Re: CAT4003 and 3com [7:39084]

2002-03-22 Thread Jitendra Joshi 

Remove the autonegotiate configuration for the ports.
Set the desired 10/100 full/half duplex manually.

I have experienced the same above solution worked, and
learnt this events were symptons of some vendor auto
negotiation mismatch.


regards,
Jiten.

--- Patrick Ramsey 
wrote:
 funny you should mention that!  I can't get cisco to
 autonegotiate with
 ANYTHING... 3com works with
 juniper/extreme/intel/ibm/etc  Cisco works
 with Cisco heh
 
   03/21/02 18:24 PM 
 3COM never auto-negotiates properly with Cisco, look
 for FCS errors on the
 switch ports.  The best solution is to hardcode NICs
 to FD. The 'easiest'
 solution is to hardcode the switchports to HD.
 
 Mark Egan, CCIE #8775
 
  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Greetings,
 
  Any knowing problems out there with 3com cards and
 cat 4000 switches?
  I've a customer complaining when they insert new
 win2k with 3com cards,
  the whole network slows down.  When the switch is
 rebooted everything is
  back to normal.  The problem repeats when the add
 more win2k machine.
 
  Any ideas
 
  ThanksNabil
   Confidentiality Disclaimer  
  This email and any files transmitted with it may
 contain confidential and
 /or proprietary information in the possession of
 WellStar Health System,
 Inc. (WellStar) and is intended only for the
 individual or entity to whom
 addressed.  This email may contain information that
 is held to be
 privileged, confidential and exempt from disclosure
 under applicable law. If
 the reader of this message is not the intended
 recipient, you are hereby
 notified that any unauthorized access,
 dissemination, distribution or
 copying of any information from this email is
 strictly prohibited, and may
 subject you to criminal and/or civil liability. If
 you have received this
 email in error, please notify the sender by reply
 email and then delete this
 email and its attachments from your computer. Thank
 you.
 


[EMAIL PROTECTED]


__
Do You Yahoo!?
Yahoo! Movies - coverage of the 74th Academy Awards.
http://movies.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39128t=39084
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: MPLS in the Enterprise [7:36670]

2002-03-22 Thread Tom Scott 

Kent, Irwin,

This is an interesting exchange of perspectives. Could you
or someone else comment on GMPLS? How does it factor into
the comparison of MPLS vs. FR? Is there anything about the
combination of MPLS / GMPLS that gives it an advantage over
FR?

Another issue I'd like to understand in this context is
native MPLS transport. Do you see a possibility in the
future for simplifying the transport of MPLS packets? In
other words, could one replace SONET/SDH with a simple
transmission layer X (whatever that might be)? The stack
,might look something like this:

 7 7
 6 6
 5 5
 4 4
 3   3 3   3
 2   2   2 2   2   2
 1   1   1  X  1   1   1

 ^ ^
 | |
 +-+
 native
  MPLS
  core

There in the middle, where the native MPLS core would be
in a greenfield network, is it possible to transport the
MPLS packets on a fiber medium, possibly on different
lambdas using GMPLS, but without SONET/SDH? I don't work on
that layer (physical L1) enough to know the interactions
between L1/L2, but it seems that simplification is
desirable. Possibly using MPX (MPLS over PPP over X) instead
of traditional POS?

There are many reasons to keep SONET/SDH, for example,
protection switching. Is it possible that MPLS / GMPLS could
offer similar solutions that would have a competitive
advantage? Maybe someone at MPLScon will have an answer. See
you there.

-- TT




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39129t=36670
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CISCO 2600 router [7:39130]

2002-03-22 Thread Biswajeet Das 

Hi,
Need Help in understanding why the following problem is occuring.
When I connect the CISCO 2600 router through the console port. I get the
following error message

%Error opening tftp://255.255.255.255/network-confg (Timed out)
%Error opening tftp://255.255.255.255/cisconet.cfg (Timed out)
%Error opening tftp://255.255.255.255/SHG_RTR-confg (Timed out)
%Error opening tftp://255.255.255.255/SHG_RTR.cfg (Timed out)

And because of this sometimes I cannot ping or telnet the router.

When I boot it I get the following message




## [OK]

  Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

   cisco Systems, Inc.
   170 West Tasman Drive
   San Jose, California 95134-1706



Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.0(7)T,  RELEASE SOFTWARE
(fc2)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 07-Dec-99 02:12 by phanguye
Image text-base: 0x80008088, data-base: 0x807AAF70

cisco 2620 (MPC860) processor (revision 0x102) with 26624K/6144K bytes of
memory
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

More VTP Questions [7:39131]

2002-03-22 Thread Jeffrey Reed 

Thanks to everyone who helped clarify the VTP Domain process and I have
more questions.

I am working on a textbook Cisco network design. We have two 6509s in the
core, four 6509s in the distribution layer and about 30 6509s at the
access layer. We also have two Server Farm 6509s hanging off the core
switches. The core and distribution will route and well switch to the
server farm and the access layers. Well have about 4-5 VLANs in each access
layer, so well over 100 VLANs total. Hence my strong interest in VTP.

Reading through the VTP stuff today, I saw where the VTP communication
occurs through VLAN1. The reseller who sold the design said we would have
multi-path layer3 connectivity between core and distribution and layer 2 out
to access 6509s. Assuming we only had routed links between the core and
distribution layers, then how would the VTP updates get through to the
distribution layer from the core? Can we effectively have both a routed link
and a bridged VLAN1 link throughout the network? Does that make sense?

Any suggestions on how this is accomplished with one VTP domain or a better
way would be appreciated.

Jeff




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39131t=39131
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Core dumps [7:39132]

2002-03-22 Thread Michalis Palis 

Dear all

I configure an AS5300 cisco access-server for core
dump, sending the core files on a Linux ftp server. My
problem is that the core files that are greated, are
too big 190MBytes (Suppose to be around 4Mbytes) and
are not readable. By viewing the files i can only see
random characters.. 

I will appreciate any feedback on the above problem.

Thanks

__
Do You Yahoo!?
Yahoo! Movies - coverage of the 74th Academy Awards.
http://movies.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39132t=39132
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

missing Interfaces on a 1003 [7:39133]

2002-03-22 Thread Danny Cox 

Hi all - I've been searching around the Cisco website and
elsewhere with google, but can't quite pin this down.  I
have a 1003 with no flash card in it, which currently is
just booting image c1000-rboot-r.103-9

When the machine boots there's no sign of the ISDN interfaces.
I read on an earlier note that someone had issues like this
with the serial interfaces on a 2500 and wondered whether
it's likely to be down to the image being wrong, but I haven't
succeeded in finding the features supported by this image.

I don't have this router in my hands at the minute - someone
else has got it, but I'm trying to guide them to get it 
sorted .. I fear it may be broken, but want to prove to myself
that it's not just an image problem first.  Anyone help?

cheers -Danny


Router(boot)sh ver
Cisco Internetwork Operating System Software
IOS (tm) 1000 Bootstrap Software (C1000-RBOOT-R), Version 10.3(9), 
RELEASE SOFTW
ARE (fc1)
Copyright (c) 1986-1995 by cisco Systems, Inc.
Compiled Wed 31-Jan-96 02:38 by vatran
Image text-base: 0x00018060, data-base: 0x02004000

ROM: System Bootstrap, Version 5.3.2(9) [vatran 9], RELEASE SOFTWARE 
(fc1)

Router uptime is 3 minutes
System restarted by power-on
System image file is eprom:c1000-rboot-r.103-9, booted via ROM

cisco 1000 (68360) processor (revision D) with 7680K/512K bytes of 
memory.
Processor board serial number 03893187
1 Ethernet/IEEE 802.3 interface.
8K bytes of non-volatile configuration memory.

Configuration register is 0x2102


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39133t=39133
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CISCO 2600 router [7:39130]

2002-03-22 Thread Engelhard M. Labiro 

The router is looking for a config file on a TFTP server
by broadcasting messages. You can disable this behaviour by
no service config command.

HTH

 Hi,
 Need Help in understanding why the following problem is occuring.
 When I connect the CISCO 2600 router through the console port. I get the
 following error message

 %Error opening tftp://255.255.255.255/network-confg (Timed out)
 %Error opening tftp://255.255.255.255/cisconet.cfg (Timed out)
 %Error opening tftp://255.255.255.255/SHG_RTR-confg (Timed out)
 %Error opening tftp://255.255.255.255/SHG_RTR.cfg (Timed out)

 And because of this sometimes I cannot ping or telnet the router.

 When I boot it I get the following message










 ## [OK]

   Restricted Rights Legend

 Use, duplication, or disclosure by the Government is
 subject to restrictions as set forth in subparagraph
 (c) of the Commercial Computer Software - Restricted
 Rights clause at FAR sec. 52.227-19 and subparagraph
 (c) (1) (ii) of the Rights in Technical Data and Computer
 Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706



 Cisco Internetwork Operating System Software
 IOS (tm) C2600 Software (C2600-I-M), Version 12.0(7)T,  RELEASE SOFTWARE
 (fc2)
 Copyright (c) 1986-1999 by cisco Systems, Inc.
 Compiled Tue 07-Dec-99 02:12 by phanguye
 Image text-base: 0x80008088, data-base: 0x807AAF70

 cisco 2620 (MPC860) processor (revision 0x102) with 26624K/6144K bytes of
 memory
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39134t=39130
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CISCO 2500 router [7:39135]

2002-03-22 Thread Biswajeet Das 

Hi,

I have a CISCO 2500 series router and last time there was a power problem
due to which now everytime I boot I get the following message

System Bootstrap, Version 11.0(10 C), SOFTWARE
Copyright (C) 1986-1996 by Cisco Systems
2500 processor with 2048 Kbytes of main memory
Local Timeout (control reg=0x118) Error, address 0x213 at 0x10109DA(PC) 

The above message keeps on repeating and the OK LED in front of the Router
keeps blinking continuously.

What could be the problem and the solution for it.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39135t=39135
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Setting up a CCNA Lab [7:39112]

2002-03-22 Thread Georg Pauwen 

Hi Nathan,

with a DTE/DCE cable between the two serial ports you can even make one of
the routers a frame relay switch. If you want the config for this, let me
know and I'll send it to you.

Regards,

Georg


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39136t=39112
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CIC.. [7:39104]

2002-03-22 Thread Georg Pauwen 

Hi Stanzin,

with CIC you mean Cisco Info Center ?
What do you need to know ?

Regards,

Georg


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39137t=39104
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX performance problem again ! [7:38955]

2002-03-22 Thread Mohannad Khuffash 

Dear All,
I would first thank you for your worthfull contributions which enable me to
solve the problem! The problem was that the interfaces is set to full duplex
(10full or 100full commands), and when i change the configuration to 10base
and 100base the problem has been solved totally !! I'm still didn't
understand why ? my switch support the duplex and even not, the connection
should not work totally not at low performance !.
Anyway, thanks alot again for your contributions .

--




Mohannad N. Khuffash
Network Administrator
Palestine Telecom
Tel : 00970-09-2390509
Mohannad Khuffash  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Dear all,
 My problem with th PIX still present! the throughput between my inside
 cleints an the out side ftp server still very low ! the only node between
 them is the PIX,and  the speed cann't be more than 50K B/s, i have checked
 the two cisco fixing problem for such like these cases: DNS pointer and
 IDENT protocols, but the problem is still present  Please can any one
 help me ?

 Thanks in advance for your efforts

 --







 Mohannad N. Khuffash
 Network Administrator
 Palestine Telecommunication Company
 Tel: 00972-02-2982330
 Fax:00972-02-2980235




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39138t=38955
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: missing Interfaces on a 1003 [7:39133]

2002-03-22 Thread Richard Botham 

Danny,

I had this same problem but with 2600 series routers.
I loaded an IOS that supported the featurs I needed but DID NOT support the
interfaces physically present on the box.
It threw me a bit as well.
Do a hardware/Software compatability check on CCO and then look for the
images that support both the hardware and features.

HTH 
Richard


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39139t=39133
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CAT4003 and 3com [7:39084]

2002-03-22 Thread Tom Petzold 

Here is a great reference

http://www.cisco.com/warp/public/473/46.html

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, March 21, 2002 3:41 PM
To: [EMAIL PROTECTED]
Subject: CAT4003 and 3com [7:39084]


Greetings,

Any knowing problems out there with 3com cards and cat 4000 switches?
I've a customer complaining when they insert new win2k with 3com cards,
the whole network slows down.  When the switch is rebooted everything is
back to normal.  The problem repeats when the add more win2k machine.

Any ideas

ThanksNabil




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39140t=39084
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Wic-1DSU-T1 card can be connected to a T1 circuit [7:39079]

2002-03-22 Thread Georg Pauwen 

Hi Yatou,

is your question if a WIC-1DSU-T1 card can be connected to a T1 circuit ?
Here is what I found on the Cisco site:

WIC-1DSU-T1
The WIC-1DSU-T1 card is a single-port, T1/fractional T1 CSU/DSU interface
card. Use the WIC-1DSU-T1 card for a cost effective router-CSU/DSU
combination with the following features:

T1 or fractional T1 network interface

N X 64 kbps or N X 56 kbps non-channelized data rates (N = 1 to 24)

Full management features:

Configuration: Capability for remote configuration via telnet from Cisco IOS
CLI

Monitoring: Router and CSU/DSU manageable as a single SNMP entity; extensive
CSU/DSU statistics provided by Cisco IOS CLI

Troubleshooting: Extensive loopbacks (including a manual button for network
line loopback), bit error rate tester (BERT) test patterns, alarm counters,
and performance reports, all of which are accessible from Cisco IOS CLI.
LEDs for carrier detect, loopback, and alarm functions.

Technical Specifications
Table 2-17 lists the technical specifications of the WIC-1DSU-T1 card.

Table 2-17: WIC-1DSU-T1 Technical Specifications  Type  Description  
Interface type
 T1 or fractional T1
 
Serial network support
 Synchronous, full duplex
 
Physical connector
 RJ-45
 
Number of connectors/ports
 One
 
Cisco IOS requirement
 11.3(4)T or later
 
Compliance
 FCC Class B device, CE
 
Safety conformance
 UL1950
 
Spare
 WIC-1DSU-T1=
 

Regards,

Georg


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39141t=39079
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Gigastack Etherchannel [7:39033]

2002-03-22 Thread Kelly Cobean 

Guys, If it helps any, here is a quote from Cisco's web siteLink below.

Cascaded Stack Connections:
You can connect from three to nine switches in a cascaded stack
configuration. The cascaded stack operates in half-duplex mode.  (This
raises the debate about how many switches in the stack again, because now
I've seen conflicting documentation that indicates 9 and 16)

The link is
http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/gbic/ig_gbic/mam
oins.htm#xtocid357911
Watch for URL wrap.

Our Switchstacks contain 9 3548's here, and the uplink ports with fiber GBIC
modules default to full duplex, while the gigastack module ports default to
half duplex.  I think one of reasons for this is the fact that you are
effectively splitting the port in half by connecting each of the two
gigastack ports to different switches.  Hope this helps.

Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I
Network Engineer
GRC International, Inc., an ATT company


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Gaz
Sent: Thursday, March 21, 2002 2:01 PM
To: [EMAIL PROTECTED]
Subject: Re: Gigastack Etherchannel [7:39033]


Ole,

Good question.. Dunno!

I was just going to suggest that one 3548 could only talk to one other
switch at full duplex. The Gigastack bus may equate to a shared media once
another switch is attached, so needs to go to half duplex.
This must be different for something like a 3508, as a 3508 can definitely
take multiple full duplex connections when used as the hub of a star
configuration.

In fact now I've finished writing it, it seems reasonable. I will test this
tomorrow as well.

Anybody pick holes in that theory?


Gaz



Ole Drews Jensen  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 If you have three 3548's - A, B and C, and you have 1 GigaStack module in
A
 where only one connector is connected to one connector on a GigaStack
module
 in B, and 1 GigaStack module in C where only one connected is connected to
 one connector on a second GigaStack module in B. Would that make a Full
 Duplex on the connections since only one port is used on each GigaStack
 module, or would it end up in Half Duplex anyway, since you have a total
of
 three switches?

 Ole

 ~
  Ole Drews Jensen
  Systems Network Manager
  CCNP, MCSE, MCP+I
  RWR Enterprises, Inc.
  [EMAIL PROTECTED]
 ~
  http://www.RouterChief.com
 ~
  Need a Job?
  http://www.OleDrews.com/job
 ~




 -Original Message-
 From: Georgescu, Aurelian [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, March 21, 2002 11:56 AM
 To: [EMAIL PROTECTED]
 Subject: RE: Gigastack Etherchannel [7:39033]


 They can be used in full-duplex mode on point-to-point links (aka using
only
 one connector on each GigaStack, one at each end of the cable). If you
 daisy-chain them they default to half-duplex.

 Aurelian

 -Original Message-
 From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, March 21, 2002 12:02 PM
 To: [EMAIL PROTECTED]
 Subject: RE: Gigastack Etherchannel [7:39033]

 GigaStack GBIC's are Full Duplex:

 ELVIS#show int gigabitEthernet 0/1
 GigabitEthernet0/1 is up, line protocol is up
   Hardware is Gigabit Ethernet, address is 0002.fd13.52f1 (bia
 0002.fd13.52f1)
   MTU 1500 bytes, BW 100 Kbit, DLY 10 usec,
  reliability 255/255, txload 1/255, rxload 1/255
   Encapsulation ARPA, loopback not set
   Keepalive not set
   Auto-duplex (Full), link type is autonegotiation, media type is
 CX_GIGASTACK
   output flow-control is off, input flow-control is off
   ARP type: ARPA, ARP Timeout 04:00:00
   GigaStack module(0.2) in GBIC slot. link1 is up, link2 is down
   Last input 00:00:06, output 00:00:01, output hang never
   Last clearing of show interface counters 11w1d
   Queueing strategy: fifo
   Output queue 0/40, 0 drops; input queue 0/75, 0 drops
   5 minute input rate 107000 bits/sec, 15 packets/sec
   5 minute output rate 91000 bits/sec, 16 packets/sec
  122086095 packets input, 1719966070 bytes, 0 no buffer
  Received 3149732 broadcasts, 0 runts, 0 giants, 0 throttles
  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
  0 watchdog, 163799 multicast, 0 pause input
  165588418 packets output, 149633091 bytes, 0 underruns
  0 output errors, 0 collisions, 0 interface resets
  0 babbles, 0 late collision, 0 deferred
  0 lost carrier, 0 no carrier, 0 pause output
  0 output buffer failures, 0 output buffers swapped out

 Hth,

 Ole

 ~
  Ole Drews Jensen
  Systems Network Manager
  CCNP, MCSE, MCP+I
  RWR Enterprises, Inc.
  [EMAIL PROTECTED]
 ~
  http://www.RouterChief.com
 ~
  Need a Job?
  http://www.OleDrews.com/job
 ~




 -Original Message-
 From: Jeffrey Reed

RE: CAT4003 and 3com [7:39084]

2002-03-22 Thread Kelly Cobean 

I've had multiple experiences with 3com NIC's and Cisco switches not
negotiating speed and duplex properly.  Gets to be a real pain the backside
after awhile.  I've had instructors tell me the same thing, that Cisco and
3com are notorious for this issue.

Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I
Network Engineer
GRC International, Inc., an ATT company

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, March 21, 2002 3:41 PM
To: [EMAIL PROTECTED]
Subject: CAT4003 and 3com [7:39084]


Greetings,

Any knowing problems out there with 3com cards and cat 4000 switches?
I've a customer complaining when they insert new win2k with 3com cards,
the whole network slows down.  When the switch is rebooted everything is
back to normal.  The problem repeats when the add more win2k machine.

Any ideas

ThanksNabil




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39143t=39084
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Where is h323 used when configuring IVR for Voice? [7:39145]

2002-03-22 Thread Ruen-Chze Loh 

  Hi,
  
  From the Cisco web site
 

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fvvfax_c/vvfivr.htm#xtocid14;
  
  
  
  The example showed that aaa authentication login
  h323
  group radius. The h323 is indicated in the
  command
  reference as the list-name. But I could not find
  the
  list-name h323 being used in the configuration
  below. Where is the h323 being reference in the
  configuration ? When using IVR how the application
  knows that the router should use the list-name
  h323
  to authenticate the user ? Thank-you.
  
  
  
  TCL IVR for Gateway1 (GW1) Configuration Example
  The following output is the result of using the
 show
  running-config command: 
  
  GW1
  Router# show running-config 
  
   
  Building configuration...
   
  Current configuration:
   
  ! Last configuration change at 08:39:29 PST Mon
 Jan
  10
  2000 by lab
  !
  version 12.2
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  !
  hostname GW1
  !
  logging buffered 10 debugging
  aaa new-model
  aaa authentication login default local group
 radius
  aaa authentication login h323 group radius
  aaa authentication login con none
  aaa authorization exec h323 group radius
  aaa accounting connection h323 start-stop group
  radius
  enable password xxx
  !
  username lab password 0 lab
  !
  resource-pool disable
  !
  clock timezone PST -8
  ip subnet-zero
  ip host baloo 1.14.124.xxx
  ip host dirt 223.255.254.254
  ip host rtspserver3 1.14.1xx.2
  ip host rtspserver1 1.14.1xx.2
  !
  mgcp package-capability trunk-package
  mgcp default-package trunk-package
  isdn switch-type primary-net5
  isdn voice-call-failure 0
  !
  tftp://dirt/hostname/WV/en_new/
  call application voice debit_card
  tftp://dirt/Router/scripts.new/app_debitcard.tcl 
  call application voice debit_card uid-len 6
  call application voice debit_card language 1 en
  call application voice debit_card language 2 ch
  call application voice debit_card set-location ch
 0
  tftp://dirt/hostname/WV/ch_new/
  call application voice debit_card set-location en
 0
  tftp://dirt/hostname/WV/en_new/
  call application voice debit_card_rtsp
  tftp://dirt/IVR
  2.0/scripts.new/app_debitcard.tcl
  call application voice debit_card_rtsp uid-len 6
  call application voice debit_card_rtsp language 1
 en
  call application voice debit_card_rtsp language 2
 ch
  call application voice debit_card_rtsp
 set-location
  ch
  0 rtsp://rtspserver1:554/
  call application voice debit_card_rtsp
 set-location
  en
  0 rtsp://rtspserver1:554/
   
  mta receive maximum-recipients 0
  !
  controller E1 0
   clock source line primary
   pri-group timeslots 1-31
  !
  controller E1 1
  !
  controller E1 2
  !
  controller E1 3
  !
  gw-accounting h323
  gw-accounting h323 vsa
  gw-accounting voip
  !
  interface Ethernet0
   ip address 1.14.128.35 255.255.255.xxx
   no ip directed-broadcast
   h323-gateway voip interface
   h323-gateway voip id gk1 ipaddr 1.14.128.19 1xxx
   h323-gateway voip h323-id [EMAIL PROTECTED]
   h323-gateway voip tech-prefix 5#
  !
  interface Serial0:15
   no ip address
   no ip directed-broadcast
   isdn switch-type primary-net5
   isdn incoming-voice modem
  
   fair-queue 64 256 0
   no cdp enable
  !
  interface FastEthernet0
   ip address 16.0.0.1 255.255.xxx.0
   no ip directed-broadcast
   duplex full
   speed auto
   no cdp enable
  !
  ip classless
  ip route 0.0.0.0 0.0.0.0 1.14.128.33
  ip route 1.14.xxx.0 255.xxx.255.xxx 16.0.0.2
  ip route 1.14.xxx.16 255.xxx.255.240 1.14.xxx.33
  no ip http server
  !
  radius-server host 1.14.132.2 auth-port 1645
  acct-port
  1646
  radius-server key cisco
  radius-server vsa send accounting
  radius-server vsa send authentication
  !
  voice-port 0:D
   cptone DE
  !
  dial-peer voice 200 voip
   incoming called-number 53
   destination-pattern 34.
   session target ipv4:16.0.0.2
   dtmf-relay h245-alphanumeric
   codec g711ulaw
  !
  dial-peer voice 102 pots
   application debit_card_rtsp
   incoming called-number 3450072
   shutdown
   destination-pattern 53.
   port 0:D
  !
  dial-peer voice 202 voip
   shutdown
   destination-pattern 34.
   session protocol sipv2
   session target ipv4:16.0.0.2
   dtmf-relay cisco-rtp
   codec g711ulaw
  !
  dial-peer voice 101 pots
   application debit_card
   incoming called-number 3450070
   destination-pattern 53.
   port 0:D
  !
  gateway
  !
  line con 0
   exec-timeout 0 0
   transport input none
  line aux 0
  line vty 0 4
   password xxx
  !
  ntp clock-period 17180740
  ntp server 1.14.42.23
  end
 


__
Do You Yahoo!?
Yahoo! Movies - coverage of the 74th Academy Awards.
http://movies.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39145t=39145
--
FAQ, list archives, and subscription info:

RE: CISCO 2500 router [7:39135]

2002-03-22 Thread Ole Drews Jensen 

I have not seen that error myself, but maybe this is what's happening
(copied from cco):

Adding the command distribute-list access-list out rip to an active IPX
ROUTER NLSP process causes the router to display the following error
message, after which the router reloads: 

Local Timeout (control reg=0x118) Error, address: 0x4000C74 at 0x30F4D7C
(PC)

Hth,

Ole

~
 Ole Drews Jensen
 Systems Network Manager
 CCNP, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]
~
 http://www.RouterChief.com
~
 Need a Job?
 http://www.OleDrews.com/job
~




-Original Message-
From: Biswajeet Das [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 22, 2002 5:48 AM
To: [EMAIL PROTECTED]
Subject: CISCO 2500 router [7:39135]


Hi,

I have a CISCO 2500 series router and last time there was a power problem
due to which now everytime I boot I get the following message

System Bootstrap, Version 11.0(10 C), SOFTWARE
Copyright (C) 1986-1996 by Cisco Systems
2500 processor with 2048 Kbytes of main memory
Local Timeout (control reg=0x118) Error, address 0x213 at 0x10109DA(PC) 

The above message keeps on repeating and the OK LED in front of the Router
keeps blinking continuously.

What could be the problem and the solution for it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39146t=39135
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CAT4003 and 3com [7:39084]

2002-03-22 Thread Kelly Cobean 

Awesome Link!  Thanks Tom.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Tom Petzold
Sent: Friday, March 22, 2002 7:54 AM
To: [EMAIL PROTECTED]
Subject: RE: CAT4003 and 3com [7:39084]


Here is a great reference

http://www.cisco.com/warp/public/473/46.html

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, March 21, 2002 3:41 PM
To: [EMAIL PROTECTED]
Subject: CAT4003 and 3com [7:39084]


Greetings,

Any knowing problems out there with 3com cards and cat 4000 switches?
I've a customer complaining when they insert new win2k with 3com cards,
the whole network slows down.  When the switch is rebooted everything is
back to normal.  The problem repeats when the add more win2k machine.

Any ideas

ThanksNabil




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39147t=39084
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Wic-1DSU-T1 card can be connected to a T1 circuit [7:39079]

2002-03-22 Thread Kelly Cobean 

This brings up another question...

Since the WIC-1DSU-T1 card can be used for N X 64 kbps or N X 56 kbps
non-channelized data rates (N = 1 to 24), is a standard T-1 (not PRI)
channelized or un-channelized?  I was under the impression that since you
were dealing with 24 64Kb/s channels (get it?), that this was a channelized
T-1.  Am I smokin' some good stuff or what?

Thanks,
Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I
Network Engineer
GRC International, Inc., an ATT company

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Georg Pauwen
Sent: Friday, March 22, 2002 8:06 AM
To: [EMAIL PROTECTED]
Subject: RE: Wic-1DSU-T1 card can be connected to a T1 circuit [7:39079]


Hi Yatou,

is your question if a WIC-1DSU-T1 card can be connected to a T1 circuit ?
Here is what I found on the Cisco site:

WIC-1DSU-T1
The WIC-1DSU-T1 card is a single-port, T1/fractional T1 CSU/DSU interface
card. Use the WIC-1DSU-T1 card for a cost effective router-CSU/DSU
combination with the following features:

T1 or fractional T1 network interface

N X 64 kbps or N X 56 kbps non-channelized data rates (N = 1 to 24)

Full management features:

Configuration: Capability for remote configuration via telnet from Cisco IOS
CLI

Monitoring: Router and CSU/DSU manageable as a single SNMP entity; extensive
CSU/DSU statistics provided by Cisco IOS CLI

Troubleshooting: Extensive loopbacks (including a manual button for network
line loopback), bit error rate tester (BERT) test patterns, alarm counters,
and performance reports, all of which are accessible from Cisco IOS CLI.
LEDs for carrier detect, loopback, and alarm functions.

Technical Specifications
Table 2-17 lists the technical specifications of the WIC-1DSU-T1 card.

Table 2-17: WIC-1DSU-T1 Technical Specifications  Type  Description
Interface type
 T1 or fractional T1

Serial network support
 Synchronous, full duplex

Physical connector
 RJ-45

Number of connectors/ports
 One

Cisco IOS requirement
 11.3(4)T or later

Compliance
 FCC Class B device, CE

Safety conformance
 UL1950

Spare
 WIC-1DSU-T1=


Regards,

Georg




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39148t=39079
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CISCO 2500 router [7:39135]

2002-03-22 Thread Danny 

I have seen that before.  If I remember correctly, the router had corrupted
memory.
Ole Drews Jensen  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I have not seen that error myself, but maybe this is what's happening
 (copied from cco):

 Adding the command distribute-list access-list out rip to an active IPX
 ROUTER NLSP process causes the router to display the following error
 message, after which the router reloads:

 Local Timeout (control reg=0x118) Error, address: 0x4000C74 at 0x30F4D7C
 (PC)

 Hth,

 Ole

 ~
  Ole Drews Jensen
  Systems Network Manager
  CCNP, MCSE, MCP+I
  RWR Enterprises, Inc.
  [EMAIL PROTECTED]
 ~
  http://www.RouterChief.com
 ~
  Need a Job?
  http://www.OleDrews.com/job
 ~




 -Original Message-
 From: Biswajeet Das [mailto:[EMAIL PROTECTED]]
 Sent: Friday, March 22, 2002 5:48 AM
 To: [EMAIL PROTECTED]
 Subject: CISCO 2500 router [7:39135]


 Hi,

 I have a CISCO 2500 series router and last time there was a power problem
 due to which now everytime I boot I get the following message

 System Bootstrap, Version 11.0(10 C), SOFTWARE
 Copyright (C) 1986-1996 by Cisco Systems
 2500 processor with 2048 Kbytes of main memory
 Local Timeout (control reg=0x118) Error, address 0x213 at
0x10109DA(PC)

 The above message keeps on repeating and the OK LED in front of the Router
 keeps blinking continuously.

 What could be the problem and the solution for it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39149t=39135
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Setting up a CCNA Lab [7:39112]

2002-03-22 Thread Matthew Meiers 

I think you would be fine just using the 2600 and a Cisco switch.  This
is the focus of CCNA.  Use multiple routers if you study for CCNP
routing.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Nathan
Sent: Thursday, March 21, 2002 9:02 PM
To: [EMAIL PROTECTED]
Subject: Setting up a CCNA Lab [7:39112]

I've managed to borrow a Cisco 1602 and a 2610 from a friend to use as
practice equipment while i study for my CCNA.

The 1602 has a ISDN Bri module.
The 2610 has a ISDN Bri module and a 56k/64k CSU/DSU Module.

What way would you guys suggest setting them up?

I was thinking of just configuring them via serial then link them via
serial
when i'm done and toss a switch on either end.

Any suggestions?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39150t=39112
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Gigastack Etherchannel [7:39033]

2002-03-22 Thread Ole Drews Jensen 

Kelly,

On the GigaStack modules, are you using both ports on the module, or one
port on two modules?

Examples (use fixed font for best view):

1 module / 2 ports

switch 1   [oo] [--]
|
switch 2   [oo] [--]
 |
switch 3   [oo] [--]
|
switch 4   [oo] [--]

2 modules / 1 port

switch 1   [oo] [oo]
|
switch 2   [oo] [oo]
 |
switch 3   [oo] [oo]
|
switch 4   [oo] [oo]

Thanks,

Ole

~
 Ole Drews Jensen
 Systems Network Manager
 CCNP, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]
~
 http://www.RouterChief.com
~
 Need a Job?
 http://www.OleDrews.com/job
~




-Original Message-
From: Kelly Cobean [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 22, 2002 7:18 AM
To: [EMAIL PROTECTED]
Subject: RE: Gigastack Etherchannel [7:39033]


Guys, If it helps any, here is a quote from Cisco's web siteLink below.

Cascaded Stack Connections:
You can connect from three to nine switches in a cascaded stack
configuration. The cascaded stack operates in half-duplex mode.  (This
raises the debate about how many switches in the stack again, because now
I've seen conflicting documentation that indicates 9 and 16)

The link is
http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/gbic/ig_gbic/mam
oins.htm#xtocid357911
Watch for URL wrap.

Our Switchstacks contain 9 3548's here, and the uplink ports with fiber GBIC
modules default to full duplex, while the gigastack module ports default to
half duplex.  I think one of reasons for this is the fact that you are
effectively splitting the port in half by connecting each of the two
gigastack ports to different switches.  Hope this helps.

Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I
Network Engineer
GRC International, Inc., an ATT company


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Gaz
Sent: Thursday, March 21, 2002 2:01 PM
To: [EMAIL PROTECTED]
Subject: Re: Gigastack Etherchannel [7:39033]


Ole,

Good question.. Dunno!

I was just going to suggest that one 3548 could only talk to one other
switch at full duplex. The Gigastack bus may equate to a shared media once
another switch is attached, so needs to go to half duplex.
This must be different for something like a 3508, as a 3508 can definitely
take multiple full duplex connections when used as the hub of a star
configuration.

In fact now I've finished writing it, it seems reasonable. I will test this
tomorrow as well.

Anybody pick holes in that theory?


Gaz



Ole Drews Jensen  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 If you have three 3548's - A, B and C, and you have 1 GigaStack module in
A
 where only one connector is connected to one connector on a GigaStack
module
 in B, and 1 GigaStack module in C where only one connected is connected to
 one connector on a second GigaStack module in B. Would that make a Full
 Duplex on the connections since only one port is used on each GigaStack
 module, or would it end up in Half Duplex anyway, since you have a total
of
 three switches?

 Ole

 ~
  Ole Drews Jensen
  Systems Network Manager
  CCNP, MCSE, MCP+I
  RWR Enterprises, Inc.
  [EMAIL PROTECTED]
 ~
  http://www.RouterChief.com
 ~
  Need a Job?
  http://www.OleDrews.com/job
 ~




 -Original Message-
 From: Georgescu, Aurelian [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, March 21, 2002 11:56 AM
 To: [EMAIL PROTECTED]
 Subject: RE: Gigastack Etherchannel [7:39033]


 They can be used in full-duplex mode on point-to-point links (aka using
only
 one connector on each GigaStack, one at each end of the cable). If you
 daisy-chain them they default to half-duplex.

 Aurelian

 -Original Message-
 From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, March 21, 2002 12:02 PM
 To: [EMAIL PROTECTED]
 Subject: RE: Gigastack Etherchannel [7:39033]

 GigaStack GBIC's are Full Duplex:

 ELVIS#show int gigabitEthernet 0/1
 GigabitEthernet0/1 is up, line protocol is up
   Hardware is Gigabit Ethernet, address is 0002.fd13.52f1 (bia
 0002.fd13.52f1)
   MTU 1500 bytes, BW 100 Kbit, DLY 10 usec,
  reliability 255/255, txload 1/255, rxload 1/255
   Encapsulation ARPA, loopback not set
   Keepalive not set
   Auto-duplex (Full), link type is autonegotiation, media type is
 CX_GIGASTACK
   output flow-control is off, input flow-control is off
   ARP type: ARPA, ARP Timeout 04:00:00
   GigaStack module(0.2) in GBIC slot. link1 is up, link2 is down
   Last input 00:00:06, output 00:00:01, output hang never
   Last clearing of show interface counters 11w1d
   Queueing strategy: fifo

RE: More VTP Questions [7:39131]

2002-03-22 Thread Arjen Dragt 

Jeff,

If you are going to (must) use VLANs, they should never extend beyond the
distribution layer.  That is, a VLAN may exist in the access layer (possibly
across more than one A/L switch) but should terminate at the D/L.  Beyond
the D/L into the core, the network is to be purely routed/switched with no
VLAN activity (there are exceptions to this with a switched core in which
you may want to set up VLANs - routed core is often preferred.  Even in this
exception case, these core VLANs are different VLANs than in the A/L).

Whether any trunking is needed is probably a more important question:
It sounds (from your wording) that this is a fresh design - if you do not
have to trunk VLANs (with have to=must being the operative words), then
the best design going these days is to put one VLAN per A/L switch; each
VLAN corresponds directly to a separate subnet.  On the D/L switches, there
are multiple routed interfaces (subinterfaces) each performing routing for
the individual subnets corresponding to the A/L switches.
In this manner, your entire network is essentially routed (hosts connecting
down to their D/L switch are switched, yes, but they are only in their own
subnet) and you don't have to worry about anything to do with VTP or STP.

So, here is a one line summary:
If you don't absolutely need to use VLANs, don't: route.


Cheers,

Arjen

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Jeffrey Reed
Sent: March 22, 2002 5:26 AM
To: [EMAIL PROTECTED]
Subject: More VTP Questions [7:39131]


Thanks to everyone who helped clarify the VTP Domain process and I have
more questions.

I am working on a textbook Cisco network design. We have two 6509s in the
core, four 6509s in the distribution layer and about 30 6509s at the
access layer. We also have two Server Farm 6509s hanging off the core
switches. The core and distribution will route and well switch to the
server farm and the access layers. Well have about 4-5 VLANs in each access
layer, so well over 100 VLANs total. Hence my strong interest in VTP.

Reading through the VTP stuff today, I saw where the VTP communication
occurs through VLAN1. The reseller who sold the design said we would have
multi-path layer3 connectivity between core and distribution and layer 2 out
to access 6509s. Assuming we only had routed links between the core and
distribution layers, then how would the VTP updates get through to the
distribution layer from the core? Can we effectively have both a routed link
and a bridged VLAN1 link throughout the network? Does that make sense?

Any suggestions on how this is accomplished with one VTP domain or a better
way would be appreciated.

Jeff




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39152t=39131
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Gigastack Etherchannel [7:39033]

2002-03-22 Thread Gaz 

Thanks for all the responses.
Dug the switches out today and tested.
We were all on the right tracks I think.
I also put this to the Cisco open forum, and a Cisco CCIE answered my
original question saying it was definitely not possible to run etherchannel
between two switches with 2 Gigastack modules each.
Coming to Cisco's rescue, I received an e-mail from Tom Petzold of Cisco,
which doesn't seem to have reached the Newsgroup yet, but his answers were
spot on and confirmed by the testing I did today.
His e-mail is attached after my mumblings below.
If anybody can think of any other tests to try, they're still set up so give
me a shout before Monday evening when they get installed elsewhere.

Using all 3524 switches (called A,B and C)


Test 1:
Connect A to B with one cable - Link Auto's to full duplex
Now add a connection from B to C with one cable (on the same Gigastack
module)
Result - All links revert to half duplex

Test 2:
Connect A to B with one cable - Link Auto's to full duplex
Now add a second Gigastack module to B and connect this to C.
Result - All links stay at full duplex.

Test 3:
Connect A to B with 2 cables (one Gigastack module used in each switch)
Result - spanning tree blocks one of the connections (don't know a way of
configuring etherchannel for these - they are not subinterfaces of any kind)

Test 4:
Connect A to B with one cable - Link Auto's to full duplex
Put a second Gigastack module in both A and B
Connect these with one cable
Configure both switches for etherchannel
Result - Etherchannel works fine - all ports forwarding


Regards,

Gaz

(Tom Petzold's e-mail follows)

Let me see if I can walk through the options.
If you hook two switches up with one cable (using only one port on each
gigastack GBIC) you will have a 1Gb (2Gb full Duplex) connection.

If you have three switches cascaded and use both ports on any gigastack GBIC
you will have 1Gb half duplex shared across all the switches.

In the previous configuration you can hook the bottom switch back up to the
top switch. Since you have a loop now (a to b, b to c, c to a) one port will
go into blocking to prevent the loop.

Now your question is can I use two gigastack GBICs in both switches and
setup an etherchannel. The answer is yes. Connect GBIC 1 in switch A to GBIC
1 in switch 2 and GBIC 2 in switch A to GBIC 2 in switch 2 using 1 cable for
each GBIC pair. Then just setup the gigabit ports as an etherchannel group.
This will give you the 2Gb (4Gb full duplex) you wanted.

What you don't want to do is connect both ports on GBIC 1 to both ports on
GBIC 2. I'm not sure what would happen but I think they would go into half
duplex and not allow you to setup the etherchannel.

Tom Petzold

Cisco Systems

Kelly Cobean  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Guys, If it helps any, here is a quote from Cisco's web siteLink
below.

 Cascaded Stack Connections:
 You can connect from three to nine switches in a cascaded stack
 configuration. The cascaded stack operates in half-duplex mode.  (This
 raises the debate about how many switches in the stack again, because now
 I've seen conflicting documentation that indicates 9 and 16)

 The link is

http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/gbic/ig_gbic/mam
 oins.htm#xtocid357911
 Watch for URL wrap.

 Our Switchstacks contain 9 3548's here, and the uplink ports with fiber
GBIC
 modules default to full duplex, while the gigastack module ports default
to
 half duplex.  I think one of reasons for this is the fact that you are
 effectively splitting the port in half by connecting each of the two
 gigastack ports to different switches.  Hope this helps.

 Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I
 Network Engineer
 GRC International, Inc., an ATT company


 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
 Gaz
 Sent: Thursday, March 21, 2002 2:01 PM
 To: [EMAIL PROTECTED]
 Subject: Re: Gigastack Etherchannel [7:39033]


 Ole,

 Good question.. Dunno!

 I was just going to suggest that one 3548 could only talk to one other
 switch at full duplex. The Gigastack bus may equate to a shared media once
 another switch is attached, so needs to go to half duplex.
 This must be different for something like a 3508, as a 3508 can definitely
 take multiple full duplex connections when used as the hub of a star
 configuration.

 In fact now I've finished writing it, it seems reasonable. I will test
this
 tomorrow as well.

 Anybody pick holes in that theory?


 Gaz



 Ole Drews Jensen  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  If you have three 3548's - A, B and C, and you have 1 GigaStack module
in
 A
  where only one connector is connected to one connector on a GigaStack
 module
  in B, and 1 GigaStack module in C where only one connected is connected
to
  one connector on a second GigaStack module in B. Would that make a Full
  Duplex on the connections since only one port is

Re: CISCO 2500 router [7:39135]

2002-03-22 Thread Danny Andaluz 

Of course, 2500 that have problems like that just get retired to door stop
duty.
Danny  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I have seen that before.  If I remember correctly, the router had
corrupted
 memory.
 Ole Drews Jensen  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  I have not seen that error myself, but maybe this is what's happening
  (copied from cco):
 
  Adding the command distribute-list access-list out rip to an active IPX
  ROUTER NLSP process causes the router to display the following error
  message, after which the router reloads:
 
  Local Timeout (control reg=0x118) Error, address: 0x4000C74 at 0x30F4D7C
  (PC)
 
  Hth,
 
  Ole
 
  ~
   Ole Drews Jensen
   Systems Network Manager
   CCNP, MCSE, MCP+I
   RWR Enterprises, Inc.
   [EMAIL PROTECTED]
  ~
   http://www.RouterChief.com
  ~
   Need a Job?
   http://www.OleDrews.com/job
  ~
 
 
 
 
  -Original Message-
  From: Biswajeet Das [mailto:[EMAIL PROTECTED]]
  Sent: Friday, March 22, 2002 5:48 AM
  To: [EMAIL PROTECTED]
  Subject: CISCO 2500 router [7:39135]
 
 
  Hi,
 
  I have a CISCO 2500 series router and last time there was a power
problem
  due to which now everytime I boot I get the following message
 
  System Bootstrap, Version 11.0(10 C), SOFTWARE
  Copyright (C) 1986-1996 by Cisco Systems
  2500 processor with 2048 Kbytes of main memory
  Local Timeout (control reg=0x118) Error, address 0x213 at
 0x10109DA(PC)
 
  The above message keeps on repeating and the OK LED in front of the
Router
  keeps blinking continuously.
 
  What could be the problem and the solution for it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39154t=39135
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: MPLS in the Enterprise [7:36670]

2002-03-22 Thread Howard C. Berkowitz 

At 3:29 AM -0500 3/22/02, Tom Scott wrote:
Kent, Irwin,

This is an interesting exchange of perspectives. Could you
or someone else comment on GMPLS?

GMPLS does many of the things you are describing. It generalizes 
MPLS setup beyond the current packet/frame oriented paths to paths 
that don't have a granularity as fine as packets:  optical 
wavelengths, multiplex time slots, and specific physical port 
sequences on various devices.

I really don't see MPLS/GMPLS as a relevant technology for most 
enterprises. Let me throw out an analogy that I just invented -- I 
just got up and may not be thinking clearly.

1.  ATM was originally intended as a carrier-only technology. FR, ISDN, etc.,
 were seen as customer access protocols to the carrier ATM cloud. ATM
 UNI specifications came into being due to a market need for a high-speed
 access technology.

2.  MPLS often is called ATM without cells.  I consider (G)MPLS analogous
 to the original carrier role of ATM, and things such as 
provider-provisioned
 VPNs (PPVPN) at both layer 2 and 3, metro optical Ethernet, 3G wireless,
 etc., corresponding to the access protocols in the original ATM model.

3.  MPLS is not a panacea, but does have many useful features for traffic
 engineering and fault tolerance, especially when dealing with very
 large numbers of L2 emulated circuits and L3 private networks/Internet
 access/large provider cores. GMPLS provides a smooth path for
integrating
 both present (e.g., POS, SONET) and evolving optical technologies.

 How many enterprises will have a requirement to manage many fibers
 containing many DWDM wavelengths at OC-192 or OC-768?

4.  There are enterprise needs that are just starting to get integrated
 with MPLS, such as IPsec.

How does it factor into
the comparison of MPLS vs. FR? Is there anything about the
combination of MPLS / GMPLS that gives it an advantage over
FR?

Some market research I've seen suggests the telcos do not expect to 
have the IP-literate staff to do more than deliver the core  and 
perhaps 10% of their VPNs as L3.  L2 VPNs (e.g., frame and virtual 
wire emulation) is attractive to them because it significantly 
reduces their support costs.


Another issue I'd like to understand in this context is
native MPLS transport. Do you see a possibility in the
future for simplifying the transport of MPLS packets? In
other words, could one replace SONET/SDH with a simple
transmission layer X (whatever that might be)? The stack
,might look something like this:

  7 7
  6 6
  5 5
  4 4
  3   3 3   3
  2   2   2 2   2   2
  1   1   1  X  1   1   1

  ^ ^
  | |
  +-+
  native
   MPLS
   core

That's GMPLS, which specifically is intended to be able to transport 
SONET, POS, etc.


There in the middle, where the native MPLS core would be
in a greenfield network, is it possible to transport the
MPLS packets on a fiber medium, possibly on different
lambdas using GMPLS, but without SONET/SDH? I don't work on
that layer (physical L1) enough to know the interactions
between L1/L2, but it seems that simplification is
desirable. Possibly using MPX (MPLS over PPP over X) instead
of traditional POS?

There are many reasons to keep SONET/SDH, for example,
protection switching. Is it possible that MPLS / GMPLS could
offer similar solutions that would have a competitive
advantage? Maybe someone at MPLScon will have an answer. See
you there.

Yes, and probably more advanced protection switching with more 
efficient resource use.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39155t=36670
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Rack [7:38796]

2002-03-22 Thread Rizzo, Damian 

This was not very helpful James! 



-Original Message-
From: Lee James [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, March 21, 2002 5:39 PM
To: [EMAIL PROTECTED]
Subject: RE: Rack [7:38796]
This electronic mail transmission contains confidential information intended
only for the person(s) named.  Any use, distribution, copying or disclosure
by any other person is strictly prohibited.  If you received this
transmission in error, please notify the sender by reply e-mail and then
destroy the message.  Opinions, conclusions, and other information in this
message, that do not relate to the official business of MARAKON ASSOCIATES
shall be understood to be neither given nor endorsed by the Company.  When
addressed to MARAKON clients, any information contained in this e-mail is
subject to the terms and conditions in the governing client contract.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39156t=38796
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Coyotepoint Load Balancers [7:38953]

2002-03-22 Thread Gaz 

What problems have you had with the Arrowpoint Sam?

We do mainly Foundry for load balancing, and I have to say (as I'm not using
my work e-mail address :-)) that they have been flaky as hell. We work
fairly closely with Foundry (when we can get in touch), but every box seems
to work differently with every image. You get in to the habit of finding an
image that works and leave it alone. It's a horrible feeling when security
advisories come out recommending upgrades, and you just know it's going to
introduce other issues.

We haven't deployed the Arrowpoint on any really big projects, but they do
seem to offer more functionality than the Foundry in some areas (not
forgetting the massive price difference), so I'm interested to hear what
problems have arisen with them.

Thanks,

Gaz


sam sneed  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I have a pair of CS11152 (former arrowpoints) and they've been flaky. I do
 not recommend them. Not sure about coyotepoint.


 dre  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Coyotepoint was the first server load balancing device I had ever
  heard of outside of your basic LSNAT configuration (I think Cisco
  calls it NAT load-sharing or something, but there is an RFC also).
 
  However, I've never actually seen one in production on any
  network.  Around 1997-8 the Cisco Local Director was the
  only box I saw, and most people hated them.  Then, the F5
  Big/IP box became popular (and it still sort of is).  A whole
  bunch of people started entering the market space of SLB
  and Global Load-Balancing.  In the past few years, companies
  like Arrowpoint and Alteon got bought by Cisco and Nortel.
  Now you even have places like Akamai doing GLB for places
  like Yahoo.
 
  After I've read the RFC's, and patents like US6185598,
  US108703, and US6052718, and worked with SLB and
  GLB for years, I've finally come to a few conclusions:
 
  A) The SLB/GLB marketing and focus is silicon snake oil
  B) Just like the computer security industry, [it's] like a carnival
game,
  where people throw ducks at balloons, and nothing is as it seems
  C) It really depends on *your* environment.  Just as there are
  millions of options for web servers and web programming languages
  (e.g. .NET, J2EE, Apache+PHP+MySQL, Apache+mod_perl, MS NT4
  IIS/ISAPI, WebSphere vs. Weblogic, Zeus, Netscape, Xitami, etc etc),
  there are millions of options for SLB and GLB (even deciding between
  the two is impossible).
  D) Even outside of products and software, you have your own
organization.
  How the coders build web pages.  How the HTML is done.  Etc.  If you
  don't have any dynamic content.  If you are completely dynamic content
and
  everything besides the main page is somewhere under /cgi-bin/.  These
are
  all organizational issues that are different with every company.
 Depending
  on your setup, a different product may fit your needs differently.
  E) SLB was grown out of the need for more bandwidth being pushed out
  to the Internet by machines in the $100 to $5000 price range.  These
  machines at the time were 486's and no ubiquitous Fast or Gigabit
 Ethernet.
  For a high-end Unix box with Fast Ethernet, you were looking at $30,000
  back then (at least).
  F) Now, you can buy a Titanium Powerbook with Gigabit Ethernet running
  Mach+BSD (MacOS X) for like $2000.  You can get 2x CPU 1U machines
  running FreeBSD or Linux capable of pushing 2k pps for under $3000.
  The need for SLB may have changed over the years due to the hardware
  catching up to the bandwidth needs.
 
  The SLB/GLB market is so confusing, probably nobody has it figured
out.
 
  However, I can recommend one box today that stands above the others, and
  the only one I'd like to see in any production network.  The guys at
 Radware
  have made some significant advancements in the way SLB and GLB are done.
  Their WSD and entire line of products are much better than any of the
  alternatives, and it is much more versatile for any real production
  environment.
  This is just my opinion, but I suggest you fully research the SLB/GLB
  industry before making your decision.
 
  -dre
 
  Brian Zeitz  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   I hope this is not too far off topic, but has anyone ever used this
   companies load balancers or products or have any feedback on it.
  
  
  
http://www.coyotepoint.com
  
  
  
   One thing I noticed is that it only has 1 port in, and one out. Is
that
   not normal? I have used Alteon Before, any feedback would be helpful.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39157t=38953
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Setting up a CCNA Lab [7:39112]

2002-03-22 Thread Kaminski, Shawn G 

Also, go to the website w w w . c c x x p r o d u c t i o n s . c o m and
click on their Build a Home Lab link. This may help you out with some
other home lab questions.

Shawn K.

-Original Message-
From: Nathan [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, March 21, 2002 10:02 PM
To: [EMAIL PROTECTED]
Subject: Setting up a CCNA Lab [7:39112]


I've managed to borrow a Cisco 1602 and a 2610 from a friend to use as
practice equipment while i study for my CCNA.

The 1602 has a ISDN Bri module.
The 2610 has a ISDN Bri module and a 56k/64k CSU/DSU Module.

What way would you guys suggest setting them up?

I was thinking of just configuring them via serial then link them via serial
when i'm done and toss a switch on either end.

Any suggestions?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39158t=39112
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Wic-1DSU-T1 card can be connected to a T1 circuit [7:39079]

2002-03-22 Thread Yatou Wu 

Georg,

thanks for your infor. Actually my question is: can the Wic-1DSU-T1 card be 
connected to a T1 circuit through a DSX-1 interface?

our T1 circuit is connected to a DSX-1 patch panel from adc.com and we can 
not touch that part by just connecting the Wic card to the patch panel.

It seems to me now that we can not do that, because the Wic card has DSU/CSU 
build in and the signal comes out as DS-1 signal. the Signal comes out the 
patch panel is DSX-1 signal.

thanks again.

yatou


From: Georg Pauwen 
Reply-To: Georg Pauwen 
To: [EMAIL PROTECTED]
Subject: RE: Wic-1DSU-T1 card can be connected to a T1 circuit [7:39079]
Date: Fri, 22 Mar 2002 08:06:04 -0500

Hi Yatou,

is your question if a WIC-1DSU-T1 card can be connected to a T1 circuit ?
Here is what I found on the Cisco site:

WIC-1DSU-T1
The WIC-1DSU-T1 card is a single-port, T1/fractional T1 CSU/DSU interface
card. Use the WIC-1DSU-T1 card for a cost effective router-CSU/DSU
combination with the following features:

T1 or fractional T1 network interface

N X 64 kbps or N X 56 kbps non-channelized data rates (N = 1 to 24)

Full management features:

Configuration: Capability for remote configuration via telnet from Cisco 
IOS
CLI

Monitoring: Router and CSU/DSU manageable as a single SNMP entity; 
extensive
CSU/DSU statistics provided by Cisco IOS CLI

Troubleshooting: Extensive loopbacks (including a manual button for network
line loopback), bit error rate tester (BERT) test patterns, alarm counters,
and performance reports, all of which are accessible from Cisco IOS CLI.
LEDs for carrier detect, loopback, and alarm functions.

Technical Specifications
Table 2-17 lists the technical specifications of the WIC-1DSU-T1 card.

Table 2-17: WIC-1DSU-T1 Technical Specifications  Type  Description
Interface type
  T1 or fractional T1

Serial network support
  Synchronous, full duplex

Physical connector
  RJ-45

Number of connectors/ports
  One

Cisco IOS requirement
  11.3(4)T or later

Compliance
  FCC Class B device, CE

Safety conformance
  UL1950

Spare
  WIC-1DSU-T1=


Regards,

Georg
_
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39159t=39079
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Gigastack Etherchannel [7:39033]

2002-03-22 Thread Kelly Cobean 

Ole,
Here is our configuration(God I hope this doesn't get screwed up.  Just
in case, basically it's a looped configuration, using only one of the gig
ports per switch, utilizing the second gig port on the 1st and 9th switch
for uplink to the distribution layer.  Gig0/2 on switches 2-8 are unused.
The loop prevention mechanism in the IOS takes care of the loop
configuration in the stack(what I read leads me to believe that it is
something other than STP, but I could be wrong) then STP takes care of the
loop in the two fiber uplinks, which connect to two different Cat6509's)

 ||(fiber uplink to distribution layer)
 ||
Switch1 |oo|  |oo|
   ||
  / |---
 - |
 | |
Switch2 |oo|  |oo| |
  ||
 / |
 | |
Switch3 |oo|  |oo| |
  ||
 / |
 | |
Switch4 |oo|  |oo| |
  ||
 / |
 | |
Switch5 |oo|  |oo| |
  ||
 / |
 | |
Switch6 |oo|  |oo| |
  ||
 / |
 | |
Switch7 |oo|  |oo| |
  ||
 / |
 | |
Switch8 |oo|  |oo| |
  ||
 / |
 | |
Switch9 |oo|  |oo| |
  |||  |
  --
   ||
   || (Uplink to Distibution Layer


Hope this helps,
Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I
Network Engineer
GRC International, Inc., an ATT company




-Original Message-
From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 22, 2002 8:51 AM
To: 'Kelly Cobean'; [EMAIL PROTECTED]
Subject: RE: Gigastack Etherchannel [7:39033]


Kelly,

On the GigaStack modules, are you using both ports on the module, or one
port on two modules?

Examples (use fixed font for best view):

1 module / 2 ports

switch 1   [oo] [--]
|
switch 2   [oo] [--]
 |
switch 3   [oo] [--]
|
switch 4   [oo] [--]

2 modules / 1 port

switch 1   [oo] [oo]
|
switch 2   [oo] [oo]
 |
switch 3   [oo] [oo]
|
switch 4   [oo] [oo]

Thanks,

Ole

~
 Ole Drews Jensen
 Systems Network Manager
 CCNP, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]
~
 http://www.RouterChief.com
~
 Need a Job?
 http://www.OleDrews.com/job
~




-Original Message-
From: Kelly Cobean [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 22, 2002 7:18 AM
To: [EMAIL PROTECTED]
Subject: RE: Gigastack Etherchannel [7:39033]


Guys, If it helps any, here is a quote from Cisco's web siteLink below.

Cascaded Stack Connections:
You can connect from three to nine switches in a cascaded stack
configuration. The cascaded stack operates in half-duplex mode.  (This
raises the debate about how many switches in the stack again, because now
I've seen conflicting documentation that indicates 9 and 16)

The link is
http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/gbic/ig_gbic/mam
oins.htm#xtocid357911
Watch for URL wrap.

Our Switchstacks contain 9 3548's here, and the uplink ports with fiber GBIC
modules default to full duplex, while the gigastack module ports default to
half duplex.  I think one of reasons for this is the fact that you are
effectively splitting the port in half by connecting each of the two
gigastack ports to different switches.  Hope this helps.

Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I
Network Engineer
GRC International, Inc., an ATT company


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Gaz
Sent: Thursday, March 21, 2002 2:01 PM
To: [EMAIL PROTECTED]
Subject: Re: Gigastack Etherchannel [7:39033]


Ole,

Good question.. Dunno!

I was just going to suggest that one 3548 could only talk to one other
switch at full duplex. The Gigastack bus may equate to a shared media once
another switch is attached, so needs to go to half duplex.
This must be different for something like a 3508, as a 3508 can definitely
take multiple full duplex connections when used as the hub of a star
configuration.

In fact now I've finished writing it, it seems reasonable. I will test this
tomorrow as well.

Anybody pick holes in that theory?


Gaz



Ole Drews Jensen  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 If you have three 3548's - A, B and C, and you have 1 GigaStack module in
A
 where only one connector is connected to one connector on a GigaStack
module
 in B, and 1 GigaStack module in C where only one connected is connected to
 one connector on a second GigaStack module in B. Would that make a Full
 Duplex on the connections since only one port is used

Re: Coyotepoint Load Balancers [7:38953]

2002-03-22 Thread sam sneed 

First off, failover takes close to a minute which is a lot more than Cisco
advertises(in HA config). Second they're supposed to provide for load
balancing using SSL. This simply does not work on ours even though we
followed the config on their site exactly. Third they're very tempermental.
We migrated them to another switch and expected a little downtime during the
move. We moved them, they came up, showed all services were good but in
actuality all services were down. We had to power down both CS11152 and the
Extreme switch they were connected to get services back up. Mind you that
all the servers that were behind the CS11152 were pingable and reachable up
to Layer 3 so NAT and L3 were working, only the services the load balancers
were supposed to provide were down. Cost us a lot of aggravation and almost
my job.


Gaz  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 What problems have you had with the Arrowpoint Sam?

 We do mainly Foundry for load balancing, and I have to say (as I'm not
using
 my work e-mail address :-)) that they have been flaky as hell. We work
 fairly closely with Foundry (when we can get in touch), but every box
seems
 to work differently with every image. You get in to the habit of finding
an
 image that works and leave it alone. It's a horrible feeling when security
 advisories come out recommending upgrades, and you just know it's going to
 introduce other issues.

 We haven't deployed the Arrowpoint on any really big projects, but they do
 seem to offer more functionality than the Foundry in some areas (not
 forgetting the massive price difference), so I'm interested to hear what
 problems have arisen with them.

 Thanks,

 Gaz


 sam sneed  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  I have a pair of CS11152 (former arrowpoints) and they've been flaky. I
do
  not recommend them. Not sure about coyotepoint.
 
 
  dre  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   Coyotepoint was the first server load balancing device I had ever
   heard of outside of your basic LSNAT configuration (I think Cisco
   calls it NAT load-sharing or something, but there is an RFC also).
  
   However, I've never actually seen one in production on any
   network.  Around 1997-8 the Cisco Local Director was the
   only box I saw, and most people hated them.  Then, the F5
   Big/IP box became popular (and it still sort of is).  A whole
   bunch of people started entering the market space of SLB
   and Global Load-Balancing.  In the past few years, companies
   like Arrowpoint and Alteon got bought by Cisco and Nortel.
   Now you even have places like Akamai doing GLB for places
   like Yahoo.
  
   After I've read the RFC's, and patents like US6185598,
   US108703, and US6052718, and worked with SLB and
   GLB for years, I've finally come to a few conclusions:
  
   A) The SLB/GLB marketing and focus is silicon snake oil
   B) Just like the computer security industry, [it's] like a carnival
 game,
   where people throw ducks at balloons, and nothing is as it seems
   C) It really depends on *your* environment.  Just as there are
   millions of options for web servers and web programming languages
   (e.g. .NET, J2EE, Apache+PHP+MySQL, Apache+mod_perl, MS NT4
   IIS/ISAPI, WebSphere vs. Weblogic, Zeus, Netscape, Xitami, etc etc),
   there are millions of options for SLB and GLB (even deciding between
   the two is impossible).
   D) Even outside of products and software, you have your own
 organization.
   How the coders build web pages.  How the HTML is done.  Etc.  If you
   don't have any dynamic content.  If you are completely dynamic content
 and
   everything besides the main page is somewhere under /cgi-bin/.  These
 are
   all organizational issues that are different with every company.
  Depending
   on your setup, a different product may fit your needs differently.
   E) SLB was grown out of the need for more bandwidth being pushed out
   to the Internet by machines in the $100 to $5000 price range.  These
   machines at the time were 486's and no ubiquitous Fast or Gigabit
  Ethernet.
   For a high-end Unix box with Fast Ethernet, you were looking at
$30,000
   back then (at least).
   F) Now, you can buy a Titanium Powerbook with Gigabit Ethernet running
   Mach+BSD (MacOS X) for like $2000.  You can get 2x CPU 1U machines
   running FreeBSD or Linux capable of pushing 2k pps for under $3000.
   The need for SLB may have changed over the years due to the hardware
   catching up to the bandwidth needs.
  
   The SLB/GLB market is so confusing, probably nobody has it figured
 out.
  
   However, I can recommend one box today that stands above the others,
and
   the only one I'd like to see in any production network.  The guys at
  Radware
   have made some significant advancements in the way SLB and GLB are
done.
   Their WSD and entire line of products are much better than any of the
   alternatives, and it is much more versatile for

Re: Has anyone attended ICTP? [7:38900]

2002-03-22 Thread sam sneed 

no
Aaron Shively  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hello,

 I was wondering if anyone in here has taken any classes at ICTP (located
in
 Anaheim, CA) or heard anything about it?  I am interested in attending
 there, and was hoping to talk with someone who has gone there.

 Thanks,
 Aaron




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39162t=38900
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX 501 (quick help needed) [7:38645]

2002-03-22 Thread Ole Drews Jensen 

The problem is that a PING needs access back with a PING REPLY, and the PIX
does not allow that by default.

Use the command:

conduit permit icmp any any 0

to allow PING REPLY (icmp type 0) from the outside to the inside.

If you want to use tracert also, you must add the command:

conduit permit icmp any any 11

ICMP type 11 is Time Exceeded.

If you want to allow people from the outside to ping on the inside, you can
either add this command:

conduit permit icmp any any 8

ICMP type 8 is PING REQUEST.

OR, you can instead of the above three commands, use one command to allow
ALL ICMP traffic to enter:

conduit permit icmp any any

Hth,

Ole

~
 Ole Drews Jensen
 Systems Network Manager
 CCNP, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]
~
 http://www.RouterChief.com
~
 Need a Job?
 http://www.OleDrews.com/job
~





-Original Message-
From: John Green [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 22, 2002 9:24 AM
To: Ole Drews Jensen
Subject: RE: PIX 501 (quick help needed) [7:38645]


from a host inside i am able to connect to PIX and get
the PDM fine. hence the internal interface looks ok.
but i am not able to go outside. 
i have reset the configuration and hence i guess the
default config makes the outside interface act as a
dhcp client and get an IP address from the service
provider. 
but i am not able to even ping to internet outside
from inside hosts. the cisco docs clearly say that for
default config inside connections to outside are
allowed. so what is the problem ?


--- Ole Drews Jensen  wrote:
 Yes.
 
 Use the command
 
   ip address outside dhcp setroute
 
 This will tell the outside interface to act like a
 DHCP client and configure
 the default route to be the address it gets from the
 DHCP server.
 
 If you're using the setroute option, remember not to
 use the route command
 to set the default route.
 
 Hth,
 
 Ole
 
 ~
  Ole Drews Jensen
  Systems Network Manager
  CCNP, MCSE, MCP+I
  RWR Enterprises, Inc.
  [EMAIL PROTECTED]
 ~
  http://www.RouterChief.com
 ~
  Need a Job?
  http://www.OleDrews.com/job
 ~
 
 
 
 
 -Original Message-
 From: John Green [mailto:[EMAIL PROTECTED]]
 Sent: Monday, March 18, 2002 8:30 AM
 To: [EMAIL PROTECTED]
 Subject: PIX 501 (quick help needed) [7:38645]
 
 
 this is from the specs for the PIX 501:
 
 integrated 4-port 10/100BASE-TX switch and 10BASE-T
 port
 
 question is about the external interface ? is its
 external interface 10BaseT ? if yes, then, can it
 connect to the cable modem and get a ip address from
 the dhcp ?
 
 
 
 
 
 
 
 __
 Do You Yahoo!?
 Yahoo! Sports - live college hoops coverage
 http://sports.yahoo.com/
[EMAIL PROTECTED]


__
Do You Yahoo!?
Yahoo! Movies - coverage of the 74th Academy Awards.
http://movies.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39163t=38645
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Coyotepoint Load Balancers [7:38953]

2002-03-22 Thread John Neiberger 

That's interesting.  We've been using the Arrowpoint switch for
load-balancing with sticky SSL sessions for over a year now and have had
no problems at all.

However, we're going to be replacing that box with two of
something-or-other, we just haven't decided on what yet.  

John

 sam sneed  3/22/02 8:35:56 AM 
First off, failover takes close to a minute which is a lot more than
Cisco
advertises(in HA config). Second they're supposed to provide for load
balancing using SSL. This simply does not work on ours even though we
followed the config on their site exactly. Third they're very
tempermental.
We migrated them to another switch and expected a little downtime
during the
move. We moved them, they came up, showed all services were good but
in
actuality all services were down. We had to power down both CS11152 and
the
Extreme switch they were connected to get services back up. Mind you
that
all the servers that were behind the CS11152 were pingable and
reachable up
to Layer 3 so NAT and L3 were working, only the services the load
balancers
were supposed to provide were down. Cost us a lot of aggravation and
almost
my job.


Gaz  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 What problems have you had with the Arrowpoint Sam?

 We do mainly Foundry for load balancing, and I have to say (as I'm
not
using
 my work e-mail address :-)) that they have been flaky as hell. We
work
 fairly closely with Foundry (when we can get in touch), but every
box
seems
 to work differently with every image. You get in to the habit of
finding
an
 image that works and leave it alone. It's a horrible feeling when
security
 advisories come out recommending upgrades, and you just know it's
going to
 introduce other issues.

 We haven't deployed the Arrowpoint on any really big projects, but
they do
 seem to offer more functionality than the Foundry in some areas (not
 forgetting the massive price difference), so I'm interested to hear
what
 problems have arisen with them.

 Thanks,

 Gaz


 sam sneed  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  I have a pair of CS11152 (former arrowpoints) and they've been
flaky. I
do
  not recommend them. Not sure about coyotepoint.
 
 
  dre  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   Coyotepoint was the first server load balancing device I had
ever
   heard of outside of your basic LSNAT configuration (I think
Cisco
   calls it NAT load-sharing or something, but there is an RFC
also).
  
   However, I've never actually seen one in production on any
   network.  Around 1997-8 the Cisco Local Director was the
   only box I saw, and most people hated them.  Then, the F5
   Big/IP box became popular (and it still sort of is).  A whole
   bunch of people started entering the market space of SLB
   and Global Load-Balancing.  In the past few years, companies
   like Arrowpoint and Alteon got bought by Cisco and Nortel.
   Now you even have places like Akamai doing GLB for places
   like Yahoo.
  
   After I've read the RFC's, and patents like US6185598,
   US108703, and US6052718, and worked with SLB and
   GLB for years, I've finally come to a few conclusions:
  
   A) The SLB/GLB marketing and focus is silicon snake oil
   B) Just like the computer security industry, [it's] like a
carnival
 game,
   where people throw ducks at balloons, and nothing is as it
seems
   C) It really depends on *your* environment.  Just as there are
   millions of options for web servers and web programming
languages
   (e.g. .NET, J2EE, Apache+PHP+MySQL, Apache+mod_perl, MS NT4
   IIS/ISAPI, WebSphere vs. Weblogic, Zeus, Netscape, Xitami, etc
etc),
   there are millions of options for SLB and GLB (even deciding
between
   the two is impossible).
   D) Even outside of products and software, you have your own
 organization.
   How the coders build web pages.  How the HTML is done.  Etc.  If
you
   don't have any dynamic content.  If you are completely dynamic
content
 and
   everything besides the main page is somewhere under /cgi-bin/. 
These
 are
   all organizational issues that are different with every company.
  Depending
   on your setup, a different product may fit your needs
differently.
   E) SLB was grown out of the need for more bandwidth being pushed
out
   to the Internet by machines in the $100 to $5000 price range. 
These
   machines at the time were 486's and no ubiquitous Fast or
Gigabit
  Ethernet.
   For a high-end Unix box with Fast Ethernet, you were looking at
$30,000
   back then (at least).
   F) Now, you can buy a Titanium Powerbook with Gigabit Ethernet
running
   Mach+BSD (MacOS X) for like $2000.  You can get 2x CPU 1U
machines
   running FreeBSD or Linux capable of pushing 2k pps for under
$3000.
   The need for SLB may have changed over the years due to the
hardware
   catching up to the bandwidth needs.
  
   The SLB/GLB market is so confusing, probably nobody has it
figured
 out.
  
   However, I can recommend one box today

RE: beta exams at VUE - fail results? [7:39127]

2002-03-22 Thread Andy Barkl 

Both the VUE and Sylvan beta test systems always register a fail after
taking a beta exam. Even if you call them they will tell you the same. No
need for alarm.
Your real results will be emailed to you soon.



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39165t=39127
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Gigastack Etherchannel [7:39033]

2002-03-22 Thread Kelly Cobean 

Incidentally, you can see a picture of this configuration at:

http://home.earthlink.net/~kcobean/workstuff/pics/pic6.jpg or
http://home.earthlink.net/~kcobean/workstuff/pics/pic10.jpg

As usual, watch for URL wrap.


HTH

Kelly


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Kelly Cobean
Sent: Friday, March 22, 2002 10:21 AM
To: [EMAIL PROTECTED]
Subject: RE: Gigastack Etherchannel [7:39033]


Ole,
Here is our configuration(God I hope this doesn't get screwed up.  Just
in case, basically it's a looped configuration, using only one of the gig
ports per switch, utilizing the second gig port on the 1st and 9th switch
for uplink to the distribution layer.  Gig0/2 on switches 2-8 are unused.
The loop prevention mechanism in the IOS takes care of the loop
configuration in the stack(what I read leads me to believe that it is
something other than STP, but I could be wrong) then STP takes care of the
loop in the two fiber uplinks, which connect to two different Cat6509's)

 ||(fiber uplink to distribution layer)
 ||
Switch1 |oo|  |oo|
   ||
  / |---
 - |
 | |
Switch2 |oo|  |oo| |
  ||
 / |
 | |
Switch3 |oo|  |oo| |
  ||
 / |
 | |
Switch4 |oo|  |oo| |
  ||
 / |
 | |
Switch5 |oo|  |oo| |
  ||
 / |
 | |
Switch6 |oo|  |oo| |
  ||
 / |
 | |
Switch7 |oo|  |oo| |
  ||
 / |
 | |
Switch8 |oo|  |oo| |
  ||
 / |
 | |
Switch9 |oo|  |oo| |
  |||  |
  --
   ||
   || (Uplink to Distibution Layer


Hope this helps,
Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I
Network Engineer
GRC International, Inc., an ATT company




-Original Message-
From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 22, 2002 8:51 AM
To: 'Kelly Cobean'; [EMAIL PROTECTED]
Subject: RE: Gigastack Etherchannel [7:39033]


Kelly,

On the GigaStack modules, are you using both ports on the module, or one
port on two modules?

Examples (use fixed font for best view):

1 module / 2 ports

switch 1   [oo] [--]
|
switch 2   [oo] [--]
 |
switch 3   [oo] [--]
|
switch 4   [oo] [--]

2 modules / 1 port

switch 1   [oo] [oo]
|
switch 2   [oo] [oo]
 |
switch 3   [oo] [oo]
|
switch 4   [oo] [oo]

Thanks,

Ole

~
 Ole Drews Jensen
 Systems Network Manager
 CCNP, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]
~
 http://www.RouterChief.com
~
 Need a Job?
 http://www.OleDrews.com/job
~




-Original Message-
From: Kelly Cobean [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 22, 2002 7:18 AM
To: [EMAIL PROTECTED]
Subject: RE: Gigastack Etherchannel [7:39033]


Guys, If it helps any, here is a quote from Cisco's web siteLink below.

Cascaded Stack Connections:
You can connect from three to nine switches in a cascaded stack
configuration. The cascaded stack operates in half-duplex mode.  (This
raises the debate about how many switches in the stack again, because now
I've seen conflicting documentation that indicates 9 and 16)

The link is
http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/gbic/ig_gbic/mam
oins.htm#xtocid357911
Watch for URL wrap.

Our Switchstacks contain 9 3548's here, and the uplink ports with fiber GBIC
modules default to full duplex, while the gigastack module ports default to
half duplex.  I think one of reasons for this is the fact that you are
effectively splitting the port in half by connecting each of the two
gigastack ports to different switches.  Hope this helps.

Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I
Network Engineer
GRC International, Inc., an ATT company


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Gaz
Sent: Thursday, March 21, 2002 2:01 PM
To: [EMAIL PROTECTED]
Subject: Re: Gigastack Etherchannel [7:39033]


Ole,

Good question.. Dunno!

I was just going to suggest that one 3548 could only talk to one other
switch at full duplex. The Gigastack bus may equate to a shared media once
another switch is attached, so needs to go to half duplex.
This must be different for something like a 3508, as a 3508 can definitely
take multiple full duplex connections when used as the hub of a star
configuration.

In fact now I've finished writing it, it seems reasonable. I will test this
tomorrow as well.

Anybody pick holes in that theory?


Gaz

Traffic Analyses [7:39167]

2002-03-22 Thread Rafay Aslam 

HI Guys
I wanted to know how much traffic is passing through my T1 or how much
traffic is utilizing my T1 bandwidth. Tell me the most efficent and accurate
way of finding it.

Thanks,




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39167t=39167
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CAT4003 and 3com [7:39084]

2002-03-22 Thread Patrick Ramsey 

yeah, since the move to cisoc, we no longer autonegotiate anything... Not
reliable in any since of the word...  Of course if we followed my suggestion
we would be an extreme/juniper shop right now... :)

 Jitendra Joshi  03/22/02 03:24AM 
Remove the autonegotiate configuration for the ports.
Set the desired 10/100 full/half duplex manually.

I have experienced the same above solution worked, and
learnt this events were symptons of some vendor auto
negotiation mismatch.


regards,
Jiten.

--- Patrick Ramsey 
wrote:
 funny you should mention that!  I can't get cisco to
 autonegotiate with
 ANYTHING... 3com works with
 juniper/extreme/intel/ibm/etc  Cisco works
 with Cisco heh
 
   03/21/02 18:24 PM 
 3COM never auto-negotiates properly with Cisco, look
 for FCS errors on the
 switch ports.  The best solution is to hardcode NICs
 to FD. The 'easiest'
 solution is to hardcode the switchports to HD.
 
 Mark Egan, CCIE #8775
 
  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Greetings,
 
  Any knowing problems out there with 3com cards and
 cat 4000 switches?
  I've a customer complaining when they insert new
 win2k with 3com cards,
  the whole network slows down.  When the switch is
 rebooted everything is
  back to normal.  The problem repeats when the add
 more win2k machine.
 
  Any ideas
 
  ThanksNabil
   Confidentiality Disclaimer  
  This email and any files transmitted with it may
 contain confidential and
 /or proprietary information in the possession of
 WellStar Health System,
 Inc. (WellStar) and is intended only for the
 individual or entity to whom
 addressed.  This email may contain information that
 is held to be
 privileged, confidential and exempt from disclosure
 under applicable law. If
 the reader of this message is not the intended
 recipient, you are hereby
 notified that any unauthorized access,
 dissemination, distribution or
 copying of any information from this email is
 strictly prohibited, and may
 subject you to criminal and/or civil liability. If
 you have received this
 email in error, please notify the sender by reply
 email and then delete this
 email and its attachments from your computer. Thank
 you.
 


[EMAIL PROTECTED] 


__
Do You Yahoo!?
Yahoo! Movies - coverage of the 74th Academy Awards.
http://movies.yahoo.com/ 



  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. (WellStar) and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39168t=39084
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Traffic Analyses [7:39167]

2002-03-22 Thread Patrick Ramsey 

a 486 with 16mb of ram, linux, and mrtg...

-PAtrick

 Rafay Aslam  03/22/02 11:25AM 
HI Guys
I wanted to know how much traffic is passing through my T1 or how much
traffic is utilizing my T1 bandwidth. Tell me the most efficent and accurate
way of finding it.

Thanks,
  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. (WellStar) and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39169t=39167
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Traffic Analyses [7:39167]

2002-03-22 Thread tgainer 

MRTG and any old computer running your favorite flavor of linux

Rafay Aslam  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 HI Guys
 I wanted to know how much traffic is passing through my T1 or how much
 traffic is utilizing my T1 bandwidth. Tell me the most efficent and
accurate
 way of finding it.

 Thanks,




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39170t=39167
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCNP exams [7:39172]

2002-03-22 Thread Mark Villanova 

Are the CCNP exams going to a new format soon? I was talking with someone at
my testing center and they said they will be changing the format soon.
Anyone know when?

Mark Villanova
I3Mobile
IT Engineer (TX)
Main: 817-766-5000
Office: 817-766-5012
Mobile: 817-312-8955
Fax: 817-766-5001
Email: [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39172t=39172
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Traffic Analyses [7:39167]

2002-03-22 Thread sam sneed 

As everyone else suggested, the free way to do it is run MRTG (
www.mrtg.org ). It can be run on Windows and Linux, better and easier to
setup on LINUX. You then configure snmp on your 2600. The machine running
mrtg will collect the snmp data and make a graph of your traffic utilization
over your serial interface. Here is what a sample graph looks like :

http://www.stat.ee.ethz.ch/mrtg/rou-gw-switch-1-lp_129.132.99.91.html

It had it installed and running on linux in less than 30 minutes.

The other way route is www.solarwinds.net but it costs too much money for
me.


Rafay Aslam  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Guys
 I wanted to know traffic utilization on my T1 which is connected with a
 Cisco2600 router.
 ?

 Patrick Ramsey  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  a 486 with 16mb of ram, linux, and mrtg...
 
  -PAtrick
 
   Rafay Aslam  03/22/02 11:25AM 
  HI Guys
  I wanted to know how much traffic is passing through my T1 or how much
  traffic is utilizing my T1 bandwidth. Tell me the most efficent and
 accurate
  way of finding it.
 
  Thanks,
Confidentiality DisclaimerThis email and any files
 transmitted with it may contain confidential and
  /or proprietary information in the possession of WellStar Health System,
  Inc. (WellStar) and is intended only for the individual or entity to
 whom
  addressed.  This email may contain information that is held to be
  privileged, confidential and exempt from disclosure under applicable
law.
 If
  the reader of this message is not the intended recipient, you are hereby
  notified that any unauthorized access, dissemination, distribution or
  copying of any information from this email is strictly prohibited, and
may
  subject you to criminal and/or civil liability. If you have received
this
  email in error, please notify the sender by reply email and then delete
 this
  email and its attachments from your computer. Thank you.
 
  




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39175t=39167
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Traffic Analyses [7:39167]

2002-03-22 Thread Patrick Ramsey 

you mean something like this?  This is a png of our internet connection

Use mrtg

http://people.ee.ethz.ch/~oetiker/webtools/mrtg/

 Rafay Aslam  03/22/02 11:46AM 
Guys
I wanted to know traffic utilization on my T1 which is connected with a
Cisco2600 router.
?

Patrick Ramsey  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 a 486 with 16mb of ram, linux, and mrtg...

 -PAtrick

  Rafay Aslam  03/22/02 11:25AM 
 HI Guys
 I wanted to know how much traffic is passing through my T1 or how much
 traffic is utilizing my T1 bandwidth. Tell me the most efficent and
accurate
 way of finding it.

 Thanks,
   Confidentiality DisclaimerThis email and any files
transmitted with it may contain confidential and
 /or proprietary information in the possession of WellStar Health System,
 Inc. (WellStar) and is intended only for the individual or entity to
whom
 addressed.  This email may contain information that is held to be
 privileged, confidential and exempt from disclosure under applicable law.
If
 the reader of this message is not the intended recipient, you are hereby
 notified that any unauthorized access, dissemination, distribution or
 copying of any information from this email is strictly prohibited, and may
 subject you to criminal and/or civil liability. If you have received this
 email in error, please notify the sender by reply email and then delete
this
 email and its attachments from your computer. Thank you.

 
  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and /or
proprietary information in the possession of WellStar Health System, Inc.
(WellStar) and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be privileged,
confidential and exempt from disclosure under applicable law. If the reader
of
this message is not the intended recipient, you are hereby notified that any
unauthorized access, dissemination, distribution or copying of any
information
from this email is strictly prohibited, and may subject you to criminal
and/or
civil liability. If you have received this email in error, please notify the
sender by reply email and then delete this email and its attachments from
your
computer. Thank you.



[GroupStudy.com removed an attachment of type image/png which had a name of
jarjar_6-day.png]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39174t=39167
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco's pps claims [7:38956]

2002-03-22 Thread s vermill 

All,

I agree that the industry has settled on pps.  And yes, the smaller the
packet size the greater the number appears.  However, if you look at the
ratio of header to payload, smaller packet sizes seem to result in lower
throughput as measured in bits or bytes.  A larger packet size has a lower
ratio and thus a greater throughput in raw ones and zeros.  Studies I have
seen in the past seem to support that theory.  Any comments on that aspect?

Regards,

Scott

Priscilla Oppenheimer wrote:
 
 
 The Layer 2 header changes whenever a router forwards a packet.
 For one
 thing, the Layer-2 destination address changes. The frame goes
 to the next hop.
 
 The router strips the Layer 2 header on the incoming packet,
 figures out
 where to forward the frame from a routing table or cache, and 
 re-encapsulates the frame into a new Layer 2 header. The amount
 of
 processing required to strip an Ethernet header, figure out the
 destination
 port and encapsulation, and re-encapsulate into Frame Relay is
 essentially
 the same as the amount of overhead required to strip an
 Ethernet header,
 figure out the destination port and encapsulation, and
 re-encapsulate into
 an Ethernet header.
 
 Marc's point was that the amount of overhead is also the same
 regardless of
 the packet size. The job must be done whether it's a 46-byte or
 1500-byte
 packet. And I like the way he said that shovelling the rest of
 the packet
 through is low overhead. That's true.
 
 Keep in mind, however, that the packets-per-second ratings are
 just vendor
 marketing departments trying to one up their competitors. So,
 they post
 the results of testing with 64 byte packets because that makes
 the number
 higher. More packets are coming in to get processed. Long
 packets take
 longer, not because of extra processing, but simply because of 
 serialization delay.
 
 It's like a relay in a train-switching system. The relay
 doesn't have to do
 more work for long trains with many cars. But it still takes
 longer to get
 a long train through the relay than it does to get a short
 train through it.
 
 Priscilla
 
 
 
 
 
 --- Marc Thach Xuan Ky
 wrote:
   Sam,
   I think the question is: what is your average packet
   size?  Using
   process or fast switching I should think that the
   packet size is almost
   irrelevant to the router.  I have benchmarked many
   PCs and NICs running
   certain routing software.  On a PCI bus PC the pps
   difference between 64
   and 1518 octet frames was in the order of ten to
   twenty percent, i.e.
   the routing decision consumes the bulk of the CPU
   bandwidth, shovelling
   the rest of the packet through is low-overhead.
   Marc
  
   sam sneed wrote:
   
I noticed Cisco uses pps when they give their
   specs for routers, firewalls,
etc. What is the assumed packet size when they
   come up with these specs?
   I'm
planning on using 2 2621's in HSRP mode (getting
   default routes via BGP)
   and
need to be able to support a constant 10 Mb/sec
   and would like know if
   these
routers will do the trick.
thanks
 [EMAIL PROTECTED]
 
 
 __
 Do You Yahoo!?
 Yahoo! Movies - coverage of the 74th Academy Awards.
 http://movies.yahoo.com/
 
 
 Priscilla Oppenheimer
 http://www.priscilla.com
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39177t=38956
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Traffic Analyses [7:39167]

2002-03-22 Thread Danny Andaluz 

An excellent piece of software is Concord.  It uses SNMP to poll all the
intefaces on all the routers in your network and gather bandwidth usage data
from any day or time period.  As weel as other useful things.

Danny
Rafay Aslam  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 HI Guys
 I wanted to know how much traffic is passing through my T1 or how much
 traffic is utilizing my T1 bandwidth. Tell me the most efficent and
accurate
 way of finding it.

 Thanks,




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39176t=39167
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Gigastack Etherchannel [7:39033]

2002-03-22 Thread Gaz 

Hi Kelly,

So, from what we've discussed the stack is half duplex then. In fact, just
read your previous post and that's what you said. Doh!
To make it full duplex you would need another 3 Gigastack cards and keep it
to one cable per module.
And in that case, you'd probably be better changing the priorities so that
the link between for instance switch 3 and 4 was blocking, so that both
uplinks could be used.

In fact, even with the existing set up, is that not a workable idea anyway?
Not sure?
Your thoughts?

Incidentally, those cables are a bit tidy. Does it still work OK like that.
Never seen it before.  :-)







Kelly Cobean  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Incidentally, you can see a picture of this configuration at:

 http://home.earthlink.net/~kcobean/workstuff/pics/pic6.jpg or
 http://home.earthlink.net/~kcobean/workstuff/pics/pic10.jpg

 As usual, watch for URL wrap.


 HTH

 Kelly


 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
 Kelly Cobean
 Sent: Friday, March 22, 2002 10:21 AM
 To: [EMAIL PROTECTED]
 Subject: RE: Gigastack Etherchannel [7:39033]


 Ole,
 Here is our configuration(God I hope this doesn't get screwed up.
Just
 in case, basically it's a looped configuration, using only one of the gig
 ports per switch, utilizing the second gig port on the 1st and 9th switch
 for uplink to the distribution layer.  Gig0/2 on switches 2-8 are unused.
 The loop prevention mechanism in the IOS takes care of the loop
 configuration in the stack(what I read leads me to believe that it is
 something other than STP, but I could be wrong) then STP takes care of the
 loop in the two fiber uplinks, which connect to two different Cat6509's)

  ||(fiber uplink to distribution layer)
  ||
 Switch1 |oo|  |oo|
||
   / |---
  - |
  | |
 Switch2 |oo|  |oo| |
   ||
  / |
  | |
 Switch3 |oo|  |oo| |
   ||
  / |
  | |
 Switch4 |oo|  |oo| |
   ||
  / |
  | |
 Switch5 |oo|  |oo| |
   ||
  / |
  | |
 Switch6 |oo|  |oo| |
   ||
  / |
  | |
 Switch7 |oo|  |oo| |
   ||
  / |
  | |
 Switch8 |oo|  |oo| |
   ||
  / |
  | |
 Switch9 |oo|  |oo| |
   |||  |
   --
||
|| (Uplink to Distibution Layer


 Hope this helps,
 Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I
 Network Engineer
 GRC International, Inc., an ATT company




 -Original Message-
 From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]]
 Sent: Friday, March 22, 2002 8:51 AM
 To: 'Kelly Cobean'; [EMAIL PROTECTED]
 Subject: RE: Gigastack Etherchannel [7:39033]


 Kelly,

 On the GigaStack modules, are you using both ports on the module, or one
 port on two modules?

 Examples (use fixed font for best view):

 1 module / 2 ports

 switch 1   [oo] [--]
 |
 switch 2   [oo] [--]
  |
 switch 3   [oo] [--]
 |
 switch 4   [oo] [--]

 2 modules / 1 port

 switch 1   [oo] [oo]
 |
 switch 2   [oo] [oo]
  |
 switch 3   [oo] [oo]
 |
 switch 4   [oo] [oo]

 Thanks,

 Ole

 ~
  Ole Drews Jensen
  Systems Network Manager
  CCNP, MCSE, MCP+I
  RWR Enterprises, Inc.
  [EMAIL PROTECTED]
 ~
  http://www.RouterChief.com
 ~
  Need a Job?
  http://www.OleDrews.com/job
 ~




 -Original Message-
 From: Kelly Cobean [mailto:[EMAIL PROTECTED]]
 Sent: Friday, March 22, 2002 7:18 AM
 To: [EMAIL PROTECTED]
 Subject: RE: Gigastack Etherchannel [7:39033]


 Guys, If it helps any, here is a quote from Cisco's web siteLink
below.

 Cascaded Stack Connections:
 You can connect from three to nine switches in a cascaded stack
 configuration. The cascaded stack operates in half-duplex mode.  (This
 raises the debate about how many switches in the stack again, because now
 I've seen conflicting documentation that indicates 9 and 16)

 The link is

http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/gbic/ig_gbic/mam
 oins.htm#xtocid357911
 Watch for URL wrap.

 Our Switchstacks contain 9 3548's here, and the uplink ports with fiber
GBIC
 modules default to full duplex, while the gigastack module ports default
to
 half duplex.  I think one of reasons for this is the fact that you are
 effectively splitting the port in half by connecting each of the two
 gigastack ports to different switches.  Hope this helps.

 Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I
 Network Engineer
 GRC International, Inc., an ATT company


 -Original Message-

RE: Traffic Analyses [7:39167]

2002-03-22 Thread Lomker, Michael 

 I wanted to know traffic utilization on my T1 which is 
 connected with a Cisco2600 router.

MRTG is a freeware perl script that was written to gather router/switch
interface statistics using SNMP.  It creates attractive graphs and many of
us use it to do long-term monitoring/graphing of their connections.  You can
get more information at www.mrtg.org.

Of course, you could just do a SHOW INTERFACE command on the serial port and
add the two data rates togetherif you just want to check once.

CO05R201#sh int s0/0
Serial0/0 is up, line protocol is up

[snip] 
  5 minute input rate 579000 bits/sec, 132 packets/sec
  5 minute output rate 1241000 bits/sec, 242 packets/sec
[snip]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39179t=39167
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Ramping up throughput to measure bandwidth cap [7:39035]

2002-03-22 Thread s vermill 

I have used ttcp as recently as yesterday.  I think an Enterprise IOS is
required to run it between routers.  Cisco recommends that you run ttcp
through routers instead of on them.  This has to do with the way the router
prioritizes traffic that it generates vs. traffic that it routes.

Beware the bandwidth*delay product and let us know how your testing goes.

Regards,

Scott


sam sneed wrote:
 
 not sure if this is still implemented:
 
 http://www.cisco.com/warp/public/471/ttcp.html
 
 
  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Just wondering if someone could help me out. I am trying to
 measure the
  link capacity over a satellite link (VSAT) and wondered if
 there is way of
  being able to ramp up the throughput until saturation point
 from the CLI?
 
  Best Regards
  Scott Forbes
  Network Support  Design Team
  INVSAT Limited, Arnhall Business Park,
  Westhill, Aberdeenshire, Scotland, UK.
  www.invsat.com
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39180t=39035
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Gigastack Etherchannel [7:39033]

2002-03-22 Thread Kaminski, Shawn G 

That's firewire between the switches, isn't it?

Shawn K.

-Original Message-
From: Kelly Cobean [mailto:[EMAIL PROTECTED]] 
Sent: Friday, March 22, 2002 11:19 AM
To: [EMAIL PROTECTED]
Subject: RE: Gigastack Etherchannel [7:39033]


Incidentally, you can see a picture of this configuration at:

http://home.earthlink.net/~kcobean/workstuff/pics/pic6.jpg or
http://home.earthlink.net/~kcobean/workstuff/pics/pic10.jpg

As usual, watch for URL wrap.


HTH

Kelly


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kelly
Cobean
Sent: Friday, March 22, 2002 10:21 AM
To: [EMAIL PROTECTED]
Subject: RE: Gigastack Etherchannel [7:39033]


Ole,
Here is our configuration(God I hope this doesn't get screwed up.  Just
in case, basically it's a looped configuration, using only one of the gig
ports per switch, utilizing the second gig port on the 1st and 9th switch
for uplink to the distribution layer.  Gig0/2 on switches 2-8 are unused.
The loop prevention mechanism in the IOS takes care of the loop
configuration in the stack(what I read leads me to believe that it is
something other than STP, but I could be wrong) then STP takes care of the
loop in the two fiber uplinks, which connect to two different Cat6509's)

 ||(fiber uplink to distribution layer)
 ||
Switch1 |oo|  |oo|
   ||
  / |---
 - |
 | |
Switch2 |oo|  |oo| |
  ||
 / |
 | |
Switch3 |oo|  |oo| |
  ||
 / |
 | |
Switch4 |oo|  |oo| |
  ||
 / |
 | |
Switch5 |oo|  |oo| |
  ||
 / |
 | |
Switch6 |oo|  |oo| |
  ||
 / |
 | |
Switch7 |oo|  |oo| |
  ||
 / |
 | |
Switch8 |oo|  |oo| |
  ||
 / |
 | |
Switch9 |oo|  |oo| |
  |||  |
  --
   ||
   || (Uplink to Distibution Layer


Hope this helps,
Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I
Network Engineer
GRC International, Inc., an ATT company




-Original Message-
From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 22, 2002 8:51 AM
To: 'Kelly Cobean'; [EMAIL PROTECTED]
Subject: RE: Gigastack Etherchannel [7:39033]


Kelly,

On the GigaStack modules, are you using both ports on the module, or one
port on two modules?

Examples (use fixed font for best view):

1 module / 2 ports

switch 1   [oo] [--]
|
switch 2   [oo] [--]
 |
switch 3   [oo] [--]
|
switch 4   [oo] [--]

2 modules / 1 port

switch 1   [oo] [oo]
|
switch 2   [oo] [oo]
 |
switch 3   [oo] [oo]
|
switch 4   [oo] [oo]

Thanks,

Ole

~
 Ole Drews Jensen
 Systems Network Manager
 CCNP, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]
~
 http://www.RouterChief.com
~
 Need a Job?
 http://www.OleDrews.com/job
~




-Original Message-
From: Kelly Cobean [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 22, 2002 7:18 AM
To: [EMAIL PROTECTED]
Subject: RE: Gigastack Etherchannel [7:39033]


Guys, If it helps any, here is a quote from Cisco's web siteLink below.

Cascaded Stack Connections:
You can connect from three to nine switches in a cascaded stack
configuration. The cascaded stack operates in half-duplex mode.  (This
raises the debate about how many switches in the stack again, because now
I've seen conflicting documentation that indicates 9 and 16)

The link is
http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/gbic/ig_gbic/mam
oins.htm#xtocid357911
Watch for URL wrap.

Our Switchstacks contain 9 3548's here, and the uplink ports with fiber GBIC
modules default to full duplex, while the gigastack module ports default to
half duplex.  I think one of reasons for this is the fact that you are
effectively splitting the port in half by connecting each of the two
gigastack ports to different switches.  Hope this helps.

Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I
Network Engineer
GRC International, Inc., an ATT company


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Gaz
Sent: Thursday, March 21, 2002 2:01 PM
To: [EMAIL PROTECTED]
Subject: Re: Gigastack Etherchannel [7:39033]


Ole,

Good question.. Dunno!

I was just going to suggest that one 3548 could only talk to one other
switch at full duplex. The Gigastack bus may equate to a shared media once
another switch is attached, so needs to go to half duplex. This must be
different for something like a 3508, as a

Sample Config [7:39185]

2002-03-22 Thread Richard Tufaro 

Hey can anyone provide some sample configs for a 7206VXR Clear Channel DS3?
Also a subrate? Iv got a 7206 with a PA2-T3 card. One of the DS3's is going
to be a full 45mb the second will be a 6mb. Any caveats or heads up that I
should be aware of when bringing up these links? Anyone have an experience
to share? Thanks!

Richard Tufaro
Network Engineer
Anda Inc.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39185t=39185
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Traffic Analyses [7:39167]

2002-03-22 Thread Richard Tufaro 

 Patrick Ramsey  03/22 11:35 AM 
a 486 with 16mb of ram, linux, and mrtg...

-PAtrick

 Rafay Aslam  03/22/02 11:25AM 
HI Guys
I wanted to know how much traffic is passing through my T1 or how much
traffic is utilizing my T1 bandwidth. Tell me the most efficent and accurate
way of finding it.

Thanks,
  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. (WellStar) and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39186t=39167
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Classful Prefix-list [7:39113]

2002-03-22 Thread Rob Webber 

I believe this will do what you are looking for. I did a little testing and
it seemed to work well:

ip prefix-list classful seq 5 permit 0.0.0.0/1 ge 8 le 8
ip prefix-list classful seq 10 permit 128.0.0.0/2 ge 16 le 16
ip prefix-list classful seq 15 permit 192.0.0.0/3 ge 24 le 24

Hope that helps, Rob.
CCIE 6922

William Lijewski  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Can someone tell me how to create a Prefix-list to only alow classful
routes
 for BGP.  I know you can do the following with an extended access-list:

 access-list 100 permit ip 0.0.0.0 127.0.0.0 host 255.0.0.0
 access-list 100 permit ip 128.0.0.0 63.255.0.0 host 255.255.0.0
 access-list 100 permit ip 192.0.0.0 31.255.255.0 host 255.255.255.0

 Is there way to do it?  Any good reading material on Prefix-lists?

 Thanks in advance.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39187t=39113
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Coyotepoint Load Balancers [7:38953]

2002-03-22 Thread John Neiberger 

You're right, the Cisco/Arrowpoint box doesn't do this very well,
either.  We're not using SSL acceleration yet, but we're currently
redesigning that part of the network to include it.  I don't know if
there are any boxes that can do URL testing easily.  I believe there are
some that support scripting of some sort and I think that's about the
only way to do this correctly.

John

 Gaz  3/22/02 10:13:17 AM 
Do you use SSL accelerators John. One problem we've had with Foundry is
that
the health checking for SSL is not up to scratch because the box
cannot
simulate a real attempt at a URL like it would with http, it just sees
port
443 is available on the accelerator and never gets as far as the back
end
server. Needs to actually test a URL with 128 bit encryption.
I don't think Cisco (Arrowpoint) will do it either?
Are there any other boxes that do this properly?

Gaz


John Neiberger  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 That's interesting.  We've been using the Arrowpoint switch for
 load-balancing with sticky SSL sessions for over a year now and have
had
 no problems at all.

 However, we're going to be replacing that box with two of
 something-or-other, we just haven't decided on what yet.

 John

  sam sneed  3/22/02 8:35:56 AM 
 First off, failover takes close to a minute which is a lot more than
 Cisco
 advertises(in HA config). Second they're supposed to provide for
load
 balancing using SSL. This simply does not work on ours even though
we
 followed the config on their site exactly. Third they're very
 tempermental.
 We migrated them to another switch and expected a little downtime
 during the
 move. We moved them, they came up, showed all services were good but
 in
 actuality all services were down. We had to power down both CS11152
and
 the
 Extreme switch they were connected to get services back up. Mind you
 that
 all the servers that were behind the CS11152 were pingable and
 reachable up
 to Layer 3 so NAT and L3 were working, only the services the load
 balancers
 were supposed to provide were down. Cost us a lot of aggravation and
 almost
 my job.


 Gaz  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  What problems have you had with the Arrowpoint Sam?
 
  We do mainly Foundry for load balancing, and I have to say (as I'm
 not
 using
  my work e-mail address :-)) that they have been flaky as hell. We
 work
  fairly closely with Foundry (when we can get in touch), but every
 box
 seems
  to work differently with every image. You get in to the habit of
 finding
 an
  image that works and leave it alone. It's a horrible feeling when
 security
  advisories come out recommending upgrades, and you just know it's
 going to
  introduce other issues.
 
  We haven't deployed the Arrowpoint on any really big projects, but
 they do
  seem to offer more functionality than the Foundry in some areas
(not
  forgetting the massive price difference), so I'm interested to
hear
 what
  problems have arisen with them.
 
  Thanks,
 
  Gaz
 
 
  sam sneed  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   I have a pair of CS11152 (former arrowpoints) and they've been
 flaky. I
 do
   not recommend them. Not sure about coyotepoint.
  
  
   dre  wrote in message
   [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Coyotepoint was the first server load balancing device I had
 ever
heard of outside of your basic LSNAT configuration (I think
 Cisco
calls it NAT load-sharing or something, but there is an RFC
 also).
   
However, I've never actually seen one in production on any
network.  Around 1997-8 the Cisco Local Director was the
only box I saw, and most people hated them.  Then, the F5
Big/IP box became popular (and it still sort of is).  A whole
bunch of people started entering the market space of SLB
and Global Load-Balancing.  In the past few years, companies
like Arrowpoint and Alteon got bought by Cisco and Nortel.
Now you even have places like Akamai doing GLB for places
like Yahoo.
   
After I've read the RFC's, and patents like US6185598,
US108703, and US6052718, and worked with SLB and
GLB for years, I've finally come to a few conclusions:
   
A) The SLB/GLB marketing and focus is silicon snake oil
B) Just like the computer security industry, [it's] like a
 carnival
  game,
where people throw ducks at balloons, and nothing is as it
 seems
C) It really depends on *your* environment.  Just as there are
millions of options for web servers and web programming
 languages
(e.g. .NET, J2EE, Apache+PHP+MySQL, Apache+mod_perl, MS NT4
IIS/ISAPI, WebSphere vs. Weblogic, Zeus, Netscape, Xitami, etc
 etc),
there are millions of options for SLB and GLB (even deciding
 between
the two is impossible).
D) Even outside of products and software, you have your own
  organization.
How the coders build web pages.  How the HTML is done.  Etc. 
If
 you
don't have any

Re: CCIE# 8971 [7:39110]

2002-03-22 Thread EMW_Tech 

Congrats!

~d




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39189t=39110
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNP exams [7:39172]

2002-03-22 Thread Matthew Meiers 

Why is everyone so worried about the new exam format?  Wouldn't it be
amazing if someone with a certification could actually do something?  If
simulations and a new format are scaring you that bad you shouldn't even
be taking the exams

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Mark Villanova
Sent: Friday, March 22, 2002 10:46 AM
To: [EMAIL PROTECTED]
Subject: CCNP exams [7:39172]

Are the CCNP exams going to a new format soon? I was talking with
someone at
my testing center and they said they will be changing the format soon.
Anyone know when?

Mark Villanova
I3Mobile
IT Engineer (TX)
Main: 817-766-5000
Office: 817-766-5012
Mobile: 817-312-8955
Fax: 817-766-5001
Email: [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39190t=39172
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Blocking OSPF LSA [7:39191]

2002-03-22 Thread Larry Whitfill 

I know how to reduce the number of LSA's being injected into an area by an
ABR by using the stub, no-summary command.  However, area 3 LSA's are still
sent into the area (default route LSA).  I know I cab stop them with
database filter, but does anyone know of another way to block all LSA's?

Thanks,
Larry




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39191t=39191
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Catalyst 6509 [7:39192]

2002-03-22 Thread Ali, Abbas 

Hello Folks,

I need help understanding this logic.

I have Catalyst 6509 switch with 4 Vlans.  I have done configuration which
is recommended by Cisco.

Here is the details.

VLAN 2  Users:  Subnet 10.0.2.0/24

VLAN 3  Servers Subnet  10.0.3.0/24

VLAN 4  PBX Application Subnet 10.0.4.0/24

VLAN 5  Management Vlan Subnet 10.0.5.0/24

Catalyst 6509 has dual IOS.  The catalyst IOS for switch and Cisco IOS for
the router blade.  I have assigned
IP address 10.0.5.2 to the SC0 interface and assigned IP address 10.0.5.1/24
to VLAN 5 that I created in cisco IOS.  By doing this I can telnet to both
from my PC which is in user vlan.

I believe I will also have to do a default gateway command in SC0 interface
and gateway should be pointing to 10.0.5.1 (VLAN 5's IP address) in order
for me to telnet the catalyst IOS  from different VLANS.  Am I approaching
the correct path?  Please advise.

I am not using VLAN 1 as not recommended by Cisco.  What disadvantage I
would have had if I would choose VLAN 1 for the management.

I am also using a totally different subnet for the management per
guidelines, but I could have put SC0 in a VLAN 2 and could have used the IP
address from the user VLAN 2 and by doing that I would not have to create a
VLAN 5.  Is there any real advantage for using a totally separate VLAN for
the management purpose.  Some guidelines say that it is really secured by
using a different VLAN other than VLAN 1 or any other VLANS which are used
for Users, Servers etc.  Can someone explain how?

Regards,

Ali




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39192t=39192
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IDS blade [7:39193]

2002-03-22 Thread Ali, Abbas 

Has anyone ever configured IDS module for catalyst 6500 series router?  I
tried browsing Cisco Website, but did not find any help in terms of
installing and configuring the IDS blade.  Can someone point me to correct
link?

Regards,

Ali




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39193t=39193
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 3015 VPN Concentrator MTU's - A More Specific Explanation [7:39194]

2002-03-22 Thread David Armstrong 

Daniel,

I reread my original post and did something I've done before: Been so
involved in thinking about a problem I left out perhaps the most important
piece of info thinking that everybody would know what I was working on.  I'm
not sure if that's attributable to presenile dementia or just having a one
track mind. :-)

Here's the description of the problem with more specifics - We have a Cisco
3015 VPN Concentrator connected to the Internet via a T1. Our vendor has a
Netopia R9100 router connected to the Internet via DSL. I've set up a LAN to
LAN IPSec tunnel between the two that works fine right up until I attempt to
send actual data across (i.e.ICMP traffic passes because of small packet
size but true data does not). When I test for the point that data fails due
to too large packet size on the side of the Netopia router I find that
somewhere between 1350 bits and 1375 bits I have near 100% transmission
success (send multiple pings into the Netopia's network via the IPSec tunnel
with different data sizes to find a 100% reply rate as well as watch packets
on the Netopia until the number of fragments reduces to none for the ping
session).

There appears to be no way to reduce or increase MTU size on either device
which leaves me with finding a way to reduce the size of the IPSec header.
My first thoughts are to change from SHA to MD5 authentication (160 bits to
128?), and change the Diffie-Hellman Group setting from Group 2 to Group 1
(1024 bits vs 768). I have no idea if this will affect header size since I
don't understand IPSec beyond setting it up. I'll begin/rebegin working on
this problem Monday and search CCO for that type of info. Any suggestions
would be appreciated (and yes, I too would like for them to get a better
router).

Thanks,

David Armstrong


Daniel Cotts  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I'm not quite sure exactly what boxes form the IPSec relationship. Are you
 saying (a) the Netopia talks directly to the 3015 or (b) PCs (who would
have
 VPN Client software) on the LAN side of the Netopia are talking to the
3015?
 When installing the VPN Client you are prompted to change the MTU size I
 believe to 1460.
 Make sure that the Netopia isn't blocking your traffic. Try this:
 http://www.cisco.com/warp/public/471/vpn_3000_faq.shtml#Q3

 You might want the entire FAQ section. Just leave off the #Q3 of the above
 URL.
 One level higher - watch the wrap:
 http://www.cisco.com/warp/public/471/top_issues/vpn/vpn_index.shtml

  -Original Message-
  From: David Armstrong [mailto:[EMAIL PROTECTED]]
  Sent: Thursday, March 21, 2002 12:31 PM
  To: [EMAIL PROTECTED]
  Subject: Re: 3015 VPN Concentrator  MTU's [7:39010]
 
 
  Unfortunately the Netopia's MTU size can't be changed so nothing is an
  option. I'm interested in your thought on which side needs
  changing though.
  Packets larger than (somewhere around) 1400 bits can't
  traverse the Netoia
  R9100 but can traverse the 3015 VPN Concentrator. To me that
  would seem to
  mean that the size of the packets sent from the 3015 to the
  Netopia are too
  large for the Netopia. Increasing the Netopia's MTU would
  allow it to see
  larger frames and therefore not fragment them as they come
  across. Since I'm
  able to sit on the Netopia and send packets across the 3015
  into our network
  but am unable to send them from inside the Netopia's network
  across to the
  3015 it seems that the problem is stemming from too small MTU
  size on the
  Netopia (packet comes to the inside interface of the Netopia R9100, is
  encapsulated and framed with an IPSec header added to the frame for
  encryption then sent to the outside interface of the Netopia.
  The outside
  interface fragments frames greater than 1500 bits and thus
  sends fragments
  out the DSL modem into the Internet - I think).
 
  I could be thinking in the wrong direction though and if I am
  would like to
  get thinking in the right. Currently it doesn't appear that I
  can decrease
  or increase MTU size on either device which leaves me thinking that my
  options are two: get a router to replace the Netopia that
  allows changes to
  MTU or change the settings for IPSec to decerase the size of
  the header it
  adds to the packet when the frame is created. I'm focusing on
  the second
  now. I need to get a better understanding of the components
  of IPSec first
  though.
 
  Thanks for you input,
 
  David Armstrong
 
 
  Daniel Cotts  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   Seems that you need to decrease the MTU on the client (Netopia) side
  rather
   than increase it.
  
-Original Message-
From: David Armstrong [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 20, 2002 11:17 PM
To: [EMAIL PROTECTED]
Subject: 3015 VPN Concentrator  MTU's [7:39010]
   
   
We have a 3015 VPN concentrator that I've connected to a
vendor who has a
Netopia R9100 router with a DSL (PPOE) connection

RE: CISCO 2500 router [7:39135]

2002-03-22 Thread Michael Munn 

I've also seen this type of error, it was a flash module. I've also had
problems with one of them not being quite seated correctly, but that was
after transporting the 2500

Regards

Mike Munn


-Original Message-
From: Danny [mailto:[EMAIL PROTECTED]]
Sent: 22 March 2002 13:59
To: [EMAIL PROTECTED]
Subject: Re: CISCO 2500 router [7:39135]


I have seen that before.  If I remember correctly, the router had corrupted
memory.
Ole Drews Jensen  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I have not seen that error myself, but maybe this is what's happening
 (copied from cco):

 Adding the command distribute-list access-list out rip to an active IPX
 ROUTER NLSP process causes the router to display the following error
 message, after which the router reloads:

 Local Timeout (control reg=0x118) Error, address: 0x4000C74 at 0x30F4D7C
 (PC)

 Hth,

 Ole

 ~
  Ole Drews Jensen
  Systems Network Manager
  CCNP, MCSE, MCP+I
  RWR Enterprises, Inc.
  [EMAIL PROTECTED]
 ~
  http://www.RouterChief.com
 ~
  Need a Job?
  http://www.OleDrews.com/job
 ~




 -Original Message-
 From: Biswajeet Das [mailto:[EMAIL PROTECTED]]
 Sent: Friday, March 22, 2002 5:48 AM
 To: [EMAIL PROTECTED]
 Subject: CISCO 2500 router [7:39135]


 Hi,

 I have a CISCO 2500 series router and last time there was a power problem
 due to which now everytime I boot I get the following message

 System Bootstrap, Version 11.0(10 C), SOFTWARE
 Copyright (C) 1986-1996 by Cisco Systems
 2500 processor with 2048 Kbytes of main memory
 Local Timeout (control reg=0x118) Error, address 0x213 at
0x10109DA(PC)

 The above message keeps on repeating and the OK LED in front of the Router
 keeps blinking continuously.

 What could be the problem and the solution for it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39195t=39135
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNP exams [7:39172]

2002-03-22 Thread Lomker, Michael 

 something?  If
 simulations and a new format are scaring you that bad you 
 shouldn't even be taking the exams

I understand what you are saying, but your comments are simplistic.  There
are a lot of people out there with considerable experience and skill that
are not good test takers (a good friend of mine is one of them).  People
that are not native English speakers can also have problems with these
exams.

Many of the certification exams test your ability to memorize command syntax
(that in real life you'd use the ? for), have trick questions, or flat out
have poor wording.  To think that these exams are an accurate reflection of
ability is tough to believe.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39196t=39172
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCNP Recert exam 640-519 questions [7:39197]

2002-03-22 Thread John Gesualdi 

I need to renew  my CCNP in June. I'm  Looking for some direction on
preparing for the 640-519 exam?  Has anyone taken this and can anyone
provide some helpful notes/tips  on preparing for this exam?


--


John A. Gesualdi,CCNP, CCDP, MCSE 2000
[EMAIL PROTECTED]
The Providence Journal Company
Phone (401)277-8133
Pager (401)785-6938




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39197t=39197
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 3015 VPN Concentrator MTU's [7:39010]

2002-03-22 Thread David Armstrong 

Daniel,

I reread my original post and did something I've done before: Been so
involved in thinking about a problem I left out perhaps the most important
piece of info thinking that everybody would know what I was working on.  I'm
not sure if that's attributable to presenile dementia or just having a one
track mind. :-)

Here's the description of the problem with more specifics - We have a Cisco
3015 VPN Concentrator connected to the Internet via a T1. Our vendor has a
Netopia R9100 router connected to the Internet via DSL. I've set up a LAN to
LAN IPSec tunnel between the two that works fine right up until I attempt to
send actual data across (i.e.ICMP traffic passes because of small packet
size but true data does not). When I test for the point that data fails due
to too large packet size on the side of the Netopia router I find that
somewhere between 1350 bits and 1375 bits I have near 100% transmission
success (send multiple pings into the Netopia's network via the IPSec tunnel
with different data sizes to find a 100% reply rate as well as watch packets
on the Netopia until the number of fragments reduces to none for the ping
session).

There appears to be no way to reduce or increase MTU size on either device
which leaves me with finding a way to reduce the size of the IPSec header.
My first thoughts are to change from SHA to MD5 authentication (160 bits to
128?), and change the Diffie-Hellman Group setting from Group 2 to Group 1
(1024 bits vs 768). I have no idea if this will affect header size since I
don't understand IPSec beyond setting it up. I'll begin/rebegin working on
this problem Monday and search CCO for that type of info. Any suggestions
would be appreciated (and yes, I too would like for them to get a better
router).

Thanks,

David Armstrong

Daniel Cotts  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I'm not quite sure exactly what boxes form the IPSec relationship. Are you
 saying (a) the Netopia talks directly to the 3015 or (b) PCs (who would
have
 VPN Client software) on the LAN side of the Netopia are talking to the
3015?
 When installing the VPN Client you are prompted to change the MTU size I
 believe to 1460.
 Make sure that the Netopia isn't blocking your traffic. Try this:
 http://www.cisco.com/warp/public/471/vpn_3000_faq.shtml#Q3

 You might want the entire FAQ section. Just leave off the #Q3 of the above
 URL.
 One level higher - watch the wrap:
 http://www.cisco.com/warp/public/471/top_issues/vpn/vpn_index.shtml

  -Original Message-
  From: David Armstrong [mailto:[EMAIL PROTECTED]]
  Sent: Thursday, March 21, 2002 12:31 PM
  To: [EMAIL PROTECTED]
  Subject: Re: 3015 VPN Concentrator  MTU's [7:39010]
 
 
  Unfortunately the Netopia's MTU size can't be changed so nothing is an
  option. I'm interested in your thought on which side needs
  changing though.
  Packets larger than (somewhere around) 1400 bits can't
  traverse the Netoia
  R9100 but can traverse the 3015 VPN Concentrator. To me that
  would seem to
  mean that the size of the packets sent from the 3015 to the
  Netopia are too
  large for the Netopia. Increasing the Netopia's MTU would
  allow it to see
  larger frames and therefore not fragment them as they come
  across. Since I'm
  able to sit on the Netopia and send packets across the 3015
  into our network
  but am unable to send them from inside the Netopia's network
  across to the
  3015 it seems that the problem is stemming from too small MTU
  size on the
  Netopia (packet comes to the inside interface of the Netopia R9100, is
  encapsulated and framed with an IPSec header added to the frame for
  encryption then sent to the outside interface of the Netopia.
  The outside
  interface fragments frames greater than 1500 bits and thus
  sends fragments
  out the DSL modem into the Internet - I think).
 
  I could be thinking in the wrong direction though and if I am
  would like to
  get thinking in the right. Currently it doesn't appear that I
  can decrease
  or increase MTU size on either device which leaves me thinking that my
  options are two: get a router to replace the Netopia that
  allows changes to
  MTU or change the settings for IPSec to decerase the size of
  the header it
  adds to the packet when the frame is created. I'm focusing on
  the second
  now. I need to get a better understanding of the components
  of IPSec first
  though.
 
  Thanks for you input,
 
  David Armstrong
 
 
  Daniel Cotts  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   Seems that you need to decrease the MTU on the client (Netopia) side
  rather
   than increase it.
  
-Original Message-
From: David Armstrong [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 20, 2002 11:17 PM
To: [EMAIL PROTECTED]
Subject: 3015 VPN Concentrator  MTU's [7:39010]
   
   
We have a 3015 VPN concentrator that I've connected to a
vendor who has a
Netopia R9100 router with a DSL (PPOE) connection

RE: Gigastack Etherchannel [7:39033]

2002-03-22 Thread Kelly Cobean 

As Cisco puts it on their web site.

The GigaStack GBIC cables are proprietary, high-data-rate cables with
enhanced signal integrity and EMI performance.


 Caution Do not use standard IEEE 1394 cables with the GigaStack GBIC.  

-Original Message-
From: Kaminski, Shawn G [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 22, 2002 12:12 PM
To: 'Kelly Cobean'
Cc: 'Groupstudy'
Subject: RE: Gigastack Etherchannel [7:39033]


That's firewire between the switches, isn't it?

Shawn K.

-Original Message-
From: Kelly Cobean [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 22, 2002 11:19 AM
To: [EMAIL PROTECTED]
Subject: RE: Gigastack Etherchannel [7:39033]


Incidentally, you can see a picture of this configuration at:

http://home.earthlink.net/~kcobean/workstuff/pics/pic6.jpg or
http://home.earthlink.net/~kcobean/workstuff/pics/pic10.jpg

As usual, watch for URL wrap.


HTH

Kelly


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kelly
Cobean
Sent: Friday, March 22, 2002 10:21 AM
To: [EMAIL PROTECTED]
Subject: RE: Gigastack Etherchannel [7:39033]


Ole,
Here is our configuration(God I hope this doesn't get screwed up.  Just
in case, basically it's a looped configuration, using only one of the gig
ports per switch, utilizing the second gig port on the 1st and 9th switch
for uplink to the distribution layer.  Gig0/2 on switches 2-8 are unused.
The loop prevention mechanism in the IOS takes care of the loop
configuration in the stack(what I read leads me to believe that it is
something other than STP, but I could be wrong) then STP takes care of the
loop in the two fiber uplinks, which connect to two different Cat6509's)

 ||(fiber uplink to distribution layer)
 ||
Switch1 |oo|  |oo|
   ||
  / |---
 - |
 | |
Switch2 |oo|  |oo| |
  ||
 / |
 | |
Switch3 |oo|  |oo| |
  ||
 / |
 | |
Switch4 |oo|  |oo| |
  ||
 / |
 | |
Switch5 |oo|  |oo| |
  ||
 / |
 | |
Switch6 |oo|  |oo| |
  ||
 / |
 | |
Switch7 |oo|  |oo| |
  ||
 / |
 | |
Switch8 |oo|  |oo| |
  ||
 / |
 | |
Switch9 |oo|  |oo| |
  |||  |
  --
   ||
   || (Uplink to Distibution Layer


Hope this helps,
Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I
Network Engineer
GRC International, Inc., an ATT company




-Original Message-
From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 22, 2002 8:51 AM
To: 'Kelly Cobean'; [EMAIL PROTECTED]
Subject: RE: Gigastack Etherchannel [7:39033]


Kelly,

On the GigaStack modules, are you using both ports on the module, or one
port on two modules?

Examples (use fixed font for best view):

1 module / 2 ports

switch 1   [oo] [--]
|
switch 2   [oo] [--]
 |
switch 3   [oo] [--]
|
switch 4   [oo] [--]

2 modules / 1 port

switch 1   [oo] [oo]
|
switch 2   [oo] [oo]
 |
switch 3   [oo] [oo]
|
switch 4   [oo] [oo]

Thanks,

Ole

~
 Ole Drews Jensen
 Systems Network Manager
 CCNP, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]
~
 http://www.RouterChief.com
~
 Need a Job?
 http://www.OleDrews.com/job
~




-Original Message-
From: Kelly Cobean [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 22, 2002 7:18 AM
To: [EMAIL PROTECTED]
Subject: RE: Gigastack Etherchannel [7:39033]


Guys, If it helps any, here is a quote from Cisco's web siteLink below.

Cascaded Stack Connections:
You can connect from three to nine switches in a cascaded stack
configuration. The cascaded stack operates in half-duplex mode.  (This
raises the debate about how many switches in the stack again, because now
I've seen conflicting documentation that indicates 9 and 16)

The link is
http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/gbic/ig_gbic/mam
oins.htm#xtocid357911
Watch for URL wrap.

Our Switchstacks contain 9 3548's here, and the uplink ports with fiber GBIC
modules default to full duplex, while the gigastack module ports default to
half duplex.  I think one of reasons for this is the fact that you are
effectively splitting the port in half by connecting each of the two
gigastack ports to different switches.  Hope this helps.

Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I
Network Engineer
GRC International, Inc., an

RE: CCNP exams [7:39172]

2002-03-22 Thread Matthew Meiers 

You are absolutely correct about the people who are not native English
speakers and the people that are bad test takers, but I don't think the
people that are complaining about exam formats fall into that category.
I am been nailed with more email about Cisco and the new exam format
than I care to hear about.  As far as tricky wording and poor questions,
hey that happens and even the best test takers get nailed with those.
It is an associate level exam; the simulations cannot be that difficult.
What is the worst that Cisco is going to have you do?  Cisco could do
like Extreme networks and make you take a hands-on lab for the basic
certification.  

-Original Message-
From: Lomker, Michael [mailto:[EMAIL PROTECTED]] 
Sent: Friday, March 22, 2002 12:41 PM
To: Matthew Meiers
Cc: Groupstudy (E-mail)
Subject: RE: CCNP exams [7:39172]

 something?  If
 simulations and a new format are scaring you that bad you 
 shouldn't even be taking the exams

I understand what you are saying, but your comments are simplistic.
There
are a lot of people out there with considerable experience and skill
that
are not good test takers (a good friend of mine is one of them).  People
that are not native English speakers can also have problems with these
exams.

Many of the certification exams test your ability to memorize command
syntax
(that in real life you'd use the ? for), have trick questions, or flat
out
have poor wording.  To think that these exams are an accurate reflection
of
ability is tough to believe.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39201t=39172
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Coyotepoint Load Balancers [7:38953]

2002-03-22 Thread Brian Zeitz 

I asked Nortel/Alteon how there web switches compare with Coyotepoint, this
is what they sent me. If you feel like filling in what Aeropoint can do,
feel free. I thought it was cool that it can do SSL load balancing. The
other thing about coyote only having 2 ports, ports go bad a lot on web
devices with high volume. Maybe coyote was suggested because it is cheaper.

COMPETITIVE BULLETIN
Coyote Point Equalizer
 Web Solutions Product MarketingMarch 2002 

Should You Trust Your Network To An Appliance b
  
Coyote Pointbs Equalizer is a single-application appliance, with a PC-based
architecture that canbt scale as your network grows

 


Alteon ACEdirector 4 Web Switch 
  
Alteon Web Switches are purpose-built, intelligent traffic managers
that support multiple Layer 2-7 applications on a single box

Key Alteon Differentiators When Considering the Coyote Point Equalizer for
Server Load Balancing
Alteon provides a proven all-in-one Web switching solution for L4-7
local-global Server Load Balancing, Web Cache Redirection, and VPN /
Firewall Load Balancing
o' Coyote Pointbs Equalizer cannot support multiple services/applications
on the same box.
o' Nortel Networks can provide local and global server load balancing,
application redirection, Secure Sockets Layer (SSL) load balancing,
URL-based redirection and load balancing, streaming media load balancing,
wireless gateway load balancing, intrusion detection load balancing and
advanced TCP/IP filtering functions within a single Web switch.
Alteonbs Virtual Matrix Architecture takes distributed processing to the
next level, providing customers with the best of both distributed and
centralized switching
o' Alteonbs VMA is a hybrid architecture that enables the switch to
aggregate the processing power of ASICs on every port. VMA makes optimal use
of all distributed processing and memory resources and applies them to the
ports actively handling traffic.
o' Alteonbs VMA switching architecture is a proven solution. Customers
have been successfully using the VMA architecture for high performance IP
switching since April 2000.
Alteon provides advanced Layer 7 features Coyote Pointbs Equalizer Lacks
Equalizer lacks key Web OS 9.0 features and support:
o' No support for wireless users. 
Alteon supports wireless users via WAP gateway load balancing.
o' No security solution: Alteon supports load balancing intrusion detection
system (IDS) servers.
o' No support for GSLB persistence. Alteon supports GSLB persistence via
cookie rewrite mode. Because F5bs GSLB and persistence features are not
integrated, they cannot ensure that a user will be routed to the same remote
server.
Alteonbs Active-Active Redundancy optimizes switching resources, ensures
high availability, and maximizes service traffic throughput
o' Coyote Pointbs appliances do not provide true Active-Active support.
While they state that they provide bmission-critical services for which
high availability and fault tolerance are essential,b two (or more)
Equalizers can only be configured in ba hot-backup configurationb on a
network. This means that one device is actively processing traffic, while
the other is simply providing redundancy.
o' Alteon switches enable redundancy to eliminate any single point of
failure and true High Availability, where both load balancers can actively
process traffic and provide backup for each other at the same time.
o' Alteon support for High Availability configurations optimizes switching
resources and results in better investment protection.

Summary 
A PC-based appliance cannot provide the performance, reliability, and
scalability of Nortel Networks Alteon Web switching solutions under
real-world conditions. When considering Coyote Pointbs Equalizer load
balancing product, ask yourself the following questions?
o' Can it support multiple load balancing applications on a single box? 

o' Can it provide the flexibility, scalability, and ultimately, the
reliability crucial to ensuring mission critical application support?

Alteonbs proven performance, scalability, and High Availability provide
optimum throughput, multi-application flexibility, and a better return on
your investment as your business grows.

For More Information 
To learn more about the features and capabilities of Alteon Web Switches and
the entire Alteon Product Portfolio, visit the website links below:

Alteon Web Switching Portfolio:
http://www.nortelnetworks.com/products/01/alteon/index.html

Alteon ACEdirector (AD) Series:
http://www.nortelnetworks.com/products/01/alteon/acedir/index.html#

Alteon 180 Series:
http://www.nortelnetworks.com/products/01/alteon/alt180/index.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39200t=38953
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and

RE: CCNP exams [7:39172]

2002-03-22 Thread Raymond Belt 

The real issue isnt that hands on testing is good/bad (I think its 
great if you want to test me, give me a router with a problem and see if I 
can fix it.).  The real issue is two fold:  First, the testing engine 
doesnt use real IOS, its a simulator, meaning that some commands have to 
be typed out completely and some commands can be truncated but only in 
certain ways (i.e. config t might work, but conf t might not or int s 0 
might work but interface s0 doesnt, etc.) meaning, you must know what the 
simulator will accept for a correct answer, not necessarily what would work 
in the real world.  Second, Ive heard that the testing simulator is the one 
used in the official Cisco course  translation, anyone with the $s to go 
to the class has a leg up on someone that only works on real gear sounds 
slightly fishy to me.

Just my $0.02

\\RB



_
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39202t=39172
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Blocking OSPF LSA [7:39191]

2002-03-22 Thread John Neiberger 

You could use 'passive-interface' in the ospf config or you could choose
not to include a network statement that includes that interface.  If you
need to advertise that prefix, a possibility might be to redistribute
connected.

Of course, it all depends on what you're really trying to accomplish.

HTH,
John

 Larry Whitfill  3/22/02 11:28:35 AM 
I know how to reduce the number of LSA's being injected into an area by
an
ABR by using the stub, no-summary command.  However, area 3 LSA's are
still
sent into the area (default route LSA).  I know I cab stop them with
database filter, but does anyone know of another way to block all
LSA's?

Thanks,
Larry




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39203t=39191
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Classful Prefix-list [7:39113]

2002-03-22 Thread Rob Webber 

To better understand why this works:

In the very first octet, the following applies:

class A addresses start with the first bit = 0

class B addresses start with the first two bits = 10

class C addresses start with the first three bits = 110

So the 0.0.0.0/1 means look for a network address of 0.0.0.0, but only pay
attention to the very first bit (and make sure that it is a zero). So
0.0.0.0/1 identifies all class A networks - from 0.0.0.0 to 127.255.255.255.
The ge 8 le 8 says only accept routes with a mask of 255.0.0.0. The
combination of these two identifies all classful class A networks (0.0.0.0/8
to 127.0.0.0/8).

Same with the 128.0.0.0/2 - that means make sure the first two bits are 10,
but then ignore everything else. So this includes all class B addresses -
from 128.0.0.0 to 191.255.255.255.

Rob.

Rob Webber  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I believe this will do what you are looking for. I did a little testing
and
 it seemed to work well:

 ip prefix-list classful seq 5 permit 0.0.0.0/1 ge 8 le 8
 ip prefix-list classful seq 10 permit 128.0.0.0/2 ge 16 le 16
 ip prefix-list classful seq 15 permit 192.0.0.0/3 ge 24 le 24

 Hope that helps, Rob.
 CCIE 6922

 William Lijewski  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Can someone tell me how to create a Prefix-list to only alow classful
 routes
  for BGP.  I know you can do the following with an extended access-list:
 
  access-list 100 permit ip 0.0.0.0 127.0.0.0 host 255.0.0.0
  access-list 100 permit ip 128.0.0.0 63.255.0.0 host 255.255.0.0
  access-list 100 permit ip 192.0.0.0 31.255.255.0 host 255.255.255.0
 
  Is there way to do it?  Any good reading material on Prefix-lists?
 
  Thanks in advance.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39204t=39113
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Coyotepoint Load Balancers [7:38953]

2002-03-22 Thread John Neiberger 

You are correct.  In the post you made today you simply said that SSL
load balancing wasn't working and you didn't mention keepalives.  I
thought you meant that you weren't even able to get SSL load balancing
to work correctly.

We are still using pings for keepalives which works fine if your system
is stable but in the beginning we had a lot of glitches with the secure
server.  It would lock up and we'd have no idea it happened.  If the
load balancing switch had a way to actually test the secure server, I
would be exceedingly joyful.

John

 sam sneed  3/22/02 10:08:16 AM 
Really,
I remembered you replied to a post a made a while back stating your
were
using pings for the keepalives:
http://www.groupstudy.com/form/read.php?f=7i=36514t=36505 

For true load balancing the CS11152 advertises you need HTTP keepalives
over
a secure connection with application SSL set. Otherwise the WWW
service
could die and CS will still show service as up.(assuming the SSL
servers are
not the same as the WWW servers. I got an example from Cisco's site but
it
didn't work.

So I assume you had this working but not exaclty the way it was meant
to be
working. Or were you just holdin' out on me on that last post?  ; )

By the way I solved my previous problem by using TCP keepalives on port
443.

John Neiberger  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 That's interesting.  We've been using the Arrowpoint switch for
 load-balancing with sticky SSL sessions for over a year now and have
had
 no problems at all.

 However, we're going to be replacing that box with two of
 something-or-other, we just haven't decided on what yet.

 John

  sam sneed  3/22/02 8:35:56 AM 
 First off, failover takes close to a minute which is a lot more than
 Cisco
 advertises(in HA config). Second they're supposed to provide for
load
 balancing using SSL. This simply does not work on ours even though
we
 followed the config on their site exactly. Third they're very
 tempermental.
 We migrated them to another switch and expected a little downtime
 during the
 move. We moved them, they came up, showed all services were good but
 in
 actuality all services were down. We had to power down both CS11152
and
 the
 Extreme switch they were connected to get services back up. Mind you
 that
 all the servers that were behind the CS11152 were pingable and
 reachable up
 to Layer 3 so NAT and L3 were working, only the services the load
 balancers
 were supposed to provide were down. Cost us a lot of aggravation and
 almost
 my job.


 Gaz  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  What problems have you had with the Arrowpoint Sam?
 
  We do mainly Foundry for load balancing, and I have to say (as I'm
 not
 using
  my work e-mail address :-)) that they have been flaky as hell. We
 work
  fairly closely with Foundry (when we can get in touch), but every
 box
 seems
  to work differently with every image. You get in to the habit of
 finding
 an
  image that works and leave it alone. It's a horrible feeling when
 security
  advisories come out recommending upgrades, and you just know it's
 going to
  introduce other issues.
 
  We haven't deployed the Arrowpoint on any really big projects, but
 they do
  seem to offer more functionality than the Foundry in some areas
(not
  forgetting the massive price difference), so I'm interested to
hear
 what
  problems have arisen with them.
 
  Thanks,
 
  Gaz
 
 
  sam sneed  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   I have a pair of CS11152 (former arrowpoints) and they've been
 flaky. I
 do
   not recommend them. Not sure about coyotepoint.
  
  
   dre  wrote in message
   [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Coyotepoint was the first server load balancing device I had
 ever
heard of outside of your basic LSNAT configuration (I think
 Cisco
calls it NAT load-sharing or something, but there is an RFC
 also).
   
However, I've never actually seen one in production on any
network.  Around 1997-8 the Cisco Local Director was the
only box I saw, and most people hated them.  Then, the F5
Big/IP box became popular (and it still sort of is).  A whole
bunch of people started entering the market space of SLB
and Global Load-Balancing.  In the past few years, companies
like Arrowpoint and Alteon got bought by Cisco and Nortel.
Now you even have places like Akamai doing GLB for places
like Yahoo.
   
After I've read the RFC's, and patents like US6185598,
US108703, and US6052718, and worked with SLB and
GLB for years, I've finally come to a few conclusions:
   
A) The SLB/GLB marketing and focus is silicon snake oil
B) Just like the computer security industry, [it's] like a
 carnival
  game,
where people throw ducks at balloons, and nothing is as it
 seems
C) It really depends on *your* environment.  Just as there are
millions of options for web servers and web programming
 languages

RE: IDS blade [7:39193]

2002-03-22 Thread maverick hurley 

Yes, I just took the Cisco secure intrustion detection course and we covered
it. I think it is addressed in the Cisco Secure IDS book. Any
questions give me a hollar offline and I will help you.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39206t=39193
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNP exams [7:39172]

2002-03-22 Thread Brian Zeitz 

Sounds like you are talking from your own experiences.

I purchased all 500 series material not long ago. I figured since they
just came out with the 500 series I would be good for a while.

Imagine you sat down for the SAT, and on the top of the page it said
attention, now this test is totally different. Then a guy who took it
5 years ago is saying that he got a 1300, but only had 55 questions.
Another guy took it this year and is saying he got a 1200 but it had 69
questions. 

In my own humble opinion it is enough with the changes already. Please
make it a stable exam, which is equal for everyone. Make it the same
score, make it the same number of questions. Try to put some consistency
in it. And most of all, keep some of us with test anxiety in the loop.

Actually working on routers, switches comes from hands on experience
with the products. There is not way to simulate a large enterprise of
Routers and switches on 1 PC in a testing center. Please, have some
common sense before you post garbage like this.


-Original Message-
From: Matthew Meiers [mailto:[EMAIL PROTECTED]] 
Sent: Friday, March 22, 2002 1:21 PM
To: [EMAIL PROTECTED]
Subject: RE: CCNP exams [7:39172]

Why is everyone so worried about the new exam format?  Wouldn't it be
amazing if someone with a certification could actually do something?  If
simulations and a new format are scaring you that bad you shouldn't even
be taking the exams

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Mark Villanova
Sent: Friday, March 22, 2002 10:46 AM
To: [EMAIL PROTECTED]
Subject: CCNP exams [7:39172]

Are the CCNP exams going to a new format soon? I was talking with
someone at
my testing center and they said they will be changing the format soon.
Anyone know when?

Mark Villanova
I3Mobile
IT Engineer (TX)
Main: 817-766-5000
Office: 817-766-5012
Mobile: 817-312-8955
Fax: 817-766-5001
Email: [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39207t=39172
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Catalyst 6509 [7:39192]

2002-03-22 Thread maverick hurley 

I have always been advised to use Vlan 1 for management only? Just dont use
vlan 1 for users and other devices. I would use vlan 1 for the managemnet
under a different subnet than your devices. Assign the subnet for vlan1 on
your router card. Use a ip under that subnet for your SC0 interface and
point your default gateway to the vlan1 interface of your router card. The
advantage for using vlan 1 only for managment is that if your management is
in the same vlan as devices and you have broadcast storms this can effect
you not being able to reach the interface for management. Also your native
vlans for ports is vlan1 incase you ever loose one end of a trunked port you
can recover easier.

thanks 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39208t=39192
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Blocking OSPF LSA [7:39191]

2002-03-22 Thread Wright, Jeremy 

would writing an access list to block 224.0.0.5 and .6 do the trick?

-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 22, 2002 1:13 PM
To: [EMAIL PROTECTED]
Subject: Re: Blocking OSPF LSA [7:39191]


You could use 'passive-interface' in the ospf config or you could choose
not to include a network statement that includes that interface.  If you
need to advertise that prefix, a possibility might be to redistribute
connected.

Of course, it all depends on what you're really trying to accomplish.

HTH,
John

 Larry Whitfill  3/22/02 11:28:35 AM 
I know how to reduce the number of LSA's being injected into an area by
an
ABR by using the stub, no-summary command.  However, area 3 LSA's are
still
sent into the area (default route LSA).  I know I cab stop them with
database filter, but does anyone know of another way to block all
LSA's?

Thanks,
Larry




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39209t=39191
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNP exams [7:39172]

2002-03-22 Thread Matthew Meiers 

The test covers the same material!!  

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Brian Zeitz
Sent: Friday, March 22, 2002 1:33 PM
To: [EMAIL PROTECTED]
Subject: RE: CCNP exams [7:39172]

Sounds like you are talking from your own experiences.

I purchased all 500 series material not long ago. I figured since they
just came out with the 500 series I would be good for a while.

Imagine you sat down for the SAT, and on the top of the page it said
attention, now this test is totally different. Then a guy who took it
5 years ago is saying that he got a 1300, but only had 55 questions.
Another guy took it this year and is saying he got a 1200 but it had 69
questions. 

In my own humble opinion it is enough with the changes already. Please
make it a stable exam, which is equal for everyone. Make it the same
score, make it the same number of questions. Try to put some consistency
in it. And most of all, keep some of us with test anxiety in the loop.

Actually working on routers, switches comes from hands on experience
with the products. There is not way to simulate a large enterprise of
Routers and switches on 1 PC in a testing center. Please, have some
common sense before you post garbage like this.


-Original Message-
From: Matthew Meiers [mailto:[EMAIL PROTECTED]] 
Sent: Friday, March 22, 2002 1:21 PM
To: [EMAIL PROTECTED]
Subject: RE: CCNP exams [7:39172]

Why is everyone so worried about the new exam format?  Wouldn't it be
amazing if someone with a certification could actually do something?  If
simulations and a new format are scaring you that bad you shouldn't even
be taking the exams

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Mark Villanova
Sent: Friday, March 22, 2002 10:46 AM
To: [EMAIL PROTECTED]
Subject: CCNP exams [7:39172]

Are the CCNP exams going to a new format soon? I was talking with
someone at
my testing center and they said they will be changing the format soon.
Anyone know when?

Mark Villanova
I3Mobile
IT Engineer (TX)
Main: 817-766-5000
Office: 817-766-5012
Mobile: 817-312-8955
Fax: 817-766-5001
Email: [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39211t=39172
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Traffic Analyses [7:39167]

2002-03-22 Thread Priscilla Oppenheimer 

show interface serial

That's the most efficient method!

At 11:25 AM 3/22/02, Rafay Aslam wrote:
HI Guys
I wanted to know how much traffic is passing through my T1 or how much
traffic is utilizing my T1 bandwidth. Tell me the most efficent and accurate
way of finding it.

Thanks,


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39210t=39167
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Simple Cisco Hardware Chart [7:39212]

2002-03-22 Thread x 

I have been working on putting together a simple excel
spreadsheet that lists the Cisco hardware modules and
interfaces they have and maybe a little about each
router.  Does something like this already exist?  If
it doesn't, I would be happy to share my chart if
anyone is interested.

__
Do You Yahoo!?
Yahoo! Movies - coverage of the 74th Academy Awards.
http://movies.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39212t=39212
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Catalyst 6509 [7:39192]

2002-03-22 Thread MADMAN 

You are 100% correct on the default route for SC0.

  The design you have is what I would recommend.  The reason I would
keep the management VLAN off of the uer VLAN is if you have a meltdown
for some reason on the user VLAN you will still have connectivity
between switches while you try to troubleshoot.  I have seen this
happen, the customer had to run between buildings and floors with a
laptop to troubleshoot.

  Dave

Ali, Abbas wrote:
 
 Hello Folks,
 
 I need help understanding this logic.
 
 I have Catalyst 6509 switch with 4 Vlans.  I have done configuration which
 is recommended by Cisco.
 
 Here is the details.
 
 VLAN 2  Users:  Subnet 10.0.2.0/24
 
 VLAN 3  Servers Subnet  10.0.3.0/24
 
 VLAN 4  PBX Application Subnet 10.0.4.0/24
 
 VLAN 5  Management Vlan Subnet 10.0.5.0/24
 
 Catalyst 6509 has dual IOS.  The catalyst IOS for switch and Cisco IOS for
 the router blade.  I have assigned
 IP address 10.0.5.2 to the SC0 interface and assigned IP address
10.0.5.1/24
 to VLAN 5 that I created in cisco IOS.  By doing this I can telnet to both
 from my PC which is in user vlan.
 
 I believe I will also have to do a default gateway command in SC0 interface
 and gateway should be pointing to 10.0.5.1 (VLAN 5's IP address) in order
 for me to telnet the catalyst IOS  from different VLANS.  Am I approaching
 the correct path?  Please advise.
 
 I am not using VLAN 1 as not recommended by Cisco.  What disadvantage I
 would have had if I would choose VLAN 1 for the management.
 
 I am also using a totally different subnet for the management per
 guidelines, but I could have put SC0 in a VLAN 2 and could have used the IP
 address from the user VLAN 2 and by doing that I would not have to create a
 VLAN 5.  Is there any real advantage for using a totally separate VLAN for
 the management purpose.  Some guidelines say that it is really secured by
 using a different VLAN other than VLAN 1 or any other VLANS which are used
 for Users, Servers etc.  Can someone explain how?
 
 Regards,
 
 Ali
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

Emotion should reflect reason not guide it




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39214t=39192
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco's pps claims [7:38956]

2002-03-22 Thread Priscilla Oppenheimer 

At 12:01 PM 3/22/02, s vermill wrote:
All,

I agree that the industry has settled on pps.

Router and switch vendors use ppp to advertise throughput measurements of 
packets through their devices. This is just one minor aspect of network 
performance.

  And yes, the smaller the
packet size the greater the number appears.

The vendors do their tests with all packet sizes. They bandy about the one 
that's best.

This has nothing to do with actual traffic patterns and isn't a 
recommendation on packet sizes that should be used, as I'm sure you realize.

However, if you look at the
ratio of header to payload, smaller packet sizes seem to result in lower
throughput as measured in bits or bytes.

What problem are you trying to solve? What performance metric are you 
trying to measure?

When measuring application-layer throughput, it's common practice not to 
count the headers. The measurement is application-layer bytes per second. 
If these bytes are being divided into small chunks and each chunk has 
headers that take up bandwidth, then application-layer throughput won't be 
so good. If these bytes are divided into larger chunks, then a smaller 
percentage of bandwidth is consumed by headers, and application-layer 
throughput is better.

Common wisdom used to be to always maximize packet sizes to ensure optimum 
application-layer throughput.

Maximum packet sizes can cause excessive serialization delay on low-speed 
output interfaces, however. If you have a voice or other delay-sensitive 
application, then maybe you shouldn't use maximum packet size. Or maybe you 
should use one of the many link fragmentation technologies, such as FRF.12.

Again, what problem are you trying to solve?

Priscilla

  A larger packet size has a lower
ratio and thus a greater throughput in raw ones and zeros.  Studies I have
seen in the past seem to support that theory.  Any comments on that aspect?

Regards,

Scott

Priscilla Oppenheimer wrote:
 
 
  The Layer 2 header changes whenever a router forwards a packet.
  For one
  thing, the Layer-2 destination address changes. The frame goes
  to the next hop.
 
  The router strips the Layer 2 header on the incoming packet,
  figures out
  where to forward the frame from a routing table or cache, and
  re-encapsulates the frame into a new Layer 2 header. The amount
  of
  processing required to strip an Ethernet header, figure out the
  destination
  port and encapsulation, and re-encapsulate into Frame Relay is
  essentially
  the same as the amount of overhead required to strip an
  Ethernet header,
  figure out the destination port and encapsulation, and
  re-encapsulate into
  an Ethernet header.
 
  Marc's point was that the amount of overhead is also the same
  regardless of
  the packet size. The job must be done whether it's a 46-byte or
  1500-byte
  packet. And I like the way he said that shovelling the rest of
  the packet
  through is low overhead. That's true.
 
  Keep in mind, however, that the packets-per-second ratings are
  just vendor
  marketing departments trying to one up their competitors. So,
  they post
  the results of testing with 64 byte packets because that makes
  the number
  higher. More packets are coming in to get processed. Long
  packets take
  longer, not because of extra processing, but simply because of
  serialization delay.
 
  It's like a relay in a train-switching system. The relay
  doesn't have to do
  more work for long trains with many cars. But it still takes
  longer to get
  a long train through the relay than it does to get a short
  train through it.
 
  Priscilla
 
 
 
 
 
  --- Marc Thach Xuan Ky
  wrote:
Sam,
I think the question is: what is your average packet
size?  Using
process or fast switching I should think that the
packet size is almost
irrelevant to the router.  I have benchmarked many
PCs and NICs running
certain routing software.  On a PCI bus PC the pps
difference between 64
and 1518 octet frames was in the order of ten to
twenty percent, i.e.
the routing decision consumes the bulk of the CPU
bandwidth, shovelling
the rest of the packet through is low-overhead.
Marc
   
sam sneed wrote:

 I noticed Cisco uses pps when they give their
specs for routers, firewalls,
 etc. What is the assumed packet size when they
come up with these specs?
I'm
 planning on using 2 2621's in HSRP mode (getting
default routes via BGP)
and
 need to be able to support a constant 10 Mb/sec
and would like know if
these
 routers will do the trick.
 thanks
  [EMAIL PROTECTED]
  
  
  __
  Do You Yahoo!?
  Yahoo! Movies - coverage of the 74th Academy Awards.
  http://movies.yahoo.com/
  
 
  Priscilla Oppenheimer
  http://www.priscilla.com


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:

RE: CCNP exams [7:39172]

2002-03-22 Thread Priscilla Oppenheimer 

At 01:39 PM 3/22/02, Lomker, Michael wrote:
  something?  If
  simulations and a new format are scaring you that bad you
  shouldn't even be taking the exams

I understand what you are saying, but your comments are simplistic.  There
are a lot of people out there with considerable experience and skill that
are not good test takers (a good friend of mine is one of them).  People
that are not native English speakers can also have problems with these
exams.

It doesn't matter. The Cisco IOS CLI isn't English! ;-)

Seriously, the majority of Cisco software engineers aren't native English 
speakers either.

Priscilla


Many of the certification exams test your ability to memorize command syntax
(that in real life you'd use the ? for), have trick questions, or flat out
have poor wording.  To think that these exams are an accurate reflection of
ability is tough to believe.




Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39215t=39172
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IDS blade [7:39193]

2002-03-22 Thread John Jackson 

Try this.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/idsm/idsm_1/10890_02.htm#xtocid189323

Also if you are trying to access the IDS blade from Native IOS try this to
get to the CLI.  (BTW you need Version 12.1(8b)EX5 or latter to do this)

Router#session slot 8 processor 1
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.81 ... Open
login: ciscoids
Password:attack

sensor-29# 
of cource you need to change the slot # to whatever slot the IDS blade is in

Hope This Helps
John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39216t=39193
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Catalyst 6509 [7:39192]

2002-03-22 Thread Ali, Abbas 

It means that if you isolate your managment vlan with your user's vlan then
it will help you reaching the managment interface and it totally makes
sense.  But do you think that isolating your managment vlan will also help
you securing your network from hackers?

Regards,


Ali


-Original Message-
From: maverick hurley [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 22, 2002 11:41 AM
To: [EMAIL PROTECTED]
Subject: RE: Catalyst 6509 [7:39192]


I have always been advised to use Vlan 1 for management only? Just dont use
vlan 1 for users and other devices. I would use vlan 1 for the managemnet
under a different subnet than your devices. Assign the subnet for vlan1 on
your router card. Use a ip under that subnet for your SC0 interface and
point your default gateway to the vlan1 interface of your router card. The
advantage for using vlan 1 only for managment is that if your management is
in the same vlan as devices and you have broadcast storms this can effect
you not being able to reach the interface for management. Also your native
vlans for ports is vlan1 incase you ever loose one end of a trunked port you
can recover easier.

thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39217t=39192
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco's pps claims [7:38956]

2002-03-22 Thread Priscilla Oppenheimer 

At 03:30 PM 3/22/02, Priscilla Oppenheimer wrote:
At 12:01 PM 3/22/02, s vermill wrote:
 All,
 
 I agree that the industry has settled on pps.

Router and switch vendors use ppp to advertise throughput measurements of
packets through their devices.

That should say pps! ;-)

This is just one minor aspect of network
performance.

   And yes, the smaller the
 packet size the greater the number appears.

The vendors do their tests with all packet sizes. They bandy about the one
that's best.

This has nothing to do with actual traffic patterns and isn't a
recommendation on packet sizes that should be used, as I'm sure you realize.

 However, if you look at the
 ratio of header to payload, smaller packet sizes seem to result in lower
 throughput as measured in bits or bytes.

What problem are you trying to solve? What performance metric are you
trying to measure?

When measuring application-layer throughput, it's common practice not to
count the headers. The measurement is application-layer bytes per second.
If these bytes are being divided into small chunks and each chunk has
headers that take up bandwidth, then application-layer throughput won't be
so good. If these bytes are divided into larger chunks, then a smaller
percentage of bandwidth is consumed by headers, and application-layer
throughput is better.

Common wisdom used to be to always maximize packet sizes to ensure optimum
application-layer throughput.

Maximum packet sizes can cause excessive serialization delay on low-speed
output interfaces, however. If you have a voice or other delay-sensitive
application, then maybe you shouldn't use maximum packet size. Or maybe you
should use one of the many link fragmentation technologies, such as FRF.12.

Again, what problem are you trying to solve?

Priscilla

   A larger packet size has a lower
 ratio and thus a greater throughput in raw ones and zeros.  Studies I have
 seen in the past seem to support that theory.  Any comments on that
aspect?
 
 Regards,
 
 Scott
 
 Priscilla Oppenheimer wrote:
  
  
   The Layer 2 header changes whenever a router forwards a packet.
   For one
   thing, the Layer-2 destination address changes. The frame goes
   to the next hop.
  
   The router strips the Layer 2 header on the incoming packet,
   figures out
   where to forward the frame from a routing table or cache, and
   re-encapsulates the frame into a new Layer 2 header. The amount
   of
   processing required to strip an Ethernet header, figure out the
   destination
   port and encapsulation, and re-encapsulate into Frame Relay is
   essentially
   the same as the amount of overhead required to strip an
   Ethernet header,
   figure out the destination port and encapsulation, and
   re-encapsulate into
   an Ethernet header.
  
   Marc's point was that the amount of overhead is also the same
   regardless of
   the packet size. The job must be done whether it's a 46-byte or
   1500-byte
   packet. And I like the way he said that shovelling the rest of
   the packet
   through is low overhead. That's true.
  
   Keep in mind, however, that the packets-per-second ratings are
   just vendor
   marketing departments trying to one up their competitors. So,
   they post
   the results of testing with 64 byte packets because that makes
   the number
   higher. More packets are coming in to get processed. Long
   packets take
   longer, not because of extra processing, but simply because of
   serialization delay.
  
   It's like a relay in a train-switching system. The relay
   doesn't have to do
   more work for long trains with many cars. But it still takes
   longer to get
   a long train through the relay than it does to get a short
   train through it.
  
   Priscilla
  
  
  
  
  
   --- Marc Thach Xuan Ky
   wrote:
 Sam,
 I think the question is: what is your average packet
 size?  Using
 process or fast switching I should think that the
 packet size is almost
 irrelevant to the router.  I have benchmarked many
 PCs and NICs running
 certain routing software.  On a PCI bus PC the pps
 difference between 64
 and 1518 octet frames was in the order of ten to
 twenty percent, i.e.
 the routing decision consumes the bulk of the CPU
 bandwidth, shovelling
 the rest of the packet through is low-overhead.
 Marc

 sam sneed wrote:
 
  I noticed Cisco uses pps when they give their
 specs for routers, firewalls,
  etc. What is the assumed packet size when they
 come up with these specs?
 I'm
  planning on using 2 2621's in HSRP mode (getting
 default routes via BGP)
 and
  need to be able to support a constant 10 Mb/sec
 and would like know if
 these
  routers will do the trick.
  thanks
   [EMAIL PROTECTED]
   
   
   __
   Do You Yahoo!?
   Yahoo! Movies - coverage of the 74th Academy Awards.
   http://movies.yahoo.com/

RE: CCNP exams [7:39172]

2002-03-22 Thread Brian Zeitz 

Yea, and the CCIE written and lab cover the same material too. NOT.

-Original Message-
From: Matthew Meiers [mailto:[EMAIL PROTECTED]] 
Sent: Friday, March 22, 2002 3:12 PM
To: [EMAIL PROTECTED]
Subject: RE: CCNP exams [7:39172]

The test covers the same material!!  

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Brian Zeitz
Sent: Friday, March 22, 2002 1:33 PM
To: [EMAIL PROTECTED]
Subject: RE: CCNP exams [7:39172]

Sounds like you are talking from your own experiences.

I purchased all 500 series material not long ago. I figured since they
just came out with the 500 series I would be good for a while.

Imagine you sat down for the SAT, and on the top of the page it said
attention, now this test is totally different. Then a guy who took it
5 years ago is saying that he got a 1300, but only had 55 questions.
Another guy took it this year and is saying he got a 1200 but it had 69
questions. 

In my own humble opinion it is enough with the changes already. Please
make it a stable exam, which is equal for everyone. Make it the same
score, make it the same number of questions. Try to put some consistency
in it. And most of all, keep some of us with test anxiety in the loop.

Actually working on routers, switches comes from hands on experience
with the products. There is not way to simulate a large enterprise of
Routers and switches on 1 PC in a testing center. Please, have some
common sense before you post garbage like this.


-Original Message-
From: Matthew Meiers [mailto:[EMAIL PROTECTED]] 
Sent: Friday, March 22, 2002 1:21 PM
To: [EMAIL PROTECTED]
Subject: RE: CCNP exams [7:39172]

Why is everyone so worried about the new exam format?  Wouldn't it be
amazing if someone with a certification could actually do something?  If
simulations and a new format are scaring you that bad you shouldn't even
be taking the exams

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Mark Villanova
Sent: Friday, March 22, 2002 10:46 AM
To: [EMAIL PROTECTED]
Subject: CCNP exams [7:39172]

Are the CCNP exams going to a new format soon? I was talking with
someone at
my testing center and they said they will be changing the format soon.
Anyone know when?

Mark Villanova
I3Mobile
IT Engineer (TX)
Main: 817-766-5000
Office: 817-766-5012
Mobile: 817-312-8955
Fax: 817-766-5001
Email: [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39219t=39172
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IDS blade [7:39193]

2002-03-22 Thread John Allhiser 

It uses the CSPM software like the standalone device.  
The link to physically install it is:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/idsm/idsm_1/10890_02
.htm

From the CLI, type: session  
then type ciscoids and attack for user and password.
Once you're in, type: setup.
Configure it to connect with the CSPM from there. 

-Original Message-
From: Ali, Abbas [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 22, 2002 12:38 PM
To: [EMAIL PROTECTED]
Subject: IDS blade [7:39193]


Has anyone ever configured IDS module for catalyst 6500 series router?  I
tried browsing Cisco Website, but did not find any help in terms of
installing and configuring the IDS blade.  Can someone point me to correct
link?

Regards,

Ali




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39220t=39193
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Catalyst 6509 [7:39192]

2002-03-22 Thread maverick hurley 

absoultly it will help for security, The thing to remember is that your
ports are default for native vlan1. You can specify a different vlan number
for your management like vlan 5. But in case of trunking mishaps/issues and
vlan pruning issues it is safer using vlan 1.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39221t=39192
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Blocking OSPF LSA [7:39191]

2002-03-22 Thread Howard C. Berkowitz 

I remain confused on what problem is being solved. There needs to be 
a default route for anything to get out of the area. If the goal is 
to block all other non-intra-area routes, why not just make the area 
totally stubby?


would writing an access list to block 224.0.0.5 and .6 do the trick?

-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 22, 2002 1:13 PM
To: [EMAIL PROTECTED]
Subject: Re: Blocking OSPF LSA [7:39191]


You could use 'passive-interface' in the ospf config or you could choose
not to include a network statement that includes that interface.  If you
need to advertise that prefix, a possibility might be to redistribute
connected.

Of course, it all depends on what you're really trying to accomplish.

HTH,
John

  Larry Whitfill  3/22/02 11:28:35 AM 
I know how to reduce the number of LSA's being injected into an area by
an
ABR by using the stub, no-summary command.  However, area 3 LSA's are
still
sent into the area (default route LSA).  I know I cab stop them with
database filter, but does anyone know of another way to block all
LSA's?

Thanks,
Larry




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39222t=39191
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Traffic Analyses [7:39167]

2002-03-22 Thread Patrick Ramsey 

efficient?  heh  Maybe it's efficient per telnet session... :)  oh
yeah...that MUST be what you were talking about!

now...let's see do that once every 5 minutes (assuming you work 24 hrs a
day)  and you would telnet into your router 288 times a day  :)

 Priscilla Oppenheimer  03/22/02 03:11PM 
show interface serial

That's the most efficient method!

At 11:25 AM 3/22/02, Rafay Aslam wrote:
HI Guys
I wanted to know how much traffic is passing through my T1 or how much
traffic is utilizing my T1 bandwidth. Tell me the most efficent and accurate
way of finding it.

Thanks,


Priscilla Oppenheimer
http://www.priscilla.com 
  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. (WellStar) and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39223t=39167
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNP exams [7:39172]

2002-03-22 Thread Ladrach, Daniel E. 

I took much harder exams in college. The Ohio State University (College of
Business).

Daniel Ladrach
CCNA, CCNP
WorldCom


-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 22, 2002 3:35 PM
To: [EMAIL PROTECTED]
Subject: RE: CCNP exams [7:39172]


At 01:39 PM 3/22/02, Lomker, Michael wrote:
  something?  If
  simulations and a new format are scaring you that bad you
  shouldn't even be taking the exams

I understand what you are saying, but your comments are simplistic.  There
are a lot of people out there with considerable experience and skill that
are not good test takers (a good friend of mine is one of them).  People
that are not native English speakers can also have problems with these
exams.

It doesn't matter. The Cisco IOS CLI isn't English! ;-)

Seriously, the majority of Cisco software engineers aren't native English 
speakers either.

Priscilla


Many of the certification exams test your ability to memorize command
syntax
(that in real life you'd use the ? for), have trick questions, or flat
out
have poor wording.  To think that these exams are an accurate reflection of
ability is tough to believe.




Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39224t=39172
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco's pps claims [7:38956]

2002-03-22 Thread s vermill 

Priscilla,

No problem specifically.  I think we all face a customer who doesn't really
understand this stuff - but thinks they have it down perfectly.  So I get
questions like:  can that 3620 handle a full T3?  The answer, of course,
is it depends (or perhaps the optimum response would be: ask a better
question).  So my comment was regarding the issue of packets vs.
bits/bytes.  It's rather obvious that a smaller packet size equate to better
pps performance.  But here, as an example, are some numbers from the 3600
series:

3640 w/ FE to HSSI

size:   type:  switching:  performanc:

64  Unidirectional Fast40,500 pps 20.7 Mbps
128 Unidirectional Fast40,000 pps 41.0 Mbps
256 Unidirectional Fast22,000 pps 45.0 Mbps
512 Unidirectional Fast11,900 pps 48.7 Mbps
1518Unidirectional Fast4,200 pps  51.0 Mbps  

Notice the two-fold+ increase in bps between 64 and 1518 byte packets.  I
would guess there are several contributing factors.  Not in any particular
order of importance, it has been mentiond already that there is:

less interframe gap

less header handling (processing)

I guess this is kind of follows from above: 

A lower ratio of header to payload.  As was pointed out, it doesn't take
much to switch the bits once the processing has taken place.  And less
re-encapsulation effor bit for bit.

So I don't think I made any new points on a technical plane, but I was
making note of the fact that the marketing technique somewhat backfires. 
Can that 3600 handle a T3?  Not if all your packets are 64 bytes!


Priscilla Oppenheimer wrote:
 
 At 12:01 PM 3/22/02, s vermill wrote:
 All,
 
 I agree that the industry has settled on pps.
 
 Router and switch vendors use ppp to advertise throughput
 measurements of
 packets through their devices. This is just one minor aspect of
 network
 performance.
 
   And yes, the smaller the
 packet size the greater the number appears.
 
 The vendors do their tests with all packet sizes. They bandy
 about the one
 that's best.
 
 This has nothing to do with actual traffic patterns and isn't a 
 recommendation on packet sizes that should be used, as I'm sure
 you realize.
 
 However, if you look at the
 ratio of header to payload, smaller packet sizes seem to
 result in lower
 throughput as measured in bits or bytes.
 
 What problem are you trying to solve? What performance metric
 are you
 trying to measure?
 
 When measuring application-layer throughput, it's common
 practice not to
 count the headers. The measurement is application-layer bytes
 per second.
 If these bytes are being divided into small chunks and each
 chunk has
 headers that take up bandwidth, then application-layer
 throughput won't be
 so good. If these bytes are divided into larger chunks, then a
 smaller
 percentage of bandwidth is consumed by headers, and
 application-layer
 throughput is better.
 
 Common wisdom used to be to always maximize packet sizes to
 ensure optimum
 application-layer throughput.
 
 Maximum packet sizes can cause excessive serialization delay on
 low-speed
 output interfaces, however. If you have a voice or other
 delay-sensitive
 application, then maybe you shouldn't use maximum packet size.
 Or maybe you
 should use one of the many link fragmentation technologies,
 such as FRF.12.
 
 Again, what problem are you trying to solve?
 
 Priscilla



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39225t=38956
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Free PIX command trainer [7:39226]

2002-03-22 Thread Ole Drews Jensen 

While I am getting ready to take the CSPFA exam, I took on my old programmer
gloves out of my drawer, and created a small application to help myself with
the PIX commands without changing the configuration on my PIX 100 times a
day.

As I always do when I create these kind of applications, I have made this
available for free on my RouterChief site (link below).

Please feel very free to use it and/or some of the other applications. If
you have any questions or if you feel that I have made an error, please let
me know.

There are only 20 questions in there at this time, but if you check back now
and then, you should find some more.

Have a great weekend,

Ole

~
 Ole Drews Jensen
 Systems Network Manager
 CCNP, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]
~
 http://www.RouterChief.com
~
 Need a Job?
 http://www.OleDrews.com/job
~




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39226t=39226
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Ascend isdn router [7:39227]

2002-03-22 Thread Turner, Frederick 

Hi all,
Does anyone know where I can find a schematic design of an Ascend Pipeline
ISDN router?



This message is for the named person's use only. It may contain sensitive
and private proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission. If
you are not the intended recipient, please immediately delete it and all
copies of it from your system, destroy any hard copies of it and notify the
sender. You must not, directly or indirectly, use, disclose, distribute,
print, or copy any part of this message if you are not the intended
recipient. CREDIT SUISSE GROUP and each legal entity in the CREDIT SUISSE
FIRST BOSTON or CREDIT SUISSE ASSET MANAGEMENT business units of CREDIT
SUISSE FIRST BOSTON reserve the right to monitor all e-mail communications
through its networks. Any views expressed in this message are those of the
individual sender, except where the message states otherwise and the sender
is authorized to state them to be the views of any such entity.
Unless otherwise stated, any pricing information given in this message is
indicative only, is subject to change and does not constitute an offer to
deal at any price quoted. Any reference to the terms of executed
transactions should be treated as  preliminary only and subject to our
formal written confirmation.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39227t=39227
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Traffic Analyses [7:39167]

2002-03-22 Thread David j 

There are more options than mrtg, you could use nrg with RRD Tools
Rafay Aslam wrote:
 
 HI Guys
 I wanted to know how much traffic is passing through my T1 or
 how much
 traffic is utilizing my T1 bandwidth. Tell me the most efficent
 and accurate
 way of finding it.
 
 Thanks,
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39228t=39167
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNP exams [7:39172]

2002-03-22 Thread Jose Almodovar 

If you know your stuff you have nothing to worry about.  Just treat it as
any other test, and taken the necessary steps to prepare.  If you can't
handle a change, maybe you should evaluate your career goals, and pay no
attention to those commercials on the radio about IT.  Because change is
inevitable in the IT field.

That framed CCNP certificate on the wall only means something, if you kow
what you are doing.  Ask all those paper MCSE that can't find a job.

And for the bad test taker reason, get real.  If you can read, think, and
put 2 and 2 togther, you can take a test.  It comes down to discipline.



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39229t=39172
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco's pps claims [7:38956]

2002-03-22 Thread Tom Lisa 

Darn, and I was just getting ready to ask if that was packets per pound!
Pound of what? I leave that to your imagination.

Prof. Tom Lisa, CCAI
Community College of Southern Nevada
Cisco ATC/Regional Networking Academy


Priscilla Oppenheimer wrote:

 At 03:30 PM 3/22/02, Priscilla Oppenheimer wrote:
 At 12:01 PM 3/22/02, s vermill wrote:
  All,
  
  I agree that the industry has settled on pps.
 
 Router and switch vendors use ppp to advertise throughput measurements of
 packets through their devices.

 That should say pps! ;-)

 This is just one minor aspect of network
 performance.
 
And yes, the smaller the
  packet size the greater the number appears.
 
 The vendors do their tests with all packet sizes. They bandy about the one
 that's best.
 
 This has nothing to do with actual traffic patterns and isn't a
 recommendation on packet sizes that should be used, as I'm sure you
realize.
 
  However, if you look at the
  ratio of header to payload, smaller packet sizes seem to result in lower
  throughput as measured in bits or bytes.
 
 What problem are you trying to solve? What performance metric are you
 trying to measure?
 
 When measuring application-layer throughput, it's common practice not to
 count the headers. The measurement is application-layer bytes per second.
 If these bytes are being divided into small chunks and each chunk has
 headers that take up bandwidth, then application-layer throughput won't be
 so good. If these bytes are divided into larger chunks, then a smaller
 percentage of bandwidth is consumed by headers, and application-layer
 throughput is better.
 
 Common wisdom used to be to always maximize packet sizes to ensure optimum
 application-layer throughput.
 
 Maximum packet sizes can cause excessive serialization delay on low-speed
 output interfaces, however. If you have a voice or other delay-sensitive
 application, then maybe you shouldn't use maximum packet size. Or maybe
you
 should use one of the many link fragmentation technologies, such as
FRF.12.
 
 Again, what problem are you trying to solve?
 
 Priscilla
 
A larger packet size has a lower
  ratio and thus a greater throughput in raw ones and zeros.  Studies I
have
  seen in the past seem to support that theory.  Any comments on that
 aspect?
  
  Regards,
  
  Scott
  
  Priscilla Oppenheimer wrote:
   
   
The Layer 2 header changes whenever a router forwards a packet.
For one
thing, the Layer-2 destination address changes. The frame goes
to the next hop.
   
The router strips the Layer 2 header on the incoming packet,
figures out
where to forward the frame from a routing table or cache, and
re-encapsulates the frame into a new Layer 2 header. The amount
of
processing required to strip an Ethernet header, figure out the
destination
port and encapsulation, and re-encapsulate into Frame Relay is
essentially
the same as the amount of overhead required to strip an
Ethernet header,
figure out the destination port and encapsulation, and
re-encapsulate into
an Ethernet header.
   
Marc's point was that the amount of overhead is also the same
regardless of
the packet size. The job must be done whether it's a 46-byte or
1500-byte
packet. And I like the way he said that shovelling the rest of
the packet
through is low overhead. That's true.
   
Keep in mind, however, that the packets-per-second ratings are
just vendor
marketing departments trying to one up their competitors. So,
they post
the results of testing with 64 byte packets because that makes
the number
higher. More packets are coming in to get processed. Long
packets take
longer, not because of extra processing, but simply because of
serialization delay.
   
It's like a relay in a train-switching system. The relay
doesn't have to do
more work for long trains with many cars. But it still takes
longer to get
a long train through the relay than it does to get a short
train through it.
   
Priscilla
   
   
   
   
   
--- Marc Thach Xuan Ky
wrote:
  Sam,
  I think the question is: what is your average packet
  size?  Using
  process or fast switching I should think that the
  packet size is almost
  irrelevant to the router.  I have benchmarked many
  PCs and NICs running
  certain routing software.  On a PCI bus PC the pps
  difference between 64
  and 1518 octet frames was in the order of ten to
  twenty percent, i.e.
  the routing decision consumes the bulk of the CPU
  bandwidth, shovelling
  the rest of the packet through is low-overhead.
  Marc
 
  sam sneed wrote:
  
   I noticed Cisco uses pps when they give their
  specs for routers, firewalls,
   etc. What is the assumed packet size when they
  come up with these specs?
  I'm
   planning on using 2 2621's in HSRP mode (getting

VPN Setup - Pix 515 and Pix 501 - The Same? [7:39230]

2002-03-22 Thread Audy Bautista 

Hope someone could answer this simple question.

A few months back, I was able to setup VPN on a Pix 515.  I just bought me a
Pix 501 for my house.  Are the VPN configs the same on a 501 as on a 515?
The software is the same version, and it appears to be the same, but I just
want to make sure before I break my head over this setup.  Thanks


Audy Bautista
Network Engineer, IT Services
Hold Brothers On-Line Investment Services, Inc.
(201) 499-8764
[EMAIL PROTECTED]

A job worth doing is a job worth doing well




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39230t=39230
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco's pps claims [7:38956]

2002-03-22 Thread Howard C. Berkowitz 

At 03:30 PM 3/22/02, Priscilla Oppenheimer wrote:
At 12:01 PM 3/22/02, s vermill wrote:
  All,
  
   I agree that the industry has settled on pps.

Take a look at http://www.ietf.org/html.charters/bmwg-charter.html. 
BMWG is the IETF group that sets objective criteria for testing, 
although, to quote Randy Bush at the meeting this week, it is beyond 
the power of the IETF to control marketdroids.  Definitely read RFC 
2544.

Throughput is bad enough...I'm dealing with the fun of convergence 
benchmarking!


  
Router and switch vendors use ppp to advertise throughput measurements of
packets through their devices.

That should say pps! ;-)

This is just one minor aspect of network
performance.

And yes, the smaller the
  packet size the greater the number appears.

The vendors do their tests with all packet sizes. They bandy about the one
that's best.

This has nothing to do with actual traffic patterns and isn't a
  recommendation on packet sizes that should be used, as I'm sure you
realize.

Good characterization of packet sizes in a general environment, even 
a large enterprise, is NOT a trivial problem.

  
  However, if you look at the
  ratio of header to payload, smaller packet sizes seem to result in lower
  throughput as measured in bits or bytes.

What problem are you trying to solve? What performance metric are you
trying to measure?

When measuring application-layer throughput, it's common practice not to
count the headers. The measurement is application-layer bytes per second.
If these bytes are being divided into small chunks and each chunk has
headers that take up bandwidth, then application-layer throughput won't be
so good. If these bytes are divided into larger chunks, then a smaller
percentage of bandwidth is consumed by headers, and application-layer
throughput is better.

Common wisdom used to be to always maximize packet sizes to ensure optimum
application-layer throughput.

Maximum packet sizes can cause excessive serialization delay on low-speed
output interfaces, however. If you have a voice or other delay-sensitive
application, then maybe you shouldn't use maximum packet size. Or maybe you
should use one of the many link fragmentation technologies, such as FRF.12.

Again, what problem are you trying to solve?

Priscilla

A larger packet size has a lower
  ratio and thus a greater throughput in raw ones and zeros.  Studies I
have
  seen in the past seem to support that theory.  Any comments on that
aspect?
  
  Regards,
  
  Scott
  
  Priscilla Oppenheimer wrote:
   
   
The Layer 2 header changes whenever a router forwards a packet.
For one
thing, the Layer-2 destination address changes. The frame goes
to the next hop.
   
The router strips the Layer 2 header on the incoming packet,
figures out
where to forward the frame from a routing table or cache, and
re-encapsulates the frame into a new Layer 2 header. The amount
of
processing required to strip an Ethernet header, figure out the
destination
port and encapsulation, and re-encapsulate into Frame Relay is
essentially
the same as the amount of overhead required to strip an
Ethernet header,
figure out the destination port and encapsulation, and
re-encapsulate into
an Ethernet header.
   
Marc's point was that the amount of overhead is also the same
regardless of
the packet size. The job must be done whether it's a 46-byte or
1500-byte
packet. And I like the way he said that shovelling the rest of
the packet
through is low overhead. That's true.
   
Keep in mind, however, that the packets-per-second ratings are
just vendor
marketing departments trying to one up their competitors. So,
they post
the results of testing with 64 byte packets because that makes
the number
 higher. More packets are coming in to get processed. Long
packets take
longer, not because of extra processing, but simply because of
serialization delay.
   
It's like a relay in a train-switching system. The relay
doesn't have to do
more work for long trains with many cars. But it still takes
longer to get
a long train through the relay than it does to get a short
train through it.
   
Priscilla
   
   
   
   
   
--- Marc Thach Xuan Ky
wrote:
  Sam,
  I think the question is: what is your average packet
  size?  Using
  process or fast switching I should think that the
  packet size is almost
  irrelevant to the router.  I have benchmarked many
  PCs and NICs running
  certain routing software.  On a PCI bus PC the pps
  difference between 64
  and 1518 octet frames was in the order of ten to
  twenty percent, i.e.
  the routing decision consumes the bulk of the CPU
  bandwidth, shovelling
  the rest of the packet through is low-overhead.
  Marc
 
  sam sneed wrote:
  
   I noticed Cisco uses pps when they

RE: Blocking OSPF LSA [7:39191]

2002-03-22 Thread Kris Keen 

I too would look at area  stub no-summary, this will only propogate a
default route and will not not allow Type 3 LSA's into your area...

Or remove OSPF and just add static routes!


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39233t=39191
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

  1   2   >