Re: CAT4003 and 3com [7:39084]
Remove the autonegotiate configuration for the ports. Set the desired 10/100 full/half duplex manually. I have experienced the same above solution worked, and learnt this events were symptons of some vendor auto negotiation mismatch. regards, Jiten. --- Patrick Ramsey wrote: funny you should mention that! I can't get cisco to autonegotiate with ANYTHING... 3com works with juniper/extreme/intel/ibm/etc Cisco works with Cisco heh 03/21/02 18:24 PM 3COM never auto-negotiates properly with Cisco, look for FCS errors on the switch ports. The best solution is to hardcode NICs to FD. The 'easiest' solution is to hardcode the switchports to HD. Mark Egan, CCIE #8775 wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Greetings, Any knowing problems out there with 3com cards and cat 4000 switches? I've a customer complaining when they insert new win2k with 3com cards, the whole network slows down. When the switch is rebooted everything is back to normal. The problem repeats when the add more win2k machine. Any ideas ThanksNabil Confidentiality Disclaimer This email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. (WellStar) and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards. http://movies.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39128t=39084 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MPLS in the Enterprise [7:36670]
Kent, Irwin, This is an interesting exchange of perspectives. Could you or someone else comment on GMPLS? How does it factor into the comparison of MPLS vs. FR? Is there anything about the combination of MPLS / GMPLS that gives it an advantage over FR? Another issue I'd like to understand in this context is native MPLS transport. Do you see a possibility in the future for simplifying the transport of MPLS packets? In other words, could one replace SONET/SDH with a simple transmission layer X (whatever that might be)? The stack ,might look something like this: 7 7 6 6 5 5 4 4 3 3 3 3 2 2 2 2 2 2 1 1 1 X 1 1 1 ^ ^ | | +-+ native MPLS core There in the middle, where the native MPLS core would be in a greenfield network, is it possible to transport the MPLS packets on a fiber medium, possibly on different lambdas using GMPLS, but without SONET/SDH? I don't work on that layer (physical L1) enough to know the interactions between L1/L2, but it seems that simplification is desirable. Possibly using MPX (MPLS over PPP over X) instead of traditional POS? There are many reasons to keep SONET/SDH, for example, protection switching. Is it possible that MPLS / GMPLS could offer similar solutions that would have a competitive advantage? Maybe someone at MPLScon will have an answer. See you there. -- TT Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39129t=36670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CISCO 2600 router [7:39130]
Hi, Need Help in understanding why the following problem is occuring. When I connect the CISCO 2600 router through the console port. I get the following error message %Error opening tftp://255.255.255.255/network-confg (Timed out) %Error opening tftp://255.255.255.255/cisconet.cfg (Timed out) %Error opening tftp://255.255.255.255/SHG_RTR-confg (Timed out) %Error opening tftp://255.255.255.255/SHG_RTR.cfg (Timed out) And because of this sometimes I cannot ping or telnet the router. When I boot it I get the following message ## [OK] Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-I-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Tue 07-Dec-99 02:12 by phanguye Image text-base: 0x80008088, data-base: 0x807AAF70 cisco 2620 (MPC860) processor (revision 0x102) with 26624K/6144K bytes of memory FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
More VTP Questions [7:39131]
Thanks to everyone who helped clarify the VTP Domain process and I have more questions. I am working on a textbook Cisco network design. We have two 6509s in the core, four 6509s in the distribution layer and about 30 6509s at the access layer. We also have two Server Farm 6509s hanging off the core switches. The core and distribution will route and well switch to the server farm and the access layers. Well have about 4-5 VLANs in each access layer, so well over 100 VLANs total. Hence my strong interest in VTP. Reading through the VTP stuff today, I saw where the VTP communication occurs through VLAN1. The reseller who sold the design said we would have multi-path layer3 connectivity between core and distribution and layer 2 out to access 6509s. Assuming we only had routed links between the core and distribution layers, then how would the VTP updates get through to the distribution layer from the core? Can we effectively have both a routed link and a bridged VLAN1 link throughout the network? Does that make sense? Any suggestions on how this is accomplished with one VTP domain or a better way would be appreciated. Jeff Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39131t=39131 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Core dumps [7:39132]
Dear all I configure an AS5300 cisco access-server for core dump, sending the core files on a Linux ftp server. My problem is that the core files that are greated, are too big 190MBytes (Suppose to be around 4Mbytes) and are not readable. By viewing the files i can only see random characters.. I will appreciate any feedback on the above problem. Thanks __ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards. http://movies.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39132t=39132 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
missing Interfaces on a 1003 [7:39133]
Hi all - I've been searching around the Cisco website and elsewhere with google, but can't quite pin this down. I have a 1003 with no flash card in it, which currently is just booting image c1000-rboot-r.103-9 When the machine boots there's no sign of the ISDN interfaces. I read on an earlier note that someone had issues like this with the serial interfaces on a 2500 and wondered whether it's likely to be down to the image being wrong, but I haven't succeeded in finding the features supported by this image. I don't have this router in my hands at the minute - someone else has got it, but I'm trying to guide them to get it sorted .. I fear it may be broken, but want to prove to myself that it's not just an image problem first. Anyone help? cheers -Danny Router(boot)sh ver Cisco Internetwork Operating System Software IOS (tm) 1000 Bootstrap Software (C1000-RBOOT-R), Version 10.3(9), RELEASE SOFTW ARE (fc1) Copyright (c) 1986-1995 by cisco Systems, Inc. Compiled Wed 31-Jan-96 02:38 by vatran Image text-base: 0x00018060, data-base: 0x02004000 ROM: System Bootstrap, Version 5.3.2(9) [vatran 9], RELEASE SOFTWARE (fc1) Router uptime is 3 minutes System restarted by power-on System image file is eprom:c1000-rboot-r.103-9, booted via ROM cisco 1000 (68360) processor (revision D) with 7680K/512K bytes of memory. Processor board serial number 03893187 1 Ethernet/IEEE 802.3 interface. 8K bytes of non-volatile configuration memory. Configuration register is 0x2102 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39133t=39133 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CISCO 2600 router [7:39130]
The router is looking for a config file on a TFTP server by broadcasting messages. You can disable this behaviour by no service config command. HTH Hi, Need Help in understanding why the following problem is occuring. When I connect the CISCO 2600 router through the console port. I get the following error message %Error opening tftp://255.255.255.255/network-confg (Timed out) %Error opening tftp://255.255.255.255/cisconet.cfg (Timed out) %Error opening tftp://255.255.255.255/SHG_RTR-confg (Timed out) %Error opening tftp://255.255.255.255/SHG_RTR.cfg (Timed out) And because of this sometimes I cannot ping or telnet the router. When I boot it I get the following message ## [OK] Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-I-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Tue 07-Dec-99 02:12 by phanguye Image text-base: 0x80008088, data-base: 0x807AAF70 cisco 2620 (MPC860) processor (revision 0x102) with 26624K/6144K bytes of memory FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39134t=39130 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CISCO 2500 router [7:39135]
Hi, I have a CISCO 2500 series router and last time there was a power problem due to which now everytime I boot I get the following message System Bootstrap, Version 11.0(10 C), SOFTWARE Copyright (C) 1986-1996 by Cisco Systems 2500 processor with 2048 Kbytes of main memory Local Timeout (control reg=0x118) Error, address 0x213 at 0x10109DA(PC) The above message keeps on repeating and the OK LED in front of the Router keeps blinking continuously. What could be the problem and the solution for it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39135t=39135 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Setting up a CCNA Lab [7:39112]
Hi Nathan, with a DTE/DCE cable between the two serial ports you can even make one of the routers a frame relay switch. If you want the config for this, let me know and I'll send it to you. Regards, Georg Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39136t=39112 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CIC.. [7:39104]
Hi Stanzin, with CIC you mean Cisco Info Center ? What do you need to know ? Regards, Georg Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39137t=39104 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX performance problem again ! [7:38955]
Dear All, I would first thank you for your worthfull contributions which enable me to solve the problem! The problem was that the interfaces is set to full duplex (10full or 100full commands), and when i change the configuration to 10base and 100base the problem has been solved totally !! I'm still didn't understand why ? my switch support the duplex and even not, the connection should not work totally not at low performance !. Anyway, thanks alot again for your contributions . -- Mohannad N. Khuffash Network Administrator Palestine Telecom Tel : 00970-09-2390509 Mohannad Khuffash wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear all, My problem with th PIX still present! the throughput between my inside cleints an the out side ftp server still very low ! the only node between them is the PIX,and the speed cann't be more than 50K B/s, i have checked the two cisco fixing problem for such like these cases: DNS pointer and IDENT protocols, but the problem is still present Please can any one help me ? Thanks in advance for your efforts -- Mohannad N. Khuffash Network Administrator Palestine Telecommunication Company Tel: 00972-02-2982330 Fax:00972-02-2980235 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39138t=38955 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: missing Interfaces on a 1003 [7:39133]
Danny, I had this same problem but with 2600 series routers. I loaded an IOS that supported the featurs I needed but DID NOT support the interfaces physically present on the box. It threw me a bit as well. Do a hardware/Software compatability check on CCO and then look for the images that support both the hardware and features. HTH Richard Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39139t=39133 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CAT4003 and 3com [7:39084]
Here is a great reference http://www.cisco.com/warp/public/473/46.html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Thursday, March 21, 2002 3:41 PM To: [EMAIL PROTECTED] Subject: CAT4003 and 3com [7:39084] Greetings, Any knowing problems out there with 3com cards and cat 4000 switches? I've a customer complaining when they insert new win2k with 3com cards, the whole network slows down. When the switch is rebooted everything is back to normal. The problem repeats when the add more win2k machine. Any ideas ThanksNabil Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39140t=39084 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Wic-1DSU-T1 card can be connected to a T1 circuit [7:39079]
Hi Yatou, is your question if a WIC-1DSU-T1 card can be connected to a T1 circuit ? Here is what I found on the Cisco site: WIC-1DSU-T1 The WIC-1DSU-T1 card is a single-port, T1/fractional T1 CSU/DSU interface card. Use the WIC-1DSU-T1 card for a cost effective router-CSU/DSU combination with the following features: T1 or fractional T1 network interface N X 64 kbps or N X 56 kbps non-channelized data rates (N = 1 to 24) Full management features: Configuration: Capability for remote configuration via telnet from Cisco IOS CLI Monitoring: Router and CSU/DSU manageable as a single SNMP entity; extensive CSU/DSU statistics provided by Cisco IOS CLI Troubleshooting: Extensive loopbacks (including a manual button for network line loopback), bit error rate tester (BERT) test patterns, alarm counters, and performance reports, all of which are accessible from Cisco IOS CLI. LEDs for carrier detect, loopback, and alarm functions. Technical Specifications Table 2-17 lists the technical specifications of the WIC-1DSU-T1 card. Table 2-17: WIC-1DSU-T1 Technical Specifications Type Description Interface type T1 or fractional T1 Serial network support Synchronous, full duplex Physical connector RJ-45 Number of connectors/ports One Cisco IOS requirement 11.3(4)T or later Compliance FCC Class B device, CE Safety conformance UL1950 Spare WIC-1DSU-T1= Regards, Georg Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39141t=39079 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Gigastack Etherchannel [7:39033]
Guys, If it helps any, here is a quote from Cisco's web siteLink below. Cascaded Stack Connections: You can connect from three to nine switches in a cascaded stack configuration. The cascaded stack operates in half-duplex mode. (This raises the debate about how many switches in the stack again, because now I've seen conflicting documentation that indicates 9 and 16) The link is http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/gbic/ig_gbic/mam oins.htm#xtocid357911 Watch for URL wrap. Our Switchstacks contain 9 3548's here, and the uplink ports with fiber GBIC modules default to full duplex, while the gigastack module ports default to half duplex. I think one of reasons for this is the fact that you are effectively splitting the port in half by connecting each of the two gigastack ports to different switches. Hope this helps. Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I Network Engineer GRC International, Inc., an ATT company -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Gaz Sent: Thursday, March 21, 2002 2:01 PM To: [EMAIL PROTECTED] Subject: Re: Gigastack Etherchannel [7:39033] Ole, Good question.. Dunno! I was just going to suggest that one 3548 could only talk to one other switch at full duplex. The Gigastack bus may equate to a shared media once another switch is attached, so needs to go to half duplex. This must be different for something like a 3508, as a 3508 can definitely take multiple full duplex connections when used as the hub of a star configuration. In fact now I've finished writing it, it seems reasonable. I will test this tomorrow as well. Anybody pick holes in that theory? Gaz Ole Drews Jensen wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... If you have three 3548's - A, B and C, and you have 1 GigaStack module in A where only one connector is connected to one connector on a GigaStack module in B, and 1 GigaStack module in C where only one connected is connected to one connector on a second GigaStack module in B. Would that make a Full Duplex on the connections since only one port is used on each GigaStack module, or would it end up in Half Duplex anyway, since you have a total of three switches? Ole ~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~ http://www.RouterChief.com ~ Need a Job? http://www.OleDrews.com/job ~ -Original Message- From: Georgescu, Aurelian [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 21, 2002 11:56 AM To: [EMAIL PROTECTED] Subject: RE: Gigastack Etherchannel [7:39033] They can be used in full-duplex mode on point-to-point links (aka using only one connector on each GigaStack, one at each end of the cable). If you daisy-chain them they default to half-duplex. Aurelian -Original Message- From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 21, 2002 12:02 PM To: [EMAIL PROTECTED] Subject: RE: Gigastack Etherchannel [7:39033] GigaStack GBIC's are Full Duplex: ELVIS#show int gigabitEthernet 0/1 GigabitEthernet0/1 is up, line protocol is up Hardware is Gigabit Ethernet, address is 0002.fd13.52f1 (bia 0002.fd13.52f1) MTU 1500 bytes, BW 100 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive not set Auto-duplex (Full), link type is autonegotiation, media type is CX_GIGASTACK output flow-control is off, input flow-control is off ARP type: ARPA, ARP Timeout 04:00:00 GigaStack module(0.2) in GBIC slot. link1 is up, link2 is down Last input 00:00:06, output 00:00:01, output hang never Last clearing of show interface counters 11w1d Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 107000 bits/sec, 15 packets/sec 5 minute output rate 91000 bits/sec, 16 packets/sec 122086095 packets input, 1719966070 bytes, 0 no buffer Received 3149732 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 163799 multicast, 0 pause input 165588418 packets output, 149633091 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out Hth, Ole ~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~ http://www.RouterChief.com ~ Need a Job? http://www.OleDrews.com/job ~ -Original Message- From: Jeffrey Reed
RE: CAT4003 and 3com [7:39084]
I've had multiple experiences with 3com NIC's and Cisco switches not negotiating speed and duplex properly. Gets to be a real pain the backside after awhile. I've had instructors tell me the same thing, that Cisco and 3com are notorious for this issue. Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I Network Engineer GRC International, Inc., an ATT company -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Thursday, March 21, 2002 3:41 PM To: [EMAIL PROTECTED] Subject: CAT4003 and 3com [7:39084] Greetings, Any knowing problems out there with 3com cards and cat 4000 switches? I've a customer complaining when they insert new win2k with 3com cards, the whole network slows down. When the switch is rebooted everything is back to normal. The problem repeats when the add more win2k machine. Any ideas ThanksNabil Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39143t=39084 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Where is h323 used when configuring IVR for Voice? [7:39145]
Hi, From the Cisco web site http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fvvfax_c/vvfivr.htm#xtocid14; The example showed that aaa authentication login h323 group radius. The h323 is indicated in the command reference as the list-name. But I could not find the list-name h323 being used in the configuration below. Where is the h323 being reference in the configuration ? When using IVR how the application knows that the router should use the list-name h323 to authenticate the user ? Thank-you. TCL IVR for Gateway1 (GW1) Configuration Example The following output is the result of using the show running-config command: GW1 Router# show running-config Building configuration... Current configuration: ! Last configuration change at 08:39:29 PST Mon Jan 10 2000 by lab ! version 12.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname GW1 ! logging buffered 10 debugging aaa new-model aaa authentication login default local group radius aaa authentication login h323 group radius aaa authentication login con none aaa authorization exec h323 group radius aaa accounting connection h323 start-stop group radius enable password xxx ! username lab password 0 lab ! resource-pool disable ! clock timezone PST -8 ip subnet-zero ip host baloo 1.14.124.xxx ip host dirt 223.255.254.254 ip host rtspserver3 1.14.1xx.2 ip host rtspserver1 1.14.1xx.2 ! mgcp package-capability trunk-package mgcp default-package trunk-package isdn switch-type primary-net5 isdn voice-call-failure 0 ! tftp://dirt/hostname/WV/en_new/ call application voice debit_card tftp://dirt/Router/scripts.new/app_debitcard.tcl call application voice debit_card uid-len 6 call application voice debit_card language 1 en call application voice debit_card language 2 ch call application voice debit_card set-location ch 0 tftp://dirt/hostname/WV/ch_new/ call application voice debit_card set-location en 0 tftp://dirt/hostname/WV/en_new/ call application voice debit_card_rtsp tftp://dirt/IVR 2.0/scripts.new/app_debitcard.tcl call application voice debit_card_rtsp uid-len 6 call application voice debit_card_rtsp language 1 en call application voice debit_card_rtsp language 2 ch call application voice debit_card_rtsp set-location ch 0 rtsp://rtspserver1:554/ call application voice debit_card_rtsp set-location en 0 rtsp://rtspserver1:554/ mta receive maximum-recipients 0 ! controller E1 0 clock source line primary pri-group timeslots 1-31 ! controller E1 1 ! controller E1 2 ! controller E1 3 ! gw-accounting h323 gw-accounting h323 vsa gw-accounting voip ! interface Ethernet0 ip address 1.14.128.35 255.255.255.xxx no ip directed-broadcast h323-gateway voip interface h323-gateway voip id gk1 ipaddr 1.14.128.19 1xxx h323-gateway voip h323-id [EMAIL PROTECTED] h323-gateway voip tech-prefix 5# ! interface Serial0:15 no ip address no ip directed-broadcast isdn switch-type primary-net5 isdn incoming-voice modem fair-queue 64 256 0 no cdp enable ! interface FastEthernet0 ip address 16.0.0.1 255.255.xxx.0 no ip directed-broadcast duplex full speed auto no cdp enable ! ip classless ip route 0.0.0.0 0.0.0.0 1.14.128.33 ip route 1.14.xxx.0 255.xxx.255.xxx 16.0.0.2 ip route 1.14.xxx.16 255.xxx.255.240 1.14.xxx.33 no ip http server ! radius-server host 1.14.132.2 auth-port 1645 acct-port 1646 radius-server key cisco radius-server vsa send accounting radius-server vsa send authentication ! voice-port 0:D cptone DE ! dial-peer voice 200 voip incoming called-number 53 destination-pattern 34. session target ipv4:16.0.0.2 dtmf-relay h245-alphanumeric codec g711ulaw ! dial-peer voice 102 pots application debit_card_rtsp incoming called-number 3450072 shutdown destination-pattern 53. port 0:D ! dial-peer voice 202 voip shutdown destination-pattern 34. session protocol sipv2 session target ipv4:16.0.0.2 dtmf-relay cisco-rtp codec g711ulaw ! dial-peer voice 101 pots application debit_card incoming called-number 3450070 destination-pattern 53. port 0:D ! gateway ! line con 0 exec-timeout 0 0 transport input none line aux 0 line vty 0 4 password xxx ! ntp clock-period 17180740 ntp server 1.14.42.23 end __ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards. http://movies.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39145t=39145 -- FAQ, list archives, and subscription info:
RE: CISCO 2500 router [7:39135]
I have not seen that error myself, but maybe this is what's happening (copied from cco): Adding the command distribute-list access-list out rip to an active IPX ROUTER NLSP process causes the router to display the following error message, after which the router reloads: Local Timeout (control reg=0x118) Error, address: 0x4000C74 at 0x30F4D7C (PC) Hth, Ole ~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~ http://www.RouterChief.com ~ Need a Job? http://www.OleDrews.com/job ~ -Original Message- From: Biswajeet Das [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 5:48 AM To: [EMAIL PROTECTED] Subject: CISCO 2500 router [7:39135] Hi, I have a CISCO 2500 series router and last time there was a power problem due to which now everytime I boot I get the following message System Bootstrap, Version 11.0(10 C), SOFTWARE Copyright (C) 1986-1996 by Cisco Systems 2500 processor with 2048 Kbytes of main memory Local Timeout (control reg=0x118) Error, address 0x213 at 0x10109DA(PC) The above message keeps on repeating and the OK LED in front of the Router keeps blinking continuously. What could be the problem and the solution for it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39146t=39135 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CAT4003 and 3com [7:39084]
Awesome Link! Thanks Tom. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tom Petzold Sent: Friday, March 22, 2002 7:54 AM To: [EMAIL PROTECTED] Subject: RE: CAT4003 and 3com [7:39084] Here is a great reference http://www.cisco.com/warp/public/473/46.html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Thursday, March 21, 2002 3:41 PM To: [EMAIL PROTECTED] Subject: CAT4003 and 3com [7:39084] Greetings, Any knowing problems out there with 3com cards and cat 4000 switches? I've a customer complaining when they insert new win2k with 3com cards, the whole network slows down. When the switch is rebooted everything is back to normal. The problem repeats when the add more win2k machine. Any ideas ThanksNabil Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39147t=39084 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Wic-1DSU-T1 card can be connected to a T1 circuit [7:39079]
This brings up another question... Since the WIC-1DSU-T1 card can be used for N X 64 kbps or N X 56 kbps non-channelized data rates (N = 1 to 24), is a standard T-1 (not PRI) channelized or un-channelized? I was under the impression that since you were dealing with 24 64Kb/s channels (get it?), that this was a channelized T-1. Am I smokin' some good stuff or what? Thanks, Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I Network Engineer GRC International, Inc., an ATT company -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Georg Pauwen Sent: Friday, March 22, 2002 8:06 AM To: [EMAIL PROTECTED] Subject: RE: Wic-1DSU-T1 card can be connected to a T1 circuit [7:39079] Hi Yatou, is your question if a WIC-1DSU-T1 card can be connected to a T1 circuit ? Here is what I found on the Cisco site: WIC-1DSU-T1 The WIC-1DSU-T1 card is a single-port, T1/fractional T1 CSU/DSU interface card. Use the WIC-1DSU-T1 card for a cost effective router-CSU/DSU combination with the following features: T1 or fractional T1 network interface N X 64 kbps or N X 56 kbps non-channelized data rates (N = 1 to 24) Full management features: Configuration: Capability for remote configuration via telnet from Cisco IOS CLI Monitoring: Router and CSU/DSU manageable as a single SNMP entity; extensive CSU/DSU statistics provided by Cisco IOS CLI Troubleshooting: Extensive loopbacks (including a manual button for network line loopback), bit error rate tester (BERT) test patterns, alarm counters, and performance reports, all of which are accessible from Cisco IOS CLI. LEDs for carrier detect, loopback, and alarm functions. Technical Specifications Table 2-17 lists the technical specifications of the WIC-1DSU-T1 card. Table 2-17: WIC-1DSU-T1 Technical Specifications Type Description Interface type T1 or fractional T1 Serial network support Synchronous, full duplex Physical connector RJ-45 Number of connectors/ports One Cisco IOS requirement 11.3(4)T or later Compliance FCC Class B device, CE Safety conformance UL1950 Spare WIC-1DSU-T1= Regards, Georg Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39148t=39079 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CISCO 2500 router [7:39135]
I have seen that before. If I remember correctly, the router had corrupted memory. Ole Drews Jensen wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have not seen that error myself, but maybe this is what's happening (copied from cco): Adding the command distribute-list access-list out rip to an active IPX ROUTER NLSP process causes the router to display the following error message, after which the router reloads: Local Timeout (control reg=0x118) Error, address: 0x4000C74 at 0x30F4D7C (PC) Hth, Ole ~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~ http://www.RouterChief.com ~ Need a Job? http://www.OleDrews.com/job ~ -Original Message- From: Biswajeet Das [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 5:48 AM To: [EMAIL PROTECTED] Subject: CISCO 2500 router [7:39135] Hi, I have a CISCO 2500 series router and last time there was a power problem due to which now everytime I boot I get the following message System Bootstrap, Version 11.0(10 C), SOFTWARE Copyright (C) 1986-1996 by Cisco Systems 2500 processor with 2048 Kbytes of main memory Local Timeout (control reg=0x118) Error, address 0x213 at 0x10109DA(PC) The above message keeps on repeating and the OK LED in front of the Router keeps blinking continuously. What could be the problem and the solution for it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39149t=39135 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Setting up a CCNA Lab [7:39112]
I think you would be fine just using the 2600 and a Cisco switch. This is the focus of CCNA. Use multiple routers if you study for CCNP routing. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Nathan Sent: Thursday, March 21, 2002 9:02 PM To: [EMAIL PROTECTED] Subject: Setting up a CCNA Lab [7:39112] I've managed to borrow a Cisco 1602 and a 2610 from a friend to use as practice equipment while i study for my CCNA. The 1602 has a ISDN Bri module. The 2610 has a ISDN Bri module and a 56k/64k CSU/DSU Module. What way would you guys suggest setting them up? I was thinking of just configuring them via serial then link them via serial when i'm done and toss a switch on either end. Any suggestions? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39150t=39112 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Gigastack Etherchannel [7:39033]
Kelly, On the GigaStack modules, are you using both ports on the module, or one port on two modules? Examples (use fixed font for best view): 1 module / 2 ports switch 1 [oo] [--] | switch 2 [oo] [--] | switch 3 [oo] [--] | switch 4 [oo] [--] 2 modules / 1 port switch 1 [oo] [oo] | switch 2 [oo] [oo] | switch 3 [oo] [oo] | switch 4 [oo] [oo] Thanks, Ole ~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~ http://www.RouterChief.com ~ Need a Job? http://www.OleDrews.com/job ~ -Original Message- From: Kelly Cobean [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 7:18 AM To: [EMAIL PROTECTED] Subject: RE: Gigastack Etherchannel [7:39033] Guys, If it helps any, here is a quote from Cisco's web siteLink below. Cascaded Stack Connections: You can connect from three to nine switches in a cascaded stack configuration. The cascaded stack operates in half-duplex mode. (This raises the debate about how many switches in the stack again, because now I've seen conflicting documentation that indicates 9 and 16) The link is http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/gbic/ig_gbic/mam oins.htm#xtocid357911 Watch for URL wrap. Our Switchstacks contain 9 3548's here, and the uplink ports with fiber GBIC modules default to full duplex, while the gigastack module ports default to half duplex. I think one of reasons for this is the fact that you are effectively splitting the port in half by connecting each of the two gigastack ports to different switches. Hope this helps. Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I Network Engineer GRC International, Inc., an ATT company -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Gaz Sent: Thursday, March 21, 2002 2:01 PM To: [EMAIL PROTECTED] Subject: Re: Gigastack Etherchannel [7:39033] Ole, Good question.. Dunno! I was just going to suggest that one 3548 could only talk to one other switch at full duplex. The Gigastack bus may equate to a shared media once another switch is attached, so needs to go to half duplex. This must be different for something like a 3508, as a 3508 can definitely take multiple full duplex connections when used as the hub of a star configuration. In fact now I've finished writing it, it seems reasonable. I will test this tomorrow as well. Anybody pick holes in that theory? Gaz Ole Drews Jensen wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... If you have three 3548's - A, B and C, and you have 1 GigaStack module in A where only one connector is connected to one connector on a GigaStack module in B, and 1 GigaStack module in C where only one connected is connected to one connector on a second GigaStack module in B. Would that make a Full Duplex on the connections since only one port is used on each GigaStack module, or would it end up in Half Duplex anyway, since you have a total of three switches? Ole ~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~ http://www.RouterChief.com ~ Need a Job? http://www.OleDrews.com/job ~ -Original Message- From: Georgescu, Aurelian [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 21, 2002 11:56 AM To: [EMAIL PROTECTED] Subject: RE: Gigastack Etherchannel [7:39033] They can be used in full-duplex mode on point-to-point links (aka using only one connector on each GigaStack, one at each end of the cable). If you daisy-chain them they default to half-duplex. Aurelian -Original Message- From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 21, 2002 12:02 PM To: [EMAIL PROTECTED] Subject: RE: Gigastack Etherchannel [7:39033] GigaStack GBIC's are Full Duplex: ELVIS#show int gigabitEthernet 0/1 GigabitEthernet0/1 is up, line protocol is up Hardware is Gigabit Ethernet, address is 0002.fd13.52f1 (bia 0002.fd13.52f1) MTU 1500 bytes, BW 100 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive not set Auto-duplex (Full), link type is autonegotiation, media type is CX_GIGASTACK output flow-control is off, input flow-control is off ARP type: ARPA, ARP Timeout 04:00:00 GigaStack module(0.2) in GBIC slot. link1 is up, link2 is down Last input 00:00:06, output 00:00:01, output hang never Last clearing of show interface counters 11w1d Queueing strategy: fifo
RE: More VTP Questions [7:39131]
Jeff, If you are going to (must) use VLANs, they should never extend beyond the distribution layer. That is, a VLAN may exist in the access layer (possibly across more than one A/L switch) but should terminate at the D/L. Beyond the D/L into the core, the network is to be purely routed/switched with no VLAN activity (there are exceptions to this with a switched core in which you may want to set up VLANs - routed core is often preferred. Even in this exception case, these core VLANs are different VLANs than in the A/L). Whether any trunking is needed is probably a more important question: It sounds (from your wording) that this is a fresh design - if you do not have to trunk VLANs (with have to=must being the operative words), then the best design going these days is to put one VLAN per A/L switch; each VLAN corresponds directly to a separate subnet. On the D/L switches, there are multiple routed interfaces (subinterfaces) each performing routing for the individual subnets corresponding to the A/L switches. In this manner, your entire network is essentially routed (hosts connecting down to their D/L switch are switched, yes, but they are only in their own subnet) and you don't have to worry about anything to do with VTP or STP. So, here is a one line summary: If you don't absolutely need to use VLANs, don't: route. Cheers, Arjen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jeffrey Reed Sent: March 22, 2002 5:26 AM To: [EMAIL PROTECTED] Subject: More VTP Questions [7:39131] Thanks to everyone who helped clarify the VTP Domain process and I have more questions. I am working on a textbook Cisco network design. We have two 6509s in the core, four 6509s in the distribution layer and about 30 6509s at the access layer. We also have two Server Farm 6509s hanging off the core switches. The core and distribution will route and well switch to the server farm and the access layers. Well have about 4-5 VLANs in each access layer, so well over 100 VLANs total. Hence my strong interest in VTP. Reading through the VTP stuff today, I saw where the VTP communication occurs through VLAN1. The reseller who sold the design said we would have multi-path layer3 connectivity between core and distribution and layer 2 out to access 6509s. Assuming we only had routed links between the core and distribution layers, then how would the VTP updates get through to the distribution layer from the core? Can we effectively have both a routed link and a bridged VLAN1 link throughout the network? Does that make sense? Any suggestions on how this is accomplished with one VTP domain or a better way would be appreciated. Jeff Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39152t=39131 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Gigastack Etherchannel [7:39033]
Thanks for all the responses. Dug the switches out today and tested. We were all on the right tracks I think. I also put this to the Cisco open forum, and a Cisco CCIE answered my original question saying it was definitely not possible to run etherchannel between two switches with 2 Gigastack modules each. Coming to Cisco's rescue, I received an e-mail from Tom Petzold of Cisco, which doesn't seem to have reached the Newsgroup yet, but his answers were spot on and confirmed by the testing I did today. His e-mail is attached after my mumblings below. If anybody can think of any other tests to try, they're still set up so give me a shout before Monday evening when they get installed elsewhere. Using all 3524 switches (called A,B and C) Test 1: Connect A to B with one cable - Link Auto's to full duplex Now add a connection from B to C with one cable (on the same Gigastack module) Result - All links revert to half duplex Test 2: Connect A to B with one cable - Link Auto's to full duplex Now add a second Gigastack module to B and connect this to C. Result - All links stay at full duplex. Test 3: Connect A to B with 2 cables (one Gigastack module used in each switch) Result - spanning tree blocks one of the connections (don't know a way of configuring etherchannel for these - they are not subinterfaces of any kind) Test 4: Connect A to B with one cable - Link Auto's to full duplex Put a second Gigastack module in both A and B Connect these with one cable Configure both switches for etherchannel Result - Etherchannel works fine - all ports forwarding Regards, Gaz (Tom Petzold's e-mail follows) Let me see if I can walk through the options. If you hook two switches up with one cable (using only one port on each gigastack GBIC) you will have a 1Gb (2Gb full Duplex) connection. If you have three switches cascaded and use both ports on any gigastack GBIC you will have 1Gb half duplex shared across all the switches. In the previous configuration you can hook the bottom switch back up to the top switch. Since you have a loop now (a to b, b to c, c to a) one port will go into blocking to prevent the loop. Now your question is can I use two gigastack GBICs in both switches and setup an etherchannel. The answer is yes. Connect GBIC 1 in switch A to GBIC 1 in switch 2 and GBIC 2 in switch A to GBIC 2 in switch 2 using 1 cable for each GBIC pair. Then just setup the gigabit ports as an etherchannel group. This will give you the 2Gb (4Gb full duplex) you wanted. What you don't want to do is connect both ports on GBIC 1 to both ports on GBIC 2. I'm not sure what would happen but I think they would go into half duplex and not allow you to setup the etherchannel. Tom Petzold Cisco Systems Kelly Cobean wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Guys, If it helps any, here is a quote from Cisco's web siteLink below. Cascaded Stack Connections: You can connect from three to nine switches in a cascaded stack configuration. The cascaded stack operates in half-duplex mode. (This raises the debate about how many switches in the stack again, because now I've seen conflicting documentation that indicates 9 and 16) The link is http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/gbic/ig_gbic/mam oins.htm#xtocid357911 Watch for URL wrap. Our Switchstacks contain 9 3548's here, and the uplink ports with fiber GBIC modules default to full duplex, while the gigastack module ports default to half duplex. I think one of reasons for this is the fact that you are effectively splitting the port in half by connecting each of the two gigastack ports to different switches. Hope this helps. Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I Network Engineer GRC International, Inc., an ATT company -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Gaz Sent: Thursday, March 21, 2002 2:01 PM To: [EMAIL PROTECTED] Subject: Re: Gigastack Etherchannel [7:39033] Ole, Good question.. Dunno! I was just going to suggest that one 3548 could only talk to one other switch at full duplex. The Gigastack bus may equate to a shared media once another switch is attached, so needs to go to half duplex. This must be different for something like a 3508, as a 3508 can definitely take multiple full duplex connections when used as the hub of a star configuration. In fact now I've finished writing it, it seems reasonable. I will test this tomorrow as well. Anybody pick holes in that theory? Gaz Ole Drews Jensen wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... If you have three 3548's - A, B and C, and you have 1 GigaStack module in A where only one connector is connected to one connector on a GigaStack module in B, and 1 GigaStack module in C where only one connected is connected to one connector on a second GigaStack module in B. Would that make a Full Duplex on the connections since only one port is
Re: CISCO 2500 router [7:39135]
Of course, 2500 that have problems like that just get retired to door stop duty. Danny wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have seen that before. If I remember correctly, the router had corrupted memory. Ole Drews Jensen wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have not seen that error myself, but maybe this is what's happening (copied from cco): Adding the command distribute-list access-list out rip to an active IPX ROUTER NLSP process causes the router to display the following error message, after which the router reloads: Local Timeout (control reg=0x118) Error, address: 0x4000C74 at 0x30F4D7C (PC) Hth, Ole ~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~ http://www.RouterChief.com ~ Need a Job? http://www.OleDrews.com/job ~ -Original Message- From: Biswajeet Das [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 5:48 AM To: [EMAIL PROTECTED] Subject: CISCO 2500 router [7:39135] Hi, I have a CISCO 2500 series router and last time there was a power problem due to which now everytime I boot I get the following message System Bootstrap, Version 11.0(10 C), SOFTWARE Copyright (C) 1986-1996 by Cisco Systems 2500 processor with 2048 Kbytes of main memory Local Timeout (control reg=0x118) Error, address 0x213 at 0x10109DA(PC) The above message keeps on repeating and the OK LED in front of the Router keeps blinking continuously. What could be the problem and the solution for it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39154t=39135 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MPLS in the Enterprise [7:36670]
At 3:29 AM -0500 3/22/02, Tom Scott wrote: Kent, Irwin, This is an interesting exchange of perspectives. Could you or someone else comment on GMPLS? GMPLS does many of the things you are describing. It generalizes MPLS setup beyond the current packet/frame oriented paths to paths that don't have a granularity as fine as packets: optical wavelengths, multiplex time slots, and specific physical port sequences on various devices. I really don't see MPLS/GMPLS as a relevant technology for most enterprises. Let me throw out an analogy that I just invented -- I just got up and may not be thinking clearly. 1. ATM was originally intended as a carrier-only technology. FR, ISDN, etc., were seen as customer access protocols to the carrier ATM cloud. ATM UNI specifications came into being due to a market need for a high-speed access technology. 2. MPLS often is called ATM without cells. I consider (G)MPLS analogous to the original carrier role of ATM, and things such as provider-provisioned VPNs (PPVPN) at both layer 2 and 3, metro optical Ethernet, 3G wireless, etc., corresponding to the access protocols in the original ATM model. 3. MPLS is not a panacea, but does have many useful features for traffic engineering and fault tolerance, especially when dealing with very large numbers of L2 emulated circuits and L3 private networks/Internet access/large provider cores. GMPLS provides a smooth path for integrating both present (e.g., POS, SONET) and evolving optical technologies. How many enterprises will have a requirement to manage many fibers containing many DWDM wavelengths at OC-192 or OC-768? 4. There are enterprise needs that are just starting to get integrated with MPLS, such as IPsec. How does it factor into the comparison of MPLS vs. FR? Is there anything about the combination of MPLS / GMPLS that gives it an advantage over FR? Some market research I've seen suggests the telcos do not expect to have the IP-literate staff to do more than deliver the core and perhaps 10% of their VPNs as L3. L2 VPNs (e.g., frame and virtual wire emulation) is attractive to them because it significantly reduces their support costs. Another issue I'd like to understand in this context is native MPLS transport. Do you see a possibility in the future for simplifying the transport of MPLS packets? In other words, could one replace SONET/SDH with a simple transmission layer X (whatever that might be)? The stack ,might look something like this: 7 7 6 6 5 5 4 4 3 3 3 3 2 2 2 2 2 2 1 1 1 X 1 1 1 ^ ^ | | +-+ native MPLS core That's GMPLS, which specifically is intended to be able to transport SONET, POS, etc. There in the middle, where the native MPLS core would be in a greenfield network, is it possible to transport the MPLS packets on a fiber medium, possibly on different lambdas using GMPLS, but without SONET/SDH? I don't work on that layer (physical L1) enough to know the interactions between L1/L2, but it seems that simplification is desirable. Possibly using MPX (MPLS over PPP over X) instead of traditional POS? There are many reasons to keep SONET/SDH, for example, protection switching. Is it possible that MPLS / GMPLS could offer similar solutions that would have a competitive advantage? Maybe someone at MPLScon will have an answer. See you there. Yes, and probably more advanced protection switching with more efficient resource use. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39155t=36670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Rack [7:38796]
This was not very helpful James! -Original Message- From: Lee James [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 21, 2002 5:39 PM To: [EMAIL PROTECTED] Subject: RE: Rack [7:38796] This electronic mail transmission contains confidential information intended only for the person(s) named. Any use, distribution, copying or disclosure by any other person is strictly prohibited. If you received this transmission in error, please notify the sender by reply e-mail and then destroy the message. Opinions, conclusions, and other information in this message, that do not relate to the official business of MARAKON ASSOCIATES shall be understood to be neither given nor endorsed by the Company. When addressed to MARAKON clients, any information contained in this e-mail is subject to the terms and conditions in the governing client contract. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39156t=38796 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Coyotepoint Load Balancers [7:38953]
What problems have you had with the Arrowpoint Sam? We do mainly Foundry for load balancing, and I have to say (as I'm not using my work e-mail address :-)) that they have been flaky as hell. We work fairly closely with Foundry (when we can get in touch), but every box seems to work differently with every image. You get in to the habit of finding an image that works and leave it alone. It's a horrible feeling when security advisories come out recommending upgrades, and you just know it's going to introduce other issues. We haven't deployed the Arrowpoint on any really big projects, but they do seem to offer more functionality than the Foundry in some areas (not forgetting the massive price difference), so I'm interested to hear what problems have arisen with them. Thanks, Gaz sam sneed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a pair of CS11152 (former arrowpoints) and they've been flaky. I do not recommend them. Not sure about coyotepoint. dre wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Coyotepoint was the first server load balancing device I had ever heard of outside of your basic LSNAT configuration (I think Cisco calls it NAT load-sharing or something, but there is an RFC also). However, I've never actually seen one in production on any network. Around 1997-8 the Cisco Local Director was the only box I saw, and most people hated them. Then, the F5 Big/IP box became popular (and it still sort of is). A whole bunch of people started entering the market space of SLB and Global Load-Balancing. In the past few years, companies like Arrowpoint and Alteon got bought by Cisco and Nortel. Now you even have places like Akamai doing GLB for places like Yahoo. After I've read the RFC's, and patents like US6185598, US108703, and US6052718, and worked with SLB and GLB for years, I've finally come to a few conclusions: A) The SLB/GLB marketing and focus is silicon snake oil B) Just like the computer security industry, [it's] like a carnival game, where people throw ducks at balloons, and nothing is as it seems C) It really depends on *your* environment. Just as there are millions of options for web servers and web programming languages (e.g. .NET, J2EE, Apache+PHP+MySQL, Apache+mod_perl, MS NT4 IIS/ISAPI, WebSphere vs. Weblogic, Zeus, Netscape, Xitami, etc etc), there are millions of options for SLB and GLB (even deciding between the two is impossible). D) Even outside of products and software, you have your own organization. How the coders build web pages. How the HTML is done. Etc. If you don't have any dynamic content. If you are completely dynamic content and everything besides the main page is somewhere under /cgi-bin/. These are all organizational issues that are different with every company. Depending on your setup, a different product may fit your needs differently. E) SLB was grown out of the need for more bandwidth being pushed out to the Internet by machines in the $100 to $5000 price range. These machines at the time were 486's and no ubiquitous Fast or Gigabit Ethernet. For a high-end Unix box with Fast Ethernet, you were looking at $30,000 back then (at least). F) Now, you can buy a Titanium Powerbook with Gigabit Ethernet running Mach+BSD (MacOS X) for like $2000. You can get 2x CPU 1U machines running FreeBSD or Linux capable of pushing 2k pps for under $3000. The need for SLB may have changed over the years due to the hardware catching up to the bandwidth needs. The SLB/GLB market is so confusing, probably nobody has it figured out. However, I can recommend one box today that stands above the others, and the only one I'd like to see in any production network. The guys at Radware have made some significant advancements in the way SLB and GLB are done. Their WSD and entire line of products are much better than any of the alternatives, and it is much more versatile for any real production environment. This is just my opinion, but I suggest you fully research the SLB/GLB industry before making your decision. -dre Brian Zeitz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I hope this is not too far off topic, but has anyone ever used this companies load balancers or products or have any feedback on it. http://www.coyotepoint.com One thing I noticed is that it only has 1 port in, and one out. Is that not normal? I have used Alteon Before, any feedback would be helpful. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39157t=38953 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Setting up a CCNA Lab [7:39112]
Also, go to the website w w w . c c x x p r o d u c t i o n s . c o m and click on their Build a Home Lab link. This may help you out with some other home lab questions. Shawn K. -Original Message- From: Nathan [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 21, 2002 10:02 PM To: [EMAIL PROTECTED] Subject: Setting up a CCNA Lab [7:39112] I've managed to borrow a Cisco 1602 and a 2610 from a friend to use as practice equipment while i study for my CCNA. The 1602 has a ISDN Bri module. The 2610 has a ISDN Bri module and a 56k/64k CSU/DSU Module. What way would you guys suggest setting them up? I was thinking of just configuring them via serial then link them via serial when i'm done and toss a switch on either end. Any suggestions? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39158t=39112 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Wic-1DSU-T1 card can be connected to a T1 circuit [7:39079]
Georg, thanks for your infor. Actually my question is: can the Wic-1DSU-T1 card be connected to a T1 circuit through a DSX-1 interface? our T1 circuit is connected to a DSX-1 patch panel from adc.com and we can not touch that part by just connecting the Wic card to the patch panel. It seems to me now that we can not do that, because the Wic card has DSU/CSU build in and the signal comes out as DS-1 signal. the Signal comes out the patch panel is DSX-1 signal. thanks again. yatou From: Georg Pauwen Reply-To: Georg Pauwen To: [EMAIL PROTECTED] Subject: RE: Wic-1DSU-T1 card can be connected to a T1 circuit [7:39079] Date: Fri, 22 Mar 2002 08:06:04 -0500 Hi Yatou, is your question if a WIC-1DSU-T1 card can be connected to a T1 circuit ? Here is what I found on the Cisco site: WIC-1DSU-T1 The WIC-1DSU-T1 card is a single-port, T1/fractional T1 CSU/DSU interface card. Use the WIC-1DSU-T1 card for a cost effective router-CSU/DSU combination with the following features: T1 or fractional T1 network interface N X 64 kbps or N X 56 kbps non-channelized data rates (N = 1 to 24) Full management features: Configuration: Capability for remote configuration via telnet from Cisco IOS CLI Monitoring: Router and CSU/DSU manageable as a single SNMP entity; extensive CSU/DSU statistics provided by Cisco IOS CLI Troubleshooting: Extensive loopbacks (including a manual button for network line loopback), bit error rate tester (BERT) test patterns, alarm counters, and performance reports, all of which are accessible from Cisco IOS CLI. LEDs for carrier detect, loopback, and alarm functions. Technical Specifications Table 2-17 lists the technical specifications of the WIC-1DSU-T1 card. Table 2-17: WIC-1DSU-T1 Technical Specifications Type Description Interface type T1 or fractional T1 Serial network support Synchronous, full duplex Physical connector RJ-45 Number of connectors/ports One Cisco IOS requirement 11.3(4)T or later Compliance FCC Class B device, CE Safety conformance UL1950 Spare WIC-1DSU-T1= Regards, Georg _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39159t=39079 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Gigastack Etherchannel [7:39033]
Ole, Here is our configuration(God I hope this doesn't get screwed up. Just in case, basically it's a looped configuration, using only one of the gig ports per switch, utilizing the second gig port on the 1st and 9th switch for uplink to the distribution layer. Gig0/2 on switches 2-8 are unused. The loop prevention mechanism in the IOS takes care of the loop configuration in the stack(what I read leads me to believe that it is something other than STP, but I could be wrong) then STP takes care of the loop in the two fiber uplinks, which connect to two different Cat6509's) ||(fiber uplink to distribution layer) || Switch1 |oo| |oo| || / |--- - | | | Switch2 |oo| |oo| | || / | | | Switch3 |oo| |oo| | || / | | | Switch4 |oo| |oo| | || / | | | Switch5 |oo| |oo| | || / | | | Switch6 |oo| |oo| | || / | | | Switch7 |oo| |oo| | || / | | | Switch8 |oo| |oo| | || / | | | Switch9 |oo| |oo| | ||| | -- || || (Uplink to Distibution Layer Hope this helps, Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I Network Engineer GRC International, Inc., an ATT company -Original Message- From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 8:51 AM To: 'Kelly Cobean'; [EMAIL PROTECTED] Subject: RE: Gigastack Etherchannel [7:39033] Kelly, On the GigaStack modules, are you using both ports on the module, or one port on two modules? Examples (use fixed font for best view): 1 module / 2 ports switch 1 [oo] [--] | switch 2 [oo] [--] | switch 3 [oo] [--] | switch 4 [oo] [--] 2 modules / 1 port switch 1 [oo] [oo] | switch 2 [oo] [oo] | switch 3 [oo] [oo] | switch 4 [oo] [oo] Thanks, Ole ~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~ http://www.RouterChief.com ~ Need a Job? http://www.OleDrews.com/job ~ -Original Message- From: Kelly Cobean [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 7:18 AM To: [EMAIL PROTECTED] Subject: RE: Gigastack Etherchannel [7:39033] Guys, If it helps any, here is a quote from Cisco's web siteLink below. Cascaded Stack Connections: You can connect from three to nine switches in a cascaded stack configuration. The cascaded stack operates in half-duplex mode. (This raises the debate about how many switches in the stack again, because now I've seen conflicting documentation that indicates 9 and 16) The link is http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/gbic/ig_gbic/mam oins.htm#xtocid357911 Watch for URL wrap. Our Switchstacks contain 9 3548's here, and the uplink ports with fiber GBIC modules default to full duplex, while the gigastack module ports default to half duplex. I think one of reasons for this is the fact that you are effectively splitting the port in half by connecting each of the two gigastack ports to different switches. Hope this helps. Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I Network Engineer GRC International, Inc., an ATT company -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Gaz Sent: Thursday, March 21, 2002 2:01 PM To: [EMAIL PROTECTED] Subject: Re: Gigastack Etherchannel [7:39033] Ole, Good question.. Dunno! I was just going to suggest that one 3548 could only talk to one other switch at full duplex. The Gigastack bus may equate to a shared media once another switch is attached, so needs to go to half duplex. This must be different for something like a 3508, as a 3508 can definitely take multiple full duplex connections when used as the hub of a star configuration. In fact now I've finished writing it, it seems reasonable. I will test this tomorrow as well. Anybody pick holes in that theory? Gaz Ole Drews Jensen wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... If you have three 3548's - A, B and C, and you have 1 GigaStack module in A where only one connector is connected to one connector on a GigaStack module in B, and 1 GigaStack module in C where only one connected is connected to one connector on a second GigaStack module in B. Would that make a Full Duplex on the connections since only one port is used
Re: Coyotepoint Load Balancers [7:38953]
First off, failover takes close to a minute which is a lot more than Cisco advertises(in HA config). Second they're supposed to provide for load balancing using SSL. This simply does not work on ours even though we followed the config on their site exactly. Third they're very tempermental. We migrated them to another switch and expected a little downtime during the move. We moved them, they came up, showed all services were good but in actuality all services were down. We had to power down both CS11152 and the Extreme switch they were connected to get services back up. Mind you that all the servers that were behind the CS11152 were pingable and reachable up to Layer 3 so NAT and L3 were working, only the services the load balancers were supposed to provide were down. Cost us a lot of aggravation and almost my job. Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... What problems have you had with the Arrowpoint Sam? We do mainly Foundry for load balancing, and I have to say (as I'm not using my work e-mail address :-)) that they have been flaky as hell. We work fairly closely with Foundry (when we can get in touch), but every box seems to work differently with every image. You get in to the habit of finding an image that works and leave it alone. It's a horrible feeling when security advisories come out recommending upgrades, and you just know it's going to introduce other issues. We haven't deployed the Arrowpoint on any really big projects, but they do seem to offer more functionality than the Foundry in some areas (not forgetting the massive price difference), so I'm interested to hear what problems have arisen with them. Thanks, Gaz sam sneed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a pair of CS11152 (former arrowpoints) and they've been flaky. I do not recommend them. Not sure about coyotepoint. dre wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Coyotepoint was the first server load balancing device I had ever heard of outside of your basic LSNAT configuration (I think Cisco calls it NAT load-sharing or something, but there is an RFC also). However, I've never actually seen one in production on any network. Around 1997-8 the Cisco Local Director was the only box I saw, and most people hated them. Then, the F5 Big/IP box became popular (and it still sort of is). A whole bunch of people started entering the market space of SLB and Global Load-Balancing. In the past few years, companies like Arrowpoint and Alteon got bought by Cisco and Nortel. Now you even have places like Akamai doing GLB for places like Yahoo. After I've read the RFC's, and patents like US6185598, US108703, and US6052718, and worked with SLB and GLB for years, I've finally come to a few conclusions: A) The SLB/GLB marketing and focus is silicon snake oil B) Just like the computer security industry, [it's] like a carnival game, where people throw ducks at balloons, and nothing is as it seems C) It really depends on *your* environment. Just as there are millions of options for web servers and web programming languages (e.g. .NET, J2EE, Apache+PHP+MySQL, Apache+mod_perl, MS NT4 IIS/ISAPI, WebSphere vs. Weblogic, Zeus, Netscape, Xitami, etc etc), there are millions of options for SLB and GLB (even deciding between the two is impossible). D) Even outside of products and software, you have your own organization. How the coders build web pages. How the HTML is done. Etc. If you don't have any dynamic content. If you are completely dynamic content and everything besides the main page is somewhere under /cgi-bin/. These are all organizational issues that are different with every company. Depending on your setup, a different product may fit your needs differently. E) SLB was grown out of the need for more bandwidth being pushed out to the Internet by machines in the $100 to $5000 price range. These machines at the time were 486's and no ubiquitous Fast or Gigabit Ethernet. For a high-end Unix box with Fast Ethernet, you were looking at $30,000 back then (at least). F) Now, you can buy a Titanium Powerbook with Gigabit Ethernet running Mach+BSD (MacOS X) for like $2000. You can get 2x CPU 1U machines running FreeBSD or Linux capable of pushing 2k pps for under $3000. The need for SLB may have changed over the years due to the hardware catching up to the bandwidth needs. The SLB/GLB market is so confusing, probably nobody has it figured out. However, I can recommend one box today that stands above the others, and the only one I'd like to see in any production network. The guys at Radware have made some significant advancements in the way SLB and GLB are done. Their WSD and entire line of products are much better than any of the alternatives, and it is much more versatile for
Re: Has anyone attended ICTP? [7:38900]
no Aaron Shively wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello, I was wondering if anyone in here has taken any classes at ICTP (located in Anaheim, CA) or heard anything about it? I am interested in attending there, and was hoping to talk with someone who has gone there. Thanks, Aaron Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39162t=38900 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX 501 (quick help needed) [7:38645]
The problem is that a PING needs access back with a PING REPLY, and the PIX does not allow that by default. Use the command: conduit permit icmp any any 0 to allow PING REPLY (icmp type 0) from the outside to the inside. If you want to use tracert also, you must add the command: conduit permit icmp any any 11 ICMP type 11 is Time Exceeded. If you want to allow people from the outside to ping on the inside, you can either add this command: conduit permit icmp any any 8 ICMP type 8 is PING REQUEST. OR, you can instead of the above three commands, use one command to allow ALL ICMP traffic to enter: conduit permit icmp any any Hth, Ole ~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~ http://www.RouterChief.com ~ Need a Job? http://www.OleDrews.com/job ~ -Original Message- From: John Green [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 9:24 AM To: Ole Drews Jensen Subject: RE: PIX 501 (quick help needed) [7:38645] from a host inside i am able to connect to PIX and get the PDM fine. hence the internal interface looks ok. but i am not able to go outside. i have reset the configuration and hence i guess the default config makes the outside interface act as a dhcp client and get an IP address from the service provider. but i am not able to even ping to internet outside from inside hosts. the cisco docs clearly say that for default config inside connections to outside are allowed. so what is the problem ? --- Ole Drews Jensen wrote: Yes. Use the command ip address outside dhcp setroute This will tell the outside interface to act like a DHCP client and configure the default route to be the address it gets from the DHCP server. If you're using the setroute option, remember not to use the route command to set the default route. Hth, Ole ~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~ http://www.RouterChief.com ~ Need a Job? http://www.OleDrews.com/job ~ -Original Message- From: John Green [mailto:[EMAIL PROTECTED]] Sent: Monday, March 18, 2002 8:30 AM To: [EMAIL PROTECTED] Subject: PIX 501 (quick help needed) [7:38645] this is from the specs for the PIX 501: integrated 4-port 10/100BASE-TX switch and 10BASE-T port question is about the external interface ? is its external interface 10BaseT ? if yes, then, can it connect to the cable modem and get a ip address from the dhcp ? __ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/ [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards. http://movies.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39163t=38645 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Coyotepoint Load Balancers [7:38953]
That's interesting. We've been using the Arrowpoint switch for load-balancing with sticky SSL sessions for over a year now and have had no problems at all. However, we're going to be replacing that box with two of something-or-other, we just haven't decided on what yet. John sam sneed 3/22/02 8:35:56 AM First off, failover takes close to a minute which is a lot more than Cisco advertises(in HA config). Second they're supposed to provide for load balancing using SSL. This simply does not work on ours even though we followed the config on their site exactly. Third they're very tempermental. We migrated them to another switch and expected a little downtime during the move. We moved them, they came up, showed all services were good but in actuality all services were down. We had to power down both CS11152 and the Extreme switch they were connected to get services back up. Mind you that all the servers that were behind the CS11152 were pingable and reachable up to Layer 3 so NAT and L3 were working, only the services the load balancers were supposed to provide were down. Cost us a lot of aggravation and almost my job. Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... What problems have you had with the Arrowpoint Sam? We do mainly Foundry for load balancing, and I have to say (as I'm not using my work e-mail address :-)) that they have been flaky as hell. We work fairly closely with Foundry (when we can get in touch), but every box seems to work differently with every image. You get in to the habit of finding an image that works and leave it alone. It's a horrible feeling when security advisories come out recommending upgrades, and you just know it's going to introduce other issues. We haven't deployed the Arrowpoint on any really big projects, but they do seem to offer more functionality than the Foundry in some areas (not forgetting the massive price difference), so I'm interested to hear what problems have arisen with them. Thanks, Gaz sam sneed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a pair of CS11152 (former arrowpoints) and they've been flaky. I do not recommend them. Not sure about coyotepoint. dre wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Coyotepoint was the first server load balancing device I had ever heard of outside of your basic LSNAT configuration (I think Cisco calls it NAT load-sharing or something, but there is an RFC also). However, I've never actually seen one in production on any network. Around 1997-8 the Cisco Local Director was the only box I saw, and most people hated them. Then, the F5 Big/IP box became popular (and it still sort of is). A whole bunch of people started entering the market space of SLB and Global Load-Balancing. In the past few years, companies like Arrowpoint and Alteon got bought by Cisco and Nortel. Now you even have places like Akamai doing GLB for places like Yahoo. After I've read the RFC's, and patents like US6185598, US108703, and US6052718, and worked with SLB and GLB for years, I've finally come to a few conclusions: A) The SLB/GLB marketing and focus is silicon snake oil B) Just like the computer security industry, [it's] like a carnival game, where people throw ducks at balloons, and nothing is as it seems C) It really depends on *your* environment. Just as there are millions of options for web servers and web programming languages (e.g. .NET, J2EE, Apache+PHP+MySQL, Apache+mod_perl, MS NT4 IIS/ISAPI, WebSphere vs. Weblogic, Zeus, Netscape, Xitami, etc etc), there are millions of options for SLB and GLB (even deciding between the two is impossible). D) Even outside of products and software, you have your own organization. How the coders build web pages. How the HTML is done. Etc. If you don't have any dynamic content. If you are completely dynamic content and everything besides the main page is somewhere under /cgi-bin/. These are all organizational issues that are different with every company. Depending on your setup, a different product may fit your needs differently. E) SLB was grown out of the need for more bandwidth being pushed out to the Internet by machines in the $100 to $5000 price range. These machines at the time were 486's and no ubiquitous Fast or Gigabit Ethernet. For a high-end Unix box with Fast Ethernet, you were looking at $30,000 back then (at least). F) Now, you can buy a Titanium Powerbook with Gigabit Ethernet running Mach+BSD (MacOS X) for like $2000. You can get 2x CPU 1U machines running FreeBSD or Linux capable of pushing 2k pps for under $3000. The need for SLB may have changed over the years due to the hardware catching up to the bandwidth needs. The SLB/GLB market is so confusing, probably nobody has it figured out. However, I can recommend one box today
RE: beta exams at VUE - fail results? [7:39127]
Both the VUE and Sylvan beta test systems always register a fail after taking a beta exam. Even if you call them they will tell you the same. No need for alarm. Your real results will be emailed to you soon. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39165t=39127 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Gigastack Etherchannel [7:39033]
Incidentally, you can see a picture of this configuration at: http://home.earthlink.net/~kcobean/workstuff/pics/pic6.jpg or http://home.earthlink.net/~kcobean/workstuff/pics/pic10.jpg As usual, watch for URL wrap. HTH Kelly -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kelly Cobean Sent: Friday, March 22, 2002 10:21 AM To: [EMAIL PROTECTED] Subject: RE: Gigastack Etherchannel [7:39033] Ole, Here is our configuration(God I hope this doesn't get screwed up. Just in case, basically it's a looped configuration, using only one of the gig ports per switch, utilizing the second gig port on the 1st and 9th switch for uplink to the distribution layer. Gig0/2 on switches 2-8 are unused. The loop prevention mechanism in the IOS takes care of the loop configuration in the stack(what I read leads me to believe that it is something other than STP, but I could be wrong) then STP takes care of the loop in the two fiber uplinks, which connect to two different Cat6509's) ||(fiber uplink to distribution layer) || Switch1 |oo| |oo| || / |--- - | | | Switch2 |oo| |oo| | || / | | | Switch3 |oo| |oo| | || / | | | Switch4 |oo| |oo| | || / | | | Switch5 |oo| |oo| | || / | | | Switch6 |oo| |oo| | || / | | | Switch7 |oo| |oo| | || / | | | Switch8 |oo| |oo| | || / | | | Switch9 |oo| |oo| | ||| | -- || || (Uplink to Distibution Layer Hope this helps, Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I Network Engineer GRC International, Inc., an ATT company -Original Message- From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 8:51 AM To: 'Kelly Cobean'; [EMAIL PROTECTED] Subject: RE: Gigastack Etherchannel [7:39033] Kelly, On the GigaStack modules, are you using both ports on the module, or one port on two modules? Examples (use fixed font for best view): 1 module / 2 ports switch 1 [oo] [--] | switch 2 [oo] [--] | switch 3 [oo] [--] | switch 4 [oo] [--] 2 modules / 1 port switch 1 [oo] [oo] | switch 2 [oo] [oo] | switch 3 [oo] [oo] | switch 4 [oo] [oo] Thanks, Ole ~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~ http://www.RouterChief.com ~ Need a Job? http://www.OleDrews.com/job ~ -Original Message- From: Kelly Cobean [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 7:18 AM To: [EMAIL PROTECTED] Subject: RE: Gigastack Etherchannel [7:39033] Guys, If it helps any, here is a quote from Cisco's web siteLink below. Cascaded Stack Connections: You can connect from three to nine switches in a cascaded stack configuration. The cascaded stack operates in half-duplex mode. (This raises the debate about how many switches in the stack again, because now I've seen conflicting documentation that indicates 9 and 16) The link is http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/gbic/ig_gbic/mam oins.htm#xtocid357911 Watch for URL wrap. Our Switchstacks contain 9 3548's here, and the uplink ports with fiber GBIC modules default to full duplex, while the gigastack module ports default to half duplex. I think one of reasons for this is the fact that you are effectively splitting the port in half by connecting each of the two gigastack ports to different switches. Hope this helps. Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I Network Engineer GRC International, Inc., an ATT company -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Gaz Sent: Thursday, March 21, 2002 2:01 PM To: [EMAIL PROTECTED] Subject: Re: Gigastack Etherchannel [7:39033] Ole, Good question.. Dunno! I was just going to suggest that one 3548 could only talk to one other switch at full duplex. The Gigastack bus may equate to a shared media once another switch is attached, so needs to go to half duplex. This must be different for something like a 3508, as a 3508 can definitely take multiple full duplex connections when used as the hub of a star configuration. In fact now I've finished writing it, it seems reasonable. I will test this tomorrow as well. Anybody pick holes in that theory? Gaz
Traffic Analyses [7:39167]
HI Guys I wanted to know how much traffic is passing through my T1 or how much traffic is utilizing my T1 bandwidth. Tell me the most efficent and accurate way of finding it. Thanks, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39167t=39167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CAT4003 and 3com [7:39084]
yeah, since the move to cisoc, we no longer autonegotiate anything... Not reliable in any since of the word... Of course if we followed my suggestion we would be an extreme/juniper shop right now... :) Jitendra Joshi 03/22/02 03:24AM Remove the autonegotiate configuration for the ports. Set the desired 10/100 full/half duplex manually. I have experienced the same above solution worked, and learnt this events were symptons of some vendor auto negotiation mismatch. regards, Jiten. --- Patrick Ramsey wrote: funny you should mention that! I can't get cisco to autonegotiate with ANYTHING... 3com works with juniper/extreme/intel/ibm/etc Cisco works with Cisco heh 03/21/02 18:24 PM 3COM never auto-negotiates properly with Cisco, look for FCS errors on the switch ports. The best solution is to hardcode NICs to FD. The 'easiest' solution is to hardcode the switchports to HD. Mark Egan, CCIE #8775 wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Greetings, Any knowing problems out there with 3com cards and cat 4000 switches? I've a customer complaining when they insert new win2k with 3com cards, the whole network slows down. When the switch is rebooted everything is back to normal. The problem repeats when the add more win2k machine. Any ideas ThanksNabil Confidentiality Disclaimer This email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. (WellStar) and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards. http://movies.yahoo.com/ Confidentiality Disclaimer This email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. (WellStar) and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39168t=39084 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Traffic Analyses [7:39167]
a 486 with 16mb of ram, linux, and mrtg... -PAtrick Rafay Aslam 03/22/02 11:25AM HI Guys I wanted to know how much traffic is passing through my T1 or how much traffic is utilizing my T1 bandwidth. Tell me the most efficent and accurate way of finding it. Thanks, Confidentiality Disclaimer This email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. (WellStar) and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39169t=39167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Traffic Analyses [7:39167]
MRTG and any old computer running your favorite flavor of linux Rafay Aslam wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... HI Guys I wanted to know how much traffic is passing through my T1 or how much traffic is utilizing my T1 bandwidth. Tell me the most efficent and accurate way of finding it. Thanks, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39170t=39167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP exams [7:39172]
Are the CCNP exams going to a new format soon? I was talking with someone at my testing center and they said they will be changing the format soon. Anyone know when? Mark Villanova I3Mobile IT Engineer (TX) Main: 817-766-5000 Office: 817-766-5012 Mobile: 817-312-8955 Fax: 817-766-5001 Email: [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39172t=39172 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Traffic Analyses [7:39167]
As everyone else suggested, the free way to do it is run MRTG ( www.mrtg.org ). It can be run on Windows and Linux, better and easier to setup on LINUX. You then configure snmp on your 2600. The machine running mrtg will collect the snmp data and make a graph of your traffic utilization over your serial interface. Here is what a sample graph looks like : http://www.stat.ee.ethz.ch/mrtg/rou-gw-switch-1-lp_129.132.99.91.html It had it installed and running on linux in less than 30 minutes. The other way route is www.solarwinds.net but it costs too much money for me. Rafay Aslam wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Guys I wanted to know traffic utilization on my T1 which is connected with a Cisco2600 router. ? Patrick Ramsey wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... a 486 with 16mb of ram, linux, and mrtg... -PAtrick Rafay Aslam 03/22/02 11:25AM HI Guys I wanted to know how much traffic is passing through my T1 or how much traffic is utilizing my T1 bandwidth. Tell me the most efficent and accurate way of finding it. Thanks, Confidentiality DisclaimerThis email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. (WellStar) and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39175t=39167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Traffic Analyses [7:39167]
you mean something like this? This is a png of our internet connection Use mrtg http://people.ee.ethz.ch/~oetiker/webtools/mrtg/ Rafay Aslam 03/22/02 11:46AM Guys I wanted to know traffic utilization on my T1 which is connected with a Cisco2600 router. ? Patrick Ramsey wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... a 486 with 16mb of ram, linux, and mrtg... -PAtrick Rafay Aslam 03/22/02 11:25AM HI Guys I wanted to know how much traffic is passing through my T1 or how much traffic is utilizing my T1 bandwidth. Tell me the most efficent and accurate way of finding it. Thanks, Confidentiality DisclaimerThis email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. (WellStar) and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. Confidentiality Disclaimer This email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. (WellStar) and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. [GroupStudy.com removed an attachment of type image/png which had a name of jarjar_6-day.png] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39174t=39167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco's pps claims [7:38956]
All, I agree that the industry has settled on pps. And yes, the smaller the packet size the greater the number appears. However, if you look at the ratio of header to payload, smaller packet sizes seem to result in lower throughput as measured in bits or bytes. A larger packet size has a lower ratio and thus a greater throughput in raw ones and zeros. Studies I have seen in the past seem to support that theory. Any comments on that aspect? Regards, Scott Priscilla Oppenheimer wrote: The Layer 2 header changes whenever a router forwards a packet. For one thing, the Layer-2 destination address changes. The frame goes to the next hop. The router strips the Layer 2 header on the incoming packet, figures out where to forward the frame from a routing table or cache, and re-encapsulates the frame into a new Layer 2 header. The amount of processing required to strip an Ethernet header, figure out the destination port and encapsulation, and re-encapsulate into Frame Relay is essentially the same as the amount of overhead required to strip an Ethernet header, figure out the destination port and encapsulation, and re-encapsulate into an Ethernet header. Marc's point was that the amount of overhead is also the same regardless of the packet size. The job must be done whether it's a 46-byte or 1500-byte packet. And I like the way he said that shovelling the rest of the packet through is low overhead. That's true. Keep in mind, however, that the packets-per-second ratings are just vendor marketing departments trying to one up their competitors. So, they post the results of testing with 64 byte packets because that makes the number higher. More packets are coming in to get processed. Long packets take longer, not because of extra processing, but simply because of serialization delay. It's like a relay in a train-switching system. The relay doesn't have to do more work for long trains with many cars. But it still takes longer to get a long train through the relay than it does to get a short train through it. Priscilla --- Marc Thach Xuan Ky wrote: Sam, I think the question is: what is your average packet size? Using process or fast switching I should think that the packet size is almost irrelevant to the router. I have benchmarked many PCs and NICs running certain routing software. On a PCI bus PC the pps difference between 64 and 1518 octet frames was in the order of ten to twenty percent, i.e. the routing decision consumes the bulk of the CPU bandwidth, shovelling the rest of the packet through is low-overhead. Marc sam sneed wrote: I noticed Cisco uses pps when they give their specs for routers, firewalls, etc. What is the assumed packet size when they come up with these specs? I'm planning on using 2 2621's in HSRP mode (getting default routes via BGP) and need to be able to support a constant 10 Mb/sec and would like know if these routers will do the trick. thanks [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards. http://movies.yahoo.com/ Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39177t=38956 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Traffic Analyses [7:39167]
An excellent piece of software is Concord. It uses SNMP to poll all the intefaces on all the routers in your network and gather bandwidth usage data from any day or time period. As weel as other useful things. Danny Rafay Aslam wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... HI Guys I wanted to know how much traffic is passing through my T1 or how much traffic is utilizing my T1 bandwidth. Tell me the most efficent and accurate way of finding it. Thanks, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39176t=39167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Gigastack Etherchannel [7:39033]
Hi Kelly, So, from what we've discussed the stack is half duplex then. In fact, just read your previous post and that's what you said. Doh! To make it full duplex you would need another 3 Gigastack cards and keep it to one cable per module. And in that case, you'd probably be better changing the priorities so that the link between for instance switch 3 and 4 was blocking, so that both uplinks could be used. In fact, even with the existing set up, is that not a workable idea anyway? Not sure? Your thoughts? Incidentally, those cables are a bit tidy. Does it still work OK like that. Never seen it before. :-) Kelly Cobean wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Incidentally, you can see a picture of this configuration at: http://home.earthlink.net/~kcobean/workstuff/pics/pic6.jpg or http://home.earthlink.net/~kcobean/workstuff/pics/pic10.jpg As usual, watch for URL wrap. HTH Kelly -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kelly Cobean Sent: Friday, March 22, 2002 10:21 AM To: [EMAIL PROTECTED] Subject: RE: Gigastack Etherchannel [7:39033] Ole, Here is our configuration(God I hope this doesn't get screwed up. Just in case, basically it's a looped configuration, using only one of the gig ports per switch, utilizing the second gig port on the 1st and 9th switch for uplink to the distribution layer. Gig0/2 on switches 2-8 are unused. The loop prevention mechanism in the IOS takes care of the loop configuration in the stack(what I read leads me to believe that it is something other than STP, but I could be wrong) then STP takes care of the loop in the two fiber uplinks, which connect to two different Cat6509's) ||(fiber uplink to distribution layer) || Switch1 |oo| |oo| || / |--- - | | | Switch2 |oo| |oo| | || / | | | Switch3 |oo| |oo| | || / | | | Switch4 |oo| |oo| | || / | | | Switch5 |oo| |oo| | || / | | | Switch6 |oo| |oo| | || / | | | Switch7 |oo| |oo| | || / | | | Switch8 |oo| |oo| | || / | | | Switch9 |oo| |oo| | ||| | -- || || (Uplink to Distibution Layer Hope this helps, Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I Network Engineer GRC International, Inc., an ATT company -Original Message- From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 8:51 AM To: 'Kelly Cobean'; [EMAIL PROTECTED] Subject: RE: Gigastack Etherchannel [7:39033] Kelly, On the GigaStack modules, are you using both ports on the module, or one port on two modules? Examples (use fixed font for best view): 1 module / 2 ports switch 1 [oo] [--] | switch 2 [oo] [--] | switch 3 [oo] [--] | switch 4 [oo] [--] 2 modules / 1 port switch 1 [oo] [oo] | switch 2 [oo] [oo] | switch 3 [oo] [oo] | switch 4 [oo] [oo] Thanks, Ole ~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~ http://www.RouterChief.com ~ Need a Job? http://www.OleDrews.com/job ~ -Original Message- From: Kelly Cobean [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 7:18 AM To: [EMAIL PROTECTED] Subject: RE: Gigastack Etherchannel [7:39033] Guys, If it helps any, here is a quote from Cisco's web siteLink below. Cascaded Stack Connections: You can connect from three to nine switches in a cascaded stack configuration. The cascaded stack operates in half-duplex mode. (This raises the debate about how many switches in the stack again, because now I've seen conflicting documentation that indicates 9 and 16) The link is http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/gbic/ig_gbic/mam oins.htm#xtocid357911 Watch for URL wrap. Our Switchstacks contain 9 3548's here, and the uplink ports with fiber GBIC modules default to full duplex, while the gigastack module ports default to half duplex. I think one of reasons for this is the fact that you are effectively splitting the port in half by connecting each of the two gigastack ports to different switches. Hope this helps. Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I Network Engineer GRC International, Inc., an ATT company -Original Message-
RE: Traffic Analyses [7:39167]
I wanted to know traffic utilization on my T1 which is connected with a Cisco2600 router. MRTG is a freeware perl script that was written to gather router/switch interface statistics using SNMP. It creates attractive graphs and many of us use it to do long-term monitoring/graphing of their connections. You can get more information at www.mrtg.org. Of course, you could just do a SHOW INTERFACE command on the serial port and add the two data rates togetherif you just want to check once. CO05R201#sh int s0/0 Serial0/0 is up, line protocol is up [snip] 5 minute input rate 579000 bits/sec, 132 packets/sec 5 minute output rate 1241000 bits/sec, 242 packets/sec [snip] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39179t=39167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Ramping up throughput to measure bandwidth cap [7:39035]
I have used ttcp as recently as yesterday. I think an Enterprise IOS is required to run it between routers. Cisco recommends that you run ttcp through routers instead of on them. This has to do with the way the router prioritizes traffic that it generates vs. traffic that it routes. Beware the bandwidth*delay product and let us know how your testing goes. Regards, Scott sam sneed wrote: not sure if this is still implemented: http://www.cisco.com/warp/public/471/ttcp.html wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Just wondering if someone could help me out. I am trying to measure the link capacity over a satellite link (VSAT) and wondered if there is way of being able to ramp up the throughput until saturation point from the CLI? Best Regards Scott Forbes Network Support Design Team INVSAT Limited, Arnhall Business Park, Westhill, Aberdeenshire, Scotland, UK. www.invsat.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39180t=39035 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Gigastack Etherchannel [7:39033]
That's firewire between the switches, isn't it? Shawn K. -Original Message- From: Kelly Cobean [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 11:19 AM To: [EMAIL PROTECTED] Subject: RE: Gigastack Etherchannel [7:39033] Incidentally, you can see a picture of this configuration at: http://home.earthlink.net/~kcobean/workstuff/pics/pic6.jpg or http://home.earthlink.net/~kcobean/workstuff/pics/pic10.jpg As usual, watch for URL wrap. HTH Kelly -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kelly Cobean Sent: Friday, March 22, 2002 10:21 AM To: [EMAIL PROTECTED] Subject: RE: Gigastack Etherchannel [7:39033] Ole, Here is our configuration(God I hope this doesn't get screwed up. Just in case, basically it's a looped configuration, using only one of the gig ports per switch, utilizing the second gig port on the 1st and 9th switch for uplink to the distribution layer. Gig0/2 on switches 2-8 are unused. The loop prevention mechanism in the IOS takes care of the loop configuration in the stack(what I read leads me to believe that it is something other than STP, but I could be wrong) then STP takes care of the loop in the two fiber uplinks, which connect to two different Cat6509's) ||(fiber uplink to distribution layer) || Switch1 |oo| |oo| || / |--- - | | | Switch2 |oo| |oo| | || / | | | Switch3 |oo| |oo| | || / | | | Switch4 |oo| |oo| | || / | | | Switch5 |oo| |oo| | || / | | | Switch6 |oo| |oo| | || / | | | Switch7 |oo| |oo| | || / | | | Switch8 |oo| |oo| | || / | | | Switch9 |oo| |oo| | ||| | -- || || (Uplink to Distibution Layer Hope this helps, Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I Network Engineer GRC International, Inc., an ATT company -Original Message- From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 8:51 AM To: 'Kelly Cobean'; [EMAIL PROTECTED] Subject: RE: Gigastack Etherchannel [7:39033] Kelly, On the GigaStack modules, are you using both ports on the module, or one port on two modules? Examples (use fixed font for best view): 1 module / 2 ports switch 1 [oo] [--] | switch 2 [oo] [--] | switch 3 [oo] [--] | switch 4 [oo] [--] 2 modules / 1 port switch 1 [oo] [oo] | switch 2 [oo] [oo] | switch 3 [oo] [oo] | switch 4 [oo] [oo] Thanks, Ole ~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~ http://www.RouterChief.com ~ Need a Job? http://www.OleDrews.com/job ~ -Original Message- From: Kelly Cobean [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 7:18 AM To: [EMAIL PROTECTED] Subject: RE: Gigastack Etherchannel [7:39033] Guys, If it helps any, here is a quote from Cisco's web siteLink below. Cascaded Stack Connections: You can connect from three to nine switches in a cascaded stack configuration. The cascaded stack operates in half-duplex mode. (This raises the debate about how many switches in the stack again, because now I've seen conflicting documentation that indicates 9 and 16) The link is http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/gbic/ig_gbic/mam oins.htm#xtocid357911 Watch for URL wrap. Our Switchstacks contain 9 3548's here, and the uplink ports with fiber GBIC modules default to full duplex, while the gigastack module ports default to half duplex. I think one of reasons for this is the fact that you are effectively splitting the port in half by connecting each of the two gigastack ports to different switches. Hope this helps. Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I Network Engineer GRC International, Inc., an ATT company -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Gaz Sent: Thursday, March 21, 2002 2:01 PM To: [EMAIL PROTECTED] Subject: Re: Gigastack Etherchannel [7:39033] Ole, Good question.. Dunno! I was just going to suggest that one 3548 could only talk to one other switch at full duplex. The Gigastack bus may equate to a shared media once another switch is attached, so needs to go to half duplex. This must be different for something like a 3508, as a
Sample Config [7:39185]
Hey can anyone provide some sample configs for a 7206VXR Clear Channel DS3? Also a subrate? Iv got a 7206 with a PA2-T3 card. One of the DS3's is going to be a full 45mb the second will be a 6mb. Any caveats or heads up that I should be aware of when bringing up these links? Anyone have an experience to share? Thanks! Richard Tufaro Network Engineer Anda Inc. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39185t=39185 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Traffic Analyses [7:39167]
Patrick Ramsey 03/22 11:35 AM a 486 with 16mb of ram, linux, and mrtg... -PAtrick Rafay Aslam 03/22/02 11:25AM HI Guys I wanted to know how much traffic is passing through my T1 or how much traffic is utilizing my T1 bandwidth. Tell me the most efficent and accurate way of finding it. Thanks, Confidentiality Disclaimer This email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. (WellStar) and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39186t=39167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Classful Prefix-list [7:39113]
I believe this will do what you are looking for. I did a little testing and it seemed to work well: ip prefix-list classful seq 5 permit 0.0.0.0/1 ge 8 le 8 ip prefix-list classful seq 10 permit 128.0.0.0/2 ge 16 le 16 ip prefix-list classful seq 15 permit 192.0.0.0/3 ge 24 le 24 Hope that helps, Rob. CCIE 6922 William Lijewski wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Can someone tell me how to create a Prefix-list to only alow classful routes for BGP. I know you can do the following with an extended access-list: access-list 100 permit ip 0.0.0.0 127.0.0.0 host 255.0.0.0 access-list 100 permit ip 128.0.0.0 63.255.0.0 host 255.255.0.0 access-list 100 permit ip 192.0.0.0 31.255.255.0 host 255.255.255.0 Is there way to do it? Any good reading material on Prefix-lists? Thanks in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39187t=39113 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Coyotepoint Load Balancers [7:38953]
You're right, the Cisco/Arrowpoint box doesn't do this very well, either. We're not using SSL acceleration yet, but we're currently redesigning that part of the network to include it. I don't know if there are any boxes that can do URL testing easily. I believe there are some that support scripting of some sort and I think that's about the only way to do this correctly. John Gaz 3/22/02 10:13:17 AM Do you use SSL accelerators John. One problem we've had with Foundry is that the health checking for SSL is not up to scratch because the box cannot simulate a real attempt at a URL like it would with http, it just sees port 443 is available on the accelerator and never gets as far as the back end server. Needs to actually test a URL with 128 bit encryption. I don't think Cisco (Arrowpoint) will do it either? Are there any other boxes that do this properly? Gaz John Neiberger wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... That's interesting. We've been using the Arrowpoint switch for load-balancing with sticky SSL sessions for over a year now and have had no problems at all. However, we're going to be replacing that box with two of something-or-other, we just haven't decided on what yet. John sam sneed 3/22/02 8:35:56 AM First off, failover takes close to a minute which is a lot more than Cisco advertises(in HA config). Second they're supposed to provide for load balancing using SSL. This simply does not work on ours even though we followed the config on their site exactly. Third they're very tempermental. We migrated them to another switch and expected a little downtime during the move. We moved them, they came up, showed all services were good but in actuality all services were down. We had to power down both CS11152 and the Extreme switch they were connected to get services back up. Mind you that all the servers that were behind the CS11152 were pingable and reachable up to Layer 3 so NAT and L3 were working, only the services the load balancers were supposed to provide were down. Cost us a lot of aggravation and almost my job. Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... What problems have you had with the Arrowpoint Sam? We do mainly Foundry for load balancing, and I have to say (as I'm not using my work e-mail address :-)) that they have been flaky as hell. We work fairly closely with Foundry (when we can get in touch), but every box seems to work differently with every image. You get in to the habit of finding an image that works and leave it alone. It's a horrible feeling when security advisories come out recommending upgrades, and you just know it's going to introduce other issues. We haven't deployed the Arrowpoint on any really big projects, but they do seem to offer more functionality than the Foundry in some areas (not forgetting the massive price difference), so I'm interested to hear what problems have arisen with them. Thanks, Gaz sam sneed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a pair of CS11152 (former arrowpoints) and they've been flaky. I do not recommend them. Not sure about coyotepoint. dre wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Coyotepoint was the first server load balancing device I had ever heard of outside of your basic LSNAT configuration (I think Cisco calls it NAT load-sharing or something, but there is an RFC also). However, I've never actually seen one in production on any network. Around 1997-8 the Cisco Local Director was the only box I saw, and most people hated them. Then, the F5 Big/IP box became popular (and it still sort of is). A whole bunch of people started entering the market space of SLB and Global Load-Balancing. In the past few years, companies like Arrowpoint and Alteon got bought by Cisco and Nortel. Now you even have places like Akamai doing GLB for places like Yahoo. After I've read the RFC's, and patents like US6185598, US108703, and US6052718, and worked with SLB and GLB for years, I've finally come to a few conclusions: A) The SLB/GLB marketing and focus is silicon snake oil B) Just like the computer security industry, [it's] like a carnival game, where people throw ducks at balloons, and nothing is as it seems C) It really depends on *your* environment. Just as there are millions of options for web servers and web programming languages (e.g. .NET, J2EE, Apache+PHP+MySQL, Apache+mod_perl, MS NT4 IIS/ISAPI, WebSphere vs. Weblogic, Zeus, Netscape, Xitami, etc etc), there are millions of options for SLB and GLB (even deciding between the two is impossible). D) Even outside of products and software, you have your own organization. How the coders build web pages. How the HTML is done. Etc. If you don't have any
Re: CCIE# 8971 [7:39110]
Congrats! ~d Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39189t=39110 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP exams [7:39172]
Why is everyone so worried about the new exam format? Wouldn't it be amazing if someone with a certification could actually do something? If simulations and a new format are scaring you that bad you shouldn't even be taking the exams -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mark Villanova Sent: Friday, March 22, 2002 10:46 AM To: [EMAIL PROTECTED] Subject: CCNP exams [7:39172] Are the CCNP exams going to a new format soon? I was talking with someone at my testing center and they said they will be changing the format soon. Anyone know when? Mark Villanova I3Mobile IT Engineer (TX) Main: 817-766-5000 Office: 817-766-5012 Mobile: 817-312-8955 Fax: 817-766-5001 Email: [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39190t=39172 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Blocking OSPF LSA [7:39191]
I know how to reduce the number of LSA's being injected into an area by an ABR by using the stub, no-summary command. However, area 3 LSA's are still sent into the area (default route LSA). I know I cab stop them with database filter, but does anyone know of another way to block all LSA's? Thanks, Larry Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39191t=39191 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Catalyst 6509 [7:39192]
Hello Folks, I need help understanding this logic. I have Catalyst 6509 switch with 4 Vlans. I have done configuration which is recommended by Cisco. Here is the details. VLAN 2 Users: Subnet 10.0.2.0/24 VLAN 3 Servers Subnet 10.0.3.0/24 VLAN 4 PBX Application Subnet 10.0.4.0/24 VLAN 5 Management Vlan Subnet 10.0.5.0/24 Catalyst 6509 has dual IOS. The catalyst IOS for switch and Cisco IOS for the router blade. I have assigned IP address 10.0.5.2 to the SC0 interface and assigned IP address 10.0.5.1/24 to VLAN 5 that I created in cisco IOS. By doing this I can telnet to both from my PC which is in user vlan. I believe I will also have to do a default gateway command in SC0 interface and gateway should be pointing to 10.0.5.1 (VLAN 5's IP address) in order for me to telnet the catalyst IOS from different VLANS. Am I approaching the correct path? Please advise. I am not using VLAN 1 as not recommended by Cisco. What disadvantage I would have had if I would choose VLAN 1 for the management. I am also using a totally different subnet for the management per guidelines, but I could have put SC0 in a VLAN 2 and could have used the IP address from the user VLAN 2 and by doing that I would not have to create a VLAN 5. Is there any real advantage for using a totally separate VLAN for the management purpose. Some guidelines say that it is really secured by using a different VLAN other than VLAN 1 or any other VLANS which are used for Users, Servers etc. Can someone explain how? Regards, Ali Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39192t=39192 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IDS blade [7:39193]
Has anyone ever configured IDS module for catalyst 6500 series router? I tried browsing Cisco Website, but did not find any help in terms of installing and configuring the IDS blade. Can someone point me to correct link? Regards, Ali Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39193t=39193 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 3015 VPN Concentrator MTU's - A More Specific Explanation [7:39194]
Daniel, I reread my original post and did something I've done before: Been so involved in thinking about a problem I left out perhaps the most important piece of info thinking that everybody would know what I was working on. I'm not sure if that's attributable to presenile dementia or just having a one track mind. :-) Here's the description of the problem with more specifics - We have a Cisco 3015 VPN Concentrator connected to the Internet via a T1. Our vendor has a Netopia R9100 router connected to the Internet via DSL. I've set up a LAN to LAN IPSec tunnel between the two that works fine right up until I attempt to send actual data across (i.e.ICMP traffic passes because of small packet size but true data does not). When I test for the point that data fails due to too large packet size on the side of the Netopia router I find that somewhere between 1350 bits and 1375 bits I have near 100% transmission success (send multiple pings into the Netopia's network via the IPSec tunnel with different data sizes to find a 100% reply rate as well as watch packets on the Netopia until the number of fragments reduces to none for the ping session). There appears to be no way to reduce or increase MTU size on either device which leaves me with finding a way to reduce the size of the IPSec header. My first thoughts are to change from SHA to MD5 authentication (160 bits to 128?), and change the Diffie-Hellman Group setting from Group 2 to Group 1 (1024 bits vs 768). I have no idea if this will affect header size since I don't understand IPSec beyond setting it up. I'll begin/rebegin working on this problem Monday and search CCO for that type of info. Any suggestions would be appreciated (and yes, I too would like for them to get a better router). Thanks, David Armstrong Daniel Cotts wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm not quite sure exactly what boxes form the IPSec relationship. Are you saying (a) the Netopia talks directly to the 3015 or (b) PCs (who would have VPN Client software) on the LAN side of the Netopia are talking to the 3015? When installing the VPN Client you are prompted to change the MTU size I believe to 1460. Make sure that the Netopia isn't blocking your traffic. Try this: http://www.cisco.com/warp/public/471/vpn_3000_faq.shtml#Q3 You might want the entire FAQ section. Just leave off the #Q3 of the above URL. One level higher - watch the wrap: http://www.cisco.com/warp/public/471/top_issues/vpn/vpn_index.shtml -Original Message- From: David Armstrong [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 21, 2002 12:31 PM To: [EMAIL PROTECTED] Subject: Re: 3015 VPN Concentrator MTU's [7:39010] Unfortunately the Netopia's MTU size can't be changed so nothing is an option. I'm interested in your thought on which side needs changing though. Packets larger than (somewhere around) 1400 bits can't traverse the Netoia R9100 but can traverse the 3015 VPN Concentrator. To me that would seem to mean that the size of the packets sent from the 3015 to the Netopia are too large for the Netopia. Increasing the Netopia's MTU would allow it to see larger frames and therefore not fragment them as they come across. Since I'm able to sit on the Netopia and send packets across the 3015 into our network but am unable to send them from inside the Netopia's network across to the 3015 it seems that the problem is stemming from too small MTU size on the Netopia (packet comes to the inside interface of the Netopia R9100, is encapsulated and framed with an IPSec header added to the frame for encryption then sent to the outside interface of the Netopia. The outside interface fragments frames greater than 1500 bits and thus sends fragments out the DSL modem into the Internet - I think). I could be thinking in the wrong direction though and if I am would like to get thinking in the right. Currently it doesn't appear that I can decrease or increase MTU size on either device which leaves me thinking that my options are two: get a router to replace the Netopia that allows changes to MTU or change the settings for IPSec to decerase the size of the header it adds to the packet when the frame is created. I'm focusing on the second now. I need to get a better understanding of the components of IPSec first though. Thanks for you input, David Armstrong Daniel Cotts wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Seems that you need to decrease the MTU on the client (Netopia) side rather than increase it. -Original Message- From: David Armstrong [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 20, 2002 11:17 PM To: [EMAIL PROTECTED] Subject: 3015 VPN Concentrator MTU's [7:39010] We have a 3015 VPN concentrator that I've connected to a vendor who has a Netopia R9100 router with a DSL (PPOE) connection
RE: CISCO 2500 router [7:39135]
I've also seen this type of error, it was a flash module. I've also had problems with one of them not being quite seated correctly, but that was after transporting the 2500 Regards Mike Munn -Original Message- From: Danny [mailto:[EMAIL PROTECTED]] Sent: 22 March 2002 13:59 To: [EMAIL PROTECTED] Subject: Re: CISCO 2500 router [7:39135] I have seen that before. If I remember correctly, the router had corrupted memory. Ole Drews Jensen wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have not seen that error myself, but maybe this is what's happening (copied from cco): Adding the command distribute-list access-list out rip to an active IPX ROUTER NLSP process causes the router to display the following error message, after which the router reloads: Local Timeout (control reg=0x118) Error, address: 0x4000C74 at 0x30F4D7C (PC) Hth, Ole ~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~ http://www.RouterChief.com ~ Need a Job? http://www.OleDrews.com/job ~ -Original Message- From: Biswajeet Das [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 5:48 AM To: [EMAIL PROTECTED] Subject: CISCO 2500 router [7:39135] Hi, I have a CISCO 2500 series router and last time there was a power problem due to which now everytime I boot I get the following message System Bootstrap, Version 11.0(10 C), SOFTWARE Copyright (C) 1986-1996 by Cisco Systems 2500 processor with 2048 Kbytes of main memory Local Timeout (control reg=0x118) Error, address 0x213 at 0x10109DA(PC) The above message keeps on repeating and the OK LED in front of the Router keeps blinking continuously. What could be the problem and the solution for it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39195t=39135 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP exams [7:39172]
something? If simulations and a new format are scaring you that bad you shouldn't even be taking the exams I understand what you are saying, but your comments are simplistic. There are a lot of people out there with considerable experience and skill that are not good test takers (a good friend of mine is one of them). People that are not native English speakers can also have problems with these exams. Many of the certification exams test your ability to memorize command syntax (that in real life you'd use the ? for), have trick questions, or flat out have poor wording. To think that these exams are an accurate reflection of ability is tough to believe. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39196t=39172 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP Recert exam 640-519 questions [7:39197]
I need to renew my CCNP in June. I'm Looking for some direction on preparing for the 640-519 exam? Has anyone taken this and can anyone provide some helpful notes/tips on preparing for this exam? -- John A. Gesualdi,CCNP, CCDP, MCSE 2000 [EMAIL PROTECTED] The Providence Journal Company Phone (401)277-8133 Pager (401)785-6938 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39197t=39197 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 3015 VPN Concentrator MTU's [7:39010]
Daniel, I reread my original post and did something I've done before: Been so involved in thinking about a problem I left out perhaps the most important piece of info thinking that everybody would know what I was working on. I'm not sure if that's attributable to presenile dementia or just having a one track mind. :-) Here's the description of the problem with more specifics - We have a Cisco 3015 VPN Concentrator connected to the Internet via a T1. Our vendor has a Netopia R9100 router connected to the Internet via DSL. I've set up a LAN to LAN IPSec tunnel between the two that works fine right up until I attempt to send actual data across (i.e.ICMP traffic passes because of small packet size but true data does not). When I test for the point that data fails due to too large packet size on the side of the Netopia router I find that somewhere between 1350 bits and 1375 bits I have near 100% transmission success (send multiple pings into the Netopia's network via the IPSec tunnel with different data sizes to find a 100% reply rate as well as watch packets on the Netopia until the number of fragments reduces to none for the ping session). There appears to be no way to reduce or increase MTU size on either device which leaves me with finding a way to reduce the size of the IPSec header. My first thoughts are to change from SHA to MD5 authentication (160 bits to 128?), and change the Diffie-Hellman Group setting from Group 2 to Group 1 (1024 bits vs 768). I have no idea if this will affect header size since I don't understand IPSec beyond setting it up. I'll begin/rebegin working on this problem Monday and search CCO for that type of info. Any suggestions would be appreciated (and yes, I too would like for them to get a better router). Thanks, David Armstrong Daniel Cotts wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm not quite sure exactly what boxes form the IPSec relationship. Are you saying (a) the Netopia talks directly to the 3015 or (b) PCs (who would have VPN Client software) on the LAN side of the Netopia are talking to the 3015? When installing the VPN Client you are prompted to change the MTU size I believe to 1460. Make sure that the Netopia isn't blocking your traffic. Try this: http://www.cisco.com/warp/public/471/vpn_3000_faq.shtml#Q3 You might want the entire FAQ section. Just leave off the #Q3 of the above URL. One level higher - watch the wrap: http://www.cisco.com/warp/public/471/top_issues/vpn/vpn_index.shtml -Original Message- From: David Armstrong [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 21, 2002 12:31 PM To: [EMAIL PROTECTED] Subject: Re: 3015 VPN Concentrator MTU's [7:39010] Unfortunately the Netopia's MTU size can't be changed so nothing is an option. I'm interested in your thought on which side needs changing though. Packets larger than (somewhere around) 1400 bits can't traverse the Netoia R9100 but can traverse the 3015 VPN Concentrator. To me that would seem to mean that the size of the packets sent from the 3015 to the Netopia are too large for the Netopia. Increasing the Netopia's MTU would allow it to see larger frames and therefore not fragment them as they come across. Since I'm able to sit on the Netopia and send packets across the 3015 into our network but am unable to send them from inside the Netopia's network across to the 3015 it seems that the problem is stemming from too small MTU size on the Netopia (packet comes to the inside interface of the Netopia R9100, is encapsulated and framed with an IPSec header added to the frame for encryption then sent to the outside interface of the Netopia. The outside interface fragments frames greater than 1500 bits and thus sends fragments out the DSL modem into the Internet - I think). I could be thinking in the wrong direction though and if I am would like to get thinking in the right. Currently it doesn't appear that I can decrease or increase MTU size on either device which leaves me thinking that my options are two: get a router to replace the Netopia that allows changes to MTU or change the settings for IPSec to decerase the size of the header it adds to the packet when the frame is created. I'm focusing on the second now. I need to get a better understanding of the components of IPSec first though. Thanks for you input, David Armstrong Daniel Cotts wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Seems that you need to decrease the MTU on the client (Netopia) side rather than increase it. -Original Message- From: David Armstrong [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 20, 2002 11:17 PM To: [EMAIL PROTECTED] Subject: 3015 VPN Concentrator MTU's [7:39010] We have a 3015 VPN concentrator that I've connected to a vendor who has a Netopia R9100 router with a DSL (PPOE) connection
RE: Gigastack Etherchannel [7:39033]
As Cisco puts it on their web site. The GigaStack GBIC cables are proprietary, high-data-rate cables with enhanced signal integrity and EMI performance. Caution Do not use standard IEEE 1394 cables with the GigaStack GBIC. -Original Message- From: Kaminski, Shawn G [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 12:12 PM To: 'Kelly Cobean' Cc: 'Groupstudy' Subject: RE: Gigastack Etherchannel [7:39033] That's firewire between the switches, isn't it? Shawn K. -Original Message- From: Kelly Cobean [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 11:19 AM To: [EMAIL PROTECTED] Subject: RE: Gigastack Etherchannel [7:39033] Incidentally, you can see a picture of this configuration at: http://home.earthlink.net/~kcobean/workstuff/pics/pic6.jpg or http://home.earthlink.net/~kcobean/workstuff/pics/pic10.jpg As usual, watch for URL wrap. HTH Kelly -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kelly Cobean Sent: Friday, March 22, 2002 10:21 AM To: [EMAIL PROTECTED] Subject: RE: Gigastack Etherchannel [7:39033] Ole, Here is our configuration(God I hope this doesn't get screwed up. Just in case, basically it's a looped configuration, using only one of the gig ports per switch, utilizing the second gig port on the 1st and 9th switch for uplink to the distribution layer. Gig0/2 on switches 2-8 are unused. The loop prevention mechanism in the IOS takes care of the loop configuration in the stack(what I read leads me to believe that it is something other than STP, but I could be wrong) then STP takes care of the loop in the two fiber uplinks, which connect to two different Cat6509's) ||(fiber uplink to distribution layer) || Switch1 |oo| |oo| || / |--- - | | | Switch2 |oo| |oo| | || / | | | Switch3 |oo| |oo| | || / | | | Switch4 |oo| |oo| | || / | | | Switch5 |oo| |oo| | || / | | | Switch6 |oo| |oo| | || / | | | Switch7 |oo| |oo| | || / | | | Switch8 |oo| |oo| | || / | | | Switch9 |oo| |oo| | ||| | -- || || (Uplink to Distibution Layer Hope this helps, Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I Network Engineer GRC International, Inc., an ATT company -Original Message- From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 8:51 AM To: 'Kelly Cobean'; [EMAIL PROTECTED] Subject: RE: Gigastack Etherchannel [7:39033] Kelly, On the GigaStack modules, are you using both ports on the module, or one port on two modules? Examples (use fixed font for best view): 1 module / 2 ports switch 1 [oo] [--] | switch 2 [oo] [--] | switch 3 [oo] [--] | switch 4 [oo] [--] 2 modules / 1 port switch 1 [oo] [oo] | switch 2 [oo] [oo] | switch 3 [oo] [oo] | switch 4 [oo] [oo] Thanks, Ole ~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~ http://www.RouterChief.com ~ Need a Job? http://www.OleDrews.com/job ~ -Original Message- From: Kelly Cobean [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 7:18 AM To: [EMAIL PROTECTED] Subject: RE: Gigastack Etherchannel [7:39033] Guys, If it helps any, here is a quote from Cisco's web siteLink below. Cascaded Stack Connections: You can connect from three to nine switches in a cascaded stack configuration. The cascaded stack operates in half-duplex mode. (This raises the debate about how many switches in the stack again, because now I've seen conflicting documentation that indicates 9 and 16) The link is http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/gbic/ig_gbic/mam oins.htm#xtocid357911 Watch for URL wrap. Our Switchstacks contain 9 3548's here, and the uplink ports with fiber GBIC modules default to full duplex, while the gigastack module ports default to half duplex. I think one of reasons for this is the fact that you are effectively splitting the port in half by connecting each of the two gigastack ports to different switches. Hope this helps. Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I Network Engineer GRC International, Inc., an
RE: CCNP exams [7:39172]
You are absolutely correct about the people who are not native English speakers and the people that are bad test takers, but I don't think the people that are complaining about exam formats fall into that category. I am been nailed with more email about Cisco and the new exam format than I care to hear about. As far as tricky wording and poor questions, hey that happens and even the best test takers get nailed with those. It is an associate level exam; the simulations cannot be that difficult. What is the worst that Cisco is going to have you do? Cisco could do like Extreme networks and make you take a hands-on lab for the basic certification. -Original Message- From: Lomker, Michael [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 12:41 PM To: Matthew Meiers Cc: Groupstudy (E-mail) Subject: RE: CCNP exams [7:39172] something? If simulations and a new format are scaring you that bad you shouldn't even be taking the exams I understand what you are saying, but your comments are simplistic. There are a lot of people out there with considerable experience and skill that are not good test takers (a good friend of mine is one of them). People that are not native English speakers can also have problems with these exams. Many of the certification exams test your ability to memorize command syntax (that in real life you'd use the ? for), have trick questions, or flat out have poor wording. To think that these exams are an accurate reflection of ability is tough to believe. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39201t=39172 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Coyotepoint Load Balancers [7:38953]
I asked Nortel/Alteon how there web switches compare with Coyotepoint, this is what they sent me. If you feel like filling in what Aeropoint can do, feel free. I thought it was cool that it can do SSL load balancing. The other thing about coyote only having 2 ports, ports go bad a lot on web devices with high volume. Maybe coyote was suggested because it is cheaper. COMPETITIVE BULLETIN Coyote Point Equalizer Web Solutions Product MarketingMarch 2002 Should You Trust Your Network To An Appliance b Coyote Pointbs Equalizer is a single-application appliance, with a PC-based architecture that canbt scale as your network grows Alteon ACEdirector 4 Web Switch Alteon Web Switches are purpose-built, intelligent traffic managers that support multiple Layer 2-7 applications on a single box Key Alteon Differentiators When Considering the Coyote Point Equalizer for Server Load Balancing Alteon provides a proven all-in-one Web switching solution for L4-7 local-global Server Load Balancing, Web Cache Redirection, and VPN / Firewall Load Balancing o' Coyote Pointbs Equalizer cannot support multiple services/applications on the same box. o' Nortel Networks can provide local and global server load balancing, application redirection, Secure Sockets Layer (SSL) load balancing, URL-based redirection and load balancing, streaming media load balancing, wireless gateway load balancing, intrusion detection load balancing and advanced TCP/IP filtering functions within a single Web switch. Alteonbs Virtual Matrix Architecture takes distributed processing to the next level, providing customers with the best of both distributed and centralized switching o' Alteonbs VMA is a hybrid architecture that enables the switch to aggregate the processing power of ASICs on every port. VMA makes optimal use of all distributed processing and memory resources and applies them to the ports actively handling traffic. o' Alteonbs VMA switching architecture is a proven solution. Customers have been successfully using the VMA architecture for high performance IP switching since April 2000. Alteon provides advanced Layer 7 features Coyote Pointbs Equalizer Lacks Equalizer lacks key Web OS 9.0 features and support: o' No support for wireless users. Alteon supports wireless users via WAP gateway load balancing. o' No security solution: Alteon supports load balancing intrusion detection system (IDS) servers. o' No support for GSLB persistence. Alteon supports GSLB persistence via cookie rewrite mode. Because F5bs GSLB and persistence features are not integrated, they cannot ensure that a user will be routed to the same remote server. Alteonbs Active-Active Redundancy optimizes switching resources, ensures high availability, and maximizes service traffic throughput o' Coyote Pointbs appliances do not provide true Active-Active support. While they state that they provide bmission-critical services for which high availability and fault tolerance are essential,b two (or more) Equalizers can only be configured in ba hot-backup configurationb on a network. This means that one device is actively processing traffic, while the other is simply providing redundancy. o' Alteon switches enable redundancy to eliminate any single point of failure and true High Availability, where both load balancers can actively process traffic and provide backup for each other at the same time. o' Alteon support for High Availability configurations optimizes switching resources and results in better investment protection. Summary A PC-based appliance cannot provide the performance, reliability, and scalability of Nortel Networks Alteon Web switching solutions under real-world conditions. When considering Coyote Pointbs Equalizer load balancing product, ask yourself the following questions? o' Can it support multiple load balancing applications on a single box? o' Can it provide the flexibility, scalability, and ultimately, the reliability crucial to ensuring mission critical application support? Alteonbs proven performance, scalability, and High Availability provide optimum throughput, multi-application flexibility, and a better return on your investment as your business grows. For More Information To learn more about the features and capabilities of Alteon Web Switches and the entire Alteon Product Portfolio, visit the website links below: Alteon Web Switching Portfolio: http://www.nortelnetworks.com/products/01/alteon/index.html Alteon ACEdirector (AD) Series: http://www.nortelnetworks.com/products/01/alteon/acedir/index.html# Alteon 180 Series: http://www.nortelnetworks.com/products/01/alteon/alt180/index.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39200t=38953 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and
RE: CCNP exams [7:39172]
The real issue isnt that hands on testing is good/bad (I think its great if you want to test me, give me a router with a problem and see if I can fix it.). The real issue is two fold: First, the testing engine doesnt use real IOS, its a simulator, meaning that some commands have to be typed out completely and some commands can be truncated but only in certain ways (i.e. config t might work, but conf t might not or int s 0 might work but interface s0 doesnt, etc.) meaning, you must know what the simulator will accept for a correct answer, not necessarily what would work in the real world. Second, Ive heard that the testing simulator is the one used in the official Cisco course translation, anyone with the $s to go to the class has a leg up on someone that only works on real gear sounds slightly fishy to me. Just my $0.02 \\RB _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39202t=39172 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Blocking OSPF LSA [7:39191]
You could use 'passive-interface' in the ospf config or you could choose not to include a network statement that includes that interface. If you need to advertise that prefix, a possibility might be to redistribute connected. Of course, it all depends on what you're really trying to accomplish. HTH, John Larry Whitfill 3/22/02 11:28:35 AM I know how to reduce the number of LSA's being injected into an area by an ABR by using the stub, no-summary command. However, area 3 LSA's are still sent into the area (default route LSA). I know I cab stop them with database filter, but does anyone know of another way to block all LSA's? Thanks, Larry Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39203t=39191 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Classful Prefix-list [7:39113]
To better understand why this works: In the very first octet, the following applies: class A addresses start with the first bit = 0 class B addresses start with the first two bits = 10 class C addresses start with the first three bits = 110 So the 0.0.0.0/1 means look for a network address of 0.0.0.0, but only pay attention to the very first bit (and make sure that it is a zero). So 0.0.0.0/1 identifies all class A networks - from 0.0.0.0 to 127.255.255.255. The ge 8 le 8 says only accept routes with a mask of 255.0.0.0. The combination of these two identifies all classful class A networks (0.0.0.0/8 to 127.0.0.0/8). Same with the 128.0.0.0/2 - that means make sure the first two bits are 10, but then ignore everything else. So this includes all class B addresses - from 128.0.0.0 to 191.255.255.255. Rob. Rob Webber wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I believe this will do what you are looking for. I did a little testing and it seemed to work well: ip prefix-list classful seq 5 permit 0.0.0.0/1 ge 8 le 8 ip prefix-list classful seq 10 permit 128.0.0.0/2 ge 16 le 16 ip prefix-list classful seq 15 permit 192.0.0.0/3 ge 24 le 24 Hope that helps, Rob. CCIE 6922 William Lijewski wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Can someone tell me how to create a Prefix-list to only alow classful routes for BGP. I know you can do the following with an extended access-list: access-list 100 permit ip 0.0.0.0 127.0.0.0 host 255.0.0.0 access-list 100 permit ip 128.0.0.0 63.255.0.0 host 255.255.0.0 access-list 100 permit ip 192.0.0.0 31.255.255.0 host 255.255.255.0 Is there way to do it? Any good reading material on Prefix-lists? Thanks in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39204t=39113 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Coyotepoint Load Balancers [7:38953]
You are correct. In the post you made today you simply said that SSL load balancing wasn't working and you didn't mention keepalives. I thought you meant that you weren't even able to get SSL load balancing to work correctly. We are still using pings for keepalives which works fine if your system is stable but in the beginning we had a lot of glitches with the secure server. It would lock up and we'd have no idea it happened. If the load balancing switch had a way to actually test the secure server, I would be exceedingly joyful. John sam sneed 3/22/02 10:08:16 AM Really, I remembered you replied to a post a made a while back stating your were using pings for the keepalives: http://www.groupstudy.com/form/read.php?f=7i=36514t=36505 For true load balancing the CS11152 advertises you need HTTP keepalives over a secure connection with application SSL set. Otherwise the WWW service could die and CS will still show service as up.(assuming the SSL servers are not the same as the WWW servers. I got an example from Cisco's site but it didn't work. So I assume you had this working but not exaclty the way it was meant to be working. Or were you just holdin' out on me on that last post? ; ) By the way I solved my previous problem by using TCP keepalives on port 443. John Neiberger wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... That's interesting. We've been using the Arrowpoint switch for load-balancing with sticky SSL sessions for over a year now and have had no problems at all. However, we're going to be replacing that box with two of something-or-other, we just haven't decided on what yet. John sam sneed 3/22/02 8:35:56 AM First off, failover takes close to a minute which is a lot more than Cisco advertises(in HA config). Second they're supposed to provide for load balancing using SSL. This simply does not work on ours even though we followed the config on their site exactly. Third they're very tempermental. We migrated them to another switch and expected a little downtime during the move. We moved them, they came up, showed all services were good but in actuality all services were down. We had to power down both CS11152 and the Extreme switch they were connected to get services back up. Mind you that all the servers that were behind the CS11152 were pingable and reachable up to Layer 3 so NAT and L3 were working, only the services the load balancers were supposed to provide were down. Cost us a lot of aggravation and almost my job. Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... What problems have you had with the Arrowpoint Sam? We do mainly Foundry for load balancing, and I have to say (as I'm not using my work e-mail address :-)) that they have been flaky as hell. We work fairly closely with Foundry (when we can get in touch), but every box seems to work differently with every image. You get in to the habit of finding an image that works and leave it alone. It's a horrible feeling when security advisories come out recommending upgrades, and you just know it's going to introduce other issues. We haven't deployed the Arrowpoint on any really big projects, but they do seem to offer more functionality than the Foundry in some areas (not forgetting the massive price difference), so I'm interested to hear what problems have arisen with them. Thanks, Gaz sam sneed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a pair of CS11152 (former arrowpoints) and they've been flaky. I do not recommend them. Not sure about coyotepoint. dre wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Coyotepoint was the first server load balancing device I had ever heard of outside of your basic LSNAT configuration (I think Cisco calls it NAT load-sharing or something, but there is an RFC also). However, I've never actually seen one in production on any network. Around 1997-8 the Cisco Local Director was the only box I saw, and most people hated them. Then, the F5 Big/IP box became popular (and it still sort of is). A whole bunch of people started entering the market space of SLB and Global Load-Balancing. In the past few years, companies like Arrowpoint and Alteon got bought by Cisco and Nortel. Now you even have places like Akamai doing GLB for places like Yahoo. After I've read the RFC's, and patents like US6185598, US108703, and US6052718, and worked with SLB and GLB for years, I've finally come to a few conclusions: A) The SLB/GLB marketing and focus is silicon snake oil B) Just like the computer security industry, [it's] like a carnival game, where people throw ducks at balloons, and nothing is as it seems C) It really depends on *your* environment. Just as there are millions of options for web servers and web programming languages
RE: IDS blade [7:39193]
Yes, I just took the Cisco secure intrustion detection course and we covered it. I think it is addressed in the Cisco Secure IDS book. Any questions give me a hollar offline and I will help you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39206t=39193 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP exams [7:39172]
Sounds like you are talking from your own experiences. I purchased all 500 series material not long ago. I figured since they just came out with the 500 series I would be good for a while. Imagine you sat down for the SAT, and on the top of the page it said attention, now this test is totally different. Then a guy who took it 5 years ago is saying that he got a 1300, but only had 55 questions. Another guy took it this year and is saying he got a 1200 but it had 69 questions. In my own humble opinion it is enough with the changes already. Please make it a stable exam, which is equal for everyone. Make it the same score, make it the same number of questions. Try to put some consistency in it. And most of all, keep some of us with test anxiety in the loop. Actually working on routers, switches comes from hands on experience with the products. There is not way to simulate a large enterprise of Routers and switches on 1 PC in a testing center. Please, have some common sense before you post garbage like this. -Original Message- From: Matthew Meiers [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 1:21 PM To: [EMAIL PROTECTED] Subject: RE: CCNP exams [7:39172] Why is everyone so worried about the new exam format? Wouldn't it be amazing if someone with a certification could actually do something? If simulations and a new format are scaring you that bad you shouldn't even be taking the exams -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mark Villanova Sent: Friday, March 22, 2002 10:46 AM To: [EMAIL PROTECTED] Subject: CCNP exams [7:39172] Are the CCNP exams going to a new format soon? I was talking with someone at my testing center and they said they will be changing the format soon. Anyone know when? Mark Villanova I3Mobile IT Engineer (TX) Main: 817-766-5000 Office: 817-766-5012 Mobile: 817-312-8955 Fax: 817-766-5001 Email: [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39207t=39172 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Catalyst 6509 [7:39192]
I have always been advised to use Vlan 1 for management only? Just dont use vlan 1 for users and other devices. I would use vlan 1 for the managemnet under a different subnet than your devices. Assign the subnet for vlan1 on your router card. Use a ip under that subnet for your SC0 interface and point your default gateway to the vlan1 interface of your router card. The advantage for using vlan 1 only for managment is that if your management is in the same vlan as devices and you have broadcast storms this can effect you not being able to reach the interface for management. Also your native vlans for ports is vlan1 incase you ever loose one end of a trunked port you can recover easier. thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39208t=39192 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Blocking OSPF LSA [7:39191]
would writing an access list to block 224.0.0.5 and .6 do the trick? -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 1:13 PM To: [EMAIL PROTECTED] Subject: Re: Blocking OSPF LSA [7:39191] You could use 'passive-interface' in the ospf config or you could choose not to include a network statement that includes that interface. If you need to advertise that prefix, a possibility might be to redistribute connected. Of course, it all depends on what you're really trying to accomplish. HTH, John Larry Whitfill 3/22/02 11:28:35 AM I know how to reduce the number of LSA's being injected into an area by an ABR by using the stub, no-summary command. However, area 3 LSA's are still sent into the area (default route LSA). I know I cab stop them with database filter, but does anyone know of another way to block all LSA's? Thanks, Larry Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39209t=39191 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP exams [7:39172]
The test covers the same material!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Brian Zeitz Sent: Friday, March 22, 2002 1:33 PM To: [EMAIL PROTECTED] Subject: RE: CCNP exams [7:39172] Sounds like you are talking from your own experiences. I purchased all 500 series material not long ago. I figured since they just came out with the 500 series I would be good for a while. Imagine you sat down for the SAT, and on the top of the page it said attention, now this test is totally different. Then a guy who took it 5 years ago is saying that he got a 1300, but only had 55 questions. Another guy took it this year and is saying he got a 1200 but it had 69 questions. In my own humble opinion it is enough with the changes already. Please make it a stable exam, which is equal for everyone. Make it the same score, make it the same number of questions. Try to put some consistency in it. And most of all, keep some of us with test anxiety in the loop. Actually working on routers, switches comes from hands on experience with the products. There is not way to simulate a large enterprise of Routers and switches on 1 PC in a testing center. Please, have some common sense before you post garbage like this. -Original Message- From: Matthew Meiers [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 1:21 PM To: [EMAIL PROTECTED] Subject: RE: CCNP exams [7:39172] Why is everyone so worried about the new exam format? Wouldn't it be amazing if someone with a certification could actually do something? If simulations and a new format are scaring you that bad you shouldn't even be taking the exams -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mark Villanova Sent: Friday, March 22, 2002 10:46 AM To: [EMAIL PROTECTED] Subject: CCNP exams [7:39172] Are the CCNP exams going to a new format soon? I was talking with someone at my testing center and they said they will be changing the format soon. Anyone know when? Mark Villanova I3Mobile IT Engineer (TX) Main: 817-766-5000 Office: 817-766-5012 Mobile: 817-312-8955 Fax: 817-766-5001 Email: [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39211t=39172 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Traffic Analyses [7:39167]
show interface serial That's the most efficient method! At 11:25 AM 3/22/02, Rafay Aslam wrote: HI Guys I wanted to know how much traffic is passing through my T1 or how much traffic is utilizing my T1 bandwidth. Tell me the most efficent and accurate way of finding it. Thanks, Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39210t=39167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Simple Cisco Hardware Chart [7:39212]
I have been working on putting together a simple excel spreadsheet that lists the Cisco hardware modules and interfaces they have and maybe a little about each router. Does something like this already exist? If it doesn't, I would be happy to share my chart if anyone is interested. __ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards. http://movies.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39212t=39212 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Catalyst 6509 [7:39192]
You are 100% correct on the default route for SC0. The design you have is what I would recommend. The reason I would keep the management VLAN off of the uer VLAN is if you have a meltdown for some reason on the user VLAN you will still have connectivity between switches while you try to troubleshoot. I have seen this happen, the customer had to run between buildings and floors with a laptop to troubleshoot. Dave Ali, Abbas wrote: Hello Folks, I need help understanding this logic. I have Catalyst 6509 switch with 4 Vlans. I have done configuration which is recommended by Cisco. Here is the details. VLAN 2 Users: Subnet 10.0.2.0/24 VLAN 3 Servers Subnet 10.0.3.0/24 VLAN 4 PBX Application Subnet 10.0.4.0/24 VLAN 5 Management Vlan Subnet 10.0.5.0/24 Catalyst 6509 has dual IOS. The catalyst IOS for switch and Cisco IOS for the router blade. I have assigned IP address 10.0.5.2 to the SC0 interface and assigned IP address 10.0.5.1/24 to VLAN 5 that I created in cisco IOS. By doing this I can telnet to both from my PC which is in user vlan. I believe I will also have to do a default gateway command in SC0 interface and gateway should be pointing to 10.0.5.1 (VLAN 5's IP address) in order for me to telnet the catalyst IOS from different VLANS. Am I approaching the correct path? Please advise. I am not using VLAN 1 as not recommended by Cisco. What disadvantage I would have had if I would choose VLAN 1 for the management. I am also using a totally different subnet for the management per guidelines, but I could have put SC0 in a VLAN 2 and could have used the IP address from the user VLAN 2 and by doing that I would not have to create a VLAN 5. Is there any real advantage for using a totally separate VLAN for the management purpose. Some guidelines say that it is really secured by using a different VLAN other than VLAN 1 or any other VLANS which are used for Users, Servers etc. Can someone explain how? Regards, Ali -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39214t=39192 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco's pps claims [7:38956]
At 12:01 PM 3/22/02, s vermill wrote: All, I agree that the industry has settled on pps. Router and switch vendors use ppp to advertise throughput measurements of packets through their devices. This is just one minor aspect of network performance. And yes, the smaller the packet size the greater the number appears. The vendors do their tests with all packet sizes. They bandy about the one that's best. This has nothing to do with actual traffic patterns and isn't a recommendation on packet sizes that should be used, as I'm sure you realize. However, if you look at the ratio of header to payload, smaller packet sizes seem to result in lower throughput as measured in bits or bytes. What problem are you trying to solve? What performance metric are you trying to measure? When measuring application-layer throughput, it's common practice not to count the headers. The measurement is application-layer bytes per second. If these bytes are being divided into small chunks and each chunk has headers that take up bandwidth, then application-layer throughput won't be so good. If these bytes are divided into larger chunks, then a smaller percentage of bandwidth is consumed by headers, and application-layer throughput is better. Common wisdom used to be to always maximize packet sizes to ensure optimum application-layer throughput. Maximum packet sizes can cause excessive serialization delay on low-speed output interfaces, however. If you have a voice or other delay-sensitive application, then maybe you shouldn't use maximum packet size. Or maybe you should use one of the many link fragmentation technologies, such as FRF.12. Again, what problem are you trying to solve? Priscilla A larger packet size has a lower ratio and thus a greater throughput in raw ones and zeros. Studies I have seen in the past seem to support that theory. Any comments on that aspect? Regards, Scott Priscilla Oppenheimer wrote: The Layer 2 header changes whenever a router forwards a packet. For one thing, the Layer-2 destination address changes. The frame goes to the next hop. The router strips the Layer 2 header on the incoming packet, figures out where to forward the frame from a routing table or cache, and re-encapsulates the frame into a new Layer 2 header. The amount of processing required to strip an Ethernet header, figure out the destination port and encapsulation, and re-encapsulate into Frame Relay is essentially the same as the amount of overhead required to strip an Ethernet header, figure out the destination port and encapsulation, and re-encapsulate into an Ethernet header. Marc's point was that the amount of overhead is also the same regardless of the packet size. The job must be done whether it's a 46-byte or 1500-byte packet. And I like the way he said that shovelling the rest of the packet through is low overhead. That's true. Keep in mind, however, that the packets-per-second ratings are just vendor marketing departments trying to one up their competitors. So, they post the results of testing with 64 byte packets because that makes the number higher. More packets are coming in to get processed. Long packets take longer, not because of extra processing, but simply because of serialization delay. It's like a relay in a train-switching system. The relay doesn't have to do more work for long trains with many cars. But it still takes longer to get a long train through the relay than it does to get a short train through it. Priscilla --- Marc Thach Xuan Ky wrote: Sam, I think the question is: what is your average packet size? Using process or fast switching I should think that the packet size is almost irrelevant to the router. I have benchmarked many PCs and NICs running certain routing software. On a PCI bus PC the pps difference between 64 and 1518 octet frames was in the order of ten to twenty percent, i.e. the routing decision consumes the bulk of the CPU bandwidth, shovelling the rest of the packet through is low-overhead. Marc sam sneed wrote: I noticed Cisco uses pps when they give their specs for routers, firewalls, etc. What is the assumed packet size when they come up with these specs? I'm planning on using 2 2621's in HSRP mode (getting default routes via BGP) and need to be able to support a constant 10 Mb/sec and would like know if these routers will do the trick. thanks [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards. http://movies.yahoo.com/ Priscilla Oppenheimer http://www.priscilla.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at:
RE: CCNP exams [7:39172]
At 01:39 PM 3/22/02, Lomker, Michael wrote: something? If simulations and a new format are scaring you that bad you shouldn't even be taking the exams I understand what you are saying, but your comments are simplistic. There are a lot of people out there with considerable experience and skill that are not good test takers (a good friend of mine is one of them). People that are not native English speakers can also have problems with these exams. It doesn't matter. The Cisco IOS CLI isn't English! ;-) Seriously, the majority of Cisco software engineers aren't native English speakers either. Priscilla Many of the certification exams test your ability to memorize command syntax (that in real life you'd use the ? for), have trick questions, or flat out have poor wording. To think that these exams are an accurate reflection of ability is tough to believe. Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39215t=39172 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IDS blade [7:39193]
Try this. http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/idsm/idsm_1/10890_02.htm#xtocid189323 Also if you are trying to access the IDS blade from Native IOS try this to get to the CLI. (BTW you need Version 12.1(8b)EX5 or latter to do this) Router#session slot 8 processor 1 The default escape character is Ctrl-^, then x. You can also type 'exit' at the remote prompt to end the session Trying 127.0.0.81 ... Open login: ciscoids Password:attack sensor-29# of cource you need to change the slot # to whatever slot the IDS blade is in Hope This Helps John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39216t=39193 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Catalyst 6509 [7:39192]
It means that if you isolate your managment vlan with your user's vlan then it will help you reaching the managment interface and it totally makes sense. But do you think that isolating your managment vlan will also help you securing your network from hackers? Regards, Ali -Original Message- From: maverick hurley [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 11:41 AM To: [EMAIL PROTECTED] Subject: RE: Catalyst 6509 [7:39192] I have always been advised to use Vlan 1 for management only? Just dont use vlan 1 for users and other devices. I would use vlan 1 for the managemnet under a different subnet than your devices. Assign the subnet for vlan1 on your router card. Use a ip under that subnet for your SC0 interface and point your default gateway to the vlan1 interface of your router card. The advantage for using vlan 1 only for managment is that if your management is in the same vlan as devices and you have broadcast storms this can effect you not being able to reach the interface for management. Also your native vlans for ports is vlan1 incase you ever loose one end of a trunked port you can recover easier. thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39217t=39192 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco's pps claims [7:38956]
At 03:30 PM 3/22/02, Priscilla Oppenheimer wrote: At 12:01 PM 3/22/02, s vermill wrote: All, I agree that the industry has settled on pps. Router and switch vendors use ppp to advertise throughput measurements of packets through their devices. That should say pps! ;-) This is just one minor aspect of network performance. And yes, the smaller the packet size the greater the number appears. The vendors do their tests with all packet sizes. They bandy about the one that's best. This has nothing to do with actual traffic patterns and isn't a recommendation on packet sizes that should be used, as I'm sure you realize. However, if you look at the ratio of header to payload, smaller packet sizes seem to result in lower throughput as measured in bits or bytes. What problem are you trying to solve? What performance metric are you trying to measure? When measuring application-layer throughput, it's common practice not to count the headers. The measurement is application-layer bytes per second. If these bytes are being divided into small chunks and each chunk has headers that take up bandwidth, then application-layer throughput won't be so good. If these bytes are divided into larger chunks, then a smaller percentage of bandwidth is consumed by headers, and application-layer throughput is better. Common wisdom used to be to always maximize packet sizes to ensure optimum application-layer throughput. Maximum packet sizes can cause excessive serialization delay on low-speed output interfaces, however. If you have a voice or other delay-sensitive application, then maybe you shouldn't use maximum packet size. Or maybe you should use one of the many link fragmentation technologies, such as FRF.12. Again, what problem are you trying to solve? Priscilla A larger packet size has a lower ratio and thus a greater throughput in raw ones and zeros. Studies I have seen in the past seem to support that theory. Any comments on that aspect? Regards, Scott Priscilla Oppenheimer wrote: The Layer 2 header changes whenever a router forwards a packet. For one thing, the Layer-2 destination address changes. The frame goes to the next hop. The router strips the Layer 2 header on the incoming packet, figures out where to forward the frame from a routing table or cache, and re-encapsulates the frame into a new Layer 2 header. The amount of processing required to strip an Ethernet header, figure out the destination port and encapsulation, and re-encapsulate into Frame Relay is essentially the same as the amount of overhead required to strip an Ethernet header, figure out the destination port and encapsulation, and re-encapsulate into an Ethernet header. Marc's point was that the amount of overhead is also the same regardless of the packet size. The job must be done whether it's a 46-byte or 1500-byte packet. And I like the way he said that shovelling the rest of the packet through is low overhead. That's true. Keep in mind, however, that the packets-per-second ratings are just vendor marketing departments trying to one up their competitors. So, they post the results of testing with 64 byte packets because that makes the number higher. More packets are coming in to get processed. Long packets take longer, not because of extra processing, but simply because of serialization delay. It's like a relay in a train-switching system. The relay doesn't have to do more work for long trains with many cars. But it still takes longer to get a long train through the relay than it does to get a short train through it. Priscilla --- Marc Thach Xuan Ky wrote: Sam, I think the question is: what is your average packet size? Using process or fast switching I should think that the packet size is almost irrelevant to the router. I have benchmarked many PCs and NICs running certain routing software. On a PCI bus PC the pps difference between 64 and 1518 octet frames was in the order of ten to twenty percent, i.e. the routing decision consumes the bulk of the CPU bandwidth, shovelling the rest of the packet through is low-overhead. Marc sam sneed wrote: I noticed Cisco uses pps when they give their specs for routers, firewalls, etc. What is the assumed packet size when they come up with these specs? I'm planning on using 2 2621's in HSRP mode (getting default routes via BGP) and need to be able to support a constant 10 Mb/sec and would like know if these routers will do the trick. thanks [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards. http://movies.yahoo.com/
RE: CCNP exams [7:39172]
Yea, and the CCIE written and lab cover the same material too. NOT. -Original Message- From: Matthew Meiers [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 3:12 PM To: [EMAIL PROTECTED] Subject: RE: CCNP exams [7:39172] The test covers the same material!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Brian Zeitz Sent: Friday, March 22, 2002 1:33 PM To: [EMAIL PROTECTED] Subject: RE: CCNP exams [7:39172] Sounds like you are talking from your own experiences. I purchased all 500 series material not long ago. I figured since they just came out with the 500 series I would be good for a while. Imagine you sat down for the SAT, and on the top of the page it said attention, now this test is totally different. Then a guy who took it 5 years ago is saying that he got a 1300, but only had 55 questions. Another guy took it this year and is saying he got a 1200 but it had 69 questions. In my own humble opinion it is enough with the changes already. Please make it a stable exam, which is equal for everyone. Make it the same score, make it the same number of questions. Try to put some consistency in it. And most of all, keep some of us with test anxiety in the loop. Actually working on routers, switches comes from hands on experience with the products. There is not way to simulate a large enterprise of Routers and switches on 1 PC in a testing center. Please, have some common sense before you post garbage like this. -Original Message- From: Matthew Meiers [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 1:21 PM To: [EMAIL PROTECTED] Subject: RE: CCNP exams [7:39172] Why is everyone so worried about the new exam format? Wouldn't it be amazing if someone with a certification could actually do something? If simulations and a new format are scaring you that bad you shouldn't even be taking the exams -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mark Villanova Sent: Friday, March 22, 2002 10:46 AM To: [EMAIL PROTECTED] Subject: CCNP exams [7:39172] Are the CCNP exams going to a new format soon? I was talking with someone at my testing center and they said they will be changing the format soon. Anyone know when? Mark Villanova I3Mobile IT Engineer (TX) Main: 817-766-5000 Office: 817-766-5012 Mobile: 817-312-8955 Fax: 817-766-5001 Email: [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39219t=39172 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IDS blade [7:39193]
It uses the CSPM software like the standalone device. The link to physically install it is: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/idsm/idsm_1/10890_02 .htm From the CLI, type: session then type ciscoids and attack for user and password. Once you're in, type: setup. Configure it to connect with the CSPM from there. -Original Message- From: Ali, Abbas [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 12:38 PM To: [EMAIL PROTECTED] Subject: IDS blade [7:39193] Has anyone ever configured IDS module for catalyst 6500 series router? I tried browsing Cisco Website, but did not find any help in terms of installing and configuring the IDS blade. Can someone point me to correct link? Regards, Ali Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39220t=39193 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Catalyst 6509 [7:39192]
absoultly it will help for security, The thing to remember is that your ports are default for native vlan1. You can specify a different vlan number for your management like vlan 5. But in case of trunking mishaps/issues and vlan pruning issues it is safer using vlan 1. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39221t=39192 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Blocking OSPF LSA [7:39191]
I remain confused on what problem is being solved. There needs to be a default route for anything to get out of the area. If the goal is to block all other non-intra-area routes, why not just make the area totally stubby? would writing an access list to block 224.0.0.5 and .6 do the trick? -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 1:13 PM To: [EMAIL PROTECTED] Subject: Re: Blocking OSPF LSA [7:39191] You could use 'passive-interface' in the ospf config or you could choose not to include a network statement that includes that interface. If you need to advertise that prefix, a possibility might be to redistribute connected. Of course, it all depends on what you're really trying to accomplish. HTH, John Larry Whitfill 3/22/02 11:28:35 AM I know how to reduce the number of LSA's being injected into an area by an ABR by using the stub, no-summary command. However, area 3 LSA's are still sent into the area (default route LSA). I know I cab stop them with database filter, but does anyone know of another way to block all LSA's? Thanks, Larry Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39222t=39191 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Traffic Analyses [7:39167]
efficient? heh Maybe it's efficient per telnet session... :) oh yeah...that MUST be what you were talking about! now...let's see do that once every 5 minutes (assuming you work 24 hrs a day) and you would telnet into your router 288 times a day :) Priscilla Oppenheimer 03/22/02 03:11PM show interface serial That's the most efficient method! At 11:25 AM 3/22/02, Rafay Aslam wrote: HI Guys I wanted to know how much traffic is passing through my T1 or how much traffic is utilizing my T1 bandwidth. Tell me the most efficent and accurate way of finding it. Thanks, Priscilla Oppenheimer http://www.priscilla.com Confidentiality Disclaimer This email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. (WellStar) and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39223t=39167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP exams [7:39172]
I took much harder exams in college. The Ohio State University (College of Business). Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 3:35 PM To: [EMAIL PROTECTED] Subject: RE: CCNP exams [7:39172] At 01:39 PM 3/22/02, Lomker, Michael wrote: something? If simulations and a new format are scaring you that bad you shouldn't even be taking the exams I understand what you are saying, but your comments are simplistic. There are a lot of people out there with considerable experience and skill that are not good test takers (a good friend of mine is one of them). People that are not native English speakers can also have problems with these exams. It doesn't matter. The Cisco IOS CLI isn't English! ;-) Seriously, the majority of Cisco software engineers aren't native English speakers either. Priscilla Many of the certification exams test your ability to memorize command syntax (that in real life you'd use the ? for), have trick questions, or flat out have poor wording. To think that these exams are an accurate reflection of ability is tough to believe. Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39224t=39172 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco's pps claims [7:38956]
Priscilla, No problem specifically. I think we all face a customer who doesn't really understand this stuff - but thinks they have it down perfectly. So I get questions like: can that 3620 handle a full T3? The answer, of course, is it depends (or perhaps the optimum response would be: ask a better question). So my comment was regarding the issue of packets vs. bits/bytes. It's rather obvious that a smaller packet size equate to better pps performance. But here, as an example, are some numbers from the 3600 series: 3640 w/ FE to HSSI size: type: switching: performanc: 64 Unidirectional Fast40,500 pps 20.7 Mbps 128 Unidirectional Fast40,000 pps 41.0 Mbps 256 Unidirectional Fast22,000 pps 45.0 Mbps 512 Unidirectional Fast11,900 pps 48.7 Mbps 1518Unidirectional Fast4,200 pps 51.0 Mbps Notice the two-fold+ increase in bps between 64 and 1518 byte packets. I would guess there are several contributing factors. Not in any particular order of importance, it has been mentiond already that there is: less interframe gap less header handling (processing) I guess this is kind of follows from above: A lower ratio of header to payload. As was pointed out, it doesn't take much to switch the bits once the processing has taken place. And less re-encapsulation effor bit for bit. So I don't think I made any new points on a technical plane, but I was making note of the fact that the marketing technique somewhat backfires. Can that 3600 handle a T3? Not if all your packets are 64 bytes! Priscilla Oppenheimer wrote: At 12:01 PM 3/22/02, s vermill wrote: All, I agree that the industry has settled on pps. Router and switch vendors use ppp to advertise throughput measurements of packets through their devices. This is just one minor aspect of network performance. And yes, the smaller the packet size the greater the number appears. The vendors do their tests with all packet sizes. They bandy about the one that's best. This has nothing to do with actual traffic patterns and isn't a recommendation on packet sizes that should be used, as I'm sure you realize. However, if you look at the ratio of header to payload, smaller packet sizes seem to result in lower throughput as measured in bits or bytes. What problem are you trying to solve? What performance metric are you trying to measure? When measuring application-layer throughput, it's common practice not to count the headers. The measurement is application-layer bytes per second. If these bytes are being divided into small chunks and each chunk has headers that take up bandwidth, then application-layer throughput won't be so good. If these bytes are divided into larger chunks, then a smaller percentage of bandwidth is consumed by headers, and application-layer throughput is better. Common wisdom used to be to always maximize packet sizes to ensure optimum application-layer throughput. Maximum packet sizes can cause excessive serialization delay on low-speed output interfaces, however. If you have a voice or other delay-sensitive application, then maybe you shouldn't use maximum packet size. Or maybe you should use one of the many link fragmentation technologies, such as FRF.12. Again, what problem are you trying to solve? Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39225t=38956 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Free PIX command trainer [7:39226]
While I am getting ready to take the CSPFA exam, I took on my old programmer gloves out of my drawer, and created a small application to help myself with the PIX commands without changing the configuration on my PIX 100 times a day. As I always do when I create these kind of applications, I have made this available for free on my RouterChief site (link below). Please feel very free to use it and/or some of the other applications. If you have any questions or if you feel that I have made an error, please let me know. There are only 20 questions in there at this time, but if you check back now and then, you should find some more. Have a great weekend, Ole ~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~ http://www.RouterChief.com ~ Need a Job? http://www.OleDrews.com/job ~ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39226t=39226 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Ascend isdn router [7:39227]
Hi all, Does anyone know where I can find a schematic design of an Ascend Pipeline ISDN router? This message is for the named person's use only. It may contain sensitive and private proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. CREDIT SUISSE GROUP and each legal entity in the CREDIT SUISSE FIRST BOSTON or CREDIT SUISSE ASSET MANAGEMENT business units of CREDIT SUISSE FIRST BOSTON reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity. Unless otherwise stated, any pricing information given in this message is indicative only, is subject to change and does not constitute an offer to deal at any price quoted. Any reference to the terms of executed transactions should be treated as preliminary only and subject to our formal written confirmation. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39227t=39227 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Traffic Analyses [7:39167]
There are more options than mrtg, you could use nrg with RRD Tools Rafay Aslam wrote: HI Guys I wanted to know how much traffic is passing through my T1 or how much traffic is utilizing my T1 bandwidth. Tell me the most efficent and accurate way of finding it. Thanks, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39228t=39167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP exams [7:39172]
If you know your stuff you have nothing to worry about. Just treat it as any other test, and taken the necessary steps to prepare. If you can't handle a change, maybe you should evaluate your career goals, and pay no attention to those commercials on the radio about IT. Because change is inevitable in the IT field. That framed CCNP certificate on the wall only means something, if you kow what you are doing. Ask all those paper MCSE that can't find a job. And for the bad test taker reason, get real. If you can read, think, and put 2 and 2 togther, you can take a test. It comes down to discipline. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39229t=39172 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco's pps claims [7:38956]
Darn, and I was just getting ready to ask if that was packets per pound! Pound of what? I leave that to your imagination. Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Priscilla Oppenheimer wrote: At 03:30 PM 3/22/02, Priscilla Oppenheimer wrote: At 12:01 PM 3/22/02, s vermill wrote: All, I agree that the industry has settled on pps. Router and switch vendors use ppp to advertise throughput measurements of packets through their devices. That should say pps! ;-) This is just one minor aspect of network performance. And yes, the smaller the packet size the greater the number appears. The vendors do their tests with all packet sizes. They bandy about the one that's best. This has nothing to do with actual traffic patterns and isn't a recommendation on packet sizes that should be used, as I'm sure you realize. However, if you look at the ratio of header to payload, smaller packet sizes seem to result in lower throughput as measured in bits or bytes. What problem are you trying to solve? What performance metric are you trying to measure? When measuring application-layer throughput, it's common practice not to count the headers. The measurement is application-layer bytes per second. If these bytes are being divided into small chunks and each chunk has headers that take up bandwidth, then application-layer throughput won't be so good. If these bytes are divided into larger chunks, then a smaller percentage of bandwidth is consumed by headers, and application-layer throughput is better. Common wisdom used to be to always maximize packet sizes to ensure optimum application-layer throughput. Maximum packet sizes can cause excessive serialization delay on low-speed output interfaces, however. If you have a voice or other delay-sensitive application, then maybe you shouldn't use maximum packet size. Or maybe you should use one of the many link fragmentation technologies, such as FRF.12. Again, what problem are you trying to solve? Priscilla A larger packet size has a lower ratio and thus a greater throughput in raw ones and zeros. Studies I have seen in the past seem to support that theory. Any comments on that aspect? Regards, Scott Priscilla Oppenheimer wrote: The Layer 2 header changes whenever a router forwards a packet. For one thing, the Layer-2 destination address changes. The frame goes to the next hop. The router strips the Layer 2 header on the incoming packet, figures out where to forward the frame from a routing table or cache, and re-encapsulates the frame into a new Layer 2 header. The amount of processing required to strip an Ethernet header, figure out the destination port and encapsulation, and re-encapsulate into Frame Relay is essentially the same as the amount of overhead required to strip an Ethernet header, figure out the destination port and encapsulation, and re-encapsulate into an Ethernet header. Marc's point was that the amount of overhead is also the same regardless of the packet size. The job must be done whether it's a 46-byte or 1500-byte packet. And I like the way he said that shovelling the rest of the packet through is low overhead. That's true. Keep in mind, however, that the packets-per-second ratings are just vendor marketing departments trying to one up their competitors. So, they post the results of testing with 64 byte packets because that makes the number higher. More packets are coming in to get processed. Long packets take longer, not because of extra processing, but simply because of serialization delay. It's like a relay in a train-switching system. The relay doesn't have to do more work for long trains with many cars. But it still takes longer to get a long train through the relay than it does to get a short train through it. Priscilla --- Marc Thach Xuan Ky wrote: Sam, I think the question is: what is your average packet size? Using process or fast switching I should think that the packet size is almost irrelevant to the router. I have benchmarked many PCs and NICs running certain routing software. On a PCI bus PC the pps difference between 64 and 1518 octet frames was in the order of ten to twenty percent, i.e. the routing decision consumes the bulk of the CPU bandwidth, shovelling the rest of the packet through is low-overhead. Marc sam sneed wrote: I noticed Cisco uses pps when they give their specs for routers, firewalls, etc. What is the assumed packet size when they come up with these specs? I'm planning on using 2 2621's in HSRP mode (getting
VPN Setup - Pix 515 and Pix 501 - The Same? [7:39230]
Hope someone could answer this simple question. A few months back, I was able to setup VPN on a Pix 515. I just bought me a Pix 501 for my house. Are the VPN configs the same on a 501 as on a 515? The software is the same version, and it appears to be the same, but I just want to make sure before I break my head over this setup. Thanks Audy Bautista Network Engineer, IT Services Hold Brothers On-Line Investment Services, Inc. (201) 499-8764 [EMAIL PROTECTED] A job worth doing is a job worth doing well Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39230t=39230 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco's pps claims [7:38956]
At 03:30 PM 3/22/02, Priscilla Oppenheimer wrote: At 12:01 PM 3/22/02, s vermill wrote: All, I agree that the industry has settled on pps. Take a look at http://www.ietf.org/html.charters/bmwg-charter.html. BMWG is the IETF group that sets objective criteria for testing, although, to quote Randy Bush at the meeting this week, it is beyond the power of the IETF to control marketdroids. Definitely read RFC 2544. Throughput is bad enough...I'm dealing with the fun of convergence benchmarking! Router and switch vendors use ppp to advertise throughput measurements of packets through their devices. That should say pps! ;-) This is just one minor aspect of network performance. And yes, the smaller the packet size the greater the number appears. The vendors do their tests with all packet sizes. They bandy about the one that's best. This has nothing to do with actual traffic patterns and isn't a recommendation on packet sizes that should be used, as I'm sure you realize. Good characterization of packet sizes in a general environment, even a large enterprise, is NOT a trivial problem. However, if you look at the ratio of header to payload, smaller packet sizes seem to result in lower throughput as measured in bits or bytes. What problem are you trying to solve? What performance metric are you trying to measure? When measuring application-layer throughput, it's common practice not to count the headers. The measurement is application-layer bytes per second. If these bytes are being divided into small chunks and each chunk has headers that take up bandwidth, then application-layer throughput won't be so good. If these bytes are divided into larger chunks, then a smaller percentage of bandwidth is consumed by headers, and application-layer throughput is better. Common wisdom used to be to always maximize packet sizes to ensure optimum application-layer throughput. Maximum packet sizes can cause excessive serialization delay on low-speed output interfaces, however. If you have a voice or other delay-sensitive application, then maybe you shouldn't use maximum packet size. Or maybe you should use one of the many link fragmentation technologies, such as FRF.12. Again, what problem are you trying to solve? Priscilla A larger packet size has a lower ratio and thus a greater throughput in raw ones and zeros. Studies I have seen in the past seem to support that theory. Any comments on that aspect? Regards, Scott Priscilla Oppenheimer wrote: The Layer 2 header changes whenever a router forwards a packet. For one thing, the Layer-2 destination address changes. The frame goes to the next hop. The router strips the Layer 2 header on the incoming packet, figures out where to forward the frame from a routing table or cache, and re-encapsulates the frame into a new Layer 2 header. The amount of processing required to strip an Ethernet header, figure out the destination port and encapsulation, and re-encapsulate into Frame Relay is essentially the same as the amount of overhead required to strip an Ethernet header, figure out the destination port and encapsulation, and re-encapsulate into an Ethernet header. Marc's point was that the amount of overhead is also the same regardless of the packet size. The job must be done whether it's a 46-byte or 1500-byte packet. And I like the way he said that shovelling the rest of the packet through is low overhead. That's true. Keep in mind, however, that the packets-per-second ratings are just vendor marketing departments trying to one up their competitors. So, they post the results of testing with 64 byte packets because that makes the number higher. More packets are coming in to get processed. Long packets take longer, not because of extra processing, but simply because of serialization delay. It's like a relay in a train-switching system. The relay doesn't have to do more work for long trains with many cars. But it still takes longer to get a long train through the relay than it does to get a short train through it. Priscilla --- Marc Thach Xuan Ky wrote: Sam, I think the question is: what is your average packet size? Using process or fast switching I should think that the packet size is almost irrelevant to the router. I have benchmarked many PCs and NICs running certain routing software. On a PCI bus PC the pps difference between 64 and 1518 octet frames was in the order of ten to twenty percent, i.e. the routing decision consumes the bulk of the CPU bandwidth, shovelling the rest of the packet through is low-overhead. Marc sam sneed wrote: I noticed Cisco uses pps when they
RE: Blocking OSPF LSA [7:39191]
I too would look at area stub no-summary, this will only propogate a default route and will not not allow Type 3 LSA's into your area... Or remove OSPF and just add static routes! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39233t=39191 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]