPX Routing problem-Conclusion [7:34485]

[Fraasch James]

Yup, I made the changes on the TokenRing interface itself, not the WAN
interface.  The original config I posted listed just one of the routers that
was connected via a serial interface (all T1 lines).  There are actually 7
serial connections to this and five token rings.  Each interface is its own
separate network.

I think the problem is like this:  The Cisco router is looking for RIP and
SAP updates every one or three minutes by default.  If your server is
configured to send out RIP and SAP updates at any interval greater than what
Cisco is looking for, then Cisco forgets the route to the server.  By
matching the Cisco RIP and SAP update interval to whatever is set on the
server on the network, there should never be an interval greater than what
is allowed to keep the route.

As to whether or not this command should be placed on the WAN interfaces or
the LAN interface, well, it was already set on all the WAN interfaces so it
looks like it has to be set on each interface where a SNA server is
located.  The only interface that did not have the command was one that went
to another network that was all NT, no IPX at all.

James


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34523t=34485
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Undocumented iBGP Behavior (Confirmed by Cisco) [7:34521]

[Patrick Ramsey]

ha! Is that allowed?  

 W. Alan Robertson  02/05/02 04:40PM 
Folks,

Just to let you know, I ran across what looked like a bug in Cisco's
BGP code...  Turns out, this is undocumented new behavior.

We just deployed a pair of 3640s for one of our customers, for
dual-router, dual-homed Internet connectivity.  We are taking full
tables from Genuity (AS 1), and Worldcom (AS 701).

Each router was learning 104,000+ prefixes from each of the external
peers, but the iBGP peering was acting really strange.  One of the
routers was learning the full table from the other, but the second
router was only taking like 700 prefixes.

When we cleared the internal peer (soft or hard), we could see the
whole table being transferred...  It would climb as though it were
going to learn them all, and then as it approached 100,000 prefixes,
it would rapidly drop back down to 700.  I debugged the iBGP peer, and
saw it issuing withdrawls for all of these routes.

We opened a ticket with the TAC, and they initially believed it to be
a bug as well.  Upon further review, they came back and told us that
this was the desired behavior in the newer code (We are running
12.0(20) on these boxes).  In order to conserve memory, and processor,
if an iBGP peer learns that another iBGP peer already has a better
route to a specific prefix,  it will issue a withdrawl to that peer
for the prefix(es).

I spent quite a while second guessing what seemed to be a very simple,
straighforward configuration.  I have done several near identical
deployments in the past.

I guess the moral is this:  If you know your config is correct, and
the router behavior is not what you expect, do not hesitate to call
the TAC.

I hope they are as helpful on Monday, when I call them from the CCIE
Lab in RTP.  ;)

Regards...

Alan
  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. (WellStar) and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34524t=34521
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: access-list in pix 520 [7:34512]

[Keyur Shah]

George,

On PIX you can have only one acl can be applied inbound on a given interface
(same as router, except router will allow one in and one out rule per
interface). There is implicit deny at the end of acl just like router IOS.
And pix does not use wildcard, it uses regular mask in acl.

-Keyur Shah-
CCIE# 4799 (Security; Routing and Switching)
css1,scsa,scna,mct,mcse,cni,mcne
Hello Computers
Say Hello to Your Future!
http://www.hellocomputers.com
Toll-Free: 1.877.794.3556 
Now offering CCIE Security Lab Workbook and remote bootcamp,
http://www.hellocomputers.com/hellosuccess.html;
 



-Original Message-
From: george gittins [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, February 05, 2002 12:57 PM
To: [EMAIL PROTECTED]
Subject: access-list in pix 520 [7:34512]


access-list 1 deny ip 10.1.0.0 255.255.0.0 host X.X.X.X  access-group 1 in
interface inside once i apply it i lose outside connectivity I imagine that
the same rules apply as routers a explicit deny at the end so i would have
to place a allow ip any any at the end right? well what if im creating
another access-list 2 for example too should i also have to place  another
allow statement? any particular links refering to this issue would be
greatly apreaciated




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34520t=34512
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

A Review of Hello Computers workbook for CCIE secu [7:34507]

[Priscilla Oppenheimer]

Hello Computers recently published their Lab Workbook for Cisco CCIE 
Security Lab Exam Preparation. Keyur Shah from Hello Computers, Inc. asked 
me for feedback on the workbook. I decided to share my feedback with Group 
Study. The workbook is a great learning tool and a lot cheaper than buying 
equipment yourself. The lab rental service seems well run with good 
customer service.

The workbook is available from Hello Computers or from CertificationZone. I 
did not receive compensation for this review. I have done work for 
CertificationZone in the past, but they did not know about this review.

The workbook consists of sixteen labs that cover all the topics in the CCIE 
security lab test. The workbook costs $645 and includes 24 hours of remote 
lab rack access. It's worth the money. The labs are well-written and easy 
to follow, but challenging. The rack implements a complex network of 10 
routers connected via Frame Relay, ISDN, Ethernet, and ATM; a Catalyst 5500 
switch; and various security devices, such as PIX boxes, two Sun 
workstations with Solaris 8, and some NT servers that handle TACACS, TFTP, 
syslog, and so on.

Hello Computers has been in the IT training business since 1996. They seem 
to be a robust and innovative company. Because they have had a few years in 
this business, they have had a chance to implement some new training 
technologies, such as distance learning and virtual labs. (With a WebEx 
player, you can actually attend an audio class remotely and see the 
configurations input by the instructor.)

One of the best features of their service is the Live Person chat that you 
can open with tech support while doing a lab. I managed to gum up the 
Terminal Server (due to my ignorance not any fault of theirs! ;-) I started 
the chat and was immediately connected to someone who helped me.

The CCIE Security workbook consists of four full-scale 100-point labs and 
twelve labs of 50 points each. The 100-point labs have instructions on all 
topics, whereas the shorter labs concentrate on a subset of topics. Each 
lab is divided into 5 sections:

1. Routing with EIGRP, RIP, OSPF, and BGP; switching with VLANs; and PIX 
fundamentals

2. Tasks aligned with the Managing Cisco Network Security (MCNS) class, 
such as avoiding DOS attacks, etc.

3. Advanced PIX

4. VPNs and IPSec

5. Intrusion Detection System

Every lab has tips (hints) at the end. The workbook also comes with a CD 
that has initial configs such as IP addresses and other basic 
configurations that you might not want to waste your time on. The CD also 
includes solutions for each lab. The solutions have some minor mistakes, 
but Hello Computers plans to publish updates on their Web site.

The lab network diagrams are in color and are laminated. Since I used them 
a lot, I was grateful for their sturdiness. Also the lamination means that 
you can write note on the diagrams with a dry erase marker.

The first step in every lab tells you to redraw the network diagram. This 
is good advice. The network design is quite complex and more convoluted 
than typical real-world networks. Group Study readers have heard about my 
concerns regarding the OSPF virtual link and discontiguous Area 1. ;-) But 
I guess those are things you need to know for CCIE.

I was confused at first that all sites in the internetwork are connected 
to the same Catalyst switch. Obviously this wouldn't be the case in the 
real world and perhaps that should be pointed out to people new to CCIE 
labs. Also, perhaps the labs would be more real-world if they specified why 
the customer wants all these complex features enabled. But this sort of 
additional information wouldn't help one prepare for CCIE, so I don't 
consider the lack of it a major fault. It's just my design bias showing.

In summary, this is a classy product and service. I recommend it.



Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34507t=34507
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: access-list in pix 520 [7:34512]

[Roberts, Larry]

Yes there is an implicit deny any any at the end.

You can only apply one access-list per interface. If you attempt to place a
second one, it will just replace the first on. ( At least with 5.2 and
earlier code )

Best link I can give you is:

http://www.cisco.com/warp/public/110/pix_command_ref.shtml


-Original Message-
From: george gittins [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, February 05, 2002 3:57 PM
To: [EMAIL PROTECTED]
Subject: access-list in pix 520 [7:34512]


access-list 1 deny ip 10.1.0.0 255.255.0.0 host X.X.X.X  access-group 1 in
interface inside once i apply it i lose outside connectivity I imagine that
the same rules apply as routers a explicit deny at the end so i would have
to place a allow ip any any at the end right? well what if im creating
another access-list 2 for example too should i also have to place  another
allow statement? any particular links refering to this issue would be
greatly apreaciated




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34525t=34512
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

BGP Confederations [7:34526]

[Cebuano]

More clarifications needed...

1. Can you have route reflectors within a confederation if the IBGP peers
don't have a full mesh?

2. Can you sub-confedrate a confederation like you do VLSM for IP
addressing?

I'm just curios because ...
1. I haven't come across the answers on Halabi's Case Studies on CCO or the
IOS12.0 configuration guide.

2. I don't have enough routers to test this out.

Thanks.

Elmer




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34526t=34526
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VIP2 microcode [7:34511]

[Daniel Cotts]

Don't think so. Latest microcode should come with the updated IOS. I would
hope that they wouldn't break it.

Here's two sources of Undocumented commands. Not sure what the commands I
included will show. Hope that your box isn't in production - just in case.
http://www.i-n-t.de/ccie/ios_commands.html
see show controller vip  log
show controller vip  tech

http://www.boerland.com/dotu/
show controller vip  log 
show controller vip  tech

 -Original Message-
 From: wu343 [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, February 05, 2002 2:54 PM
 To: [EMAIL PROTECTED]
 Subject: VIP2 microcode [7:34511]
 
 
 Daniel
 
 thanks daniel I will take a look at that latter, but what 
 about the
 microcode? Does that have anything to do with it?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34527t=34511
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Undocumented iBGP Behavior (Confirmed by Cisco) [7:34521]

[John Neiberger]

I'm having trouble seeing this as good behavior.   How does the iBGP
peer that withdrew all those routes know if the route on the other peer
has changed, perhaps for the worse?  Let me restate the issue to make
sure I understand what you're saying.


[AS1]   [AS701]
   | |
   | |
 [R1]--iBGP[R2]


R1 learns a prefix from AS1, R2 learns the same prefix from AS701. 
They in turn advertise those prefixes to each other.  R2, realizing the
it just received an update that had a better path, issues a withdraw
message to R1 for that prefix.  

In this current state, R2 has two paths in its BGP table but R1 only
has one.  If the routing information for that prefix changes, what
happens?  Let's say that AS1 stops advertising it to R1.  Does R1 send a
withdraw to R2, causing R2 to send an update at that point? 
Hmm...interesting.  This makes sense.  If the routing information
changes for the worse on R1, it will send an update to R2.  I'm assuming
that R2 will then do another check against the information in the BGP
table to determine if it should send a subsequent update back to R1.

The more I think it through, the more sense it's starting to make. 
:-)

Thanks for the info!  I will file this into the category of things that
are Good To Know (tm).

John


 W. Alan Robertson  2/5/02 2:40:30 PM

Folks,

Just to let you know, I ran across what looked like a bug in Cisco's
BGP code...  Turns out, this is undocumented new behavior.

We just deployed a pair of 3640s for one of our customers, for
dual-router, dual-homed Internet connectivity.  We are taking full
tables from Genuity (AS 1), and Worldcom (AS 701).

Each router was learning 104,000+ prefixes from each of the external
peers, but the iBGP peering was acting really strange.  One of the
routers was learning the full table from the other, but the second
router was only taking like 700 prefixes.

When we cleared the internal peer (soft or hard), we could see the
whole table being transferred...  It would climb as though it were
going to learn them all, and then as it approached 100,000 prefixes,
it would rapidly drop back down to 700.  I debugged the iBGP peer, and
saw it issuing withdrawls for all of these routes.

We opened a ticket with the TAC, and they initially believed it to be
a bug as well.  Upon further review, they came back and told us that
this was the desired behavior in the newer code (We are running
12.0(20) on these boxes).  In order to conserve memory, and processor,
if an iBGP peer learns that another iBGP peer already has a better
route to a specific prefix,  it will issue a withdrawl to that peer
for the prefix(es).

I spent quite a while second guessing what seemed to be a very simple,
straighforward configuration.  I have done several near identical
deployments in the past.

I guess the moral is this:  If you know your config is correct, and
the router behavior is not what you expect, do not hesitate to call
the TAC.

I hope they are as helpful on Monday, when I call them from the CCIE
Lab in RTP.  ;)

Regards...

Alan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34528t=34521
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

kazaa / morpheus blocking / rate-limiting [7:34529]

[bergenpeak]

Hi,

Wondering if anyone has been using ACLs to block or rate-limit
Kazaa/Morpheus
traffic.  I'd be interested in how well this worked.

Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34529t=34529
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IPX Routing problem-Conclusion [7:34485]

[John Neiberger]

Very interesting.  I wonder why someone would tweak those values on the
server in the first place.  Unless all the devices on a LAN segment are
using the same values, problems are going to arise.  From the sounds of
it, someone changed the server settings and didn't bother to let
everyone else know!  

John

 Fraasch James  2/5/02 2:49:28 PM 
Yup, I made the changes on the TokenRing interface itself, not the WAN
interface.  The original config I posted listed just one of the routers
that
was connected via a serial interface (all T1 lines).  There are
actually 7
serial connections to this and five token rings.  Each interface is its
own
separate network.

I think the problem is like this:  The Cisco router is looking for RIP
and
SAP updates every one or three minutes by default.  If your server is
configured to send out RIP and SAP updates at any interval greater than
what
Cisco is looking for, then Cisco forgets the route to the server.  By
matching the Cisco RIP and SAP update interval to whatever is set on
the
server on the network, there should never be an interval greater than
what
is allowed to keep the route.

As to whether or not this command should be placed on the WAN
interfaces or
the LAN interface, well, it was already set on all the WAN interfaces
so it
looks like it has to be set on each interface where a SNA server is
located.  The only interface that did not have the command was one that
went
to another network that was all NT, no IPX at all.

James




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34530t=34485
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Renting Cisco Equipment [7:34531]

[Greg Harper]

Greetings,

Does anybody on the list know of any companies that will
rent or short-term lease Cisco equipment?  I need an AS5400
temporarily to minimize the downtime of an ISP migration,
and am having trouble finding companies that handle this
type of thing.

Thanks,
Greg




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34531t=34531
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Your Password at GroupStudy! [7:34303]

[Jeff Buehler]

I suggest the SECURITY Certification.  :)

http://www.cisco.com/warp/public/10/wwtraining/certprog/c_and_s/ccip/
http://www.cisco.com/warp/public/10/wwtraining/certprog/c_and_s/ccip/pop_sec
urity_training.html

watch word wrap


Indra Moodley  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Any info on the CCIP Cetification

 Regards,

 Indra Moodley
 DNS Administrator
 Satellite Data Networks

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
 Sent: Monday, February 04, 2002 10:59 AM
 To: [EMAIL PROTECTED]
 Subject: Your Password at GroupStudy!



 Welcome to GroupStudy.com.  Your username and password are as follows:
 Your Username: Lamagra
 Your Password: rkwfcnezvp


 You may login and change your password as desired.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34532t=34303
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IPX Routing problem-Conclusion [7:34485]

[Fraasch James]

Well, I wish it was as easy as saying someone tweaked with the timers on the
server but for some reason all our servers are set the same way and so all
of our routers have to be set the same way as well. Not only that, but if
you look at that TokenRing interface, we are using administrative
mac-addresses as well, that is, it is not the actual NIC address, it is
something else entirely. And we have one OSPF area for over 100 routers that
have to keep track of both IP and IPX routes.  But hey, that is why I am
here, to help clean up 20 years of bad network planning.

Thanks again for everyone's help. I learned a ton!


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34533t=34485
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Undocumented iBGP Behavior (Confirmed by Cisco) [7:34535]

[Manny Gonzalez]

Is there a STOP command? Something to let us turn that behaviour off?
The way I see it is, if the router with the 104000+ routes suddenly
dies, the other router (the one with 700 routes) has to then get all
these routes from it's remote-as peer and that could take a while (if
never, or until refreshed) Unless I missed something in your email, this
is not what would like my routers to behave like...

:-))

W. Alan Robertson wrote:
 
 Folks,
 
 Just to let you know, I ran across what looked like a bug in Cisco's
 BGP code...  Turns out, this is undocumented new behavior.
 
 We just deployed a pair of 3640s for one of our customers, for
 dual-router, dual-homed Internet connectivity.  We are taking full
 tables from Genuity (AS 1), and Worldcom (AS 701).
 
 Each router was learning 104,000+ prefixes from each of the external
 peers, but the iBGP peering was acting really strange.  One of the
 routers was learning the full table from the other, but the second
 router was only taking like 700 prefixes.
 
 When we cleared the internal peer (soft or hard), we could see the
 whole table being transferred...  It would climb as though it were
 going to learn them all, and then as it approached 100,000 prefixes,
 it would rapidly drop back down to 700.  I debugged the iBGP peer, and
 saw it issuing withdrawls for all of these routes.
 
 We opened a ticket with the TAC, and they initially believed it to be
 a bug as well.  Upon further review, they came back and told us that
 this was the desired behavior in the newer code (We are running
 12.0(20) on these boxes).  In order to conserve memory, and processor,
 if an iBGP peer learns that another iBGP peer already has a better
 route to a specific prefix,  it will issue a withdrawl to that peer
 for the prefix(es).
 
 I spent quite a while second guessing what seemed to be a very simple,
 straighforward configuration.  I have done several near identical
 deployments in the past.
 
 I guess the moral is this:  If you know your config is correct, and
 the router behavior is not what you expect, do not hesitate to call
 the TAC.
 
 I hope they are as helpful on Monday, when I call them from the CCIE
 Lab in RTP.  ;)
 
 Regards...
 
 Alan
 _
 CCIE Security list: http://www.groupstudy.com/list/security.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34535t=34535
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Undocumented iBGP Behavior (Confirmed by Cisco) [7:34536]

[Przemyslaw Karwasiecki]

Correct me if I am wrong but this:

 if an iBGP peer learns that another iBGP peer already has a better
 route to a specific prefix,  it will issue a withdrawl to that peer
 for the prefix(es).

is perfectly normal, standart behaviour.
If your Genuity route is better, you will select this route
in your routing table, and if by any chance before you had 
there UUNET route which you have advertised, you need to send
update with new, better, selected route.

BGP will never advertise both routes. 
This is distant vector after all.

So if during convergence phase your route selection 
is shuffling your routes in your Loc-RIB, you should
to expect series of updates to follow up.

Przemek


On Tue, 2002-02-05 at 16:45, W. Alan Robertson wrote:
 Folks,
 
 Just to let you know, I ran across what looked like a bug in Cisco's
 BGP code...  Turns out, this is undocumented new behavior.
 
 We just deployed a pair of 3640s for one of our customers, for
 dual-router, dual-homed Internet connectivity.  We are taking full
 tables from Genuity (AS 1), and Worldcom (AS 701).
 
 Each router was learning 104,000+ prefixes from each of the external
 peers, but the iBGP peering was acting really strange.  One of the
 routers was learning the full table from the other, but the second
 router was only taking like 700 prefixes.
 
 When we cleared the internal peer (soft or hard), we could see the
 whole table being transferred...  It would climb as though it were
 going to learn them all, and then as it approached 100,000 prefixes,
 it would rapidly drop back down to 700.  I debugged the iBGP peer, and
 saw it issuing withdrawls for all of these routes.
 
 We opened a ticket with the TAC, and they initially believed it to be
 a bug as well.  Upon further review, they came back and told us that
 this was the desired behavior in the newer code (We are running
 12.0(20) on these boxes).  In order to conserve memory, and processor,
 if an iBGP peer learns that another iBGP peer already has a better
 route to a specific prefix,  it will issue a withdrawl to that peer
 for the prefix(es).
 
 I spent quite a while second guessing what seemed to be a very simple,
 straighforward configuration.  I have done several near identical
 deployments in the past.
 
 I guess the moral is this:  If you know your config is correct, and
 the router behavior is not what you expect, do not hesitate to call
 the TAC.
 
 I hope they are as helpful on Monday, when I call them from the CCIE
 Lab in RTP.  ;)
 
 Regards...
 
 Alan
 _
 CCIE Security list: http://www.groupstudy.com/list/security.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34536t=34536
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Concentrator 3030 RADIUS authentication [7:34537]

[Jim Bond]

Hello,

I'm trying to set up authenticating groups externally
through RADIUS. I created a group and changed the type
to External. On my RADIUS server (Safeword 5.1), I
created a group with the same name on 3030. Users
couldn't get authenticated. On 3030 log, it said user
unspecific.

Any thoughts?

Thanks.

Jim

__
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34537t=34537
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Undocumented iBGP Behavior (Confirmed by Cisco) [7:34538]

[Przemyslaw Karwasiecki]

Alan,

This router with 700 routes via iBGP does have remaining 103300 routes, 
but from eBGP, right?

Przemek


On Tue, 2002-02-05 at 17:33, Manny Gonzalez wrote:
 Is there a STOP command? Something to let us turn that behaviour off?
 The way I see it is, if the router with the 104000+ routes suddenly
 dies, the other router (the one with 700 routes) has to then get all
 these routes from it's remote-as peer and that could take a while (if
 never, or until refreshed) Unless I missed something in your email, this
 is not what would like my routers to behave like...
 
 :-))
 
 W. Alan Robertson wrote:
  
  Folks,
  
  Just to let you know, I ran across what looked like a bug in Cisco's
  BGP code...  Turns out, this is undocumented new behavior.
  
  We just deployed a pair of 3640s for one of our customers, for
  dual-router, dual-homed Internet connectivity.  We are taking full
  tables from Genuity (AS 1), and Worldcom (AS 701).
  
  Each router was learning 104,000+ prefixes from each of the external
  peers, but the iBGP peering was acting really strange.  One of the
  routers was learning the full table from the other, but the second
  router was only taking like 700 prefixes.
  
  When we cleared the internal peer (soft or hard), we could see the
  whole table being transferred...  It would climb as though it were
  going to learn them all, and then as it approached 100,000 prefixes,
  it would rapidly drop back down to 700.  I debugged the iBGP peer, and
  saw it issuing withdrawls for all of these routes.
  
  We opened a ticket with the TAC, and they initially believed it to be
  a bug as well.  Upon further review, they came back and told us that
  this was the desired behavior in the newer code (We are running
  12.0(20) on these boxes).  In order to conserve memory, and processor,
  if an iBGP peer learns that another iBGP peer already has a better
  route to a specific prefix,  it will issue a withdrawl to that peer
  for the prefix(es).
  
  I spent quite a while second guessing what seemed to be a very simple,
  straighforward configuration.  I have done several near identical
  deployments in the past.
  
  I guess the moral is this:  If you know your config is correct, and
  the router behavior is not what you expect, do not hesitate to call
  the TAC.
  
  I hope they are as helpful on Monday, when I call them from the CCIE
  Lab in RTP.  ;)
  
  Regards...
  
  Alan
  _
  CCIE Security list: http://www.groupstudy.com/list/security.html
 _
 CCIE Security list: http://www.groupstudy.com/list/security.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34538t=34538
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VIP2 microcode [7:34511]

[Daniel Cotts]

Adding to my previous post. The slot number of the vip card should be
included in the command after the word vip.

 -Original Message-
 From: Daniel Cotts [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, February 05, 2002 4:10 PM
 To: [EMAIL PROTECTED]
 Subject: RE: VIP2 microcode [7:34511]
 
 
 Don't think so. Latest microcode should come with the updated 
 IOS. I would
 hope that they wouldn't break it.
 
 Here's two sources of Undocumented commands. Not sure what 
 the commands I
 included will show. Hope that your box isn't in production - 
 just in case.
 http://www.i-n-t.de/ccie/ios_commands.html
 see show controller vip  log
 show controller vip  tech
 
 http://www.boerland.com/dotu/
 show controller vip  log 
 show controller vip  tech
 
  -Original Message-
  From: wu343 [mailto:[EMAIL PROTECTED]]
  Sent: Tuesday, February 05, 2002 2:54 PM
  To: [EMAIL PROTECTED]
  Subject: VIP2 microcode [7:34511]
  
  
  Daniel
  
  thanks daniel I will take a look at that latter, but what 
  about the
  microcode? Does that have anything to do with it?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34539t=34511
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Port spanning question [7:34469]

[Bates, Steven (SIGNAL)]

Actually what is going on is we are trying to get the port span feature
going on a 6509 with native ios.  As soon as I turn on the 
monitor session destination, the device that is plugged into the port can no
longer ping, etc.  If this is an IDS that is monitoring an 
egress pipe, how will it do session resets when appropriate?

Steven Kell Bates




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34534t=34469
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

700 in area! Re: IPX Routing problem-Conclusion [7:34485]

[ipguru1]

I saw the 100 routers in an area and had to share this!

I had an instructor a couple of years ago that worked for IBM-Europe.  He
said they
tried to keep European areas for countries.  1 Country = 1 Area.  This all
came up when
another student asked, what is a good measure for the number of routers in
an area.
He responded with the above explanation and then said, but if you run into
an East
Germany and a West Germany that decide to become an Unified Germany, you
could end up
with 800, like we did.  That is bad!

just sharing!

Fraasch James wrote:

 Well, I wish it was as easy as saying someone tweaked with the timers on
the
 server but for some reason all our servers are set the same way and so all
 of our routers have to be set the same way as well. Not only that, but if
 you look at that TokenRing interface, we are using administrative
 mac-addresses as well, that is, it is not the actual NIC address, it is
 something else entirely. And we have one OSPF area for over 100 routers
that
 have to keep track of both IP and IPX routes.  But hey, that is why I am
 here, to help clean up 20 years of bad network planning.

 Thanks again for everyone's help. I learned a ton!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34540t=34485
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Undocumented iBGP Behavior (Confirmed by Cisco) [7:34541]

[W. Alan Robertson]

Yes, it does...

So, if the Router with 104k routes from iBGP, and eBGP, loses one from
his eBGP neighbor, he will issue a withdrawl to the iBGP peer.  The
iBGP peer will turn around an announce that it has a route to that
prefix...

I understand why this sounds, on the surface, like a terrible thing.
In practice, however, it works very well, and makes a lot of sense.

I didn't open the case directly (my co-worker did while I was staring
at telnet sessions, and cursing under my breath), and I didn't get a
chance to ask if this behavior could be disabled.  The case is still
open, and I'll find out tomorrow.  If there's no switch to turn it
off, I'll certainly ask for it to be added.

Alan

- Original Message -
From: Przemyslaw Karwasiecki 
To: Manny Gonzalez 
Cc: W. Alan Robertson ; Groupstudy -
CCIELAB ; Groupstudy - Cisco Certification

Sent: Tuesday, February 05, 2002 5:50 PM
Subject: Re: Undocumented iBGP Behavior (Confirmed by Cisco)


 Alan,

 This router with 700 routes via iBGP does have remaining 103300
routes,
 but from eBGP, right?

 Przemek


 On Tue, 2002-02-05 at 17:33, Manny Gonzalez wrote:
  Is there a STOP command? Something to let us turn that behaviour
off?
  The way I see it is, if the router with the 104000+ routes
suddenly
  dies, the other router (the one with 700 routes) has to then get
all
  these routes from it's remote-as peer and that could take a while
(if
  never, or until refreshed) Unless I missed something in your
email, this
  is not what would like my routers to behave like...
 
  :-))
 
  W. Alan Robertson wrote:
  
   Folks,
  
   Just to let you know, I ran across what looked like a bug in
Cisco's
   BGP code...  Turns out, this is undocumented new behavior.
  
   We just deployed a pair of 3640s for one of our customers, for
   dual-router, dual-homed Internet connectivity.  We are taking
full
   tables from Genuity (AS 1), and Worldcom (AS 701).
  
   Each router was learning 104,000+ prefixes from each of the
external
   peers, but the iBGP peering was acting really strange.  One of
the
   routers was learning the full table from the other, but the
second
   router was only taking like 700 prefixes.
  
   When we cleared the internal peer (soft or hard), we could see
the
   whole table being transferred...  It would climb as though it
were
   going to learn them all, and then as it approached 100,000
prefixes,
   it would rapidly drop back down to 700.  I debugged the iBGP
peer, and
   saw it issuing withdrawls for all of these routes.
  
   We opened a ticket with the TAC, and they initially believed it
to be
   a bug as well.  Upon further review, they came back and told us
that
   this was the desired behavior in the newer code (We are running
   12.0(20) on these boxes).  In order to conserve memory, and
processor,
   if an iBGP peer learns that another iBGP peer already has a
better
   route to a specific prefix,  it will issue a withdrawl to that
peer
   for the prefix(es).
  
   I spent quite a while second guessing what seemed to be a very
simple,
   straighforward configuration.  I have done several near
identical
   deployments in the past.
  
   I guess the moral is this:  If you know your config is correct,
and
   the router behavior is not what you expect, do not hesitate to
call
   the TAC.
  
   I hope they are as helpful on Monday, when I call them from the
CCIE
   Lab in RTP.  ;)
  
   Regards...
  
   Alan
  
_
   CCIE Security list: http://www.groupstudy.com/list/security.html
  _
  CCIE Security list: http://www.groupstudy.com/list/security.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34541t=34541
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Renting Cisco Equipment [7:34531]

[Circusnuts_1999]

Call your local Cisco rep and explain your situation.  I know here in
the DC region, we have had to rob the Reston, VA lab many many times.

Phil

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Greg Harper
Sent: Tuesday, February 05, 2002 5:17 PM
To: [EMAIL PROTECTED]
Subject: Renting Cisco Equipment [7:34531]

Greetings,

Does anybody on the list know of any companies that will
rent or short-term lease Cisco equipment?  I need an AS5400
temporarily to minimize the downtime of an ISP migration,
and am having trouble finding companies that handle this
type of thing.

Thanks,
Greg
_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34542t=34531
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Undocumented iBGP Behavior (Confirmed by Cisco) [7:34543]

[Ouellette, Tim]

The 2nd router that only has 700 routes in it's routing table that it
learned from it's IBGP still has the other 103k routes in it's adj-rib-in
from it's ebgp peer right, they are just sitting dormant?  So if the other
router somehow lost it's ebgp peer, it'll send withdraws to the ibgp peer
and the other guy will take over with 104k routes correct?

Could you define what you meant buy if an iBGP peer learns that another
iBGP peer already has a better route to a specific prefix,  it will issue a
withdrawl to that peer for the prefix(es).

If both of those routers are receiving full routes, and without any other
configuration, how would the routes learned from one provider be any better
than the other?

Thanks and great post!

Tim


-Original Message-
From: W. Alan Robertson [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 05, 2002 7:02 PM
To: Przemyslaw Karwasiecki
Cc: Groupstudy - CCIELAB; Groupstudy - Cisco Certification
Subject: Re: Undocumented iBGP Behavior (Confirmed by Cisco)


Yes, it does...

So, if the Router with 104k routes from iBGP, and eBGP, loses one from
his eBGP neighbor, he will issue a withdrawl to the iBGP peer.  The
iBGP peer will turn around an announce that it has a route to that
prefix...

I understand why this sounds, on the surface, like a terrible thing.
In practice, however, it works very well, and makes a lot of sense.

I didn't open the case directly (my co-worker did while I was staring
at telnet sessions, and cursing under my breath), and I didn't get a
chance to ask if this behavior could be disabled.  The case is still
open, and I'll find out tomorrow.  If there's no switch to turn it
off, I'll certainly ask for it to be added.

Alan

- Original Message -
From: Przemyslaw Karwasiecki 
To: Manny Gonzalez 
Cc: W. Alan Robertson ; Groupstudy -
CCIELAB ; Groupstudy - Cisco Certification

Sent: Tuesday, February 05, 2002 5:50 PM
Subject: Re: Undocumented iBGP Behavior (Confirmed by Cisco)


 Alan,

 This router with 700 routes via iBGP does have remaining 103300
routes,
 but from eBGP, right?

 Przemek


 On Tue, 2002-02-05 at 17:33, Manny Gonzalez wrote:
  Is there a STOP command? Something to let us turn that behaviour
off?
  The way I see it is, if the router with the 104000+ routes
suddenly
  dies, the other router (the one with 700 routes) has to then get
all
  these routes from it's remote-as peer and that could take a while
(if
  never, or until refreshed) Unless I missed something in your
email, this
  is not what would like my routers to behave like...
 
  :-))
 
  W. Alan Robertson wrote:
  
   Folks,
  
   Just to let you know, I ran across what looked like a bug in
Cisco's
   BGP code...  Turns out, this is undocumented new behavior.
  
   We just deployed a pair of 3640s for one of our customers, for
   dual-router, dual-homed Internet connectivity.  We are taking
full
   tables from Genuity (AS 1), and Worldcom (AS 701).
  
   Each router was learning 104,000+ prefixes from each of the
external
   peers, but the iBGP peering was acting really strange.  One of
the
   routers was learning the full table from the other, but the
second
   router was only taking like 700 prefixes.
  
   When we cleared the internal peer (soft or hard), we could see
the
   whole table being transferred...  It would climb as though it
were
   going to learn them all, and then as it approached 100,000
prefixes,
   it would rapidly drop back down to 700.  I debugged the iBGP
peer, and
   saw it issuing withdrawls for all of these routes.
  
   We opened a ticket with the TAC, and they initially believed it
to be
   a bug as well.  Upon further review, they came back and told us
that
   this was the desired behavior in the newer code (We are running
   12.0(20) on these boxes).  In order to conserve memory, and
processor,
   if an iBGP peer learns that another iBGP peer already has a
better
   route to a specific prefix,  it will issue a withdrawl to that
peer
   for the prefix(es).
  
   I spent quite a while second guessing what seemed to be a very
simple,
   straighforward configuration.  I have done several near
identical
   deployments in the past.
  
   I guess the moral is this:  If you know your config is correct,
and
   the router behavior is not what you expect, do not hesitate to
call
   the TAC.
  
   I hope they are as helpful on Monday, when I call them from the
CCIE
   Lab in RTP.  ;)
  
   Regards...
  
   Alan
  
_
   CCIE Security list: http://www.groupstudy.com/list/security.html
  _
  CCIE Security list: http://www.groupstudy.com/list/security.html
_
CCIE Security list: http://www.groupstudy.com/list/security.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34543t=34543
--
FAQ, list 

Re: Undocumented iBGP Behavior (Confirmed by Cisco) [7:34544]

[Peter van Oene]

cisco by default prefers ebgp over ibgp.  it should not, by default, enjoy 
the ibgp routes learned from the peer over the ebgp learned routes.



At 05:37 PM 2/5/2002 -0500, Przemyslaw Karwasiecki wrote:
Correct me if I am wrong but this:

  if an iBGP peer learns that another iBGP peer already has a better
  route to a specific prefix,  it will issue a withdrawl to that peer
  for the prefix(es).

is perfectly normal, standart behaviour.
If your Genuity route is better, you will select this route
in your routing table, and if by any chance before you had
there UUNET route which you have advertised, you need to send
update with new, better, selected route.

BGP will never advertise both routes.
This is distant vector after all.

So if during convergence phase your route selection
is shuffling your routes in your Loc-RIB, you should
to expect series of updates to follow up.

Przemek


On Tue, 2002-02-05 at 16:45, W. Alan Robertson wrote:
  Folks,
 
  Just to let you know, I ran across what looked like a bug in Cisco's
  BGP code...  Turns out, this is undocumented new behavior.
 
  We just deployed a pair of 3640s for one of our customers, for
  dual-router, dual-homed Internet connectivity.  We are taking full
  tables from Genuity (AS 1), and Worldcom (AS 701).
 
  Each router was learning 104,000+ prefixes from each of the external
  peers, but the iBGP peering was acting really strange.  One of the
  routers was learning the full table from the other, but the second
  router was only taking like 700 prefixes.
 
  When we cleared the internal peer (soft or hard), we could see the
  whole table being transferred...  It would climb as though it were
  going to learn them all, and then as it approached 100,000 prefixes,
  it would rapidly drop back down to 700.  I debugged the iBGP peer, and
  saw it issuing withdrawls for all of these routes.
 
  We opened a ticket with the TAC, and they initially believed it to be
  a bug as well.  Upon further review, they came back and told us that
  this was the desired behavior in the newer code (We are running
  12.0(20) on these boxes).  In order to conserve memory, and processor,
  if an iBGP peer learns that another iBGP peer already has a better
  route to a specific prefix,  it will issue a withdrawl to that peer
  for the prefix(es).
 
  I spent quite a while second guessing what seemed to be a very simple,
  straighforward configuration.  I have done several near identical
  deployments in the past.
 
  I guess the moral is this:  If you know your config is correct, and
  the router behavior is not what you expect, do not hesitate to call
  the TAC.
 
  I hope they are as helpful on Monday, when I call them from the CCIE
  Lab in RTP.  ;)
 
  Regards...
 
  Alan
  _
  CCIE Security list: http://www.groupstudy.com/list/security.html
_
CCIE Security list: http://www.groupstudy.com/list/security.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34544t=34544
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Question [7:34497]

[Godswill HO]

I guess you are behind the news. I thin Cisco have pulled them to Court to
answer some questions, that was few months ago.

However, I have not heard anything about the final outcome of the case.

Regards.
Oletu

- Original Message -
From: Kazan, Naim 
To: 
Sent: Tuesday, February 05, 2002 11:43 AM
Subject: Question [7:34497]


 Guys,


 What the hell is up with cheet-sheets.com? I placed an order and they
don't
 seem to answer their phones or emails.  Are they down or out of business?


 Thanks
_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34545t=34497
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Undocumented iBGP Behavior (Confirmed by Cisco) [7:34546]

[W. Alan Robertson]

I mis-spoke...

Naturally, only one of the routes will make it into the actual routing
table (unless there are two equal cost paths, and you have enabled
'maximum-paths 2' or better).  I should have said that these routes
were not in the Loc-RIB table...

A 'show ip bgp' revealed a single entry for each prefix, where there
ought to have been two (one learned via the eBGP peer, and a second
learned via the iBGP peer).  Under normal circumstances, the eBGP
learned prefix would be flagged with the '', indicating that it was
the perferred route, and installed in the actual routing table.


- Original Message -
From: Przemyslaw Karwasiecki 
To: W. Alan Robertson 
Cc: Groupstudy - CCIELAB ;
Groupstudy - Cisco Certification 
Sent: Tuesday, February 05, 2002 5:37 PM
Subject: Re: Undocumented iBGP Behavior (Confirmed by Cisco)


 Correct me if I am wrong but this:

  if an iBGP peer learns that another iBGP peer already
  has a better route to a specific prefix,  it will issue a
  withdrawl to that peer for the prefix(es).

 is perfectly normal, standart behaviour.
 If your Genuity route is better, you will select this route
 in your routing table, and if by any chance before you had
 there UUNET route which you have advertised, you need
 to send update with new, better, selected route.

 BGP will never advertise both routes.
 This is distant vector after all.

 So if during convergence phase your route selection
 is shuffling your routes in your Loc-RIB, you should
 to expect series of updates to follow up.

 Przemek


 On Tue, 2002-02-05 at 16:45, W. Alan Robertson wrote:
  Folks,
 
  Just to let you know, I ran across what looked like a bug in
Cisco's
  BGP code...  Turns out, this is undocumented new behavior.
 
  We just deployed a pair of 3640s for one of our customers, for
  dual-router, dual-homed Internet connectivity.  We are taking full
  tables from Genuity (AS 1), and Worldcom (AS 701).
 
  Each router was learning 104,000+ prefixes from each of the
external
  peers, but the iBGP peering was acting really strange.  One of the
  routers was learning the full table from the other, but the second
  router was only taking like 700 prefixes.
 
  When we cleared the internal peer (soft or hard), we could see the
  whole table being transferred...  It would climb as though it were
  going to learn them all, and then as it approached 100,000
prefixes,
  it would rapidly drop back down to 700.  I debugged the iBGP peer,
and
  saw it issuing withdrawls for all of these routes.
 
  We opened a ticket with the TAC, and they initially believed it to
be
  a bug as well.  Upon further review, they came back and told us
that
  this was the desired behavior in the newer code (We are running
  12.0(20) on these boxes).  In order to conserve memory, and
processor,
  if an iBGP peer learns that another iBGP peer already has a better
  route to a specific prefix,  it will issue a withdrawl to that
peer
  for the prefix(es).
 
  I spent quite a while second guessing what seemed to be a very
simple,
  straighforward configuration.  I have done several near identical
  deployments in the past.
 
  I guess the moral is this:  If you know your config is correct,
and
  the router behavior is not what you expect, do not hesitate to
call
  the TAC.
 
  I hope they are as helpful on Monday, when I call them from the
CCIE
  Lab in RTP.  ;)
 
  Regards...
 
  Alan
  _
  CCIE Security list: http://www.groupstudy.com/list/security.html
 _
 CCIE Security list: http://www.groupstudy.com/list/security.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34546t=34546
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]