VOipVoFR [7:34947]
Hi, Gang, I have a small thing I am still clear about, even though I thought it over. what's the difference between VOip over frame Relay and VoFR? Does it mean that for Voip the voice is taken as the data regarded as layer 4 data, then encapsulated in layer 3 ip,then further be encapsulated as layer 2 frame relay frames. but for VoFR, the voice don't need to be encapsulated by layer 3 protocol, and directly passed to layer 2 frame Relay network? could you shed me light over it? I could not turn it over on my brain. Many thanks, __ === PB@KCb7Q5gWSSJOd (http://mail.sina.com.cn) PB@K7V@`PEO#:GaKI6)TD#,A?Im6(VF,:CPEO@4URDc! (http://classad.sina.com.cn/) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34947t=34947 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MPLS and VPN Architectures book [7:34792]
Advanced MPLS Design book surprises me with the intro on MPLS. Most of the ideas are exactly worded with slight modification from Davie's book. The author seems to have no personnel opinion at all . TE's good intro is in Davie's book and Eric Gray also throw some light on it. Also consider reading white papers at Juniper and Riverstone websites. For MPLS QoS, consider Zhang's book on QoS. Thanks, Shahid --- Kent Yu wrote: Advanced MPLS Design and Implementation covers MPLS QoS pretty well. nrf wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The book is all-right, it's not great. It's OK as an intro book to the subject. Unfortunately many of the more complex topics in later chapters are written in such garbled way as to be almost unintelligible, particularly some of the 'carrier of carrier' and 'Internet access' stuff, and those are precisely the topics that need to be as clear as possible because of their complexity. I swear, some of the grammar is so convuleted that the only way to really understand everything in those chapters is to already know it in the first place, but then if you already know it, why are you reading the book at all? The book is also missing any mention of probably the most important reason to use MPLS at all: traffic-engineering. Unfortunately there is no really good Cisco book about this subject (it is covered briefly in IP Quality of Service, but not in any serious depth). The best stuff I've ever found on TE is, ahem, Juniper course material. But like I said, a decent intro book on the subject. Caplan M wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm reading it and so far I'm pleased with it. I haven't got to the VPN stuff yet though, but its given me a good grounging in tag switching and MPLS. [EMAIL PROTECTED] = Shahid Muhammad Shafi Every man dies; not every man really lives Please help feed hungry people worldwide http://www.hungersite.com/ A small thing each of us can do to help others less fortunate than ourselves __ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34948t=34792 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ip unnumbered [7:34936]
Not sure what you're asking there? The address you're going to is within your Ethernet subnet. Traceroute shouldn't take too long (no hops). I take it you mean this is the remote router. I take it you made that config up (typos and all :-) ). Paste the real thing for both ends. What does traceroute report? Cheers, Gaz kaushalender wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, I am facing a problem .That is i have use ip unnubered command on my router.But i am not able to traceroute my next hop but i am able to ping that next hop.Here is the conf int e0/0 ip address 216.252.243.181 255.255.255.240 full duplex ! ! int s0/0 ip address 192.168.5.2 255.255.255.252 encap ppp ! ! int s0/1 ip unnubered encap ppp ip route 0.0.0.0 0.0.0.0 s0/0 I am able to ping 216.252.243.182 but i am not able to traceroute 216.252.243.182 which is the next hop for me on int s0/1 plz tell me why this is happening thanx kaushalender Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34950t=34936 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Router Fan [7:34952]
Hi Guys I currently building my home lab, so far I ve 7 2500s routers and 2 2820 and 1 2924C XL what I would like to find out is if I disconnects the fans will it damage the routers or the switches, the reason is just to do with the noise factor, when they or all switch on it very noisy. -- Regards, Will Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34952t=34952 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Block this MAC address! [7:34953]
Hi, Is it possible to block a MAC address on an interface by accesslist or.?? I have this annoying customer playing around with their IP adresses and bringing down the whole network Charles Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34953t=34953 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Well Well Well CCIE #8757 [7:34951]
Congrats.. Good Show. --- McCallum, Robert wrote: What can I say! 2nd and it really did turn out to be my last attempt. Thanks to everyone concerned who know me or have indeed spoke or emailed me. In the words of the most inspirational man WOHO!! Robert McCallum CCIE #8757 [EMAIL PROTECTED] = Thanks Regards V Anil Kumar __ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34954t=34951 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VOipVoFR [7:34947]
you are correct. landcai wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Gang, I have a small thing I am still clear about, even though I thought it over. what's the difference between VOip over frame Relay and VoFR? Does it mean that for Voip the voice is taken as the data regarded as layer 4 data, then encapsulated in layer 3 ip,then further be encapsulated as layer 2 frame relay frames. but for VoFR, the voice don't need to be encapsulated by layer 3 protocol, and directly passed to layer 2 frame Relay network? could you shed me light over it? I could not turn it over on my brain. Many thanks, __ === PB@KCb7Q5gWSSJOd (http://mail.sina.com.cn) PB@K7V@`PEO#:GaKI6)TD#,A?Im6(VF,:CPEO@4URDc! (http://classad.sina.com.cn/) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34955t=34947 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Well Well Well CCIE #8757 [7:34951]
Great Job congrats www.digitalrage.org latest in Techinical News and HowTo's www.digitalrage.org/phpBB Discussion Forums -Original Message- From: McCallum, Robert [mailto:[EMAIL PROTECTED]] Sent: Saturday, February 09, 2002 5:34 AM To: [EMAIL PROTECTED] Subject: Well Well Well CCIE #8757 [7:34951] What can I say! 2nd and it really did turn out to be my last attempt. Thanks to everyone concerned who know me or have indeed spoke or emailed me. In the words of the most inspirational man WOHO!! Robert McCallum CCIE #8757 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34956t=34951 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco exams are too easy??? [7:34923]
a 92 on the CCIE written? As posted previously - what is your background? nrf wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Well, now you know why so many people think all the Cisco written certs are not very valuable at all. Only the CCIE (the lab) continues to hold reasonable weight, and even that has been tarnished to some degree by all these bootcamps and such. -Original Message- From: mike johnson [mailto:[EMAIL PROTECTED]] Sent: Friday, February 08, 2002 4:10 PM To: [EMAIL PROTECTED] Subject: OT: Cisco exams are too easy??? [7:34923] Hi All, I took the Cisco PIX CSPFA exam yesterday and I was suprised to find out that my score is 970/1000. I've never worked with any type of firewalls let alone PIX Firewall. I read the CSPFA book and borrowed the materials from a friend of mine who went to global knowledge training a few weeks earlier. I am very disappointed with the exam. I don't think anyone like myself should be able to pass the exam that easily. I thought yesterday's test score was a fluke so this morning I went and took the MCNS exam and I got a score of 960/1000. I was completely shocked. A few hours, I decide to sign up for the CCIE written exam. Amazingly I passed with a score of 92/100 That is unbelievable. To pass the exam for someone like myself really de-value the prestige of Cisco Certification by some bookworms like me. Cisco, after all, should make the exam a lot harder than the way it is now. Anyone care to comment on this. Mike Johnson __ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34949t=34923 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router Fan [7:34952]
Hi Guys I currently building my home lab, so far I ve 7 2500s routers and 2 2820 and 1 2924C XL what I would like to find out is if I disconnects the fans will it damage the routers or the switches, the reason is just to do with the noise factor, when they or all switch on it very noisy. -- Regards, Will You MUST keep the fans in use, or it may destroy the equipment. Several other cooling tips: If it's a modular router or switch, and has any empty slots, be sure to cover the empty slots with blank panels. Not doing so can interfere with the cooling air flow inside the box. Picture the fan on the left side, the next-to-the-right slot empty, and the right slot with a card in it. If you left the empty slot uncovered, the cooling air might rush out it and not reach the right card. There may be specific product recommendations on cooling. Offhand, the only one I can think of is if you put a FDDI card into the old 4000 router, it had to go into the middle slot for cooling reasons. If the routers have cooling air entries or exits on the side, preferably stack them vertically. If you have to put them on a table, leave a foot or so between them. Otherwise, there is danger that the hot air from one will be sucked into the cool air inlet of the next in line, and so forth. I've seen a bunch of 2500s fail because they were pushed agains each other on a table. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34957t=34952 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Rommon mode Upload in 2509 [7:34958]
Hi , I have not worked much on the 2500 series I have corrupted my IOS in cisco 2509 , it is giving me the following output , once I go to the Rommon mode , as my router does not come to the enable mode as hangs at that point . dev Missing value dir flash: F: FC4AFC4A - What are the commands for me to load a new image of IOS in the 2500 series , in the 2600 series , we get the rommon prompt and can give the commands In this router it is giving me the following commands on help : ? $Toggle cache state B [filename] [TFTP Server IP address | TFTP Server Name] Load and execute system image from ROM or from TFTP server C [address] Continue execution [optional address] D /S M L V Deposit value V of size S into location L with modifier M E /S M L Examine location L with size S with modifier M G [address] Begin execution HHelp for commands IInitialize KStack trace L [filename] [TFTP Server IP address | TFTP Server Name] Load system image from ROM or from TFTP server, but do not begin execution OShow configuration register option settings PSet the break point SSingle step next instruction T function Test device (? for help) Please let me know the correct sequence of commands I should give to upload a new image from the TFTP server . thanks in advance . -- Navin Parwal [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34958t=34958 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router Fan [7:34952]
Which leads perfectly into my next question. Does anyone have, or know of a source, for Cisco blanks for the NM and WIC slots in the 1600/1700/2600/3600 series? Anyone have a bunch that they'd like to sell me? Thanks, Craig At 08:00 AM 2/9/2002 -0500, you wrote: Hi Guys I currently building my home lab, so far I ve 7 2500s routers and 2 2820 and 1 2924C XL what I would like to find out is if I disconnects the fans will it damage the routers or the switches, the reason is just to do with the noise factor, when they or all switch on it very noisy. -- Regards, Will You MUST keep the fans in use, or it may destroy the equipment. Several other cooling tips: If it's a modular router or switch, and has any empty slots, be sure to cover the empty slots with blank panels. Not doing so can interfere with the cooling air flow inside the box. Picture the fan on the left side, the next-to-the-right slot empty, and the right slot with a card in it. If you left the empty slot uncovered, the cooling air might rush out it and not reach the right card. There may be specific product recommendations on cooling. Offhand, the only one I can think of is if you put a FDDI card into the old 4000 router, it had to go into the middle slot for cooling reasons. If the routers have cooling air entries or exits on the side, preferably stack them vertically. If you have to put them on a table, leave a foot or so between them. Otherwise, there is danger that the hot air from one will be sucked into the cool air inlet of the next in line, and so forth. I've seen a bunch of 2500s fail because they were pushed agains each other on a table. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34959t=34952 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VOipVoFR [7:34947]
Bear in mind, too, that with VoIP you get things from IP that you cannot from FR. Among them are the use of DSCP. With VoIP you may be using UDP and RTP for transport and reservations, whereas with FR you set up a dedicated circuit (dlci) for that traffic. HTH Annlee landcai wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Gang, I have a small thing I am still clear about, even though I thought it over. what's the difference between VOip over frame Relay and VoFR? Does it mean that for Voip the voice is taken as the data regarded as layer 4 data, then encapsulated in layer 3 ip,then further be encapsulated as layer 2 frame relay frames. but for VoFR, the voice don't need to be encapsulated by layer 3 protocol, and directly passed to layer 2 frame Relay network? could you shed me light over it? I could not turn it over on my brain. Many thanks, __ === PB@KCb7Q5gWSSJOd (http://mail.sina.com.cn) PB@K7V@`PEO#:GaKI6)TD#,A?Im6(VF,:CPEO@4URDc! (http://classad.sina.com.cn/) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34960t=34947 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: problem in int [7:34937]
You say that this is a 128K link, but the bandwidth seems to be set at 512K. You might want to check that as it will affect dynamic routing. Andrew kaushalender wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... hi group I have strage roblem .The problem is i have a 128 kbps link to my customer.When I see the interface on which customer is connected the incoming traffic is less and outgoing traffic is very high .Why this is happening .Plz tell me This is the int as u seeing clearly 47000 is incoming from customer and 192000 is outgoing to customer Thanx Serial0/2 is up, line protocol is up Hardware is PowerQUICC Serial Description: RAINBOW AND VERTEC REM-2 Internet address is 216.252.243.1/30 MTU 2048 bytes, BW 512 Kbit, DLY 2 usec, reliability 255/255, txload 95/255, rxload 23/255 Encapsulation PPP, loopback not set Keepalive set (10 sec) LCP Open Listen: CDPCP Open: IPCP Last input 00:00:00, output 00:00:00, output hang never Last clearing of show interface counters 2d02h Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1769 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/30/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 384 kilobits/sec 5 minute input rate 47000 bits/sec, 68 packets/sec 5 minute output rate 192000 bits/sec, 58 packets/sec 4251918 packets input, 655572206 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 1 giants, 0 throttles 94 input errors, 2 CRC, 87 frame, 0 overrun, 0 ignored, 5 abort 4168853 packets output, 1573135961 bytes, 0 underruns 0 output errors, 0 collisions, 13 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34961t=34937 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router Fan [7:34952]
It is possible to get replacement fans that are alot quiter.. it wont be cheap but hardcore PC users do this all the time. One of the hack sites.. Toms Hardware?? I think.. they did a review on the various cooling fans and gave the sound levels. Also gave some sources. MikeS Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34962t=34952 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP Claire Gough [7:34963]
I need some advice people, is it worth me purchasing the Cisco press CCNP routing by Claire Gough? is this book the latests book. Thanks in advance Tel Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34963t=34963 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MPLS and VPN Architectures book [7:34792]
The latest JunOS IJNR (Intro to Juniper Networks Routers) material give a better overview of basic MPLS than any of the Ciscopress books. For a really really really good understanding of TE, check out the JunOS Advanced MPLS course stuff. For a strong in-depth discussion of all manners of MPLS VPN's, check out the JunOS Advanced VPN's materials. However, if you want to study this stuff, I would advise you to wait until Juniper updates its training materials. JunOS 5.2 just came out, with a bevy of kickass MPLS features, and you should wait until the courses have been updated to include these features. For example, Martini-draft L2VPN's have just been implemented in JunOS. What is ironic is that IOS can also do Martini VPN's (on the 6500/7600) but there is nary a mention of it anywhere on the Cisco website besides stupid marketing papers. Sean Knox wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Heh, that's pretty ironic the book doesn't go into depth about traffic engineering... um hello? Oh well. Which books out of the Juniper course material go over MPLS? - Sean -Original Message- From: nrf [mailto:[EMAIL PROTECTED]] Sent: Friday, February 08, 2002 9:03 PM To: [EMAIL PROTECTED] Subject: Re: MPLS and VPN Architectures book [7:34792] The book is all-right, it's not great. It's OK as an intro book to the subject. Unfortunately many of the more complex topics in later chapters are written in such garbled way as to be almost unintelligible, particularly some of the 'carrier of carrier' and 'Internet access' stuff, and those are precisely the topics that need to be as clear as possible because of their complexity. I swear, some of the grammar is so convuleted that the only way to really understand everything in those chapters is to already know it in the first place, but then if you already know it, why are you reading the book at all? The book is also missing any mention of probably the most important reason to use MPLS at all: traffic-engineering. Unfortunately there is no really good Cisco book about this subject (it is covered briefly in IP Quality of Service, but not in any serious depth). The best stuff I've ever found on TE is, ahem, Juniper course material. But like I said, a decent intro book on the subject. Caplan M wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm reading it and so far I'm pleased with it. I haven't got to the VPN stuff yet though, but its given me a good grounging in tag switching and MPLS. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34964t=34792 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VOipVoFR [7:34947]
Bear in mind, too, that with VoIP you get things from IP that you cannot from FR. Among them are the use of DSCP. With VoIP you may be using UDP and RTP for transport and reservations, whereas with FR you set up a dedicated circuit (dlci) for that traffic. HTH Good points all. I'd also add the ability to continue it onto your LAN. Once you have LAN-connected telephones, intelligent use of DHCP makes moves and changes trivial. Then there's my minor gripe with the acronym VoFR. It sounds like something a German-speaking German Shepherd would say...sort of a contraction of Voof! Voof! G Annlee landcai wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Gang, I have a small thing I am still clear about, even though I thought it over. what's the difference between VOip over frame Relay and VoFR? Does it mean that for Voip the voice is taken as the data regarded as layer 4 data, then encapsulated in layer 3 ip,then further be encapsulated as layer 2 frame relay frames. but for VoFR, the voice don't need to be encapsulated by layer 3 protocol, and directly passed to layer 2 frame Relay network? could you shed me light over it? I could not turn it over on my brain. Many thanks, __ == = PB@KCb7Q5gWSSJOd (http://mail.sina.com.cn) PB@K7V@`PEO#:GaKI6)TD#,A?Im6(VF,:CPEO@4URDc! (http://classad.sina.com.cn/) and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34965t=34947 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Layer 3 configuration from CAT4000 CWI [7:34736]
I believe that the 8500/6500/6000/5500/5000 are the only Cat's that will do L3 switching/routing. HTH. - jek Cisco Breaker wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I know that you can create VLAN or enable a port from CWI software inside the CAT4000. Is it possible to configure layer3 routing (if you have the module SUP3) from the CWI of the CAT4000? Because my customer doesnt want to buy CiscoWorks2000 for only one switch. Best regards, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34966t=34736 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Block this MAC address! [7:34953]
absolutely. you want something in either the 700-799 range or 1100-1199 range. see router output below:I've never actually implemented one of these in real or lab. the choices seem to be permit or deny. There does not appear to be a lot of flexibility here, as with an IP access list. R1(config)#access-list ? (edited ) Extended 48-bit MAC address access list 48-bit MAC address access list HTH Chuck Charles Lomotey wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Is it possible to block a MAC address on an interface by accesslist or.?? I have this annoying customer playing around with their IP adresses and bringing down the whole network Charles Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34967t=34953 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPSec tunnels [7:34742]
Patrick, What you can also do, is when your within the PIX you can issue the command show crypto ipsec sa. What you're looking for is the Outbound/Inbound SPI's (Security Parameters Index) this is a 32bit number that is negotiated between the peers during the IPSec SA negotiation. There are 2 SA's for each IPSec peer per IP Subnet and they are uni-directional (inbound/outbound). What you should see is on the PIX side your outbound SPI will be equal to the inbound on the Concentrator side then on the PIX inbound SPI will be equal to the outbound on the Concentrator side. If these are equal, then you can look at the IPSec SA counters with the same command (show crypto ipsec sa) and look at the traffic counters, and you should see the enciphering and the deciphering of data on both sides. Such as, use ping with a set packet count and verify on both sides that the enciphering/deciphering of data is happening between the 2 peers. Check those out and give us an update. HTH. Thanks, - jek Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi All I'm looking for some information on how to verify the configuration of a PIX with an IPsec tunnel to a VPN concentrator. I have a tunnel that keeps bouncing, I think that instabilities across the internet could be causing some of the problems as I see the path changing quite a lot from the Netherlands to Dubai. I can't find the command(s), or understand the ones I've used, which tells me whether the tunnel is up on the PIX, I can see from the concentrator that it's down but I want to know about the PIX too. Any other advise is appreciated Cheers Pat Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34968t=34742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Block this MAC address! [7:34953]
If memory serves me correct, on a router, the MAC address access-list will not work for a protocol if you're routing that protocol. It's used for bridged traffic. If you're routing IP and need to filter based on a MAC address you might try looking into using a BVI. Another easier solution would be to just allow from the customer only the IP addresses that are assigned to the customer. Brian Dennis, CCIE #2210 (RS)(ISP/Dial) Chuck Larrieu wrote: absolutely. you want something in either the 700-799 range or 1100-1199 range. see router output below:I've never actually implemented one of these in real or lab. the choices seem to be permit or deny. There does not appear to be a lot of flexibility here, as with an IP access list. R1(config)#access-list ? (edited ) Extended 48-bit MAC address access list 48-bit MAC address access list HTH Chuck Charles Lomotey wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Is it possible to block a MAC address on an interface by accesslist or.?? I have this annoying customer playing around with their IP adresses and bringing down the whole network Charles Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34969t=34953 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Layer 3 configuration from CAT4000 CWI [7:34736]
The Catalyst 4000 series has the ability to perform L3 switching/routing! See the link below for details! http://www.cisco.com/warp/public/473/28.html Stefan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of JEK Sent: Saturday, February 09, 2002 11:12 AM To: [EMAIL PROTECTED] Subject: Re: Layer 3 configuration from CAT4000 CWI [7:34736] I believe that the 8500/6500/6000/5500/5000 are the only Cat's that will do L3 switching/routing. HTH. - jek Cisco Breaker wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I know that you can create VLAN or enable a port from CWI software inside the CAT4000. Is it possible to configure layer3 routing (if you have the module SUP3) from the CWI of the CAT4000? Because my customer doesnt want to buy CiscoWorks2000 for only one switch. Best regards, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34970t=34736 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router Fan [7:34952]
I stumbled across the blanking plates for the WIC slots on the Cisco price list the other day. Believe it or not, they are 36 quid (50 dollars). Ridiculous price and that's for the small ones. I've got a few knocking around that I wouldn't be cheeky enough to charge for, but I'm in UK, I take it you are in US Craig. If someone has them locally it may be easier, but if you're desperate, where there's a will there's a way. Gaz Craig Columbus wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Which leads perfectly into my next question. Does anyone have, or know of a source, for Cisco blanks for the NM and WIC slots in the 1600/1700/2600/3600 series? Anyone have a bunch that they'd like to sell me? Thanks, Craig At 08:00 AM 2/9/2002 -0500, you wrote: Hi Guys I currently building my home lab, so far I ve 7 2500s routers and 2 2820 and 1 2924C XL what I would like to find out is if I disconnects the fans will it damage the routers or the switches, the reason is just to do with the noise factor, when they or all switch on it very noisy. -- Regards, Will You MUST keep the fans in use, or it may destroy the equipment. Several other cooling tips: If it's a modular router or switch, and has any empty slots, be sure to cover the empty slots with blank panels. Not doing so can interfere with the cooling air flow inside the box. Picture the fan on the left side, the next-to-the-right slot empty, and the right slot with a card in it. If you left the empty slot uncovered, the cooling air might rush out it and not reach the right card. There may be specific product recommendations on cooling. Offhand, the only one I can think of is if you put a FDDI card into the old 4000 router, it had to go into the middle slot for cooling reasons. If the routers have cooling air entries or exits on the side, preferably stack them vertically. If you have to put them on a table, leave a foot or so between them. Otherwise, there is danger that the hot air from one will be sucked into the cool air inlet of the next in line, and so forth. I've seen a bunch of 2500s fail because they were pushed agains each other on a table. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34972t=34952 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rommon mode Upload in 2509 [7:34958]
You should be able to do: o/r 0x2101 (return) then i (return) This should reboot your router and get you to the Router(boot) prompt From there you should be able to do a normal COPY TFTP FLASH once you've addressed an interface etc. If not come back to us. Gaz NKP wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi , I have not worked much on the 2500 series I have corrupted my IOS in cisco 2509 , it is giving me the following output , once I go to the Rommon mode , as my router does not come to the enable mode as hangs at that point . dev Missing value dir flash: F: FC4AFC4A - What are the commands for me to load a new image of IOS in the 2500 series , in the 2600 series , we get the rommon prompt and can give the commands In this router it is giving me the following commands on help : ? $Toggle cache state B [filename] [TFTP Server IP address | TFTP Server Name] Load and execute system image from ROM or from TFTP server C [address] Continue execution [optional address] D /S M L V Deposit value V of size S into location L with modifier M E /S M L Examine location L with size S with modifier M G [address] Begin execution HHelp for commands IInitialize KStack trace L [filename] [TFTP Server IP address | TFTP Server Name] Load system image from ROM or from TFTP server, but do not begin execution OShow configuration register option settings PSet the break point SSingle step next instruction T function Test device (? for help) Please let me know the correct sequence of commands I should give to upload a new image from the TFTP server . thanks in advance . -- Navin Parwal [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34973t=34958 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Well Well Well CCIE #8757 [7:34951]
Congratulations Robert, Have a great weekend, Ole ~~~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ -Original Message- From: McCallum, Robert [mailto:[EMAIL PROTECTED]] Sent: Saturday, February 09, 2002 4:34 AM To: [EMAIL PROTECTED] Subject: Well Well Well CCIE #8757 [7:34951] What can I say! 2nd and it really did turn out to be my last attempt. Thanks to everyone concerned who know me or have indeed spoke or emailed me. In the words of the most inspirational man WOHO!! Robert McCallum CCIE #8757 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34974t=34951 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Trunking multiple subnets on the same vlan /port [7:34975]
I have 15 different subnets on a eth 0/0 on a 2621 router with 15 secondary addresses . I want to know if it is possible to change them to subinterfaces and trunk more than one subnet accross a 2924 switch and pust more than one subnet in the same vlan/port. That means putting more than one subnet on one port in the same vlan. The subnets could be contiguous. For instance: ip address 64.41.x.241 255.255.255.248 secondary ip address 64.41.x.249 255.255.255.248 secondary Or most are discontiguous. I did not think it could be done but just wanted to throw it out there to see if anyone had a solution. Thanks, randy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34975t=34975 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BCMSN simulator and presentation [7:34976]
Hi all , Any one knows how to get or buy BCMSN simulator and presentation . Regards , sami , __ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34976t=34976 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
hacking a firewall [7:34978]
Hi , I am trying to test how secure BigFire firewall.I need to run some tests in other words I want to find if I can hack it or not.It is very important to our company to know how secure it is . Best Regards , sami , __ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34978t=34978 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ccbootcamp lab 20 Nat [7:34977]
Hi, I am having problem with lab 20 nat. r13 ip nat inside source list 1 interface Ethernet0 overload ip nat inside source static 10.1.1.14 200.100.100.1 ! Is is the right config? Thanks Zape _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34977t=34977 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Secret Clearance? [7:4152]
Check the archives of the list. This has been discussed many, many times. Craig At 11:04 AM 2/9/2002 -0500, you wrote: So how does one gain Secret Clearance? --- Jeff D wrote: The contractor has no say in it. If the government says you need a clearance to enter the building, then you have to have one, period. Why waste your time if you don't? Jeff wrote in message news:[EMAIL PROTECTED]... this Clearance thing is kind of funny. I think they should screen someone who is qulaified for the position even if they dont have the Clearance. = Paul M. Immo CCDP, CCNP, CCIE Written, MCSE (248)634-3362 Home (248)343-0440 Cell View my Resume online: http://briefcase.yahoo.com/paulimmo Imagination is more important than knowledge Albert Einstein __ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34971t=4152 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN Backup Question [7:34979]
Anyone out there done ISDN backup for a WAN running STUN over Frame Relay? I can't find a solution on the CCO. Any help would be most appreciated. This is apparently not a trivial configuration. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34979t=34979 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: Block this MAC address! [7:34953]
Correct me if I'm wrong, but I seem to remember that MAC- address access lists only work on bridged interfaces. Is that the case? I seem to remember reading that somewhere. I'll have to double check. John Get your own 800 number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag On Sat, 9 Feb 2002, Chuck Larrieu ([EMAIL PROTECTED]) wrote: absolutely. you want something in either the 700-799 range or 1100-1199 range. see router output below:I've never actually implemented one of these in real or lab. the choices seem to be permit or deny. There does not appear to be a lot of flexibility here, as with an IP access list. R1(config)#access-list ? (edited ) Extended 48-bit MAC address access list 48-bit MAC address access list HTH Chuck Charles Lomotey wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Is it possible to block a MAC address on an interface by accesslist or.?? I have this annoying customer playing around with their IP adresses and bringing down the whole network Charles -- -- [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34980t=34953 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
port needed open for dlsw (tcp encap) [7:34981]
With dlsw, useing tcp encap, what tcp ports do I need open in an access-list to allow dlsw to work? TCP 2065 by itself is not enough. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34981t=34981 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
hiding an computer ( ip address ) using access list [7:34983]
I am adding a computer to my network that i do not want accessible via network to anyone but myself. Can someone suggest best ways to do this, is this possible on the router level via access list? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34983t=34983 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
DLSW access-list problem - more info [7:34985]
I can see the the dlsw connection is useing tcp 2065, but seems to be another piece missing... (dlsw peer works fine without acces-list). Any help would be appreciated... I fly to SJ tomorow for the lab on Monday... Thanks! R0-R1#sh access-list 101 Extended IP access list 101 permit udp any any eq rip (23 matches) permit tcp any any eq 2065 (39 matches) permit tcp any any eq bgp deny ip any any (105 matches) R0-R1# R0-R1# DLSw: CONN: peer 150.20.12.2 open failed due to partner close DLSw: peer 150.20.12.2(2065), old state DISCONN, new state DISCONN R0-R1# DLSw: passive open 150.20.12.2(11021) - 2065 DLSw: action_b(): opening write pipe for peer 150.20.12.2(2065) R0-R1# DLSw: dlsw_tcpd_fini() for peer 150.20.12.2(2065) DLSw: tcp fini for peer 150.20.12.2(2065) while blocking R0-R1# DLSw: CONN: peer 150.20.12.2 open failed due to partner close DLSw: peer 150.20.12.2(2065), old state DISCONN, new state DISCONN R0-R1# DLSw: passive open 150.20.12.2(11022) - 2065 DLSw: action_b(): opening write pipe for peer 150.20.12.2(2065) R0-R1# DLSw: dlsw_tcpd_fini() for peer 150.20.12.2(2065) DLSw: tcp fini for peer 150.20.12.2(2065) while blocking Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34985t=34985 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Free Tutorials and Cheap Cisco Labs [7:34986]
Hi, Did anyone visit itlearn.org? Looks like a good deal. Regards Sonal Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34986t=34986 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: port needed open for dlsw (tcp encap) [7:34981]
2067 John Kaberna CCIE #7146 NETCG Inc. www.netcginc.com (415) 750-3800 Instructor for CCIE R/S and Security 5-day class www.ccbootcamp.com __ CCIE Security Training www.netcginc.com/training.htm ME wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... With dlsw, useing tcp encap, what tcp ports do I need open in an access-list to allow dlsw to work? TCP 2065 by itself is not enough. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34982t=34981 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Secret Clearance? [7:4152]
not to mention that if they say it is required they probably do not want to pay the $$$ to have it done...hence the required portion of the job description. - Patrick Craig Columbus 02/09/02 15:38 PM Check the archives of the list. This has been discussed many, many times. Craig At 11:04 AM 2/9/2002 -0500, you wrote: So how does one gain Secret Clearance? --- Jeff D wrote: The contractor has no say in it. If the government says you need a clearance to enter the building, then you have to have one, period. Why waste your time if you don't? Jeff wrote in message news:[EMAIL PROTECTED]... this Clearance thing is kind of funny. I think they should screen someone who is qulaified for the position even if they dont have the Clearance. = Paul M. Immo CCDP, CCNP, CCIE Written, MCSE (248)634-3362 Home (248)343-0440 Cell View my Resume online: http://briefcase.yahoo.com/paulimmo Imagination is more important than knowledge Albert Einstein __ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com Confidentiality Disclaimer This email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. (WellStar) and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34984t=4152 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DLSW access-list problem - more info [7:34985]
DLSW uses port 2065 for read, and 2067 for write CM - Original Message - From: ME To: Sent: Saturday, February 09, 2002 10:05 PM Subject: DLSW access-list problem - more info [7:34985] I can see the the dlsw connection is useing tcp 2065, but seems to be another piece missing... (dlsw peer works fine without acces-list). Any help would be appreciated... I fly to SJ tomorow for the lab on Monday... Thanks! R0-R1#sh access-list 101 Extended IP access list 101 permit udp any any eq rip (23 matches) permit tcp any any eq 2065 (39 matches) permit tcp any any eq bgp deny ip any any (105 matches) R0-R1# R0-R1# DLSw: CONN: peer 150.20.12.2 open failed due to partner close DLSw: peer 150.20.12.2(2065), old state DISCONN, new state DISCONN R0-R1# DLSw: passive open 150.20.12.2(11021) - 2065 DLSw: action_b(): opening write pipe for peer 150.20.12.2(2065) R0-R1# DLSw: dlsw_tcpd_fini() for peer 150.20.12.2(2065) DLSw: tcp fini for peer 150.20.12.2(2065) while blocking R0-R1# DLSw: CONN: peer 150.20.12.2 open failed due to partner close DLSw: peer 150.20.12.2(2065), old state DISCONN, new state DISCONN R0-R1# DLSw: passive open 150.20.12.2(11022) - 2065 DLSw: action_b(): opening write pipe for peer 150.20.12.2(2065) R0-R1# DLSw: dlsw_tcpd_fini() for peer 150.20.12.2(2065) DLSw: tcp fini for peer 150.20.12.2(2065) while blocking Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34987t=34985 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DLSW access-list problem - more info [7:34985]
Useing access-list 101 deny ip any any log I found:%SEC-6-IPACCESSLOGP: list 101 denied tcp 150.20.12.2(2065) - 150.20.12.1(11048), 1 packet (and other such ports around 11000). Based on that - the following works... access-list 101 permit udp any any eq rip access-list 101 permit tcp host 150.20.12.2 host 150.20.12.1 eq 2065 access-list 101 permit tcp host 150.20.12.2 host 150.20.12.1 est access-list 101 permit tcp any any eq bgp access-list 101 deny ip any any log Charles Manafa wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... DLSW uses port 2065 for read, and 2067 for write CM - Original Message - From: ME To: Sent: Saturday, February 09, 2002 10:05 PM Subject: DLSW access-list problem - more info [7:34985] I can see the the dlsw connection is useing tcp 2065, but seems to be another piece missing... (dlsw peer works fine without acces-list). Any help would be appreciated... I fly to SJ tomorow for the lab on Monday... Thanks! R0-R1#sh access-list 101 Extended IP access list 101 permit udp any any eq rip (23 matches) permit tcp any any eq 2065 (39 matches) permit tcp any any eq bgp deny ip any any (105 matches) R0-R1# R0-R1# DLSw: CONN: peer 150.20.12.2 open failed due to partner close DLSw: peer 150.20.12.2(2065), old state DISCONN, new state DISCONN R0-R1# DLSw: passive open 150.20.12.2(11021) - 2065 DLSw: action_b(): opening write pipe for peer 150.20.12.2(2065) R0-R1# DLSw: dlsw_tcpd_fini() for peer 150.20.12.2(2065) DLSw: tcp fini for peer 150.20.12.2(2065) while blocking R0-R1# DLSw: CONN: peer 150.20.12.2 open failed due to partner close DLSw: peer 150.20.12.2(2065), old state DISCONN, new state DISCONN R0-R1# DLSw: passive open 150.20.12.2(11022) - 2065 DLSw: action_b(): opening write pipe for peer 150.20.12.2(2065) R0-R1# DLSw: dlsw_tcpd_fini() for peer 150.20.12.2(2065) DLSw: tcp fini for peer 150.20.12.2(2065) while blocking Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34988t=34985 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: problem in int [7:34937]
At 11:07 PM 2/8/02, kaushalender wrote: hi group I have strage roblem .The problem is i have a 128 kbps link to my customer.When I see the interface on which customer is connected the incoming traffic is less and outgoing traffic is very high .Why this is happening .Plz tell me How do you expect us to know why it's happening? Sorry, if that sounds harsh, but seriously, how could we possibly answer a question about how your network to your customer is being used? A couple things do stick out though. The output rate is actually 192 Kbps, so you must have more than 128 Kbps. It appears that you actually have 512 Kbps from the BW statistic in the show int output. Also, 192 Kbps isn't much. Why does that concern you? Maybe your customer is accessing your Web site. It's no big deal. Also, to really understand network utilization, you have to look at it over a longer term. Is it constantly at 192 Kbps or was that a one-time blip? Priscilla This is the int as u seeing clearly 47000 is incoming from customer and 192000 is outgoing to customer Thanx Serial0/2 is up, line protocol is up Hardware is PowerQUICC Serial Description: RAINBOW AND VERTEC REM-2 Internet address is 216.252.243.1/30 MTU 2048 bytes, BW 512 Kbit, DLY 2 usec, reliability 255/255, txload 95/255, rxload 23/255 Encapsulation PPP, loopback not set Keepalive set (10 sec) LCP Open Listen: CDPCP Open: IPCP Last input 00:00:00, output 00:00:00, output hang never Last clearing of show interface counters 2d02h Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1769 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/30/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 384 kilobits/sec 5 minute input rate 47000 bits/sec, 68 packets/sec 5 minute output rate 192000 bits/sec, 58 packets/sec 4251918 packets input, 655572206 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 1 giants, 0 throttles 94 input errors, 2 CRC, 87 frame, 0 overrun, 0 ignored, 5 abort 4168853 packets output, 1573135961 bytes, 0 underruns 0 output errors, 0 collisions, 13 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34989t=34937 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hiding an computer ( ip address ) using access list [7:34991]
Beth, My choice would be filtering on the machine. If you're using UNIX, there are several IP filtering (and free) products. You could also tailor the routing table in the machine to only allow it to find your other machine. Why tax the router? Ken beth 02/09/02 04:01PM I am adding a computer to my network that i do not want accessible via network to anyone but myself. Can someone suggest best ways to do this, is this possible on the router level via access list? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34991t=34991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Swithing modes [7:34993]
Does anyone have a full list of switching modes on Cisco routers? I am trying to figure out what automous and silicon switching are. Does silicon switching use an ASIC to move the packet from interface to interface bypassing the CPU? Thanks for any info, Ryan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34993t=34993 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Interesting Web Alias [7:34994]
All, Interesting? Follow this link: www.american.com Can't imagine why Cisco registered this domain name. Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34994t=34994 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
only one token in token ring? [7:34995]
Hello, is it possible for TR stations to get more than one token at one time? I know TR can have multiple data frames in one time with Early Token Release, but can a ring have one or 2 tokens at some point? -cecil Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34995t=34995 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
transport input none [7:34996]
Does anyone know the affect of entering 'transport input none' on the console line? Many of the IPExpert labs show it in their answer keys, but niether they, not Cisco really explains why. (That I can find.) Cisco shows it in many of their show run examples everywhere - with no explanation. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34996t=34996 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: transport input none [7:34996]
transport input none prevents any protocol selection on the line. This makes the port unusable by incoming connections Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34997t=34996 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Will the ccie writtn exams aailable from different [7:34998]
Hi All, I am preparing for CCIE written.Practice exams are available frommany website, could anyone please tell me, do these help and if so which website would you recommend. Thanks in advance, Neil K. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34998t=34998 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP on MSFCs with DECnet [7:34828]
Sorry. It's not an answer. ;-) I was wondering if you found an answer to this interesting quesiton, however. There may be no other solution than to use the BIA and rely on gratuitous ARP? (Well, you could get rid of DECnet or try to isolate it to a pocket of the network. That could be a bit drastic, though. You probably have some important applications that use it.) Priscilla At 03:11 AM 2/8/02, Caplan M wrote: Hi, I'm working with the following scenario. msfc1 msfc2 ip -10.1.1.1 ip 10.1.1.2 DECnet - 1.1 DECnet 1.2 | HSRP - 10.1.1.3 | | | - | | IP hosts DECnet hosts I'm putting together a design using 2 6509s each with MSFCs. I want to provide IP redundancy via HSRP, but also run DECnet on both VLAN interfaces. The virtual MAC address problem of HSRP interacting with DECnet can be solved using 'standby use-bia' command. However I would prefer not to rely on the 'gratuitous arp' solution for my IP hosts; I dont know if they are all compliant. A better solution for a normal router is to use sub interfaces and the scope command, say a 2620. That way, I could configure IP on one sub-interface, and DECnet on another sub-interface. This would mean DECnet hosts could talk happily to their DR using the DEC aa-00-04-00-xx-xx MAC address, while the IP hosts could talk to the Cisco OUI virtual mac address - ie HSRP would only be configured on one of the subinterfaces eg: int fa0.1 ip addr 10.1.1.1 255.255.255.0 standby 1 ip 10.1.1.3 pre int fa0.2 decnet cost 10 But I dont see how I can do this trick with an MSFC. You cant split a VLAN interface into sub-interfaces. So how do I make a VLAN interface talk DECnet with aa-00-04 MAC address, and also respond to the normal HSRP cisco MAC address. Any ideas ? I really dont want to rely on gratuitous ARP. I'm sure that anything you can do with a 2620, you should be able to to at least as good with 6500s and MSFC !! Thanks in advance Mark Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34999t=34828 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: transport input none [7:34996]
That makes it sound like I would make the console port useable, but that it not what happens. I know that it will stop all traffic when applied to the async lines, but I don't see any effect on the console port or the aux port. somera cecilia wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... transport input none prevents any protocol selection on the line. This makes the port unusable by incoming connections Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35000t=34996 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Trunking multiple subnets on the same vlan /port [7:34975]
Try putting one subnet on each subinterface - each in turn will map to a vlan. Trunk all the vlans to the switch. On the interfaces where you want multiple vlans try configuring switchport multi vlan {ADD vlan-list | REMOVE vlan-list} Valid IDs are from 1 to 1001. Separate nonconsecutive VLAN IDs with a comma and no spaces; use a hyphen to designate a range of IDs. Do not enter leading zeros. Let us know if this works. -Original Message- From: McHugh Randy [mailto:[EMAIL PROTECTED]] Sent: Saturday, February 09, 2002 1:45 PM To: [EMAIL PROTECTED] Subject: Trunking multiple subnets on the same vlan /port [7:34975] I have 15 different subnets on a eth 0/0 on a 2621 router with 15 secondary addresses . I want to know if it is possible to change them to subinterfaces and trunk more than one subnet accross a 2924 switch and pust more than one subnet in the same vlan/port. That means putting more than one subnet on one port in the same vlan. The subnets could be contiguous. For instance: ip address 64.41.x.241 255.255.255.248 secondary ip address 64.41.x.249 255.255.255.248 secondary Or most are discontiguous. I did not think it could be done but just wanted to throw it out there to see if anyone had a solution. Thanks, randy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35001t=34975 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Swithing modes [7:34993]
Do you have a CCO account? If yes, you can find the answer on Cisco's website. Or Get the Lan Switching or CCNP Switching book from CiscoPress. Either one will have all the switching modes defined. I am sure there several books. -- Through Complexity there is Simplicity, Through Simplicity there is Complexity David L. Blair - CCNP, CCNA, MCSE, CBE, A+, 3Wizard Ryn wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Does anyone have a full list of switching modes on Cisco routers? I am trying to figure out what automous and silicon switching are. Does silicon switching use an ASIC to move the packet from interface to interface bypassing the CPU? Thanks for any info, Ryan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35002t=34993 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hiding an computer ( ip address ) using acces [7:34992]
Plus if there are other hosts on the same LAN a router won't help as it doesn't interfere with traffic local to the LAN. John Kaberna CCIE #7146 NETCG Inc. www.netcginc.com (415) 750-3800 Instructor for CCIE R/S and Security 5-day class www.ccbootcamp.com __ CCIE Security Training www.netcginc.com/training.htm Ken Diliberto wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Beth, My choice would be filtering on the machine. If you're using UNIX, there are several IP filtering (and free) products. You could also tailor the routing table in the machine to only allow it to find your other machine. Why tax the router? Ken beth 02/09/02 04:01PM I am adding a computer to my network that i do not want accessible via network to anyone but myself. Can someone suggest best ways to do this, is this possible on the router level via access list? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34992t=34992 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: port needed open for dlsw (tcp encap) [7:34981]
port 2067 never gets hit... R0-R1#sh access-list Extended IP access list 101 permit udp any any eq rip (2 matches) permit tcp any any eq 2065 (6 matches) permit tcp any any eq 2067 permit tcp any any eq bgp deny ip any any log (9 matches) R0-R1# %SEC-6-IPACCESSLOGP: list 101 denied tcp 150.20.12.2(179) - 150.20.12.1(11084), 1 packet %SEC-6-IPACCESSLOGNP: list 101 denied 103 150.20.12.2 - 224.0.0.13, 1 packet Useing access-list 101 deny ip any any log I found:%SEC-6-IPACCESSLOGP: list 101 denied tcp 150.20.12.2(2065) - 150.20.12.1(11048), 1 packet (and other such ports around 11000). Based on that - the following works... access-list 101 permit udp any any eq rip access-list 101 permit tcp host 150.20.12.2 host 150.20.12.1 eq 2065 access-list 101 permit tcp host 150.20.12.2 host 150.20.12.1 est access-list 101 permit tcp any any eq bgp access-list 101 deny ip any any log Does this look right? John Kaberna wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... 2067 John Kaberna CCIE #7146 NETCG Inc. www.netcginc.com (415) 750-3800 Instructor for CCIE R/S and Security 5-day class www.ccbootcamp.com __ CCIE Security Training www.netcginc.com/training.htm ME wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... With dlsw, useing tcp encap, what tcp ports do I need open in an access-list to allow dlsw to work? TCP 2065 by itself is not enough. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34990t=34981 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hacking a firewall [7:34978]
O boy user Network Scanner na? Regards. - Original Message - From: sami natour To: Sent: Saturday, February 09, 2002 12:13 PM Subject: hacking a firewall [7:34978] Hi , I am trying to test how secure BigFire firewall.I need to run some tests in other words I want to find if I can hack it or not.It is very important to our company to know how secure it is . Best Regards , sami , __ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35003t=34978 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hiding an computer ( ip address ) using acces [7:34992]
Are you trying to limit remote access from outside the network or from within the network (LAN) From outside the network you can use an access list but the best way would be to use the security policy on your OS. AKA password etc If you are using win 9xx without a 3rd party app your kinda hosed. Ditto for physical security also unless you disable the floppy and CDrom. As Howard would say What problem are you trying to solve.. There is a way to hide the IP by having a oneway patch cable but that only lets the machine recieve but not transmit and because it does not transmit nothing no arps etc and no other device can see it .. But also because it's mute it cannot announce itself either therefore it cannot use any networks services etc. it can just listen only kinda like taking the number off your house, no one knows where you are ,you can't get a phome installed or any mail delivered as you have no address.. Oz I am adding a computer to my network that i do not want accessible via network to anyone but myself. Can someone suggest best ways to do this, is this possible on the router level via access list? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35004t=34992 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: collissions and the bigger picture [7:34896]
So collisons are head on wrecks and if serial could have a wreck it would be just a rear end deal .. LOL I bit at one time Re the cable stuff The Media Access Control mechanism is normally implemented in hardware or in a combination of hardware and software. The primary purpose of the MAC is to share the media in a reasonable way. Both the CMTS and the Cable Modem implements protocols to do Ranging to compensate for different cable losses. It is essential that the upstream bursts from all Cable Modems are received in the Head-End at the same level. If two Cable Modems transmit at the same time, but one is much weaker than the other one, the CMTS will only hear the strong signal and assume everything is okay. If the two signals are same strength, the signal will garble and the CMTS will know a collision occurred. Ranging to compensate for the different cable delays. The size of a CATV network calls for fairly large delays in the millisecond range. Assigns frequencies etc. to the Cable Modems. The Cable Modem first listens to the downstream to collect information about where and how to answer. The it signs on to the system using the assigned upstream frequency etc. Allocate the time-slots for the upstream. It is impossible to give more detailed information about the MAC, without going into the specific standards. This is one of the areas that are most closely tied to the specific standard. Stolen from here http://www.cable-modems.org/ Oz Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35005t=34896 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Why do some TFTP sessions take a lot longer [7:35006]
When I do the TFTP lab in class.. I have 6 routers 6 PC and 6 Xover cables All have the same configs except for IP addy's Yet when the class pulls down the IOS the times for a 7 meg bin file vary from 4 to 15 minutes. The cables are all the same length same company who made them. The routers are all 1601's the pc's and NIC's the same all running windoze 98 SE. Ideas anyone ?? This week I will sniff each PC and see what that bring up . Ideas anyone ?? I will post the results next saturday Oz Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35006t=35006 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: LAN IP address [7:34934]
do debug ip arp clear arp make sure you set the scroll buffer on your terminal client to about 8 times the amount of hosts . this will tell you all the hosts the router can see and you can watch all the where ARP thou's do there thing.. Not pretty tho on a busy segment on a production router and be consoled in.. Oz Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35007t=34934 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: hiding an computer ( ip address ) using access list [7:35008]
Chiming in on the machine based filtering - Windows 2K and XP have an IPSec filter that you can configure to drop, permit or negotiate security based on IP, DNS, ect. With a little creativity, you can configure the box so it can talk to the rest of the world, but the rest of the world can't initiate conversation with it. And - for your blessed few that are permitted to initiate traffic to the 'secret box' you can use certificates or preshared keys to negotiate security and allow communication. There are a few things that can't be secured with IPSec - IKE for example - but unless your goal is to completely hide the machine IPSec filters should do the trick. Frankly, I think IPSec in W2K rocks, but that's just me. And a nice host based IDS from Cisco, of course. ;) Yes, you could 'hide' the machine based on IP address and access lists, but this is (in my opinion) a very poor and not very secure design. TTFN, Bill Pearch, Anchorage AK -Original Message- From: Ken Diliberto [mailto:[EMAIL PROTECTED]] Sent: Saturday, February 09, 2002 2:31 PM To: [EMAIL PROTECTED] Subject: Re: hiding an computer ( ip address ) using access list [7:34991] Beth, My choice would be filtering on the machine. If you're using UNIX, there are several IP filtering (and free) products. You could also tailor the routing table in the machine to only allow it to find your other machine. Why tax the router? Ken beth 02/09/02 04:01PM I am adding a computer to my network that i do not want accessible via network to anyone but myself. Can someone suggest best ways to do this, is this possible on the router level via access list? [GroupStudy.com removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35008t=35008 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Swithing modes [7:34993]
Ath the fatkid thays Swithing modes but without the lisp...heh Go to www.fatkid.com Autonomous switching is used in larger multi-slot routers. Autonomous switching allows the switch blade or module to perform local fast switching without placing the packet on the backplane unless it is necessary to do so. Silicon switching uses ASICs, (Application Specific Integrated Circuits) to perform the switching function. This allows for many operations to be completed in a single clock cylce so performance is very fast. ASICs can be limiting however, since if there are too many instructions burned ontot the chip adding functionality later can be impossbile without replacing the chips. Oth Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35010t=34993 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]