TRANSCENDER AVAIABLE [7:43924]
hi i have the following transcender,troytech,ucertify,cheetsheet,boson,learnkey if you need it mail me [EMAIL PROTECTED] company exam no: product name Cisco 640-507 AssociateCert 2.0 Cisco 640-505 RemoteAccessCert 1.0 Cisco 640-503 RoutingCert 1.0 Cisco 640-506 SupportCert 1.0 Cisco 640-504 SwitchingCert 1.0 CIW 1D0-420 DesignerCert 1.0 CIW 1D0-425 E-DesignerCert 1.0 CIW 1D0-410 FoundationsCert 1.0 CompTIA 220-221 Aઊ� 2.0 CompTIA 220-222 ACert 2.0 CompTIA IK0-001 i-Net৪ 1.0 CompTIA XK0-001 Linux৪ 1.0 CompTIA N10-002 Network৪ 2.0 CompTIA SK0-001 Server৪ 1.0 Microsoft 70-016 Cꮷ뉋 6.0 Microsoft 70-015 Cꮷ닚 6.0 Microsoft 70-057 CommerceCert 3.0 Microsoft 70-152 DevCert 6.0 Microsoft 70-217 DirectoryCert/Admin 2000 Microsoft 70-219 DirectoryCert/Design 2000 Microsoft 70-081 ExchangeCert 5.5a Microsoft 70-224 ExchangeCert/Admin 2000 Microsoft 70-225 ExchangeCert/Design 2000 Microsoft 70-080 ExplorerCert 5.0 Microsoft 70-227 ISA-Cert 1.0 Microsoft 70-244 MaintainCert 4.0 Microsoft 70-218 ManageCert 2000 5.0 Microsoft 70-222 MigrateCert 2000 Microsoft 70-216 NetCert/Admin 2000 Microsoft 70-221 NetCert/Design 2000 Microsoft 70-210 ProCert 2000 Microsoft 70-270 ProCert 6.0 for Windows XP Microsoft 70-088 ProxyCert 2.0a Microsoft 70-220 SecurityCert 2000 Microsoft 70-215 ServerCert 2000 Microsoft 70-056 SiteCert 3.0 Microsoft 70-086 SMS-Cert 2.0 Microsoft 70-100 SolutionCert 3.0 Microsoft 70-228 SQL-AdminCert 2000 Microsoft 70-028 SQL-AdminCert 7.0 Microsoft 70-019 SQL-DataCert 7.0 Microsoft 70-229 SQL-DesignCert 2000 Microsoft 70-029 SQL-DesignCert 7.0 Microsoft 70-176 VB-Cert/Desktop 6.0 Microsoft 70-175 VB-Cert/Distributed 6.0 Microsoft 70-091 VBA-Cert 6.0 Microsoft 70-098 Win98Cert 5.0 Novell 50-653 NWCert/Admin 5.1 Novell 50-654 NWCert/Advanced 5.1 Novell 50-659 NWCert/Design 5.1 Novell 50-658 NWCert/Support 5.1 Novell 50-649 NWCert/TCP/IP 5.0 Novell 50-632 NWCert/Tech 5.1 Oracle 1Z0-031 DBCert/Fundamentals I 9.0 Oracle 1Z0-032 DBCert/Fundamentals II 9.0 Oracle 1Z0-007 DBCert/SQL 9.0 Sun 310-011 SolCert/Admin I 8.0 lee -- ___ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43924&t=43924 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
require module info on 3600 series router [7:43925]
Hi everybody, I am here in Pakistan and we have E1 running at our ISP setup. OUR Telco provide E1 facility on G703/704I want to terminate these E1 lines directly into my router currently I am using CISCO 5300 for that purpose but I need compatiable module for my 3600 series routers as well can anyone tell me the module details or module number to use in my router I will be very thankful to the person/s. Regards, Amir Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43925&t=43925 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Transcender Avaiable[tran1@post.com] [7:43923]
hi i have the following transcender,troytech,ucertify,cheetsheet,boson,learnkey if you need it mail me [EMAIL PROTECTED] company exam no: product name Cisco 640-507 AssociateCert 2.0 Cisco 640-505 RemoteAccessCert 1.0 Cisco 640-503 RoutingCert 1.0 Cisco 640-506 SupportCert 1.0 Cisco 640-504 SwitchingCert 1.0 CIW 1D0-420 DesignerCert 1.0 CIW 1D0-425 E-DesignerCert 1.0 CIW 1D0-410 FoundationsCert 1.0 CompTIA 220-221 Aઊ� 2.0 CompTIA 220-222 ACert 2.0 CompTIA IK0-001 i-Net৪ 1.0 CompTIA XK0-001 Linux৪ 1.0 CompTIA N10-002 Network৪ 2.0 CompTIA SK0-001 Server৪ 1.0 Microsoft 70-016 Cꮷ뉋 6.0 Microsoft 70-015 Cꮷ닚 6.0 Microsoft 70-057 CommerceCert 3.0 Microsoft 70-152 DevCert 6.0 Microsoft 70-217 DirectoryCert/Admin 2000 Microsoft 70-219 DirectoryCert/Design 2000 Microsoft 70-081 ExchangeCert 5.5a Microsoft 70-224 ExchangeCert/Admin 2000 Microsoft 70-225 ExchangeCert/Design 2000 Microsoft 70-080 ExplorerCert 5.0 Microsoft 70-227 ISA-Cert 1.0 Microsoft 70-244 MaintainCert 4.0 Microsoft 70-218 ManageCert 2000 5.0 Microsoft 70-222 MigrateCert 2000 Microsoft 70-216 NetCert/Admin 2000 Microsoft 70-221 NetCert/Design 2000 Microsoft 70-210 ProCert 2000 Microsoft 70-270 ProCert 6.0 for Windows XP Microsoft 70-088 ProxyCert 2.0a Microsoft 70-220 SecurityCert 2000 Microsoft 70-215 ServerCert 2000 Microsoft 70-056 SiteCert 3.0 Microsoft 70-086 SMS-Cert 2.0 Microsoft 70-100 SolutionCert 3.0 Microsoft 70-228 SQL-AdminCert 2000 Microsoft 70-028 SQL-AdminCert 7.0 Microsoft 70-019 SQL-DataCert 7.0 Microsoft 70-229 SQL-DesignCert 2000 Microsoft 70-029 SQL-DesignCert 7.0 Microsoft 70-176 VB-Cert/Desktop 6.0 Microsoft 70-175 VB-Cert/Distributed 6.0 Microsoft 70-091 VBA-Cert 6.0 Microsoft 70-098 Win98Cert 5.0 Novell 50-653 NWCert/Admin 5.1 Novell 50-654 NWCert/Advanced 5.1 Novell 50-659 NWCert/Design 5.1 Novell 50-658 NWCert/Support 5.1 Novell 50-649 NWCert/TCP/IP 5.0 Novell 50-632 NWCert/Tech 5.1 Oracle 1Z0-031 DBCert/Fundamentals I 9.0 Oracle 1Z0-032 DBCert/Fundamentals II 9.0 Oracle 1Z0-007 DBCert/SQL 9.0 Sun 310-011 SolCert/Admin I 8.0 lee Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43923&t=43923 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VUE vs Sylvan [7:43579]
Same pool of questions... So does not matter I was ready to use VUE but they have hard and fast rules regarding rescheduling... I missed my scheduled CCIE test (Death in Family) and ask for a reschedule date at THEIR discretion... I was told my personal problem was not their problem! Needless to say Sylvan will get all my follow on business... and anyone I can tell my story to! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 08, 2002 1:59 AM To: [EMAIL PROTECTED] Subject: VUE vs Sylvan [7:43579] Hi there! Took the CCIE Written yesterday at VUE and faild. And, I will schedule at Prometric. Does anyone know? I'm assuming the Cisco exams are written by Cisco and so it doesn't matter if you use Sylvan or VUE. It that right? TIA David. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43922&t=43579 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Committed Access Rate [7:43757]
If you want good voice, then don't burst above CIR...otherwise, provider is allowed to throw away the packets...He has no idea which are voice and which are data. You absolutely don't want your voice packets dumped or your voice quality will suffer. You should look at LLQ. Apply inside CBWFQ. Turn on traffic shaping on the frame interface. Apply your service policy to your FRTS map-class config. And again, shape down to prevent bursts (of course you need to get rid of that 0 CIR). Fundamentally, the benefits of frame are in direct contrast to good network design for voice. My 2 cents... Chris ""Gene Volpe"" wrote in message news:[EMAIL PROTECTED]... > I have a customer who needs to prioritze his voice over his frame relay > network. They have a PBX on each LAN and a switch that is setting the DSCP > bit in all the traffic coming from the PBX to a value of 6. > > I think it would be easy enough to just set up priority queueing with a > match on the DSCP field, but the customer is pushing for CAR. Anyone have > any feelings on the subject and if so, how would I configure the CAR, as far > as the bps rates go? The circuit has a CIR of 0 (I know, I know!!) and a > burst of a full T. > > Assume that they will not be upgrading the CIR. > > Thanx in advance, > -Gene Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43920&t=43757 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: GRE vs. IPIP tunnels [7:43744]
Using Gre allows one to encapusulate multiple protocols across the tunnel . regards, Jason Yee --- ira wrote: > Hallo list, > > What is the difference btw. GRE tunnel and IP-IP > tunnel? > Why should I use one and not the other and when? > I am currently using GRE tunnels . > Thanks. > > __ > Do You Yahoo!? > Yahoo! Shopping - Mother's Day is May 12th! > http://shopping.yahoo.com [EMAIL PROTECTED] __ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43919&t=43744 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX 501 Ver 6.1 [7:43896]
Or from a different perspective... even though it may not be technically correct... consider the "Inside" interface to be a Virtual or Logical interface, rather than a Physical Interface. Is that safe to say?!?! ... and this only applies to the PIX 501. Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of CiscoB Sent: Friday, May 10, 2002 7:40 PM To: [EMAIL PROTECTED] Subject: Re: PIX 501 Ver 6.1 [7:43896] Those ports are switched ports of the inside interface. Envision those four ports as being a single port representing the inside interface. So you only have (2) interfaces avaiable (the inside and the outside). thanks, -Brad Ellis CCIE#5796 (R&S / Security) Network Learning Inc [EMAIL PROTECTED] www.optsys.net (Cisco hardware) ""Jablonski, Michael"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I'm trying to configure ethernet 2-4 on a PIX 501 (3DES), but it comes back > saying only 2 interfaces are active. When I do a show version it say > "maximum interfaces: 2" Am I missing something or what? Please lemme > know!!! > > Thanx, > mkj > > ~~~ > Michael Jablonski > ABN AMRO Asset Management Holdings, Inc. > 161 North Clark St. > 9th Flr > Chicago, IL 60601-2468 > PH: 312.884.2996 > FAX: 312.278.5550 > ~~~ > > > This message (including any attachments) is confidential and may be > privileged. If you have received it by mistake please notify the sender > by return e-mail and delete this message from your system. Any > unauthorized use or dissemination of this message in whole or in part > is strictly prohibited. Please note that e-mails are susceptible to > change. ABN AMRO Bank N.V. (including its group companies) shall not be > responsible nor liable for the proper and complete transmission of the > information contained in this communication nor for any delay in its > receipt or damage to your system. ABN AMRO Bank N.V. (or its group > companies) does not guarantee that the integrity of this communication > has been maintained nor that this communication is free of viruses, > interceptions or interference. > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43917&t=43896 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISP Topology Design [7:43836]
""dre"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >> You also might want to check out Barry Greene / Philip Smith's > new CiscoPress book, "Cisco ISP Essentials" and the website, > http://www.ispbook.com/ I heard the book is partially based on the papers from this link: http://www.cisco.com/public/cons/isp/essentials/ HTHs Kent Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43918&t=43836 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISP Topology Design [7:43836]
At 6:32 PM -0400 5/10/02, dre wrote: >""Chris Headings"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >> We are an ISP in So. Cal. We are gearing up to open other offices in >> bewteen Arizona and Ca... >> >> We are trying to decide what would be the best way of intergrating our ISP >> network...like... >> >> Should we just continue to use our one ASN and have all traffic come back >to >> the Global NOC, or should get new ASN's for each location??? > >Philip Smith's Multihoming NANOG presentation covers disconnected backbones >and ASN usage. There's also the "IOS Essentials Every ISP Should Know," the URL for which I don't have handy but is at Cisco, as well as the ISP Workshop series. > >> Should we be using IS-IS, IBGP/EBGP, OSPF as the protocol to link all >remote >> locations??? > >Yes. If you can afford it (and I can't see why you wouldn't be able to), >you should >have all routers take part in IBGP. Just to clarify something I'm sure dre well knows, having all routers participate in iBGP doesn't mean they have to be in a flat topology. The rough rule of thumb has long been you don't want more than 20-30 BGP sessions of any type on one physical router, which is the motivation for iBGP scalability techniques such as confederations and route reflectors. Of course, this is a worst-case number, tending to assume full routes and a lot of churn. You could probably get away with a good deal more if you're just having eBGP connections to customers advertising their own routes and accepting default. Some of the scalability issues are in the IETF BMWG drafts (http://www.ietf.org/html.charters/bmwg-charter.html). We've done eBGP first, but the terminology draft is relevant to both eBGP and iBGP, and the appendix to the eBGP methodology draft gives some typical sizing. >Doesn't matter about the IGP, some >people >prefer IS-IS, and others prefer OSPF. GlobalCrossing and AboveNet (and >probably >other ISP's) had to move to IS-IS eventually, and migration is terrible. If >you have >the knowledge or time to invest in IS-IS, I would suggest looking into that >as an option >before your network grows too large. Fortunately, there are a lot of really >good >resources out there today (for both IS-IS and OSPF, actually ;> ). > >> Obviously cost in an issue, but throwing cost out the door, what is the >> ideal way of linking ALL offices, using a good level of redundancy and >great >> preformance... > >Metro Ethernet and wavelength services make purchasing distance bandwidth a >lot >easier. Co-location has also come a long way, making transit and peering >very easy >and cost effective. You are no longer being forced to connect into some >strange, >unknown remote POP via costly (and difficult to provision) SONET circuits >and router >interfaces. Look into your Exchange Points and Metro Providers (CLEC's for >fiber and >optical wavelengths) possibilities. Very valid points. There's a lot of discussion of exchange points at www.ripe.net. Exchange points operated by many organizations are more common in Europe than in the US, and indeed there's now a European Exchange Operators Forum (or something along those lines -- you can find it at RIPE). When doing these things, also think about local loop diversity. -- "What Problem are you trying to solve?" ***send Cisco questions to the list, so all can benefit -- not directly to me*** Howard C. Berkowitz [EMAIL PROTECTED] Chief Technology Officer, GettLab/Gett Communications http://www.gettlabs.com Technical Director, CertificationZone.com http://www.certificationzone.com "retired" Certified Cisco Systems Instructor (CID) #93005 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43916&t=43836 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Policy Routing Resources.. [7:43915]
Hey guys, If anybody has any good links or reading material on Policy routing please respond to this posting. I really want to get it down. Ive searched everywehere and found about 3 links on the Cisco Website with pertinent information. If anybody knows where i can find all about policy routing just reply.. Thanx again my fellow Technologists!!! TIA.. =0) Rudy B Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43915&t=43915 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MCNS exam material [7:43505]
The book is MORE than enough. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43912&t=43505 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: R/S recert [7:43890]
If you are going the security recert route, I can help you there. thanks, -Brad Ellis CCIE#5796 (R&S / Security) Network Learning Inc [EMAIL PROTECTED] www.optsys.net (Cisco hardware) ""John Conzone"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Any sites, boards or study material for the CCIE R/S recert written tests? > Seems like an area thatno one has got covered. > > Thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43911&t=43890 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISP Topology Design [7:43836]
At 6:32 PM -0400 5/10/02, dre wrote: >""Chris Headings"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >> We are an ISP in So. Cal. We are gearing up to open other offices in >> bewteen Arizona and Ca... >> >> We are trying to decide what would be the best way of intergrating our ISP >> network...like... >> >> Should we just continue to use our one ASN and have all traffic come back >to >> the Global NOC, or should get new ASN's for each location??? > >Philip Smith's Multihoming NANOG presentation covers disconnected backbones >and ASN usage. There's also the "IOS Essentials Every ISP Should Know," the URL for which I don't have handy but is at Cisco, as well as the ISP Workshop series. > >> Should we be using IS-IS, IBGP/EBGP, OSPF as the protocol to link all >remote >> locations??? > >Yes. If you can afford it (and I can't see why you wouldn't be able to), >you should >have all routers take part in IBGP. Just to clarify something I'm sure dre well knows, having all routers participate in iBGP doesn't mean they have to be in a flat topology. The rough rule of thumb has long been you don't want more than 20-30 BGP sessions of any type on one physical router, which is the motivation for iBGP scalability techniques such as confederations and route reflectors. Of course, this is a worst-case number, tending to assume full routes and a lot of churn. You could probably get away with a good deal more if you're just having eBGP connections to customers advertising their own routes and accepting default. Some of the scalability issues are in the IETF BMWG drafts (http://www.ietf.org/html.charters/bmwg-charter.html). We've done eBGP first, but the terminology draft is relevant to both eBGP and iBGP, and the appendix to the eBGP methodology draft gives some typical sizing. >Doesn't matter about the IGP, some >people >prefer IS-IS, and others prefer OSPF. GlobalCrossing and AboveNet (and >probably >other ISP's) had to move to IS-IS eventually, and migration is terrible. If >you have >the knowledge or time to invest in IS-IS, I would suggest looking into that >as an option >before your network grows too large. Fortunately, there are a lot of really >good >resources out there today (for both IS-IS and OSPF, actually ;> ). > >> Obviously cost in an issue, but throwing cost out the door, what is the >> ideal way of linking ALL offices, using a good level of redundancy and >great >> preformance... > >Metro Ethernet and wavelength services make purchasing distance bandwidth a >lot >easier. Co-location has also come a long way, making transit and peering >very easy >and cost effective. You are no longer being forced to connect into some >strange, >unknown remote POP via costly (and difficult to provision) SONET circuits >and router >interfaces. Look into your Exchange Points and Metro Providers (CLEC's for >fiber and >optical wavelengths) possibilities. Very valid points. There's a lot of discussion of exchange points at www.ripe.net. Exchange points operated by many organizations are more common in Europe than in the US, and indeed there's now a European Exchange Operators Forum (or something along those lines -- you can find it at RIPE). When doing these things, also think about local loop diversity. -- "What Problem are you trying to solve?" ***send Cisco questions to the list, so all can benefit -- not directly to me*** Howard C. Berkowitz [EMAIL PROTECTED] Chief Technology Officer, GettLab/Gett Communications http://www.gettlabs.com Technical Director, CertificationZone.com http://www.certificationzone.com "retired" Certified Cisco Systems Instructor (CID) #93005 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43910&t=43836 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX 501 Ver 6.1 [7:43896]
Those ports are switched ports of the inside interface. Envision those four ports as being a single port representing the inside interface. So you only have (2) interfaces avaiable (the inside and the outside). thanks, -Brad Ellis CCIE#5796 (R&S / Security) Network Learning Inc [EMAIL PROTECTED] www.optsys.net (Cisco hardware) ""Jablonski, Michael"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I'm trying to configure ethernet 2-4 on a PIX 501 (3DES), but it comes back > saying only 2 interfaces are active. When I do a show version it say > "maximum interfaces: 2" Am I missing something or what? Please lemme > know!!! > > Thanx, > mkj > > ~~~ > Michael Jablonski > ABN AMRO Asset Management Holdings, Inc. > 161 North Clark St. > 9th Flr > Chicago, IL 60601-2468 > PH: 312.884.2996 > FAX: 312.278.5550 > ~~~ > > > This message (including any attachments) is confidential and may be > privileged. If you have received it by mistake please notify the sender > by return e-mail and delete this message from your system. Any > unauthorized use or dissemination of this message in whole or in part > is strictly prohibited. Please note that e-mails are susceptible to > change. ABN AMRO Bank N.V. (including its group companies) shall not be > responsible nor liable for the proper and complete transmission of the > information contained in this communication nor for any delay in its > receipt or damage to your system. ABN AMRO Bank N.V. (or its group > companies) does not guarantee that the integrity of this communication > has been maintained nor that this communication is free of viruses, > interceptions or interference. > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43909&t=43896 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP604-503 ( Routing Exam) [7:43895]
Buy the Cisco Press BSCN book... it has more information than you will need, but worth the price. BUT, since you are taking the exam next week, I doubt you have time to read the entire book... so I would go to CCO and look at the exam outline, and cram from online resources. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43908&t=43895 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX 501 Ver 6.1 [7:43896]
On the 501 it only has 2 interfaces. The inside and the outside. The other 4 ports are switch ports and they are not configurable. Thanks Larry -Original Message- From: Jablonski, Michael [mailto:[EMAIL PROTECTED]] Sent: Friday, May 10, 2002 4:44 PM To: [EMAIL PROTECTED] Subject: PIX 501 Ver 6.1 [7:43896] I'm trying to configure ethernet 2-4 on a PIX 501 (3DES), but it comes back saying only 2 interfaces are active. When I do a show version it say "maximum interfaces: 2" Am I missing something or what? Please lemme know!!! Thanx, mkj ~~~ Michael Jablonski ABN AMRO Asset Management Holdings, Inc. 161 North Clark St. 9th Flr Chicago, IL 60601-2468 PH: 312.884.2996 FAX: 312.278.5550 ~~~ This message (including any attachments) is confidential and may be privileged. If you have received it by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly prohibited. Please note that e-mails are susceptible to change. ABN AMRO Bank N.V. (including its group companies) shall not be responsible nor liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt or damage to your system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that the integrity of this communication has been maintained nor that this communication is free of viruses, interceptions or interference. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43907&t=43896 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: easy VPN tutorial ... [7:43901]
If your "VPN Client" is behind a Router, such as a DSL/Cablemodem Router for the home, you will need to make sure that the device allows NAT, and you configure a static map from a public IP to the private IP of the host in question. Otherwise, you will experience the problems your describing. I've been working on establishing VPN Dynamic and Static connections with every possible combination cisco has documented for just one of my clients... and what I mentioned above has been the common rule. I've successfully gotten the PIX to VPN Client (3.5.1C)(Dynamic Tunnel Establishment), PIX to PPTP Client (Dynamic Tunnel Establishment), and PIX to PIX VPN (Static Tunnel Establishment) scenario to work, but the common denominator has been that both ends have to have Public Static IPs to get the tunnels to work. If the Client end doesn't come up, it's usually because of PAT, rather than NAT on the client end that is stopping it. I'll be working on tring to get the PIX to PIX Dynamic VPN scenario working this weekend... but again, that will be a challenge, due to the Client PIX being behind a CableModem. Your best bet for configuring your scenario is CCO; do a search for Security Tips, and then go through the numerous config samples until you find the one that matches your scenario... it should be pretty straight forward, and have troubleshooting tips at the end of each scenario. If you have any more questions, feel free to ask! Disclaimer: I am not a PIX expert, but have gained some interesting experience recently on the subject, so I may be able to help. :) If you've got a SmartNet contract, or you have a valid warranty on the PIX... call TAC! They are top notch with this stuff, and can get you going quickly... -Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Paul Doyle Sent: Friday, May 10, 2002 5:26 PM To: [EMAIL PROTECTED] Subject: easy VPN tutorial ... [7:43901] Does anyone know of any websites with an easy to follow guide, or easy steps for creating 'client to Pix VPN' ??? I'm having difficulty setting this up ... I've even tried PPTP with no authentication without success ... I am using ver 6.1 for the Pix and 3.5 for the Cisco VPN client ... Any help or suggestions would be greatly welcomed ... Kind regards ... Paul ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43906&t=43901 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What to do........ 2 parts [7:43843]
Jason Being as I am in a similar position to you in that I have completed all of the exams for CCNP (still awaiting results from support beta exam) I can tell you what I am have been doing and am planning. I will let you decide if this is relevent or useful to you. 1) First of all as I have been using VPN concentrator and pix systems for a while now and using IPSEC for a lot longer (hand crafting and debugging IPSEC tunnels between OpenBSD systems) I figured that it shouldnt be too big a step to pass the CSS1 exams and took the four exams last month. The only difficult bit was trying to learn about the IDS system without access to any cisco IDS kit (too expensive to buy for home use, and it would be unprofessional to recommend it for work). So now I am a CSS1 (and it is only a 1/4 paper cert :-). 2) Figuring that my experience is more appropriate to a Security CCIE rather than a routing and switching CCIE (in particular as far as the non ip desktop protocols are concerned) I am going to go for the CCIE Security written exam next month. 3) Based on the blueprints for the CCIE exams I also figure that there are certain areas in which my knowledge and experience is weak - particularly Packet Telephony, IS-IS (and to a lesser extent BGP), QOS, and MPLS I am planning some extra study in those areas. As these all are components of the various CCIP exams I have planned on taking the matching CCIP exams to validate my study at each step in the study plan (PKTEL, MCAST+QOS, BCSI (includes IS-IS and gives me a chance to revalidate my BGP knowledge), and MPLS. If I fail any of these exams (or even pass with too low a pass mark) I will postpone my CCIE written until I can be confident I am close to having an adequate level of knowledge and skill in the relevant area (and have validated my knowledge with a corresponding exam). 4) Even after all of the above I am sure I will have some weak areas and may fail the written exam. In which case I will revisit my weak areas and spend more time on them. 5) Assuming I get through the the written exam I plan to spend more time on study and 'practice' with a view to taking the lab exam towards the end of the year. As to lab kit I have worked with cisco kit for about 4 years (2500, 2600, 3600, cat 2900/3500, cat4k, PIX, VPN 3000 series) with about 25% of my responsibilities involving this network kit. In addition to this I have two 2500s, a Cat 2820 and a PIX 501 (I love these things) at home. As part of my cert plans I am adding a few 2500s, some 4500s a Cat 3900 and an Etherswitch 2200 (runs cat5k OS) with appropriate interfaces for my lab practice. With these I will be able to 'play' with a number of features that I currently cant. With my budget there is no real way I can get hold of equipment for some stuff (ATM, MPLS label switch routers etc), for these I will have to rely on online virtual labs and when nearer to the practical exam to real hands on lab rental. I am sure there will be some on this list who may have some comments on whether I will classify as a lab rat or not, and perhaps on the short time I am cramming a lot of this into (and I havent even mentioned the CISSP exam in I am taking two weeks time), but I have a number of time constraints that are applicable (not least of which is the likely ending of my current employment on June 28th - sometimes it sucks when your employer is acquired by a bigger company). Hope this helps Peter --On Friday, May 10, 2002 12:39 PM -0400 "Kleberg, Jason" wrote: > this is a 2 part question that I hope to hear everyone's opinion on. > > 1. What to do next? Im done with ccnp, is it worth it to move to > ccda\dp, what about css1, or just shoot for the ccie. i know that ccie > will cost the most by far, and the others could give me more of a > foundation to build on for ccie, but is it worth the wait or would you > reccomend i just start buckleing down for the IE? SO MANY QUESTIONS > > > 2. If I do start to study for CCIE, what kind of a lab should I build > I probably wont take the lab for 12-18 months and the equipment list could > change(token,atm,4500,2500,cat5k) What are the safest bets, or if someone > could give me a link to a diagram of a very current lab i could plan from > that. I think 2600,3600 are safe,, what else is a sure bet to be around? > Is the set based switch going to make it? What is the best or least > expensive ios based switch that you can train from?(cat x9xx layer 3?) I > could really use some help here and i look forward to hearing from you > all. > > Thanks > > Jason > Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43905&t=43843 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: URGENT: Router crashes frequently [7:43711]
First, the traceback -Traceback= 60EC68D4 60EDD6B8 60EC74E0 60EBD4CC 60E9FE34 60EADCE8 6043407C 60434068 can be decoded by symbol files by Cisco and that will pin point what the problem is. When you say "Flash" you mean the external PCMCIA flash card, right? It is used only during the boot process. I assume here is what you are doing: you have 12.2T on the flash and you load router from it. If the image on the flash has problem and if you remove it, router might load the backup copy of IOS. The problemed image is on the card and anywhere you take it, problem goes with it. Did you verify after remocving the flash that what version it boots with and from where it came? Also, try removing all modules out and just reboot the chasis. It is very likely that image has some problem. I have seen similar problems with 12.2T with Enhanced ATM cards, specially when PVCs are configured. This could be a bug also. /Nadeem Hamid Ali Asgari wrote: > Thnaks for the replies. > > It's very strange. I replaced the FLASH and everything got OK. I put > the FLASH to another router and that router got the same problem. > > I thought FLASH is only used during the Boot Process to get the IOS. > What makes this strange is that the router won't restart when it > isn't in service. I pinged the router for 3 hours and it didn't > restart. As soon as I routed VoIP calls to the gateway and the > gateway is in service, It will restart after a while. > > Any ideas? > > Hamid > > --- "lijingyu (Jingyu,Li)" wrote: > > Hi, > >You'd better check your hardware,especially NM-2V module. > >I'd ever used NM-2V + 2E&M with C3640,it was always rebooting > > and come into ROM.The IOS is OK,but when I checked my NM-2V > > module,the chip was burned.After changing a new one,it works well. > > > > > > Jingyu Li > > --ACE,CCNA > > > > PS: > > The following messages are taken from my log database,it displays > > the process of my question. > > May it useful for you. > > > > - cut here > > System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) > > Copyright (c) 1999 by cisco Systems, Inc. > > TAC:Home:SW:IOS:Specials for info > > C2600 platform with 32768 Kbytes of main memory > > > > program load complete, entry point: 0x80008000, size: 0x617b90 > > Self decompressing the image : > > # > > > > > > > > > > > > > > > > > > > > > > > > > > ## [OK] > > > > Restricted Rights Legend > > > > Use, duplication, or disclosure by the Government is > > subject to restrictions as set forth in subparagraph > > (c) of the Commercial Computer Software - Restricted > > Rights clause at FAR sec. 52.227-19 and subparagraph > > (c) (1) (ii) of the Rights in Technical Data and Computer > > Software clause at DFARS sec. 252.227-7013. > > > >cisco Systems, Inc. > >170 West Tasman Drive > >San Jose, California 95134-1706 > > > > > > > > Cisco Internetwork Operating System Software > > IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(5)T1, RELEASE > > SOFTWARE (fc1) > > > > Copyright (c) 1986-1999 by cisco Systems, Inc. > > Compiled Tue 17-Aug-99 14:39 by cmong > > Image text-base: 0x80008088, data-base: 0x80B5E15C > > > > > > *** System received a SegV exception *** > > signal= 0xb, code= 0x100, context= 0x810fe118 > > PC = 0x802b5998, Vector = 0x100, SP = 0x811578a0 > > > > System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) > > Copyright (c) 1999 by cisco Systems, Inc. > > TAC:Home:SW:IOS:Specials for info > > C2600 platform with 32768 Kbytes of main memory > > Self decompressing the image : > > # > > > > > > > > > > > > > > > > > > > > > #
Re: ISP Topology Design [7:43836]
""Chris Headings"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > We are an ISP in So. Cal. We are gearing up to open other offices in > bewteen Arizona and Ca... > > We are trying to decide what would be the best way of intergrating our ISP > network...like... > > Should we just continue to use our one ASN and have all traffic come back to > the Global NOC, or should get new ASN's for each location??? Philip Smith's Multihoming NANOG presentation covers disconnected backbones and ASN usage. > Should we be using IS-IS, IBGP/EBGP, OSPF as the protocol to link all remote > locations??? Yes. If you can afford it (and I can't see why you wouldn't be able to), you should have all routers take part in IBGP. Doesn't matter about the IGP, some people prefer IS-IS, and others prefer OSPF. GlobalCrossing and AboveNet (and probably other ISP's) had to move to IS-IS eventually, and migration is terrible. If you have the knowledge or time to invest in IS-IS, I would suggest looking into that as an option before your network grows too large. Fortunately, there are a lot of really good resources out there today (for both IS-IS and OSPF, actually ;> ). > Obviously cost in an issue, but throwing cost out the door, what is the > ideal way of linking ALL offices, using a good level of redundancy and great > preformance... Metro Ethernet and wavelength services make purchasing distance bandwidth a lot easier. Co-location has also come a long way, making transit and peering very easy and cost effective. You are no longer being forced to connect into some strange, unknown remote POP via costly (and difficult to provision) SONET circuits and router interfaces. Look into your Exchange Points and Metro Providers (CLEC's for fiber and optical wavelengths) possibilities. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43899&t=43836 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISP Topology Design [7:43836]
If you are going to have local uplinks in your other locations (and it is not just a hub-and-spoke design with no need for internet redundancy), then I would run the same ASN throughout, use BGP Confederations (maybe not, depending on the number of uplinks, routers and your client's transport requirements). Stick to using OSPF (or another IGP) for the local lans in each location. If it is just a central-office, branch-office kind of thing, with no external uplink redundancy, you might be able to get away with OSPF for the entire topology. It really depends on the specifics which I don't have. :) Can be done many different ways as well.. Jeff Harris CCNA, CCNP Routing, Remote Access Passed On Fri, May 10, 2002 at 02:53:21PM -0400, Chris Headings wrote: > Thanks!!! > > We are an ISP in So. Cal. We are gearing up to open other offices in > bewteen Arizona and Ca... > > We are trying to decide what would be the best way of intergrating our ISP > network...like... > > Should we just continue to use our one ASN and have all traffic come back to > the Global NOC, or should get new ASN's for each location??? > > Should we be using IS-IS, IBGP/EBGP, OSPF as the protocol to link all remote > locations??? > > Obviously cost in an issue, but throwing cost out the door, what is the > ideal way of linking ALL offices, using a good level of redundancy and great > preformance... > > Regards, > > Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43892&t=43836 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 1924 Switch: Takes long time to ping device after [7:43903]
The port will take upto 50 seconds to come up. This is due to Spanning Tree Protocol. The switch is making sure you do not have a switching loop. For all the switch ports that are attached to and end node (workstation, printer..etc) you should enable PortFast. Then the port will come up in a few seconds. KM Reynolds wrote: > Hi, > > I installed a Catalyst 1924 switch on the LAN. It seems to work ok, > however, I am concerned, because when I first plug a device (any device) > into a new switch port. It takes a long time (minutes) before I can ping > it. After that if I unplug it and reconnect I can ping immediately. > > Does anyone know if this is normal? > > Thanks in advance. > > KM > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43903&t=43903 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISP Topology Design [7:43836]
At 2:53 PM -0400 5/10/02, Chris Headings wrote: >Thanks!!! > >We are an ISP in So. Cal. We are gearing up to open other offices in >bewteen Arizona and Ca... > >We are trying to decide what would be the best way of intergrating our ISP >network...like... > >Should we just continue to use our one ASN and have all traffic come back to >the Global NOC, or should get new ASN's for each location?? Well, at least at the continental level, you won't be able to get more than one registered AS. You can certainly use private ASNs, which don't even need to be in confederations. The Cisco remove-private-AS feature lets you play lots of games with multiple private AS but without confederations. You can even use the same private ASN for different customers. See RFC 2270. Essentially, you want multiple AS if you have different routing policies in different areas. Most ISPs don't, although some of the early ones use lots of registered AS since they got them at a time when they were readily available. It's really hard to say without knowing your topology and policy. >? > >Should we be using IS-IS, IBGP/EBGP, OSPF as the protocol to link all remote >locations??? You will need BGP _and_ an IGP. You MAY want MPLS as well, especially if you are offering lots of VPNs of a kind where it's appropriate. The choice between ISIS and OSPF is a tossup. Some of the arguments for each one: ISISOSPF More scalable in flat networksMore aggregation capability Lots of undocumented practice Well known Probably better supported for TE features beginning to come in traffic engineering Until you use some new and subtle Wide range of choices of area methods such as L1L2 leaking, structure allowing a range of can be very inflexible foralternatives from best-exit best-exit routing to closest-exit Lower processor utilization Higher processor utilization. Designer preference. DesignerDesigner preference. Designer is a Radia Perlman groupie. is a John Moy groupie > >Obviously cost in an issue, but throwing cost out the door, what is the >ideal way of linking ALL offices, using a good level of redundancy and great >preformance... I'm afraid the answer is "it depends". -- "What Problem are you trying to solve?" ***send Cisco questions to the list, so all can benefit -- not directly to me*** Howard C. Berkowitz [EMAIL PROTECTED] Chief Technology Officer, GettLab/Gett Communications http://www.gettlabs.com Technical Director, CertificationZone.com http://www.certificationzone.com "retired" Certified Cisco Systems Instructor (CID) #93005 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43888&t=43836 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
DDR [7:43902]
1. I want to configure DDR on 2600/3600 back-to-back: Router-ADDR--Router-B What BRI modules do I need? 2. I have this setup; Analog Phone---Router-A--BRI--Router-B-Analog Phone Both analog phones connected to VIC-2FXS in NM-2V Router A has VIC-2BRI-S/T-TE and Router-B has VIC-2BRI-NT/TE in NM-2V(another) The interfaces are up and L1/L2 is up. I came to know that this setup is only good for voice calls, no DDR, no IP would work on it. If that is correct, for at least voice call, how can I place the voice call on BRI if I cannot use an IPV4 session target in the dial-peer? PING Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43902&t=43902 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
easy VPN tutorial ... [7:43901]
Does anyone know of any websites with an easy to follow guide, or easy steps for creating 'client to Pix VPN' ??? I'm having difficulty setting this up ... I've even tried PPTP with no authentication without success ... I am using ver 6.1 for the Pix and 3.5 for the Cisco VPN client ... Any help or suggestions would be greatly welcomed ... Kind regards ... Paul ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43901&t=43901 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX 501 Ver 6.1 [7:43896]
If you have a PIX 501, it only has 2 interfaces. There are some additional RJ-45 ports, but that is not configurable, they are more or less built in switch ports... 0 = outside 1 = inside 2-4 = ports so you can attach PCs directly into the firewall. - Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43900&t=43896 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISP Topology Design [7:43836]
>On Fri, May 10, 2002 at 02:40:13PM -0400, Howard C. Berkowitz wrote: > >> >Hello all! >> > >> >Does anyone know of any books/material that would be geared more toward ISP >> >network design? Looking for as much as I can find... >> > >> >Thanks >> > >> > >> >> My new book, "Building Service Provider Networks" from Wiley, should >> be in bookstores around Memorial Day. I don't yet have the ISBN. It >> specifically deals with ISP design. > >I believe the ISBN is 0471099228 >http://www.amazon.com/exec/obidos/ASIN/0471099228/qid=1021062282/sr=2-1/ref=sr_2_1/104-3571923-2859119 :-) Isn't there a phrase something like "the husband is the last to know?" It wasn't on the page proofs from the publisher. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43898&t=43836 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISP Topology Design [7:43836]
There were some really good answers to this question. In particular, I liked the person who mentioned the NetPro IDC design session (Cisco's SRND's are also really good). Howard's new book will be interesting to check out. His other suggestions of checking out NANOG, RADB, RIPE, etc are also dead on. In addition, here are some other resources: You also might want to check out Barry Greene / Philip Smith's new CiscoPress book, "Cisco ISP Essentials" and the website, http://www.ispbook.com/ The link on that website to Philip's NANOG presentation on Multihoming is really good. They also have some E-Learning slides specifically on-topic (POP and ISP design). Finally, here is another site that I found as an excellent resource: http://www.isocws.isoc.org/index-old.htm And the Cisco Networkers presentations are also very good. -dre ""Chris Headings"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello all! > > Does anyone know of any books/material that would be geared more toward ISP > network design? Looking for as much as I can find... > > Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43897&t=43836 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX 501 Ver 6.1 [7:43896]
I'm trying to configure ethernet 2-4 on a PIX 501 (3DES), but it comes back saying only 2 interfaces are active. When I do a show version it say "maximum interfaces: 2" Am I missing something or what? Please lemme know!!! Thanx, mkj ~~~ Michael Jablonski ABN AMRO Asset Management Holdings, Inc. 161 North Clark St. 9th Flr Chicago, IL 60601-2468 PH: 312.884.2996 FAX: 312.278.5550 ~~~ This message (including any attachments) is confidential and may be privileged. If you have received it by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly prohibited. Please note that e-mails are susceptible to change. ABN AMRO Bank N.V. (including its group companies) shall not be responsible nor liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt or damage to your system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that the integrity of this communication has been maintained nor that this communication is free of viruses, interceptions or interference. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43896&t=43896 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP604-503 ( Routing Exam) [7:43895]
Hi Folks, Next week I am going to give my CCNP Routing (640-503) exam.Please give me your suggestion like which area should I concentrate more. Thanks Ravi Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43895&t=43895 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISP Topology Design [7:43836]
On Fri, May 10, 2002 at 02:40:13PM -0400, Howard C. Berkowitz wrote: > >Hello all! > > > >Does anyone know of any books/material that would be geared more toward ISP > >network design? Looking for as much as I can find... > > > >Thanks > > > > > > My new book, "Building Service Provider Networks" from Wiley, should > be in bookstores around Memorial Day. I don't yet have the ISBN. It > specifically deals with ISP design. I believe the ISBN is 0471099228 http://www.amazon.com/exec/obidos/ASIN/0471099228/qid=1021062282/sr=2-1/ref=sr_2_1/104-3571923-2859119 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43894&t=43836 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Written Practice Questions [7:43893]
Can somebody recommend some good CCIE pratice questions. Preferably low cost as my company won't help pay for it. MG Network Engineer RoadRunner High Speed Online Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43893&t=43893 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Written Practice Questions [7:43891]
Can somebody recommend some good CCIE pratice questions. Preferably low cost as my company won't help pay for it. MG Network Engineer RoadRunner High Speed Online Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43891&t=43891 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
R/S recert [7:43890]
Any sites, boards or study material for the CCIE R/S recert written tests? Seems like an area thatno one has got covered. Thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43890&t=43890 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ios question? [7:43882]
George, http://www.cisco.com/warp/customer/620/1.html http://www.cisco.com/kobayashi/support/tac/t_index.shtml looking for Software Advisor You can always open a ticket with TAC to make sure you are choosing the right/recommended version. HTH Kent - Original Message - From: "GEORGE" To: Sent: Friday, May 10, 2002 3:11 PM Subject: ios question? [7:43882] > I use Cisco routers and switches throughout my hole network,. I been > learning as I go and read the posts here so far I feel confident in > operating certain hardware models .However, we I have a need to > understand more is the ios, from what I read so far each model and > depending on what you planning to configure you would need a certain > ios, being that one would have the required flash and memory. My > question is there are many ios out there for a particular model and most > have for example 12.1(8a)E2 , whatever, which one should I choose, What > does does number mean?. Can someone here explain me this, and if some > one has some links that goes over basic stuff it would be great Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43889&t=43882 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ios question? [7:43882]
Go to Cisco's website. There's a link called the ABC's of IOS. I'm sure there's more than you'd ever want to know here: http://www.cisco.com/warp/public/732/abc/ Regards, Craig At 03:11 PM 5/10/2002 -0400, you wrote: >I use Cisco routers and switches throughout my hole network,. I been >learning as I go and read the posts here so far I feel confident in >operating certain hardware models .However, we I have a need to >understand more is the ios, from what I read so far each model and >depending on what you planning to configure you would need a certain >ios, being that one would have the required flash and memory. My >question is there are many ios out there for a particular model and most >have for example 12.1(8a)E2 , whatever, which one should I choose, What >does does number mean?. Can someone here explain me this, and if some >one has some links that goes over basic stuff it would be great Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43887&t=43882 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Certification Digest V2 #2069 (Vacation) [7:43886]
I will be on vacation from 5-7-02 to 5-22-02. Any matter regarding network management please forward to Bob Taylor @ 213-979-0032. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43886&t=43886 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: encapsulation failure on an 806 router [7:43813]
It is actually very basic. If someone can run this test on their Cisco 806 and report their findings. I can see the problem by just doing the following: erase startup-config reload assign IP addresses to both Ethernet interfaces connect my laptop to E0 (4 port LAN hub) connect ISP router to E1 (WAN port) I can ping everything just fine and get out to the Internet once I set up the default route Now I swap the ethernet cables where laptop on E1 (WAN port) ISP router on E0 (4 port hub), then I swap IP addresses at the 806 Ethernet interfaces now -laptop can ping both 806 Ethernet ports -806 can ping laptop, -but neither laptop nor 806 can ping ISP router, nor ISP router can ping 806 -when I turn on "Debug Ip Packet", I get the message "encapsulation failure" while sending packets to E0 and I also see no packets on the wire with my sniffer. -when I do a show interface on the 806 router, encapsulation is set to ARPA for both Ethernet ports. One other piece of information I find unusual is that I get an UP/UP indication when I do a show ethernet 0 (on 4 port LAN hub), even when there are no cables connected to any of the 4 ports. regards, dj John Huston wrote: > cut and paste your config in here so we can see what are doing. > > ""Dimitrije"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Got an 806 router with two Ethernet interfaces used for broadband access to > > the > > Internet. Ethernet 1 is typically the WAN interface pointing towards the > > Internet router, while Ethernet 0 is a 4-port hub used for the local LAN. > > > > Everything works properly when the 806 is configured in the conventional > way, > > with WAN pointing toward Internet router. > > > > However, I have a VPN appliance (with dual Ethernet ports) that needs to be > > in > > parallel to the 806. So I wanted to set-up the 806 with Ethernet 0 (4 port > > hub) > > pointing toward the Internet router along with the public side of the VPN > > applicance while Ethernet 1 of the 806 connected to the corporate LAN > switch > > along with the private side of the VPN. > > > > When I turn the 806 around like this, I get an "encapsulation failure" > > message > > during debug ip packet when sending data over the Ethernet 0 (4 port hub > > connected to the Internet router), thus no packets get sent out that > > Interface. > > I get this error even after I do erase startup-config, reload and only > > assign IP > > addresses to the Ethernet Interfaces. I am not using PPPoe and my > > encapsulation > > type shows ARPA when I display a show interface for both Ethernet ports. > > > > any thoughts?? > > dj Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43885&t=43813 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ws-x6516-GE-TX: Auto discovery X-over? [7:43876]
I think the issue is not the link, you can get a link light with either, it the tx-tx, rx-rx that is the problem with the wrong cable. IOW the wire responsible for link doesn't change. Dave Jeffrey Reed wrote: > > We were playing with a WS-X6516-GE-TX in the lab and someone used a > cross-over cable to connect a PC. We received a LINK, even though it was > PC-to-switch. We had the same results with a straight patch cable. Can any > confirm these are auto sensing transmit and receive pairs of a CAT5 cable > and adjusting accordingly? > > Thanks!! > > Jeffrey Reed > Classic Networking, Inc. > Cell 717-805-5536 > Office 717-737-8586 > FAX 717-737-0290 -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43884&t=43876 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: dual-homed hosts problems [7:43677]
LOL. OSPF is a wonderful thing, remember that life has a funny way of punishing those who can't recognize its little gifts, you could be working with IS-IS . -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Priscilla Oppenheimer Sent: Friday, May 10, 2002 1:43 PM To: [EMAIL PROTECTED] Subject: RE: dual-homed hosts problems [7:43677] Sob as in cry! OSPF makes me cry. ;-) At 07:15 PM 5/10/02, Rah Hussain wrote: >Priscilla, >That's not very lady like ;-) Just kidding too :-) > >Rah > >-Original Message- >From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] >Sent: 10 May 2002 17:58 >To: [EMAIL PROTECTED] >Subject: Re: dual-homed hosts problems [7:43677] > >At 12:35 PM 5/10/02, Maximus wrote: > >Sorry list members, the spell-checker changed OSPF to SOP. > >I think OSPF should be SOB. Just kidding! :-) > >Priscilla > > > >- Original Message - > >From: "Maximus" > >To: > >Sent: Friday, May 10, 2002 12:40 PM > >Subject: Re: dual-homed hosts problems [7:43677] > > > > > > > I may be wrong but your friend is using a routing protocol and therefore > >the > > > below would not apply to the scenario. > > > As for running SOP on the server IMHO it would be overkill for this > >specific > > > situation. "Keep it simple." > > > Would I run SOP on a server? > > > Depends on why I had the server built in the first place. Have a nice > >day! > > > > > > - Original Message - > > > From: "Jeffrey Reed" > > > To: > > > Sent: Friday, May 10, 2002 8:27 AM > > > Subject: RE: dual-homed hosts problems [7:43677] > > > > > > > > > > I just talked to someone yesterday who said they are running OSPF on >the > > > > WIN2000 servers and using dual NICs effectively. Is this a better way >to > > > > dual home servers? > > > > > > > > Jeffrey Reed > > > > Classic Networking, Inc. > > > > > > > > -Original Message- > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > > Galo > > > > Villacis > > > > Sent: Thursday, May 09, 2002 7:18 PM > > > > To: [EMAIL PROTECTED] > > > > Subject: Re: dual-homed hosts problems [7:43677] > > > > > > > > I believe your issue may relate to the single IP stack on 2000. Try > > > > defaulting traffic to the internet and adding a static route to the > > > internal > > > > network opposed to specifying the gateway on the internal IP >interface. > > > > Also I would go as far as disabling any NETBIOS on the external > >interface > > > > for security. > > > > > > > > cmd would be: > > > > > > > > route add -p Network Mask Gateway > > > > > > > > - Original Message - > > > > From: "Henrique Duarte" > > > > To: > > > > Sent: Thursday, May 09, 2002 5:48 PM > > > > Subject: Re: dual-homed hosts problems [7:43677] > > > > > > > > > > > > > Bulent, > > > > > > > > > > Thank you for the reply. I am afraid you may have misunderstood >this > > > > > problem. Allow me to be more clear: > > > > > > > > > > > > > > > 192.168.0.1 - 192.168.0.150 - Host A - > >128.59.39.3 > > > > > | >(dual > > > > homed > > > > > server) > > > > > | > > > > > | > > > > > | > > > > > | > > > > > | > > > > > 128.59.39.2 > > > > > router A > >router > > > > > C Internet > > > > > | > > > > > 192.168.1.1 > > > > > | > > > > > | > > > > >T1 > > > > > | > > > > > | > > > > > 192.168.1.2 > > > > > | > > > > > router B > > > > > | > > > > > 192.168.2.1 > > > > > > > > > > > > > > > The problem happens on Host A. Host A is a WebServer with 2 > > > interfaces: > > > > a > > > > > public (which goes out to the internet) and a private (which talks >to > > > the > > > > > database). The private interface has IP 192.168.0.150 and default >GW > > > > > 192.168.0.1. The public has ip 128.59.39.3 and default GW > >128.59.39.2. > > > > > Everything works fine if I leave the private interface's default GW > > > blank. > > > > > If I put Router C's address as the private interface's default > >gateway, > > > > > after some time I cannot ping anywhere from Host A, even though I >can > > > ping > > > > > it from the outside world. I need to have the private interface > > > > configured > > > > > with 192.168.0.1 as the default GW because remote users need to be > >able > > > to > > > > > connect to that server via the back-end T1. Any light would be > >greatly > > > > > appreciated. > > > > > > > > > > Thanks, > > > > > > > > > > -H > > > > > > > > > > > > > > > - Original Message - > > > > > From: "B|lent ^ahin" > > > > > To: > > > > > Sent: Thursday, May 09, 2002 3:17 AM > > > > > Subject: RE: dual-homed hosts problems [7:43677] > > > > > > > > > > > > > > > > When configuring ethernet interfaces on MS environment, you have > >three > > > > > blank > > > > > > spaces to fill: IP_address, Subnet_mask and Default_gateway. So >the > > > > people > > > > > > start to think every ethernet interface as a router: "This >interface >
ios question? [7:43882]
I use Cisco routers and switches throughout my hole network,. I been learning as I go and read the posts here so far I feel confident in operating certain hardware models .However, we I have a need to understand more is the ios, from what I read so far each model and depending on what you planning to configure you would need a certain ios, being that one would have the required flash and memory. My question is there are many ios out there for a particular model and most have for example 12.1(8a)E2 , whatever, which one should I choose, What does does number mean?. Can someone here explain me this, and if some one has some links that goes over basic stuff it would be great Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43882&t=43882 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: dual-homed hosts problems [7:43677]
Oh I see hehehe Rah -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: 10 May 2002 19:43 To: [EMAIL PROTECTED] Subject: RE: dual-homed hosts problems [7:43677] Sob as in cry! OSPF makes me cry. ;-) At 07:15 PM 5/10/02, Rah Hussain wrote: >Priscilla, >That's not very lady like ;-) Just kidding too :-) > >Rah > >-Original Message- >From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] >Sent: 10 May 2002 17:58 >To: [EMAIL PROTECTED] >Subject: Re: dual-homed hosts problems [7:43677] > >At 12:35 PM 5/10/02, Maximus wrote: > >Sorry list members, the spell-checker changed OSPF to SOP. > >I think OSPF should be SOB. Just kidding! :-) > >Priscilla > > > >- Original Message - > >From: "Maximus" > >To: > >Sent: Friday, May 10, 2002 12:40 PM > >Subject: Re: dual-homed hosts problems [7:43677] > > > > > > > I may be wrong but your friend is using a routing protocol and therefore > >the > > > below would not apply to the scenario. > > > As for running SOP on the server IMHO it would be overkill for this > >specific > > > situation. "Keep it simple." > > > Would I run SOP on a server? > > > Depends on why I had the server built in the first place. Have a nice > >day! > > > > > > - Original Message - > > > From: "Jeffrey Reed" > > > To: > > > Sent: Friday, May 10, 2002 8:27 AM > > > Subject: RE: dual-homed hosts problems [7:43677] > > > > > > > > > > I just talked to someone yesterday who said they are running OSPF on >the > > > > WIN2000 servers and using dual NICs effectively. Is this a better way >to > > > > dual home servers? > > > > > > > > Jeffrey Reed > > > > Classic Networking, Inc. > > > > > > > > -Original Message- > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > > Galo > > > > Villacis > > > > Sent: Thursday, May 09, 2002 7:18 PM > > > > To: [EMAIL PROTECTED] > > > > Subject: Re: dual-homed hosts problems [7:43677] > > > > > > > > I believe your issue may relate to the single IP stack on 2000. Try > > > > defaulting traffic to the internet and adding a static route to the > > > internal > > > > network opposed to specifying the gateway on the internal IP >interface. > > > > Also I would go as far as disabling any NETBIOS on the external > >interface > > > > for security. > > > > > > > > cmd would be: > > > > > > > > route add -p Network Mask Gateway > > > > > > > > - Original Message - > > > > From: "Henrique Duarte" > > > > To: > > > > Sent: Thursday, May 09, 2002 5:48 PM > > > > Subject: Re: dual-homed hosts problems [7:43677] > > > > > > > > > > > > > Bulent, > > > > > > > > > > Thank you for the reply. I am afraid you may have misunderstood >this > > > > > problem. Allow me to be more clear: > > > > > > > > > > > > > > > 192.168.0.1 - 192.168.0.150 - Host A - > >128.59.39.3 > > > > > | >(dual > > > > homed > > > > > server) > > > > > | > > > > > | > > > > > | > > > > > | > > > > > | > > > > > 128.59.39.2 > > > > > router A > >router > > > > > C Internet > > > > > | > > > > > 192.168.1.1 > > > > > | > > > > > | > > > > >T1 > > > > > | > > > > > | > > > > > 192.168.1.2 > > > > > | > > > > > router B > > > > > | > > > > > 192.168.2.1 > > > > > > > > > > > > > > > The problem happens on Host A. Host A is a WebServer with 2 > > > interfaces: > > > > a > > > > > public (which goes out to the internet) and a private (which talks >to > > > the > > > > > database). The private interface has IP 192.168.0.150 and default >GW > > > > > 192.168.0.1. The public has ip 128.59.39.3 and default GW > >128.59.39.2. > > > > > Everything works fine if I leave the private interface's default GW > > > blank. > > > > > If I put Router C's address as the private interface's default > >gateway, > > > > > after some time I cannot ping anywhere from Host A, even though I >can > > > ping > > > > > it from the outside world. I need to have the private interface > > > > configured > > > > > with 192.168.0.1 as the default GW because remote users need to be > >able > > > to > > > > > connect to that server via the back-end T1. Any light would be > >greatly > > > > > appreciated. > > > > > > > > > > Thanks, > > > > > > > > > > -H > > > > > > > > > > > > > > > - Original Message - > > > > > From: "B|lent ^ahin" > > > > > To: > > > > > Sent: Thursday, May 09, 2002 3:17 AM > > > > > Subject: RE: dual-homed hosts problems [7:43677] > > > > > > > > > > > > > > > > When configuring ethernet interfaces on MS environment, you have > >three > > > > > blank > > > > > > spaces to fill: IP_address, Subnet_mask and Default_gateway. So >the > > > > people > > > > > > start to think every ethernet interface as a router: "This >interface > > > > will > > > > > > route IP packets to the other interface, so the default gateway of > >the > > > > > first > > > > > > interface should be same as the IP address of the
RE: ISP Topology Design [7:43836]
Thanks!!! We are an ISP in So. Cal. We are gearing up to open other offices in bewteen Arizona and Ca... We are trying to decide what would be the best way of intergrating our ISP network...like... Should we just continue to use our one ASN and have all traffic come back to the Global NOC, or should get new ASN's for each location??? Should we be using IS-IS, IBGP/EBGP, OSPF as the protocol to link all remote locations??? Obviously cost in an issue, but throwing cost out the door, what is the ideal way of linking ALL offices, using a good level of redundancy and great preformance... Regards, Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43850&t=43836 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Give up...Cannot ping from one spoke to anothe [7:43795]
The ping problem is not related to the routing or OSPF protocol. Trying to ping remote IP over FR with no frame map statement will cause of encapsulation failure. The router doesn't know how to encapsulate the IP packet in DLCI number. Since you can not use frame map statement, the only option is to use frame-relay interface-dlci xxx command. This tells the router to encap. all packets in DLCI xxx. But this doesn't work on the physical interface!! You have to change the spoke FR interface to subinterface multipoint or point-2-point (the second will involved IP redesign, separate net. for each FR link to the HUB router). Nick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Cisco Nuts Sent: Thursday, May 09, 2002 8:15 PM To: [EMAIL PROTECTED] Subject: Give up...Cannot ping from one spoke to another?? [7:43795] Hello, I have RTA configed as a FR hub with multipoint subif. I have RTB, RTC and RTE configed as spokes using only the serial intf. - FR network type Non-Broadcast. Have 1 single FR map statement on the spokes pointing to the hub. Have 3 map statements on the hub pointing back to each of the 3 spokes. Have Ospf configed. Area 0 the FR network for the serials. Area 1 on RTA, Area 10 on RTB and Area 4 on RTE each for the Ethernet side. Also have the neighbor statement on each spoke pointing to the hub with a priority of 2. A show ip route reveals all the OSPF networks (O IA routes) on each router. I can only ping from the hub router RTA to networks on the spoke routers BUT I cannot ping from one spoke router to a network on another spoke router EVEN though the routes are in the routing table? Why is that? A CATCH: I am not allowed to use the ip ospf network command anywhere nor FR map statements on each spoke pointing to the other spokes?? What is the way that will allow me to ping from RTB to RTC thru RTA the hub router? I tried the default-information originate on the hub rtr. RTA but this does not seem to help - even though it installs a default route on each spoke router. I am giving up after tiring me eyes on CCO. Anyone with any ideas? Thank you for your help. _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43871&t=43795 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE communication and services [7:43714]
Cool, I didnt know the ISP Dial qualification exam applied to the C&S lab exam. I'll have to schedule the C&S lab exam then. Anyone else taking it? thanks, -Brad Ellis CCIE#5796 (R&S / Security) Network Learning Inc [EMAIL PROTECTED] www.optsys.net (Cisco hardware) ""nrf"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Allright. Sean Knox has pretty much nailed it on the head. But let me try > one more time. > > To become a R/S CCIE you must > #1) pass the R/S written > #2) pass the R/S lab > > To become a Security CCIE you must > #1)pass the Security written > #2) pass the Security lab > > To become a C/S CCIE you must > #1)Pass one of 8 possible C/S writtens - or - have passed either the old > ISPDial or WAN-switching CCIE writtens back when they were still available > (so if you have never done this, then unless you have a time machine, you > cannot do it now) > #2)Pass the C/S lab. > > > Bottom line - the labs are absolutely NOT the same for all three, believe > me. I've tried all 3 labs, and they are significantly different. There are > some base-level similarities, but beyond that they are quite divergent. If > you don't believe me, read their descriptions: > > http://www.cisco.com/warp/public/625/ccie/certifications/services.html#4 > http://www.cisco.com/warp/public/625/ccie/certifications/routing.html#4 > http://www.cisco.com/warp/public/625/ccie/certifications/security.html#4 > > > > > ""Sean Knox"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > The lab is not the same for all three. As nrf has repeatedly tried to tell > > you, they are three SEPARATE tracks. To achieve the R/S CCIE, you need to > > pass the R/S written and the R/S CCIE Lab. To get your C/S CCIE, even if > you > > already have, say, you R/S CCIE *completed*, you still need to complete > the > > C/S written then take the C/S lab. > > > > Sean > > > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > > Sent: Friday, May 10, 2002 5:07 AM > > > To: [EMAIL PROTECTED] > > > Subject: Re: CCIE communication and services [7:43714] > > > > > > > > > Sorry, I guess that wasn't very clear. Suppose you attain an > > > R/S CCIE and > > > now wish to go for security or C/S. As the lab is the same > > > for all three, is > > > it necessary to keep retaking the lab or will the written be enough? I > > > assume you probably do have to take the lab again, however > > > since it is the > > > same test you have already passed,it just seems redundant. > > > > > > nrf wrote: > > > > > > > > Uh, what? I don't understand your question. If you're saying > > > > that you're > > > > thinking that you can just keep getting more than one C/S CCIE > > > > by taking > > > > that lab over and over again (but by passing different C/S > > > > writtens), then > > > > the answer is absolutely not. Contrary to what many people > > > > believe, there > > > > are no different 'flavors' of the C/S. There is only 1 C/S > > > > CCIE, and you're > > > > either a C/S CCIE or you're not. And really, this makes > > > > perfect sense, > > > > since there is only one unified C/S lab which every C/S > > > > candidate takes, no > > > > matter which written he/she passed. > > > > > > > > > > > > > > > > > > > > ""Jason Owens"" wrote in message > > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > Based on your post above, as the lab is the same general > > > > knowledge, would > > > > > you need to keep taking it, providing you have passed it > > > > once, to get more > > > > > than one CCIE? Or would the various written exams suffice? > > > > Just curious. > > > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43874&t=43714 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Give up...Cannot ping from one spoke to anothe [7:43795]
Sounds like bootcamp lab #1 to me... heh. Try policy-based routing on the frame interfaces of the spokes. You want it to change the next hop to point back to the hub router's IP... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43808&t=43795 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISP Topology Design [7:43836]
Thanks to everyone!!! Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43880&t=43836 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Give up...Cannot ping from one spoke to another?? [7:43795]
If you don't have map statement at the spokes this will not work. Basically what you are missing is the layer 2 to layer 3 mapping. Just like ARP on ethernet the router needs to map a layer 3 address to a layer 2 address. In this case you do it with a map statement which links the IP address with the layer 2 DLCI. Using frame map statements you would point all the spoke IPs to the DLCI going to the hub. So the trick here is what else can you use to do this? Take a look at policy routing. Policy routing can force all traffic going to the spokes through the hub can't it? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Cisco Nuts Sent: Thursday, May 09, 2002 9:15 PM To: [EMAIL PROTECTED] Subject: Give up...Cannot ping from one spoke to another?? [7:43795] Hello, I have RTA configed as a FR hub with multipoint subif. I have RTB, RTC and RTE configed as spokes using only the serial intf. - FR network type Non-Broadcast. Have 1 single FR map statement on the spokes pointing to the hub. Have 3 map statements on the hub pointing back to each of the 3 spokes. Have Ospf configed. Area 0 the FR network for the serials. Area 1 on RTA, Area 10 on RTB and Area 4 on RTE each for the Ethernet side. Also have the neighbor statement on each spoke pointing to the hub with a priority of 2. A show ip route reveals all the OSPF networks (O IA routes) on each router. I can only ping from the hub router RTA to networks on the spoke routers BUT I cannot ping from one spoke router to a network on another spoke router EVEN though the routes are in the routing table? Why is that? A CATCH: I am not allowed to use the ip ospf network command anywhere nor FR map statements on each spoke pointing to the other spokes?? What is the way that will allow me to ping from RTB to RTC thru RTA the hub router? I tried the default-information originate on the hub rtr. RTA but this does not seem to help - even though it installs a default route on each spoke router. I am giving up after tiring me eyes on CCO. Anyone with any ideas? Thank you for your help. _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43865&t=43795 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tag Switching [7:43830]
Not supported. Eric Lange 651-205-1329 James cc: Sent by: Subject: Tag Switching [7:43830] nobody@groups tudy.com 05/10/2002 09:22 AM Please respond to James Hello all This is a rephrase of my previous question on MPLS. Does anyone know if it is possible to use Tag-switching on 2500 platforms ? I have tried using tag-switching ip interface command on 2511s on a test lab but the command is not available. Is there a different IOS version that I need, I am running on 12.2 enterprise ? Any info on this is greatly appreciated. Thank you James __ Do You Yahoo!? Yahoo! Shopping - Mother's Day is May 12th! http://shopping.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43878&t=43830 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: dual-homed hosts problems [7:43677]
Sob as in cry! OSPF makes me cry. ;-) At 07:15 PM 5/10/02, Rah Hussain wrote: >Priscilla, >That's not very lady like ;-) Just kidding too :-) > >Rah > >-Original Message- >From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] >Sent: 10 May 2002 17:58 >To: [EMAIL PROTECTED] >Subject: Re: dual-homed hosts problems [7:43677] > >At 12:35 PM 5/10/02, Maximus wrote: > >Sorry list members, the spell-checker changed OSPF to SOP. > >I think OSPF should be SOB. Just kidding! :-) > >Priscilla > > > >- Original Message - > >From: "Maximus" > >To: > >Sent: Friday, May 10, 2002 12:40 PM > >Subject: Re: dual-homed hosts problems [7:43677] > > > > > > > I may be wrong but your friend is using a routing protocol and therefore > >the > > > below would not apply to the scenario. > > > As for running SOP on the server IMHO it would be overkill for this > >specific > > > situation. "Keep it simple." > > > Would I run SOP on a server? > > > Depends on why I had the server built in the first place. Have a nice > >day! > > > > > > - Original Message - > > > From: "Jeffrey Reed" > > > To: > > > Sent: Friday, May 10, 2002 8:27 AM > > > Subject: RE: dual-homed hosts problems [7:43677] > > > > > > > > > > I just talked to someone yesterday who said they are running OSPF on >the > > > > WIN2000 servers and using dual NICs effectively. Is this a better way >to > > > > dual home servers? > > > > > > > > Jeffrey Reed > > > > Classic Networking, Inc. > > > > > > > > -Original Message- > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > > Galo > > > > Villacis > > > > Sent: Thursday, May 09, 2002 7:18 PM > > > > To: [EMAIL PROTECTED] > > > > Subject: Re: dual-homed hosts problems [7:43677] > > > > > > > > I believe your issue may relate to the single IP stack on 2000. Try > > > > defaulting traffic to the internet and adding a static route to the > > > internal > > > > network opposed to specifying the gateway on the internal IP >interface. > > > > Also I would go as far as disabling any NETBIOS on the external > >interface > > > > for security. > > > > > > > > cmd would be: > > > > > > > > route add -p Network Mask Gateway > > > > > > > > - Original Message - > > > > From: "Henrique Duarte" > > > > To: > > > > Sent: Thursday, May 09, 2002 5:48 PM > > > > Subject: Re: dual-homed hosts problems [7:43677] > > > > > > > > > > > > > Bulent, > > > > > > > > > > Thank you for the reply. I am afraid you may have misunderstood >this > > > > > problem. Allow me to be more clear: > > > > > > > > > > > > > > > 192.168.0.1 - 192.168.0.150 - Host A - > >128.59.39.3 > > > > > | >(dual > > > > homed > > > > > server) > > > > > | > > > > > | > > > > > | > > > > > | > > > > > | > > > > > 128.59.39.2 > > > > > router A > >router > > > > > C Internet > > > > > | > > > > > 192.168.1.1 > > > > > | > > > > > | > > > > >T1 > > > > > | > > > > > | > > > > > 192.168.1.2 > > > > > | > > > > > router B > > > > > | > > > > > 192.168.2.1 > > > > > > > > > > > > > > > The problem happens on Host A. Host A is a WebServer with 2 > > > interfaces: > > > > a > > > > > public (which goes out to the internet) and a private (which talks >to > > > the > > > > > database). The private interface has IP 192.168.0.150 and default >GW > > > > > 192.168.0.1. The public has ip 128.59.39.3 and default GW > >128.59.39.2. > > > > > Everything works fine if I leave the private interface's default GW > > > blank. > > > > > If I put Router C's address as the private interface's default > >gateway, > > > > > after some time I cannot ping anywhere from Host A, even though I >can > > > ping > > > > > it from the outside world. I need to have the private interface > > > > configured > > > > > with 192.168.0.1 as the default GW because remote users need to be > >able > > > to > > > > > connect to that server via the back-end T1. Any light would be > >greatly > > > > > appreciated. > > > > > > > > > > Thanks, > > > > > > > > > > -H > > > > > > > > > > > > > > > - Original Message - > > > > > From: "B|lent ^ahin" > > > > > To: > > > > > Sent: Thursday, May 09, 2002 3:17 AM > > > > > Subject: RE: dual-homed hosts problems [7:43677] > > > > > > > > > > > > > > > > When configuring ethernet interfaces on MS environment, you have > >three > > > > > blank > > > > > > spaces to fill: IP_address, Subnet_mask and Default_gateway. So >the > > > > people > > > > > > start to think every ethernet interface as a router: "This >interface > > > > will > > > > > > route IP packets to the other interface, so the default gateway of > >the > > > > > first > > > > > > interface should be same as the IP address of the second > >interface.", > > > > but > > > > > > there is one router on the PC: CPU. Try to configure only one > >default > > > > > > gateway. You can use the command "route print" to see what happens > > >
Re: ISP Topology Design [7:43836]
>Hello all! > >Does anyone know of any books/material that would be geared more toward ISP >network design? Looking for as much as I can find... > >Thanks > > My new book, "Building Service Provider Networks" from Wiley, should be in bookstores around Memorial Day. I don't yet have the ISBN. It specifically deals with ISP design. In the meantime, do look at the archives at www.nanog.org, www.ripe.net, and www.radb.net. -- "What Problem are you trying to solve?" ***send Cisco questions to the list, so all can benefit -- not directly to me*** Howard C. Berkowitz [EMAIL PROTECTED] Chief Technology Officer, GettLab/Gett Communications http://www.gettlabs.com Technical Director, CertificationZone.com http://www.certificationzone.com "retired" Certified Cisco Systems Instructor (CID) #93005 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43877&t=43836 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ws-x6516-GE-TX: Auto discovery X-over? [7:43876]
We were playing with a WS-X6516-GE-TX in the lab and someone used a cross-over cable to connect a PC. We received a LINK, even though it was PC-to-switch. We had the same results with a straight patch cable. Can any confirm these are auto sensing transmit and receive pairs of a CAT5 cable and adjusting accordingly? Thanks!! Jeffrey Reed Classic Networking, Inc. Cell 717-805-5536 Office 717-737-8586 FAX 717-737-0290 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43876&t=43876 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: dual-homed hosts problems [7:43677]
Priscilla, That's not very lady like ;-) Just kidding too :-) Rah -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: 10 May 2002 17:58 To: [EMAIL PROTECTED] Subject: Re: dual-homed hosts problems [7:43677] At 12:35 PM 5/10/02, Maximus wrote: >Sorry list members, the spell-checker changed OSPF to SOP. I think OSPF should be SOB. Just kidding! :-) Priscilla >- Original Message - >From: "Maximus" >To: >Sent: Friday, May 10, 2002 12:40 PM >Subject: Re: dual-homed hosts problems [7:43677] > > > > I may be wrong but your friend is using a routing protocol and therefore >the > > below would not apply to the scenario. > > As for running SOP on the server IMHO it would be overkill for this >specific > > situation. "Keep it simple." > > Would I run SOP on a server? > > Depends on why I had the server built in the first place. Have a nice >day! > > > > - Original Message - > > From: "Jeffrey Reed" > > To: > > Sent: Friday, May 10, 2002 8:27 AM > > Subject: RE: dual-homed hosts problems [7:43677] > > > > > > > I just talked to someone yesterday who said they are running OSPF on the > > > WIN2000 servers and using dual NICs effectively. Is this a better way to > > > dual home servers? > > > > > > Jeffrey Reed > > > Classic Networking, Inc. > > > > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > Galo > > > Villacis > > > Sent: Thursday, May 09, 2002 7:18 PM > > > To: [EMAIL PROTECTED] > > > Subject: Re: dual-homed hosts problems [7:43677] > > > > > > I believe your issue may relate to the single IP stack on 2000. Try > > > defaulting traffic to the internet and adding a static route to the > > internal > > > network opposed to specifying the gateway on the internal IP interface. > > > Also I would go as far as disabling any NETBIOS on the external >interface > > > for security. > > > > > > cmd would be: > > > > > > route add -p Network Mask Gateway > > > > > > - Original Message - > > > From: "Henrique Duarte" > > > To: > > > Sent: Thursday, May 09, 2002 5:48 PM > > > Subject: Re: dual-homed hosts problems [7:43677] > > > > > > > > > > Bulent, > > > > > > > > Thank you for the reply. I am afraid you may have misunderstood this > > > > problem. Allow me to be more clear: > > > > > > > > > > > > 192.168.0.1 - 192.168.0.150 - Host A - >128.59.39.3 > > > > | (dual > > > homed > > > > server) > > > > | > > > > | > > > > | > > > > | > > > > | > > > > 128.59.39.2 > > > > router A >router > > > > C Internet > > > > | > > > > 192.168.1.1 > > > > | > > > > | > > > >T1 > > > > | > > > > | > > > > 192.168.1.2 > > > > | > > > > router B > > > > | > > > > 192.168.2.1 > > > > > > > > > > > > The problem happens on Host A. Host A is a WebServer with 2 > > interfaces: > > > a > > > > public (which goes out to the internet) and a private (which talks to > > the > > > > database). The private interface has IP 192.168.0.150 and default GW > > > > 192.168.0.1. The public has ip 128.59.39.3 and default GW >128.59.39.2. > > > > Everything works fine if I leave the private interface's default GW > > blank. > > > > If I put Router C's address as the private interface's default >gateway, > > > > after some time I cannot ping anywhere from Host A, even though I can > > ping > > > > it from the outside world. I need to have the private interface > > > configured > > > > with 192.168.0.1 as the default GW because remote users need to be >able > > to > > > > connect to that server via the back-end T1. Any light would be >greatly > > > > appreciated. > > > > > > > > Thanks, > > > > > > > > -H > > > > > > > > > > > > - Original Message - > > > > From: "B|lent ^ahin" > > > > To: > > > > Sent: Thursday, May 09, 2002 3:17 AM > > > > Subject: RE: dual-homed hosts problems [7:43677] > > > > > > > > > > > > > When configuring ethernet interfaces on MS environment, you have >three > > > > blank > > > > > spaces to fill: IP_address, Subnet_mask and Default_gateway. So the > > > people > > > > > start to think every ethernet interface as a router: "This interface > > > will > > > > > route IP packets to the other interface, so the default gateway of >the > > > > first > > > > > interface should be same as the IP address of the second >interface.", > > > but > > > > > there is one router on the PC: CPU. Try to configure only one >default > > > > > gateway. You can use the command "route print" to see what happens > > when > > > > you > > > > > configure two or more default gateways. > > > > > > > > > > Bulent > > > > > > > > > > > > > > > -Original Message- > > > > > From: Henrique Duarte [mailto:[EMAIL PROTECTED]] > > > > > Sent: Thursday, May 09, 2002 12:39 AM > > > > > To: [EMAIL PROTECTED] > > > > > Subject: dual-homed hosts problems [7:4
Re: Give up...Cannot ping from one spoke to another?? [7:43795]
Define an acl on each spoke with all of the remote networks ie: access-list 100 permit any (ip of remote network) Do this for each of the remote networks. Then define a route map matching on that access list and set the next hop to the ip of the hub router. Apply to the outgoing serial interface and don't forget to enable local policy routing so you can ping from the router. That should take care of it. HTH, Scott ""Cisco Nuts"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Yes, policy routing could very well be the solution without using FR map > statements. But how would I go about doing this? I mean what kind of policy > routing needs to be in place on the spoke so that I can ping to the other > spoke (going thru the Hub rtr). And thus, get to the Ethernets of the spoke > routers. > > The hub router is the only one that can get to the ethernets on the spokes > and the spoke routers can ONLY get to the ethernet of the hub router not to > the ethernet of the other spoke. > > Could it be just static routes on the hub router pointing the next hop to > the serial of the spoke router? > I will try this. > > But any other ideas are gratefully appreciatedI have tired my eyes on > CCO till 3:00am in the morning and still not find the freaking answer. > > Thank you. > > > >From: Stephen Barlow > >To: 'Cisco Nuts' > >Subject: RE: Give up...Cannot ping from one spoke to another?? [7:43795] > >Date: Fri, 10 May 2002 07:58:19 -0400 > > > >I believe policy routing or frame maps on each spoke would solve it. Is > >the > >next hop of the spokes the other spoke? If yes, frame needs a layer 2 (or > >routing) to get around this. > >Hope it helps > > > >Steve > > > >-Original Message- > >From: Cisco Nuts [mailto:[EMAIL PROTECTED]] > >Sent: May 9, 2002 9:15 PM > >To: [EMAIL PROTECTED] > >Subject: Give up...Cannot ping from one spoke to another?? [7:43795] > > > > > >Hello, > > > >I have RTA configed as a FR hub with multipoint subif. I have RTB, RTC and > >RTE configed as spokes using only the serial intf. - FR network type > >Non-Broadcast. Have 1 single FR map statement on the spokes pointing to the > >hub. Have 3 map statements on the hub pointing back to each of the 3 > >spokes. > > > >Have Ospf configed. Area 0 the FR network for the serials. Area 1 on RTA, > >Area 10 on RTB and Area 4 on RTE each for the Ethernet side. Also have the > >neighbor statement on each spoke pointing to the hub with a priority of 2. > > > >A show ip route reveals all the OSPF networks (O IA routes) on each router. > >I can only ping from the hub router RTA to networks on the spoke routers > >BUT > > > >I cannot ping from one spoke router to a network on another spoke router > >EVEN though the routes are in the routing table? > > > >Why is that? > > > >A CATCH: I am not allowed to use the ip ospf network command anywhere nor > >FR > > > >map statements on each spoke pointing to the other spokes?? > > > >What is the way that will allow me to ping from RTB to RTC thru RTA the hub > >router? > > > >I tried the default-information originate on the hub rtr. RTA but this does > >not seem to help - even though it installs a default route on each spoke > >router. > > > >I am giving up after tiring me eyes on CCO. > > > >Anyone with any ideas? > > > >Thank you for your help. > > > > > > > > > > > >_ > >MSN Photos is the easiest way to share and print your photos: > >http://photos.msn.com/support/worldwide.aspx > >This e-mail message is intended only for the person or entity to which it > >is addressed > >and is confidential, subject to copyright and may be legally privileged. > >Any > >unauthorized review, use or disclosure is prohibited. If you received this > >in error, > >please contact the sender and delete all copies of the e-mail together with > >any > >attachments. > > > > > > > > > _ > MSN Photos is the easiest way to share and print your photos: > http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43873&t=43795 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Need help on crtl-shift-6 [7:43844]
Hi , you should press ctrl+shift+6+x many times ""Kenneth Yeung"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I found it difficult to use crtl-shift-6 to get back the terminal server. > Sometimes okay but sometimes not! > Can anyone help me? Can I change this with a simplier key? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43868&t=43844 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: why "ip inspect" block my traffic? [7:43802]
You need to apply your IP inspect in the opposite direction of your external interfaces ACL. So, if you have an ACL applied inbound on your external interface you need to apply your IP Inspect list outbound. The reason being, CBAC will inspect your outbound packets and then dynamically insert "permit" entries at the top of your inbound ACL to allow traffic flow that's part of the same session back in to your network. HTH, Don Nguyen Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43872&t=43802 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Need help on crtl-shift-6 [7:43844]
> I found it difficult to use crtl-shift-6 to get back the > terminal server. > Sometimes okay but sometimes not! > Can anyone help me? Can I change this with a simplier key? You can set it to escape by doing this: line vty 0 4 escape-character 27 ! Same apples if you want to set it for console access. line con 0 escape-character 27 ! Marko. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43870&t=43844 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISP Topology Design [7:43836]
Check out the Tech Talk at http://forums.cisco.com/eforum/servlet/NetProf?page=Emerging_Technologies_discussion on Internet Data Center Design...it may be of some use. Patrick -Original Message- From: Chris Headings [mailto:[EMAIL PROTECTED]] Sent: Fri 5/10/2002 11:52 AM To: [EMAIL PROTECTED] Cc: Subject: ISP Topology Design [7:43836] Hello all! Does anyone know of any books/material that would be geared more toward ISP network design? Looking for as much as I can find... Thanks Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43869&t=43836 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Give up...Cannot ping from one spoke to another?? [7:43795]
Yes, policy routing could very well be the solution without using FR map statements. But how would I go about doing this? I mean what kind of policy routing needs to be in place on the spoke so that I can ping to the other spoke (going thru the Hub rtr). And thus, get to the Ethernets of the spoke routers. The hub router is the only one that can get to the ethernets on the spokes and the spoke routers can ONLY get to the ethernet of the hub router not to the ethernet of the other spoke. Could it be just static routes on the hub router pointing the next hop to the serial of the spoke router? I will try this. But any other ideas are gratefully appreciatedI have tired my eyes on CCO till 3:00am in the morning and still not find the freaking answer. Thank you. >From: Stephen Barlow >To: 'Cisco Nuts' >Subject: RE: Give up...Cannot ping from one spoke to another?? [7:43795] >Date: Fri, 10 May 2002 07:58:19 -0400 > >I believe policy routing or frame maps on each spoke would solve it. Is >the >next hop of the spokes the other spoke? If yes, frame needs a layer 2 (or >routing) to get around this. >Hope it helps > >Steve > >-Original Message- >From: Cisco Nuts [mailto:[EMAIL PROTECTED]] >Sent: May 9, 2002 9:15 PM >To: [EMAIL PROTECTED] >Subject: Give up...Cannot ping from one spoke to another?? [7:43795] > > >Hello, > >I have RTA configed as a FR hub with multipoint subif. I have RTB, RTC and >RTE configed as spokes using only the serial intf. - FR network type >Non-Broadcast. Have 1 single FR map statement on the spokes pointing to the >hub. Have 3 map statements on the hub pointing back to each of the 3 >spokes. > >Have Ospf configed. Area 0 the FR network for the serials. Area 1 on RTA, >Area 10 on RTB and Area 4 on RTE each for the Ethernet side. Also have the >neighbor statement on each spoke pointing to the hub with a priority of 2. > >A show ip route reveals all the OSPF networks (O IA routes) on each router. >I can only ping from the hub router RTA to networks on the spoke routers >BUT > >I cannot ping from one spoke router to a network on another spoke router >EVEN though the routes are in the routing table? > >Why is that? > >A CATCH: I am not allowed to use the ip ospf network command anywhere nor >FR > >map statements on each spoke pointing to the other spokes?? > >What is the way that will allow me to ping from RTB to RTC thru RTA the hub >router? > >I tried the default-information originate on the hub rtr. RTA but this does >not seem to help - even though it installs a default route on each spoke >router. > >I am giving up after tiring me eyes on CCO. > >Anyone with any ideas? > >Thank you for your help. > > > > > >_ >MSN Photos is the easiest way to share and print your photos: >http://photos.msn.com/support/worldwide.aspx >This e-mail message is intended only for the person or entity to which it >is addressed >and is confidential, subject to copyright and may be legally privileged. >Any >unauthorized review, use or disclosure is prohibited. If you received this >in error, >please contact the sender and delete all copies of the e-mail together with >any >attachments. > _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43867&t=43795 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Give up...Cannot ping from one spoke to another?? [7:43795]
No, I have not used the ip ospf network command on the spokes or the hub. All I have is 1 FR map statement and 1 neighbor statement on each spoke pointing to the hub rtr. Yes, the hub is the DR(with the command #neigbor 10.10.1.1 priority 2 on the spokes) NO, no redistribution of routes either. >From what I can make out, the spoke routers are advertising the routes to the hub and then the hub router is advertising it out to the other spokes. This is why I see the networks in the routing table of all the routers. BUT, I cannot ping from one spoke to another and thus obviously, cannot ping from one ethernet of one spoke to the ethernet of another spoke. Using FR map statments on the spoke routers is the solution. But the whole goal of this is NOT layer 3 to layer 2, Just a layer 3 routing solution...which obviously, I do not know how or what? What could be the possible way for me to ping from one spoke to another WITHOUT using FR map statements?? Thank you for your help. >From: "Greene, Patrick" >Reply-To: "Greene, Patrick" >To: [EMAIL PROTECTED] >Subject: RE: Give up...Cannot ping from one spoke to another?? [7:43795] >Date: Fri, 10 May 2002 09:26:38 -0400 > >If are not using the "ip ospf network" command, then how are you >advertising your routes, static route and then redistrubute static >within OSPF? When you do a show routes on one of the hub routers, are >you seeing the routing table for all network in your WAN or just the 2 >network that router is connected to? > >Sincerely, >Patrick J Greene > > > >-Original Message- >From: Cisco Nuts [mailto:[EMAIL PROTECTED]] >Sent: Thursday, May 09, 2002 9:15 PM >To: [EMAIL PROTECTED] >Subject: Give up...Cannot ping from one spoke to another?? [7:43795] > > >Hello, > >I have RTA configed as a FR hub with multipoint subif. I have RTB, RTC >and >RTE configed as spokes using only the serial intf. - FR network type >Non-Broadcast. Have 1 single FR map statement on the spokes pointing to >the >hub. Have 3 map statements on the hub pointing back to each of the 3 >spokes. > >Have Ospf configed. Area 0 the FR network for the serials. Area 1 on >RTA, >Area 10 on RTB and Area 4 on RTE each for the Ethernet side. Also have >the >neighbor statement on each spoke pointing to the hub with a priority of >2. > >A show ip route reveals all the OSPF networks (O IA routes) on each >router. >I can only ping from the hub router RTA to networks on the spoke routers >BUT >I cannot ping from one spoke router to a network on another spoke router > >EVEN though the routes are in the routing table? > >Why is that? > >A CATCH: I am not allowed to use the ip ospf network command anywhere >nor FR >map statements on each spoke pointing to the other spokes?? > >What is the way that will allow me to ping from RTB to RTC thru RTA the >hub >router? > >I tried the default-information originate on the hub rtr. RTA but this >does >not seem to help - even though it installs a default route on each spoke > >router. > >I am giving up after tiring me eyes on CCO. > >Anyone with any ideas? > >Thank you for your help. > > > > > >_ >MSN Photos is the easiest way to share and print your photos: >http://photos.msn.com/support/worldwide.aspx _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43866&t=43795 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Give up...Cannot ping from one spoke to another?? [7:43795]
That's the catch.I am not allowed to use the fr map statements pointing from one spoke to another.( as I mentioned in my initial mail). That obviously would work!! :-) Would you know of any way? I just cannot find the answer!! >From: "eejioforManny" >To: "Cisco Nuts" >Subject: Re: Give up...Cannot ping from one spoke to another?? [7:43795] >Date: Fri, 10 May 2002 06:53:42 -0400 > >CISCONUT >You need a mapping statement from each of the spoke to the other 2 spoke >for >your ping to work since there is no direct pvc connectivity between the >apokes. > >Try that and let the group know you made out > >Thanks >- Original Message - >From: "Cisco Nuts" >To: >Sent: Thursday, May 09, 2002 9:14 PM >Subject: Give up...Cannot ping from one spoke to another?? [7:43795] > > > > Hello, > > > > I have RTA configed as a FR hub with multipoint subif. I have RTB, RTC >and > > RTE configed as spokes using only the serial intf. - FR network type > > Non-Broadcast. Have 1 single FR map statement on the spokes pointing to >the > > hub. Have 3 map statements on the hub pointing back to each of the 3 >spokes. > > > > Have Ospf configed. Area 0 the FR network for the serials. Area 1 on >RTA, > > Area 10 on RTB and Area 4 on RTE each for the Ethernet side. Also have >the > > neighbor statement on each spoke pointing to the hub with a priority of >2. > > > > A show ip route reveals all the OSPF networks (O IA routes) on each >router. > > I can only ping from the hub router RTA to networks on the spoke routers >BUT > > I cannot ping from one spoke router to a network on another spoke router > > EVEN though the routes are in the routing table? > > > > Why is that? > > > > A CATCH: I am not allowed to use the ip ospf network command anywhere >nor >FR > > map statements on each spoke pointing to the other spokes?? > > > > What is the way that will allow me to ping from RTB to RTC thru RTA the >hub > > router? > > > > I tried the default-information originate on the hub rtr. RTA but this >does > > not seem to help - even though it installs a default route on each spoke > > router. > > > > I am giving up after tiring me eyes on CCO. > > > > Anyone with any ideas? > > > > Thank you for your help. > > > > > > > > > > > > _ > > MSN Photos is the easiest way to share and print your photos: > > http://photos.msn.com/support/worldwide.aspx _ Chat with friends online, try MSN Messenger: http://messenger.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43864&t=43795 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Certification Digest V2 #2068 (Vacation) [7:43860]
I will be on vacation from 5-7-02 to 5-22-02. Any matter regarding network management please forward to Bob Taylor @ 213-979-0032. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43860&t=43860 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: dual-homed hosts problems [7:43677]
At 12:35 PM 5/10/02, Maximus wrote: >Sorry list members, the spell-checker changed OSPF to SOP. I think OSPF should be SOB. Just kidding! :-) Priscilla >- Original Message - >From: "Maximus" >To: >Sent: Friday, May 10, 2002 12:40 PM >Subject: Re: dual-homed hosts problems [7:43677] > > > > I may be wrong but your friend is using a routing protocol and therefore >the > > below would not apply to the scenario. > > As for running SOP on the server IMHO it would be overkill for this >specific > > situation. "Keep it simple." > > Would I run SOP on a server? > > Depends on why I had the server built in the first place. Have a nice >day! > > > > - Original Message - > > From: "Jeffrey Reed" > > To: > > Sent: Friday, May 10, 2002 8:27 AM > > Subject: RE: dual-homed hosts problems [7:43677] > > > > > > > I just talked to someone yesterday who said they are running OSPF on the > > > WIN2000 servers and using dual NICs effectively. Is this a better way to > > > dual home servers? > > > > > > Jeffrey Reed > > > Classic Networking, Inc. > > > > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > Galo > > > Villacis > > > Sent: Thursday, May 09, 2002 7:18 PM > > > To: [EMAIL PROTECTED] > > > Subject: Re: dual-homed hosts problems [7:43677] > > > > > > I believe your issue may relate to the single IP stack on 2000. Try > > > defaulting traffic to the internet and adding a static route to the > > internal > > > network opposed to specifying the gateway on the internal IP interface. > > > Also I would go as far as disabling any NETBIOS on the external >interface > > > for security. > > > > > > cmd would be: > > > > > > route add -p Network Mask Gateway > > > > > > - Original Message - > > > From: "Henrique Duarte" > > > To: > > > Sent: Thursday, May 09, 2002 5:48 PM > > > Subject: Re: dual-homed hosts problems [7:43677] > > > > > > > > > > Bulent, > > > > > > > > Thank you for the reply. I am afraid you may have misunderstood this > > > > problem. Allow me to be more clear: > > > > > > > > > > > > 192.168.0.1 - 192.168.0.150 - Host A - >128.59.39.3 > > > > | (dual > > > homed > > > > server) > > > > | > > > > | > > > > | > > > > | > > > > | > > > > 128.59.39.2 > > > > router A >router > > > > C Internet > > > > | > > > > 192.168.1.1 > > > > | > > > > | > > > >T1 > > > > | > > > > | > > > > 192.168.1.2 > > > > | > > > > router B > > > > | > > > > 192.168.2.1 > > > > > > > > > > > > The problem happens on Host A. Host A is a WebServer with 2 > > interfaces: > > > a > > > > public (which goes out to the internet) and a private (which talks to > > the > > > > database). The private interface has IP 192.168.0.150 and default GW > > > > 192.168.0.1. The public has ip 128.59.39.3 and default GW >128.59.39.2. > > > > Everything works fine if I leave the private interface's default GW > > blank. > > > > If I put Router C's address as the private interface's default >gateway, > > > > after some time I cannot ping anywhere from Host A, even though I can > > ping > > > > it from the outside world. I need to have the private interface > > > configured > > > > with 192.168.0.1 as the default GW because remote users need to be >able > > to > > > > connect to that server via the back-end T1. Any light would be >greatly > > > > appreciated. > > > > > > > > Thanks, > > > > > > > > -H > > > > > > > > > > > > - Original Message - > > > > From: "B|lent ^ahin" > > > > To: > > > > Sent: Thursday, May 09, 2002 3:17 AM > > > > Subject: RE: dual-homed hosts problems [7:43677] > > > > > > > > > > > > > When configuring ethernet interfaces on MS environment, you have >three > > > > blank > > > > > spaces to fill: IP_address, Subnet_mask and Default_gateway. So the > > > people > > > > > start to think every ethernet interface as a router: "This interface > > > will > > > > > route IP packets to the other interface, so the default gateway of >the > > > > first > > > > > interface should be same as the IP address of the second >interface.", > > > but > > > > > there is one router on the PC: CPU. Try to configure only one >default > > > > > gateway. You can use the command "route print" to see what happens > > when > > > > you > > > > > configure two or more default gateways. > > > > > > > > > > Bulent > > > > > > > > > > > > > > > -Original Message- > > > > > From: Henrique Duarte [mailto:[EMAIL PROTECTED]] > > > > > Sent: Thursday, May 09, 2002 12:39 AM > > > > > To: [EMAIL PROTECTED] > > > > > Subject: dual-homed hosts problems [7:43677] > > > > > > > > > > > > > > > Hello All, > > > > > > > > > > I am working on some dual homed servers at a co-location where there > > is > > > a > > > > > public and private interface on each. The public interfaces attach >to > > > the > > >
Re: Recommended study books for CCNP routing (BSCN) [7:43713]
Could you please help us with the url or paths to those cisco docs you used. Thanks and best regards. Joe "ashish" Sent by: [EMAIL PROTECTED] 05/09/2002 01:14 PM AST Please respond to "ashish" To: [EMAIL PROTECTED] cc: bcc: Subject: Re: Recommended study books for CCNP routing (BSCN) [7:43713] docs in cisco site are also very informative... sometimes i find them better than any book - Original Message - From: Tel Khan To: Sent: Thursday, May 09, 2002 6:15 AM Subject: RE: Recommended study books for CCNP routing (BSCN) [7:43713] > Hi, > > I have the following; > > 640-503 - Routing Exam Cert guide by Clare Gough > 640-504 - Switching Exam Cert guide by Tim Boyles an Dave Hucaby > 640-505 - Remote Access Cert Guide by Brian Morgan > 640-506 - Supoort Cert Guide by Amir S.Ranjbar > > I used both Cisco an Sybex for the Routing i'm now onto the Switching. > > Good luck > > Regards > > Tel = Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43858&t=43713 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: why I can't use normal ping in new router??? [7:43709]
At 04:20 AM 5/10/02, Kenny Smith wrote: >sorry me again, I think I know why my router can't query the DNS. The reason >is when I do a extended ping as follow, it tried to query the DNS server for >real IP with the source address of the serial0 (default) before we can >specify to use ethernet0 as the source address. And ISP never advertise >route for the serial link. That's why I can't query the DNS. How do you >think?? I think that's it. Ping should let you specify the source first! You could report that to Cisco. Priscilla > >2500new#ping > >Protocol [ip]: > >Target IP address: www.channelnewsasia.com > >Translating "www.channelnewsasia.com"...domain server (203.116.1.93) > >(203.116.254.150) > > > >% Bad IP address > > >From: "Kenny Smith" > >Reply-To: "Kenny Smith" > >To: [EMAIL PROTECTED] > >Subject: Re: why I can't use normal ping in new router??? [7:43709] > >Date: Fri, 10 May 2002 02:58:45 -0400 > > > >Thanks.. Priscilla.. I understamd what you mean about the route issue and I > >think it is right. But I have one more issue. That's the DNS. I > >tried to test whether new DNS is working or not with the following. But it > >always give me Bad IP address, but the DNS IP is proven to be working when > >we put it to our proxy. Beside, when I do the same thing in my old router, > >it did get translated. Why my new router DNS can't resolve my URL while > >the > >DNS is proven to be to working fine?? > > > >2500new#ping > >Protocol [ip]: > >Target IP address: www.channelnewsasia.com > >Translating "www.channelnewsasia.com"...domain server (203.116.1.93) > >(203.116.254.150) > > > >% Bad IP address > > > >2500old#ping > >Protocol [ip]: > >Target IP address: www.channelnewsasia.com > >Translating "www.channelnewsasia.com"...domain server (210.80.58.205) [OK] > > > >Repeat count [5]: > >Datagram size [100]: > >Timeout in seconds [2]: > >Extended commands [n]: > >Sweep range of sizes [n]: > >Type escape sequence to abort. > >Sending 5, 100-byte ICMP Echos to 202.172.227.114, timeout is 2 seconds: > >!!.!! > >Success rate is 80 percent (4/5), round-trip min/avg/max = 196/253/324 ms > > > > > > >From: "Priscilla Oppenheimer" > > >Reply-To: "Priscilla Oppenheimer" > > >To: [EMAIL PROTECTED] > > >Subject: Re: why I can't use normal ping in new router??? [7:43709] > > >Date: Thu, 9 May 2002 17:17:19 -0400 > > > > > >Would upgrading solve his problem? > > > > > >At 03:00 PM 5/9/02, Larry Letterman wrote: > > > >I didn't say 10.3 would not handle it, did I...I just said to update > >the > > > >ios because its old... > > > > > > > >Larry Letterman > > > >Cisco Systems > > > >[EMAIL PROTECTED] > > > >- Original Message - > > > >From: "Priscilla Oppenheimer" > > > >To: > > > >Sent: Thursday, May 09, 2002 10:37 AM > > > >Subject: Re: why I can't use normal ping in new router??? [7:43709] > > > > > > > > > > > > > At 03:57 AM 5/9/02, Larry Letterman wrote: > > > > > >Update the IOS to something modern... > > > > > > > > > > Do you work for TAC? Cisco IOS 10.3 could certainly handle ping just > > >fine. > > > > > ;-) > > > > > > > > > > I have a guess. Notice that the serial link has a subnet mask of > > > > > 255.255.255.252. This is a subnet mask that you typically see on a > > > > > point-to-point link with just two devices on it (the routers at > >either > > > > > end). The link has no purpose other than to connect the customer's > >LAN > > >to > > > > > the ISP. Hence, there's no reason for the ISP to advertise a route > >to > > >that > > > > > point-to-point 100.20.90.56/30 network. In fact, for security > >reasons, > > > >it's > > > > > probably a good idea to make sure there is not a route to this > > >dedicated > > > > > network that has just two memebers, the two router interfaces. > > > > > > > > > > So, this means that there's no way for a ping reply to get back to > >the > > > > > 100.20.90.58 address. > > > > > > > > > > Now, the LAN is addressed with a network number and subnet mask that > > >you > > > > > might see used for a typical small customer (60.80.200.113 > > > > > 255.255.255.240). Undoubtedly, there are no problems getting back to > > >this > > > > > LAN. The fact that he can surf the Web proves that point. > > > > > > > > > > Priscilla > > > > > > > > > > > > > > > > > > > > > > > > > >Larry Letterman > > > > > >Cisco Systems > > > > > >[EMAIL PROTECTED] > > > > > >- Original Message - > > > > > >From: "Kenny Smith" > > > > > >To: > > > > > >Sent: Thursday, May 09, 2002 12:20 AM > > > > > >Subject: RE: why I can't use normal ping in new router??? [7:43709] > > > > > > > > > > > > > > > > > > > Below is my config...why you think there is a route missing > > >somewhere, > > > >as > > > > > >I > > > > > > > can still use extended ping to ping and I can use it to surf net > > >as > > > > > >normal. > > > > > > > The only thing that I can't do is to normal ping from here.. > >What > > > >should > > > > > >me > > > > > > > the problem? It is related to the new ISP? > > > > >
Re: why I can't use normal ping in new router??? [7:43709]
Maybe the DNS replies can't back to the source either? I notice that the router hasn't give you a chance yet to say that it should use e0 as source instead of s0. Can you ping the DNS server from the router? Do you have to make sure to use e0 as the source to successfully ping the DNS server? Priscilla At 02:58 AM 5/10/02, Kenny Smith wrote: >Thanks.. Priscilla.. I understamd what you mean about the route issue and I >think it is right. But I don't have one more issue. That's the DNS. I >tried to test whether new DNS is working or not with the following. But it >always give me Bad IP address, but the DNS IP is proven to be working when >we put it to our proxy. Beside, when I do the same thing in my old router, >it did get translated. Why my new router DNS can't resolve my URL while the >DNS is proven to be to working fine?? > >2500new#ping >Protocol [ip]: >Target IP address: www.channelnewsasia.com >Translating "www.channelnewsasia.com"...domain server (203.116.1.93) >(203.116.254.150) > >% Bad IP address > >2500old#ping >Protocol [ip]: >Target IP address: www.channelnewsasia.com >Translating "www.channelnewsasia.com"...domain server (210.80.58.205) [OK] > >Repeat count [5]: >Datagram size [100]: >Timeout in seconds [2]: >Extended commands [n]: >Sweep range of sizes [n]: >Type escape sequence to abort. >Sending 5, 100-byte ICMP Echos to 202.172.227.114, timeout is 2 seconds: >!!.!! >Success rate is 80 percent (4/5), round-trip min/avg/max = 196/253/324 ms > > > >From: "Priscilla Oppenheimer" > >Reply-To: "Priscilla Oppenheimer" > >To: [EMAIL PROTECTED] > >Subject: Re: why I can't use normal ping in new router??? [7:43709] > >Date: Thu, 9 May 2002 17:17:19 -0400 > > > >Would upgrading solve his problem? > > > >At 03:00 PM 5/9/02, Larry Letterman wrote: > > >I didn't say 10.3 would not handle it, did I...I just said to update the > > >ios because its old... > > > > > >Larry Letterman > > >Cisco Systems > > >[EMAIL PROTECTED] > > >- Original Message - > > >From: "Priscilla Oppenheimer" > > >To: > > >Sent: Thursday, May 09, 2002 10:37 AM > > >Subject: Re: why I can't use normal ping in new router??? [7:43709] > > > > > > > > > > At 03:57 AM 5/9/02, Larry Letterman wrote: > > > > >Update the IOS to something modern... > > > > > > > > Do you work for TAC? Cisco IOS 10.3 could certainly handle ping just > >fine. > > > > ;-) > > > > > > > > I have a guess. Notice that the serial link has a subnet mask of > > > > 255.255.255.252. This is a subnet mask that you typically see on a > > > > point-to-point link with just two devices on it (the routers at either > > > > end). The link has no purpose other than to connect the customer's LAN > >to > > > > the ISP. Hence, there's no reason for the ISP to advertise a route to > >that > > > > point-to-point 100.20.90.56/30 network. In fact, for security reasons, > > >it's > > > > probably a good idea to make sure there is not a route to this > >dedicated > > > > network that has just two memebers, the two router interfaces. > > > > > > > > So, this means that there's no way for a ping reply to get back to the > > > > 100.20.90.58 address. > > > > > > > > Now, the LAN is addressed with a network number and subnet mask that > >you > > > > might see used for a typical small customer (60.80.200.113 > > > > 255.255.255.240). Undoubtedly, there are no problems getting back to > >this > > > > LAN. The fact that he can surf the Web proves that point. > > > > > > > > Priscilla > > > > > > > > > > > > > > > > > > > > >Larry Letterman > > > > >Cisco Systems > > > > >[EMAIL PROTECTED] > > > > >- Original Message - > > > > >From: "Kenny Smith" > > > > >To: > > > > >Sent: Thursday, May 09, 2002 12:20 AM > > > > >Subject: RE: why I can't use normal ping in new router??? [7:43709] > > > > > > > > > > > > > > > > Below is my config...why you think there is a route missing > >somewhere, > > >as > > > > >I > > > > > > can still use extended ping to ping and I can use it to surf net > >as > > > > >normal. > > > > > > The only thing that I can't do is to normal ping from here.. What > > >should > > > > >me > > > > > > the problem? It is related to the new ISP? > > > > > > > > > > > > 2500new#sh conf > > > > > > Using 1561 out of 32762 bytes > > > > > > ! > > > > > > version 10.3 > > > > > > no service finger > > > > > > service password-encryption > > > > > > no service udp-small-servers > > > > > > no service tcp-small-servers > > > > > > ! > > > > > > hostname 2500new > > > > > > ! > > > > > > enable secret xx > > > > > > ! > > > > > > ip subnet-zero > > > > > > no ip source-route > > > > > > ! > > > > > > interface Ethernet0 > > > > > > description To Office Ethernet > > > > > > ip address 60.80.200.113 255.255.255.240 > > > > > > no ip directed-broadcast > > > > > > ip accounting output-packets > > > > > > ip route-cache same-interface > > > > > > ! > > > > > > interface Serial0 > > > > > > description XXX > > > > > > ip address 100.20.90.58 255.255.255.252 >
Re: CCIE communication and services [7:43714]
Allright. Sean Knox has pretty much nailed it on the head. But let me try one more time. To become a R/S CCIE you must #1) pass the R/S written #2) pass the R/S lab To become a Security CCIE you must #1)pass the Security written #2) pass the Security lab To become a C/S CCIE you must #1)Pass one of 8 possible C/S writtens - or - have passed either the old ISPDial or WAN-switching CCIE writtens back when they were still available (so if you have never done this, then unless you have a time machine, you cannot do it now) #2)Pass the C/S lab. Bottom line - the labs are absolutely NOT the same for all three, believe me. I've tried all 3 labs, and they are significantly different. There are some base-level similarities, but beyond that they are quite divergent. If you don't believe me, read their descriptions: http://www.cisco.com/warp/public/625/ccie/certifications/services.html#4 http://www.cisco.com/warp/public/625/ccie/certifications/routing.html#4 http://www.cisco.com/warp/public/625/ccie/certifications/security.html#4 ""Sean Knox"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > The lab is not the same for all three. As nrf has repeatedly tried to tell > you, they are three SEPARATE tracks. To achieve the R/S CCIE, you need to > pass the R/S written and the R/S CCIE Lab. To get your C/S CCIE, even if you > already have, say, you R/S CCIE *completed*, you still need to complete the > C/S written then take the C/S lab. > > Sean > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > Sent: Friday, May 10, 2002 5:07 AM > > To: [EMAIL PROTECTED] > > Subject: Re: CCIE communication and services [7:43714] > > > > > > Sorry, I guess that wasn't very clear. Suppose you attain an > > R/S CCIE and > > now wish to go for security or C/S. As the lab is the same > > for all three, is > > it necessary to keep retaking the lab or will the written be enough? I > > assume you probably do have to take the lab again, however > > since it is the > > same test you have already passed,it just seems redundant. > > > > nrf wrote: > > > > > > Uh, what? I don't understand your question. If you're saying > > > that you're > > > thinking that you can just keep getting more than one C/S CCIE > > > by taking > > > that lab over and over again (but by passing different C/S > > > writtens), then > > > the answer is absolutely not. Contrary to what many people > > > believe, there > > > are no different 'flavors' of the C/S. There is only 1 C/S > > > CCIE, and you're > > > either a C/S CCIE or you're not. And really, this makes > > > perfect sense, > > > since there is only one unified C/S lab which every C/S > > > candidate takes, no > > > matter which written he/she passed. > > > > > > > > > > > > > > > ""Jason Owens"" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Based on your post above, as the lab is the same general > > > knowledge, would > > > > you need to keep taking it, providing you have passed it > > > once, to get more > > > > than one CCIE? Or would the various written exams suffice? > > > Just curious. > > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43848&t=43714 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISP Topology Design [7:43836]
I've recently gone through a redesign of a large ISP. There are excellent "best practices" types of ideas on NANOG's website in the form of old presentations. If you have any specific questions I can try to answer them. --- Mike Bernico [EMAIL PROTECTED] Illinois Century Network http://www.illinois.net (217) 557-6555 > -Original Message- > From: Chris Headings [mailto:[EMAIL PROTECTED]] > Sent: Friday, May 10, 2002 10:53 AM > To: [EMAIL PROTECTED] > Subject: ISP Topology Design [7:43836] > > > Hello all! > > Does anyone know of any books/material that would be geared > more toward ISP > network design? Looking for as much as I can find... > > Thanks > > > Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43845&t=43836 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Need help on crtl-shift-6 [7:43844]
I found it difficult to use crtl-shift-6 to get back the terminal server. Sometimes okay but sometimes not! Can anyone help me? Can I change this with a simplier key? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43844&t=43844 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
What to do........ 2 parts [7:43843]
this is a 2 part question that I hope to hear everyone's opinion on. 1. What to do next? Im done with ccnp, is it worth it to move to ccda\dp, what about css1, or just shoot for the ccie. i know that ccie will cost the most by far, and the others could give me more of a foundation to build on for ccie, but is it worth the wait or would you reccomend i just start buckleing down for the IE? SO MANY QUESTIONS 2. If I do start to study for CCIE, what kind of a lab should I build I probably wont take the lab for 12-18 months and the equipment list could change(token,atm,4500,2500,cat5k) What are the safest bets, or if someone could give me a link to a diagram of a very current lab i could plan from that. I think 2600,3600 are safe,, what else is a sure bet to be around? Is the set based switch going to make it? What is the best or least expensive ios based switch that you can train from?(cat x9xx layer 3?) I could really use some help here and i look forward to hearing from you all. Thanks Jason Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43843&t=43843 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: dual-homed hosts problems [7:43677]
Sorry list members, the spell-checker changed OSPF to SOP. - Original Message - From: "Maximus" To: Sent: Friday, May 10, 2002 12:40 PM Subject: Re: dual-homed hosts problems [7:43677] > I may be wrong but your friend is using a routing protocol and therefore the > below would not apply to the scenario. > As for running SOP on the server IMHO it would be overkill for this specific > situation. "Keep it simple." > Would I run SOP on a server? > Depends on why I had the server built in the first place. Have a nice day! > > - Original Message - > From: "Jeffrey Reed" > To: > Sent: Friday, May 10, 2002 8:27 AM > Subject: RE: dual-homed hosts problems [7:43677] > > > > I just talked to someone yesterday who said they are running OSPF on the > > WIN2000 servers and using dual NICs effectively. Is this a better way to > > dual home servers? > > > > Jeffrey Reed > > Classic Networking, Inc. > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Galo > > Villacis > > Sent: Thursday, May 09, 2002 7:18 PM > > To: [EMAIL PROTECTED] > > Subject: Re: dual-homed hosts problems [7:43677] > > > > I believe your issue may relate to the single IP stack on 2000. Try > > defaulting traffic to the internet and adding a static route to the > internal > > network opposed to specifying the gateway on the internal IP interface. > > Also I would go as far as disabling any NETBIOS on the external interface > > for security. > > > > cmd would be: > > > > route add -p Network Mask Gateway > > > > - Original Message - > > From: "Henrique Duarte" > > To: > > Sent: Thursday, May 09, 2002 5:48 PM > > Subject: Re: dual-homed hosts problems [7:43677] > > > > > > > Bulent, > > > > > > Thank you for the reply. I am afraid you may have misunderstood this > > > problem. Allow me to be more clear: > > > > > > > > > 192.168.0.1 - 192.168.0.150 - Host A - 128.59.39.3 > > > | (dual > > homed > > > server) > > > | > > > | > > > | > > > | > > > | > > > 128.59.39.2 > > > router A router > > > C Internet > > > | > > > 192.168.1.1 > > > | > > > | > > >T1 > > > | > > > | > > > 192.168.1.2 > > > | > > > router B > > > | > > > 192.168.2.1 > > > > > > > > > The problem happens on Host A. Host A is a WebServer with 2 > interfaces: > > a > > > public (which goes out to the internet) and a private (which talks to > the > > > database). The private interface has IP 192.168.0.150 and default GW > > > 192.168.0.1. The public has ip 128.59.39.3 and default GW 128.59.39.2. > > > Everything works fine if I leave the private interface's default GW > blank. > > > If I put Router C's address as the private interface's default gateway, > > > after some time I cannot ping anywhere from Host A, even though I can > ping > > > it from the outside world. I need to have the private interface > > configured > > > with 192.168.0.1 as the default GW because remote users need to be able > to > > > connect to that server via the back-end T1. Any light would be greatly > > > appreciated. > > > > > > Thanks, > > > > > > -H > > > > > > > > > - Original Message - > > > From: "B|lent ^ahin" > > > To: > > > Sent: Thursday, May 09, 2002 3:17 AM > > > Subject: RE: dual-homed hosts problems [7:43677] > > > > > > > > > > When configuring ethernet interfaces on MS environment, you have three > > > blank > > > > spaces to fill: IP_address, Subnet_mask and Default_gateway. So the > > people > > > > start to think every ethernet interface as a router: "This interface > > will > > > > route IP packets to the other interface, so the default gateway of the > > > first > > > > interface should be same as the IP address of the second interface.", > > but > > > > there is one router on the PC: CPU. Try to configure only one default > > > > gateway. You can use the command "route print" to see what happens > when > > > you > > > > configure two or more default gateways. > > > > > > > > Bulent > > > > > > > > > > > > -Original Message- > > > > From: Henrique Duarte [mailto:[EMAIL PROTECTED]] > > > > Sent: Thursday, May 09, 2002 12:39 AM > > > > To: [EMAIL PROTECTED] > > > > Subject: dual-homed hosts problems [7:43677] > > > > > > > > > > > > Hello All, > > > > > > > > I am working on some dual homed servers at a co-location where there > is > > a > > > > public and private interface on each. The public interfaces attach to > > the > > > > internet via a router while the private ones are on its own separate > > > private > > > > subnet. The private subnet is attached to another router, which > provides > > > > remote users access to the private network via a T1 line. I am > > > encountering > > > > the following issue. When I set the private interfaces' default > gateway > > to > > > > the private interface's router address, it w
Re: dual-homed hosts problems [7:43677]
I may be wrong but your friend is using a routing protocol and therefore the below would not apply to the scenario. As for running SOP on the server IMHO it would be overkill for this specific situation. "Keep it simple." Would I run SOP on a server? Depends on why I had the server built in the first place. Have a nice day! - Original Message - From: "Jeffrey Reed" To: Sent: Friday, May 10, 2002 8:27 AM Subject: RE: dual-homed hosts problems [7:43677] > I just talked to someone yesterday who said they are running OSPF on the > WIN2000 servers and using dual NICs effectively. Is this a better way to > dual home servers? > > Jeffrey Reed > Classic Networking, Inc. > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Galo > Villacis > Sent: Thursday, May 09, 2002 7:18 PM > To: [EMAIL PROTECTED] > Subject: Re: dual-homed hosts problems [7:43677] > > I believe your issue may relate to the single IP stack on 2000. Try > defaulting traffic to the internet and adding a static route to the internal > network opposed to specifying the gateway on the internal IP interface. > Also I would go as far as disabling any NETBIOS on the external interface > for security. > > cmd would be: > > route add -p Network Mask Gateway > > - Original Message - > From: "Henrique Duarte" > To: > Sent: Thursday, May 09, 2002 5:48 PM > Subject: Re: dual-homed hosts problems [7:43677] > > > > Bulent, > > > > Thank you for the reply. I am afraid you may have misunderstood this > > problem. Allow me to be more clear: > > > > > > 192.168.0.1 - 192.168.0.150 - Host A - 128.59.39.3 > > | (dual > homed > > server) > > | > > | > > | > > | > > | > > 128.59.39.2 > > router A router > > C Internet > > | > > 192.168.1.1 > > | > > | > >T1 > > | > > | > > 192.168.1.2 > > | > > router B > > | > > 192.168.2.1 > > > > > > The problem happens on Host A. Host A is a WebServer with 2 interfaces: > a > > public (which goes out to the internet) and a private (which talks to the > > database). The private interface has IP 192.168.0.150 and default GW > > 192.168.0.1. The public has ip 128.59.39.3 and default GW 128.59.39.2. > > Everything works fine if I leave the private interface's default GW blank. > > If I put Router C's address as the private interface's default gateway, > > after some time I cannot ping anywhere from Host A, even though I can ping > > it from the outside world. I need to have the private interface > configured > > with 192.168.0.1 as the default GW because remote users need to be able to > > connect to that server via the back-end T1. Any light would be greatly > > appreciated. > > > > Thanks, > > > > -H > > > > > > - Original Message - > > From: "B|lent ^ahin" > > To: > > Sent: Thursday, May 09, 2002 3:17 AM > > Subject: RE: dual-homed hosts problems [7:43677] > > > > > > > When configuring ethernet interfaces on MS environment, you have three > > blank > > > spaces to fill: IP_address, Subnet_mask and Default_gateway. So the > people > > > start to think every ethernet interface as a router: "This interface > will > > > route IP packets to the other interface, so the default gateway of the > > first > > > interface should be same as the IP address of the second interface.", > but > > > there is one router on the PC: CPU. Try to configure only one default > > > gateway. You can use the command "route print" to see what happens when > > you > > > configure two or more default gateways. > > > > > > Bulent > > > > > > > > > -Original Message- > > > From: Henrique Duarte [mailto:[EMAIL PROTECTED]] > > > Sent: Thursday, May 09, 2002 12:39 AM > > > To: [EMAIL PROTECTED] > > > Subject: dual-homed hosts problems [7:43677] > > > > > > > > > Hello All, > > > > > > I am working on some dual homed servers at a co-location where there is > a > > > public and private interface on each. The public interfaces attach to > the > > > internet via a router while the private ones are on its own separate > > private > > > subnet. The private subnet is attached to another router, which provides > > > remote users access to the private network via a T1 line. I am > > encountering > > > the following issue. When I set the private interfaces' default gateway > to > > > the private interface's router address, it works fine for about 10 > minutes > > > or so, but after that the server cannot ping and/or access the internet, > > > even though it is set with the public NIC to be the primary one. > However, > > as > > > soon as I take the default gateway out of the private interface NIC it > > works > > > fine and is able to ping the outside world. Does anyone have any ideas > why > > > this is happening and/or how to fix it? The servers are running Win
Re: ISP Topology Design [7:43836]
Internet Routing Architectures 2nd edition would be one. Dave Chris Headings wrote: > > Hello all! > > Does anyone know of any books/material that would be geared more toward ISP > network design? Looking for as much as I can find... > > Thanks > > Chris -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43841&t=43836 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CID Test wonderings [7:43678]
Just wondering...was this the new format or the old? Regards, Frank Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43839&t=43678 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE communication and services [7:43714]
The lab is not the same for all three. As nrf has repeatedly tried to tell you, they are three SEPARATE tracks. To achieve the R/S CCIE, you need to pass the R/S written and the R/S CCIE Lab. To get your C/S CCIE, even if you already have, say, you R/S CCIE *completed*, you still need to complete the C/S written then take the C/S lab. Sean > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Friday, May 10, 2002 5:07 AM > To: [EMAIL PROTECTED] > Subject: Re: CCIE communication and services [7:43714] > > > Sorry, I guess that wasn't very clear. Suppose you attain an > R/S CCIE and > now wish to go for security or C/S. As the lab is the same > for all three, is > it necessary to keep retaking the lab or will the written be enough? I > assume you probably do have to take the lab again, however > since it is the > same test you have already passed,it just seems redundant. > > nrf wrote: > > > > Uh, what? I don't understand your question. If you're saying > > that you're > > thinking that you can just keep getting more than one C/S CCIE > > by taking > > that lab over and over again (but by passing different C/S > > writtens), then > > the answer is absolutely not. Contrary to what many people > > believe, there > > are no different 'flavors' of the C/S. There is only 1 C/S > > CCIE, and you're > > either a C/S CCIE or you're not. And really, this makes > > perfect sense, > > since there is only one unified C/S lab which every C/S > > candidate takes, no > > matter which written he/she passed. > > > > > > > > > > ""Jason Owens"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Based on your post above, as the lab is the same general > > knowledge, would > > > you need to keep taking it, providing you have passed it > > once, to get more > > > than one CCIE? Or would the various written exams suffice? > > Just curious. > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43838&t=43714 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP Nexthop attribute propagation using RR [7:43730]
Peter, Seems to me, according to this: http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120 limit/120st/120st16/st_bgpnh.htm#xtocid188001 next-hop can be rewrote across IBGPs. I agree that the 2500 is doing something wrong, as the normal neighor based next-hop should only affect ebgp routes. Thanks Kent - Original Message - From: "Peter van Oene" [EMAIL PROTECTED] To: Sent: Thursday, May 09, 2002 1:29 PM Subject: RE: BGP Nexthop attribute propagation using RR [7:43730] > I have not seen an IOS that offers the ability to rewrite Next_Hop on an > IBGP connection. The behavior of the GSR in this case is what you should > expect. Juniper on the other hand will rewrite Next_Hop in this same > scenario and one needs to keep that in mind if you happen to work with both. > > Pete > > > At 12:00 PM 5/9/2002 -0400, JunoGuy wrote: > >What should happen is that on any RR, the NH should not be modified. The NH > >should be the originator of the route unless you set the NHS at the entry > >point to the network. I am not a Cisco expert but this does not sound > >correct for the GSR to still send out the originating NH even when the NHS > >is set. So in this case, I believe the 2500 is acting appropriately. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43837&t=43730 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISP Topology Design [7:43836]
Hello all! Does anyone know of any books/material that would be geared more toward ISP network design? Looking for as much as I can find... Thanks Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43836&t=43836 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE communication and services [7:43714]
OK. I have no idea if the labs are the same or not. I was basing my question on the earlier post. The deal is, you pass one of 8 possible writtens (although only 4 are available as of today), which consist of 50% general knowledge material, and the other 50% of subject-specific material, where those are defined on the Cisco website. Then, no matter which written you took, everybody takes the same lab which covers only general knowledge material. Good luck on your lab! Roberts, Larry wrote: > > Only one small flaw in logic. > > The labs are NOT the same. The security lab only has IP routing > , but it > also includes a PIX firewall as well as IDS and IOS FW problems. > Those are not present in the R&S lab ( Or at least this is what > Im told, I > haven't actually been to the lab. 45 days and counting ) > > > Thanks > > Larry > > -Original Message- > From: Jason Owens [mailto:[EMAIL PROTECTED]] > Sent: Friday, May 10, 2002 7:07 AM > To: [EMAIL PROTECTED] > Subject: Re: CCIE communication and services [7:43714] > > > Sorry, I guess that wasn't very clear. Suppose you attain an > R/S CCIE and > now wish to go for security or C/S. As the lab is the same for > all three, is > it necessary to keep retaking the lab or will the written be > enough? I > assume you probably do have to take the lab again, however > since it is the > same test you have already passed,it just seems redundant. > > nrf wrote: > > > > Uh, what? I don't understand your question. If you're > saying that > > you're thinking that you can just keep getting more than one > C/S CCIE > > by taking > > that lab over and over again (but by passing different C/S > > writtens), then > > the answer is absolutely not. Contrary to what many people > > believe, there > > are no different 'flavors' of the C/S. There is only 1 C/S > > CCIE, and you're > > either a C/S CCIE or you're not. And really, this makes > > perfect sense, > > since there is only one unified C/S lab which every C/S > > candidate takes, no > > matter which written he/she passed. > > > > > > > > > > ""Jason Owens"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Based on your post above, as the lab is the same general > > knowledge, would > > > you need to keep taking it, providing you have passed it > > once, to get more > > > than one CCIE? Or would the various written exams suffice? > > Just curious. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43835&t=43714 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Tag Switching [7:43830]
I don't believe it is possible to run MPLS or Tag-Switching on the 2500's. I purchased a few 4500M's pretty cheap which support most MPLS/Tag-Switching features. Otherwise it's the 2600's and up... -Michael Cohen -Original Message- From: James To: [EMAIL PROTECTED] Sent: 5/10/02 10:22 AM Subject: Tag Switching [7:43830] Hello all This is a rephrase of my previous question on MPLS. Does anyone know if it is possible to use Tag-switching on 2500 platforms ? I have tried using tag-switching ip interface command on 2511s on a test lab but the command is not available. Is there a different IOS version that I need, I am running on 12.2 enterprise ? Any info on this is greatly appreciated. Thank you James __ Do You Yahoo!? Yahoo! Shopping - Mother's Day is May 12th! http://shopping.yahoo.com Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. ThruPoint, Inc. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43834&t=43830 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE communication and services [7:43714]
Only one small flaw in logic. The labs are NOT the same. The security lab only has IP routing , but it also includes a PIX firewall as well as IDS and IOS FW problems. Those are not present in the R&S lab ( Or at least this is what Im told, I haven't actually been to the lab. 45 days and counting ) Thanks Larry -Original Message- From: Jason Owens [mailto:[EMAIL PROTECTED]] Sent: Friday, May 10, 2002 7:07 AM To: [EMAIL PROTECTED] Subject: Re: CCIE communication and services [7:43714] Sorry, I guess that wasn't very clear. Suppose you attain an R/S CCIE and now wish to go for security or C/S. As the lab is the same for all three, is it necessary to keep retaking the lab or will the written be enough? I assume you probably do have to take the lab again, however since it is the same test you have already passed,it just seems redundant. nrf wrote: > > Uh, what? I don't understand your question. If you're saying that > you're thinking that you can just keep getting more than one C/S CCIE > by taking > that lab over and over again (but by passing different C/S > writtens), then > the answer is absolutely not. Contrary to what many people > believe, there > are no different 'flavors' of the C/S. There is only 1 C/S > CCIE, and you're > either a C/S CCIE or you're not. And really, this makes > perfect sense, > since there is only one unified C/S lab which every C/S > candidate takes, no > matter which written he/she passed. > > > > > ""Jason Owens"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Based on your post above, as the lab is the same general > knowledge, would > > you need to keep taking it, providing you have passed it > once, to get more > > than one CCIE? Or would the various written exams suffice? > Just curious. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43832&t=43714 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP Based DLSAM [7:43827]
The 6260 IS basically an ATM switch. The IP functionalities are related to MPLS/VPN (Cell mode, or frame mode over VP), PPP termination (PPPoA, PPPoE, L2X tunnelling...) and ip routing (Eigrp, OSPF, ISIS, Rip, MP-BGP). As wan interface it doesn't have a Giga Ethernet or POS. It has only ATM interfaces (STM1, E3, 8E1IMA) And a 10Mb Ethernet for management. SO: it's just like a router with an ATM interface with ATM switching capabilities.. The advantage is that you do not have to place a big aggregator in the middle of the network. cheers davide cisco systems Friday, May 10, 2002, 4:11:33 PM, you wrote: GP> Does Cisco offer a IP based DSLAM that does not require ATM? All of the GP> current solutions I can find, like the 6260, are all IP+ATM. We have a GP> Gig MAN in place and do not want to overlay an ATM infrastructure just GP> to connect DSLAMs. We would like to just put a DSLAM in place, connect GP> it via Gig, or DS3 ( no ATM). GP> Sincerely, GP> Patrick J Greene Davide Ferrari cisco Systems New Service Provider Systems Engineer [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43833&t=43827 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP Based DLSAM [7:43827]
I'm 99% sure Cisco doesn't have any such thing though I bounce this off a DSL guy and he thought Cisco may be looking at something along those line. You may want to ping your local SE. Dave "Greene, Patrick" wrote: > > Does Cisco offer a IP based DSLAM that does not require ATM? All of the > current solutions I can find, like the 6260, are all IP+ATM. We have a > Gig MAN in place and do not want to overlay an ATM infrastructure just > to connect DSLAMs. We would like to just put a DSLAM in place, connect > it via Gig, or DS3 ( no ATM). > > Sincerely, > Patrick J Greene -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43831&t=43827 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Tag Switching [7:43830]
Hello all This is a rephrase of my previous question on MPLS. Does anyone know if it is possible to use Tag-switching on 2500 platforms ? I have tried using tag-switching ip interface command on 2511s on a test lab but the command is not available. Is there a different IOS version that I need, I am running on 12.2 enterprise ? Any info on this is greatly appreciated. Thank you James __ Do You Yahoo!? Yahoo! Shopping - Mother's Day is May 12th! http://shopping.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43830&t=43830 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: encapsulation failure on an 806 router [7:43813]
cut and paste your config in here so we can see what are doing. ""Dimitrije"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Got an 806 router with two Ethernet interfaces used for broadband access to > the > Internet. Ethernet 1 is typically the WAN interface pointing towards the > Internet router, while Ethernet 0 is a 4-port hub used for the local LAN. > > Everything works properly when the 806 is configured in the conventional way, > with WAN pointing toward Internet router. > > However, I have a VPN appliance (with dual Ethernet ports) that needs to be > in > parallel to the 806. So I wanted to set-up the 806 with Ethernet 0 (4 port > hub) > pointing toward the Internet router along with the public side of the VPN > applicance while Ethernet 1 of the 806 connected to the corporate LAN switch > along with the private side of the VPN. > > When I turn the 806 around like this, I get an "encapsulation failure" > message > during debug ip packet when sending data over the Ethernet 0 (4 port hub > connected to the Internet router), thus no packets get sent out that > Interface. > I get this error even after I do erase startup-config, reload and only > assign IP > addresses to the Ethernet Interfaces. I am not using PPPoe and my > encapsulation > type shows ARPA when I display a show interface for both Ethernet ports. > > any thoughts?? > dj Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43828&t=43813 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT configuration for 2 service providers [7:43820]
Overload it by port so you are doing PAT instead of NAT. Is NAT a requirement? If so then create a second pool however it cannot be the same ip addresses as the first pool. Perhaps you could layout your objective with a little more detail. ""brahmam lv"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi Friends, > > I have 2 Internet links working at present. One link terminated on Cisco > router and another link terminated on Telindus Crocus router ( which doesnt > have NAT functionality) To facilitate internet access i have configured NAT > on Cisco with overload, for second i have installed Windows 2000 NAT and > configured all clients with gateway as NAT. > > If i want to shift the second internet link to cisco device with 2 serial > ports, how do i create second NAT entry for 2nd provider. > > Could you please help me. > > Thanks in Advance > > Brahmam. > 415-339-0352 ex-0355 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43826&t=43820 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: why "ip inspect" block my traffic? [7:43802]
The command you reference is for context-based access control (cbac), part of the firewall feature set (ffs). What it is and how it works are clearly explained in the cisco documentation at cisco.com. Here's a shortcut link that gives you all the basics: http://www.cisco.com/warp/public/110/32.html Your config was munged, so it's hard to say why your having the problems you report. Offhand it sounds like a dns lookup problem, but that's just a guess. HTH, Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kenny Smith Sent: Thursday, May 09, 2002 7:51 PM To: [EMAIL PROTECTED] Subject: why "ip inspect" block my traffic? [7:43802] Hi.. Can you tell me what is the function of the following command ? My previous administrator configured it. But we found that the we can!&t surf the net thru this router. The www traffic take very long time to load and pass thru this router. But after I issue !'no ip inspect name fw in!(, we are able to access the web traffic. Why?? ip inspect name fw tcp ip inspect name fw udp ip inspect name fw smtp ip inspect name fw ftp interface ethernet0 !K!K!K!K. !K!K!K!K. interface ethernet1 !K!K!K!K.. !K!K!K!K.. ip inspect name fw _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43829&t=43802 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IP Based DLSAM [7:43827]
Does Cisco offer a IP based DSLAM that does not require ATM? All of the current solutions I can find, like the 6260, are all IP+ATM. We have a Gig MAN in place and do not want to overlay an ATM infrastructure just to connect DSLAMs. We would like to just put a DSLAM in place, connect it via Gig, or DS3 ( no ATM). Sincerely, Patrick J Greene Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43827&t=43827 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NAT configuration for 2 service providers [7:43820]
You can find lots of good info on Cisco NAT by surfing to cisco.com and searching for NAT tips. Here's a shortcut: http://www.cisco.com/warp/public/556/index.shtml And here's an example to help with your specific question: http://www.cisco.com/warp/public/105/nat_routemap.html This whitepaper might help also: http://www.cisco.com/warp/public/cc/pd/iosw/ioft/ionetn/tech/emios_wp.htm HTH, Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, May 10, 2002 4:57 AM To: [EMAIL PROTECTED] Subject: NAT configuration for 2 service providers [7:43820] Hi Friends, I have 2 Internet links working at present. One link terminated on Cisco router and another link terminated on Telindus Crocus router ( which doesnt have NAT functionality) To facilitate internet access i have configured NAT on Cisco with overload, for second i have installed Windows 2000 NAT and configured all clients with gateway as NAT. If i want to shift the second internet link to cisco device with 2 serial ports, how do i create second NAT entry for 2nd provider. Could you please help me. Thanks in Advance Brahmam. 415-339-0352 ex-0355 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43825&t=43820 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Give up...Cannot ping from one spoke to another?? [7:43795]
Iam a little late on this thread, first of all put your neighbor statement on the hub only pointing to the spokes. Next configure map statements from the spokes to the hub and to the other spokes and you should be okay. You should not have to change your network statement because by default a multipoint sub interface and the physical interface are non-broadcast. Also make sure the hub is the DR. hth Dennis Rogell CNE,NNSS,NNSE, CCNP nextiraone Email : [EMAIL PROTECTED] Phone: (954) 846-5128 > -Original Message- > From: Greene, Patrick [SMTP:[EMAIL PROTECTED]] > Sent: Friday, May 10, 2002 06:27 > To: [EMAIL PROTECTED] > Subject: RE: Give up...Cannot ping from one spoke to another?? > [7:43795] > > If are not using the "ip ospf network" command, then how are you > advertising your routes, static route and then redistrubute static > within OSPF? When you do a show routes on one of the hub routers, are > you seeing the routing table for all network in your WAN or just the 2 > network that router is connected to? > > Sincerely, > Patrick J Greene > > > > -Original Message- > From: Cisco Nuts [mailto:[EMAIL PROTECTED]] > Sent: Thursday, May 09, 2002 9:15 PM > To: [EMAIL PROTECTED] > Subject: Give up...Cannot ping from one spoke to another?? [7:43795] > > > Hello, > > I have RTA configed as a FR hub with multipoint subif. I have RTB, RTC > and > RTE configed as spokes using only the serial intf. - FR network type > Non-Broadcast. Have 1 single FR map statement on the spokes pointing to > the > hub. Have 3 map statements on the hub pointing back to each of the 3 > spokes. > > Have Ospf configed. Area 0 the FR network for the serials. Area 1 on > RTA, > Area 10 on RTB and Area 4 on RTE each for the Ethernet side. Also have > the > neighbor statement on each spoke pointing to the hub with a priority of > 2. > > A show ip route reveals all the OSPF networks (O IA routes) on each > router. > I can only ping from the hub router RTA to networks on the spoke routers > BUT > I cannot ping from one spoke router to a network on another spoke router > > EVEN though the routes are in the routing table? > > Why is that? > > A CATCH: I am not allowed to use the ip ospf network command anywhere > nor FR > map statements on each spoke pointing to the other spokes?? > > What is the way that will allow me to ping from RTB to RTC thru RTA the > hub > router? > > I tried the default-information originate on the hub rtr. RTA but this > does > not seem to help - even though it installs a default route on each spoke > > router. > > I am giving up after tiring me eyes on CCO. > > Anyone with any ideas? > > Thank you for your help. > > > > > > _ > MSN Photos is the easiest way to share and print your photos: > http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43824&t=43795 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Give up...Cannot ping from one spoke to another?? [7:43795]
If are not using the "ip ospf network" command, then how are you advertising your routes, static route and then redistrubute static within OSPF? When you do a show routes on one of the hub routers, are you seeing the routing table for all network in your WAN or just the 2 network that router is connected to? Sincerely, Patrick J Greene -Original Message- From: Cisco Nuts [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 09, 2002 9:15 PM To: [EMAIL PROTECTED] Subject: Give up...Cannot ping from one spoke to another?? [7:43795] Hello, I have RTA configed as a FR hub with multipoint subif. I have RTB, RTC and RTE configed as spokes using only the serial intf. - FR network type Non-Broadcast. Have 1 single FR map statement on the spokes pointing to the hub. Have 3 map statements on the hub pointing back to each of the 3 spokes. Have Ospf configed. Area 0 the FR network for the serials. Area 1 on RTA, Area 10 on RTB and Area 4 on RTE each for the Ethernet side. Also have the neighbor statement on each spoke pointing to the hub with a priority of 2. A show ip route reveals all the OSPF networks (O IA routes) on each router. I can only ping from the hub router RTA to networks on the spoke routers BUT I cannot ping from one spoke router to a network on another spoke router EVEN though the routes are in the routing table? Why is that? A CATCH: I am not allowed to use the ip ospf network command anywhere nor FR map statements on each spoke pointing to the other spokes?? What is the way that will allow me to ping from RTB to RTC thru RTA the hub router? I tried the default-information originate on the hub rtr. RTA but this does not seem to help - even though it installs a default route on each spoke router. I am giving up after tiring me eyes on CCO. Anyone with any ideas? Thank you for your help. _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43823&t=43795 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: dual-homed hosts problems [7:43677]
I just talked to someone yesterday who said they are running OSPF on the WIN2000 servers and using dual NICs effectively. Is this a better way to dual home servers? Jeffrey Reed Classic Networking, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Galo Villacis Sent: Thursday, May 09, 2002 7:18 PM To: [EMAIL PROTECTED] Subject: Re: dual-homed hosts problems [7:43677] I believe your issue may relate to the single IP stack on 2000. Try defaulting traffic to the internet and adding a static route to the internal network opposed to specifying the gateway on the internal IP interface. Also I would go as far as disabling any NETBIOS on the external interface for security. cmd would be: route add -p Network Mask Gateway - Original Message - From: "Henrique Duarte" To: Sent: Thursday, May 09, 2002 5:48 PM Subject: Re: dual-homed hosts problems [7:43677] > Bulent, > > Thank you for the reply. I am afraid you may have misunderstood this > problem. Allow me to be more clear: > > > 192.168.0.1 - 192.168.0.150 - Host A - 128.59.39.3 > | (dual homed > server) > | > | > | > | > | > 128.59.39.2 > router A router > C Internet > | > 192.168.1.1 > | > | >T1 > | > | > 192.168.1.2 > | > router B > | > 192.168.2.1 > > > The problem happens on Host A. Host A is a WebServer with 2 interfaces: a > public (which goes out to the internet) and a private (which talks to the > database). The private interface has IP 192.168.0.150 and default GW > 192.168.0.1. The public has ip 128.59.39.3 and default GW 128.59.39.2. > Everything works fine if I leave the private interface's default GW blank. > If I put Router C's address as the private interface's default gateway, > after some time I cannot ping anywhere from Host A, even though I can ping > it from the outside world. I need to have the private interface configured > with 192.168.0.1 as the default GW because remote users need to be able to > connect to that server via the back-end T1. Any light would be greatly > appreciated. > > Thanks, > > -H > > > - Original Message - > From: "B|lent ^ahin" > To: > Sent: Thursday, May 09, 2002 3:17 AM > Subject: RE: dual-homed hosts problems [7:43677] > > > > When configuring ethernet interfaces on MS environment, you have three > blank > > spaces to fill: IP_address, Subnet_mask and Default_gateway. So the people > > start to think every ethernet interface as a router: "This interface will > > route IP packets to the other interface, so the default gateway of the > first > > interface should be same as the IP address of the second interface.", but > > there is one router on the PC: CPU. Try to configure only one default > > gateway. You can use the command "route print" to see what happens when > you > > configure two or more default gateways. > > > > Bulent > > > > > > -Original Message- > > From: Henrique Duarte [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, May 09, 2002 12:39 AM > > To: [EMAIL PROTECTED] > > Subject: dual-homed hosts problems [7:43677] > > > > > > Hello All, > > > > I am working on some dual homed servers at a co-location where there is a > > public and private interface on each. The public interfaces attach to the > > internet via a router while the private ones are on its own separate > private > > subnet. The private subnet is attached to another router, which provides > > remote users access to the private network via a T1 line. I am > encountering > > the following issue. When I set the private interfaces' default gateway to > > the private interface's router address, it works fine for about 10 minutes > > or so, but after that the server cannot ping and/or access the internet, > > even though it is set with the public NIC to be the primary one. However, > as > > soon as I take the default gateway out of the private interface NIC it > works > > fine and is able to ping the outside world. Does anyone have any ideas why > > this is happening and/or how to fix it? The servers are running Windows > 2000 > > Server and the T1 router is a Cisco 1601. > > > > Thanks, > > > > -Henrique Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43822&t=43677 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE communication and services [7:43714]
Sorry, I guess that wasn't very clear. Suppose you attain an R/S CCIE and now wish to go for security or C/S. As the lab is the same for all three, is it necessary to keep retaking the lab or will the written be enough? I assume you probably do have to take the lab again, however since it is the same test you have already passed,it just seems redundant. nrf wrote: > > Uh, what? I don't understand your question. If you're saying > that you're > thinking that you can just keep getting more than one C/S CCIE > by taking > that lab over and over again (but by passing different C/S > writtens), then > the answer is absolutely not. Contrary to what many people > believe, there > are no different 'flavors' of the C/S. There is only 1 C/S > CCIE, and you're > either a C/S CCIE or you're not. And really, this makes > perfect sense, > since there is only one unified C/S lab which every C/S > candidate takes, no > matter which written he/she passed. > > > > > ""Jason Owens"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Based on your post above, as the lab is the same general > knowledge, would > > you need to keep taking it, providing you have passed it > once, to get more > > than one CCIE? Or would the various written exams suffice? > Just curious. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43821&t=43714 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Designing a enterprise ,by Application not user [7:43614]
Hi i am int the proccess of re-designing a network for 1,000 users over 4 sites , in 1 city. and for the Lan`s themselfs i am thinking of changing my approch i usually follow all the standard design principal`s laid down by Miss P , and Mr H..( MANY THANKS..)but i am interested in changing the way i do things.. in particularly user bandwidth requirment .. when i go about the task of a re-design i usually group all my users into user groups and define the amount of bandwidth needed from there... i.e power users/traders will need a 100 meg connection and use on average 20% of it .. ordinary users need 10 meg and will use 30-40% on average.. servers need multiple 100/1000 meg (depends on layout) and will use 60% of it (these figures are based a on a very loose generic standard 8 hours ..so dont slate me to much) then i would calculate how much i need ...( taking into account the layout of the users ...which floor they are on) power users run a constant feed of data from a broadcast server users dont always have constant open connections ( i.e there level of traffic can stay at 1% for long periods...while working on a static download form) servers are constantly acessing multiple feeds and there traffic is preety much constant ... what t i am thinking of doing here is instead of segragating the users by type i was thinking about segragating them by the applications they use .. i.e Lotus notes/exchnage needs x bandwidth per port Web needs X bandwidth per port SQL/Oracle needs X bandwidth per port Server-server needs Z bandwidth per port i was thinking that this would give me a more acurate idea of how much bandwidth the users will need ..and therefore giving a more concentrated focus of network resources. this way i could use (a sort of) QOS on the lan to direct the bandwidth were it was needed...instead of just building a "standard" network which is OK for everyonei want to refine the way i build the network to optimise what resources i have E.G if all the traders were split over various floors ,i could put them all in one Vlan ...but they would still be running over the same trunks as all other Vlan`s...so i want to add a QOS to push this VLan traffic through with priority.. i am keen for everyones input in the techologies i could use to help me achive my goal and any comments on wht i think (and am probably wrong !!!) is a different twist on the lan design .. cheers steve _ Chat with friends online, try MSN Messenger: http://messenger.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43614&t=43614 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NAT configuration for 2 service providers [7:43820]
Hi Friends, I have 2 Internet links working at present. One link terminated on Cisco router and another link terminated on Telindus Crocus router ( which doesnt have NAT functionality) To facilitate internet access i have configured NAT on Cisco with overload, for second i have installed Windows 2000 NAT and configured all clients with gateway as NAT. If i want to shift the second internet link to cisco device with 2 serial ports, how do i create second NAT entry for 2nd provider. Could you please help me. Thanks in Advance Brahmam. 415-339-0352 ex-0355 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43820&t=43820 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: pix access-list [7:43595]
The statement below does not sound correct. Please check the following link : http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/config/ mngacl.htm (watch for line wrap) It says : Allowing Inbound Connections By default, the PIX Firewall denies access to an internal or perimeter (more secure) network from an external (less secure) network. You specifically allow inbound connections by using access lists. Access lists work on a first-match basis, so for inbound access, you must deny first and then permit after. So it is not a longest match, but rather a first match... For the original question of "adding a rule line in the middle of a list easily using CLI", I think copy/paste is the fastest method. Here is an example : Assume following is your current access-list : access-list acl_in permit tcp any host xx.xx.xx.xx eq www access-list acl_in permit tcp any host xx.xx.xx.xx eq ftp access-list acl_in permit tcp any any eq www access-list acl_in deny tcp any any Now, to add line " access-list acl_in deny ip host 10.10.10.10 any eq icmp" as the second line in the list copy the folowing text and paste it to the PIX. ** no access-list acl_in permit tcp any host xx.xx.xx.xx eq ftp no access-list acl_in permit tcp any any eq www no access-list acl_in deny tcp any any access-list acl_in deny ip host 10.10.10.10 any eq icmp access-list acl_in permit tcp any host xx.xx.xx.xx eq ftp access-list acl_in permit tcp any any eq www access-list acl_in deny tcp any any Note that, with this method, there is a time of "delta t" which may deny some access to inboud traffic (due to implicit deny at the end of the list) or grant access to outbound traffic (due to implicit permit at the end of the list if the traffic is to a less secure interface) This is not a security leak though... Best regards, Ufuk Yasibeyli >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] >Sent: 08 May}s 2002 Gar~amba 19:56 >To: [EMAIL PROTECTED] >Subject: RE: pix access-list [7:43595] > > >Hi, > >The access-list configured on the PIX does not get processed in the order in which >you put the access-list (i.e top down approach)...It works very much like how a router >selects the route based on the longest prefix. And when there is mix of permit and deny >statements.Always keep your deny statements at the top and all your permit at the bottom. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43737&t=43595 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: why "ip inspect" block my traffic? [7:43802]
IP inspect is the IOS based FW. It looks at packets that go through router, and depending on your config, let it through or not. -- RFC 1149 Compliant. Get in my head: http://sar.dynu.com ""Kenny Smith"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi.. Can you tell me what is the function of the following command ? My > previous administrator configured it. But we found that the we can!&t surf > the net thru this router. The www traffic take very long time to load and > pass thru this router. But after I issue !'no ip inspect name fw in!(, we > are able to access the web traffic. Why?? > > ip inspect name fw tcp > ip inspect name fw udp > ip inspect name fw smtp > ip inspect name fw ftp > > interface ethernet0 > !K!K!K!K. > !K!K!K!K. > interface ethernet1 > !K!K!K!K.. > !K!K!K!K.. > ip inspect name fw > > > _ > Join the worlds largest e-mail service with MSN Hotmail. > http://www.hotmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43819&t=43802 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: why I can't use normal ping in new router??? [7:43709]
sorry me again, I think I know why my router can't query the DNS. The reason is when I do a extended ping as follow, it tried to query the DNS server for real IP with the source address of the serial0 (default) before we can specify to use ethernet0 as the source address. And ISP never advertise route for the serial link. That's why I can't query the DNS. How do you think?? >2500new#ping >Protocol [ip]: >Target IP address: www.channelnewsasia.com >Translating "www.channelnewsasia.com"...domain server (203.116.1.93) >(203.116.254.150) > >% Bad IP address >From: "Kenny Smith" >Reply-To: "Kenny Smith" >To: [EMAIL PROTECTED] >Subject: Re: why I can't use normal ping in new router??? [7:43709] >Date: Fri, 10 May 2002 02:58:45 -0400 > >Thanks.. Priscilla.. I understamd what you mean about the route issue and I >think it is right. But I have one more issue. That's the DNS. I >tried to test whether new DNS is working or not with the following. But it >always give me Bad IP address, but the DNS IP is proven to be working when >we put it to our proxy. Beside, when I do the same thing in my old router, >it did get translated. Why my new router DNS can't resolve my URL while >the >DNS is proven to be to working fine?? > >2500new#ping >Protocol [ip]: >Target IP address: www.channelnewsasia.com >Translating "www.channelnewsasia.com"...domain server (203.116.1.93) >(203.116.254.150) > >% Bad IP address > >2500old#ping >Protocol [ip]: >Target IP address: www.channelnewsasia.com >Translating "www.channelnewsasia.com"...domain server (210.80.58.205) [OK] > >Repeat count [5]: >Datagram size [100]: >Timeout in seconds [2]: >Extended commands [n]: >Sweep range of sizes [n]: >Type escape sequence to abort. >Sending 5, 100-byte ICMP Echos to 202.172.227.114, timeout is 2 seconds: >!!.!! >Success rate is 80 percent (4/5), round-trip min/avg/max = 196/253/324 ms > > > >From: "Priscilla Oppenheimer" > >Reply-To: "Priscilla Oppenheimer" > >To: [EMAIL PROTECTED] > >Subject: Re: why I can't use normal ping in new router??? [7:43709] > >Date: Thu, 9 May 2002 17:17:19 -0400 > > > >Would upgrading solve his problem? > > > >At 03:00 PM 5/9/02, Larry Letterman wrote: > > >I didn't say 10.3 would not handle it, did I...I just said to update >the > > >ios because its old... > > > > > >Larry Letterman > > >Cisco Systems > > >[EMAIL PROTECTED] > > >- Original Message - > > >From: "Priscilla Oppenheimer" > > >To: > > >Sent: Thursday, May 09, 2002 10:37 AM > > >Subject: Re: why I can't use normal ping in new router??? [7:43709] > > > > > > > > > > At 03:57 AM 5/9/02, Larry Letterman wrote: > > > > >Update the IOS to something modern... > > > > > > > > Do you work for TAC? Cisco IOS 10.3 could certainly handle ping just > >fine. > > > > ;-) > > > > > > > > I have a guess. Notice that the serial link has a subnet mask of > > > > 255.255.255.252. This is a subnet mask that you typically see on a > > > > point-to-point link with just two devices on it (the routers at >either > > > > end). The link has no purpose other than to connect the customer's >LAN > >to > > > > the ISP. Hence, there's no reason for the ISP to advertise a route >to > >that > > > > point-to-point 100.20.90.56/30 network. In fact, for security >reasons, > > >it's > > > > probably a good idea to make sure there is not a route to this > >dedicated > > > > network that has just two memebers, the two router interfaces. > > > > > > > > So, this means that there's no way for a ping reply to get back to >the > > > > 100.20.90.58 address. > > > > > > > > Now, the LAN is addressed with a network number and subnet mask that > >you > > > > might see used for a typical small customer (60.80.200.113 > > > > 255.255.255.240). Undoubtedly, there are no problems getting back to > >this > > > > LAN. The fact that he can surf the Web proves that point. > > > > > > > > Priscilla > > > > > > > > > > > > > > > > > > > > >Larry Letterman > > > > >Cisco Systems > > > > >[EMAIL PROTECTED] > > > > >- Original Message - > > > > >From: "Kenny Smith" > > > > >To: > > > > >Sent: Thursday, May 09, 2002 12:20 AM > > > > >Subject: RE: why I can't use normal ping in new router??? [7:43709] > > > > > > > > > > > > > > > > Below is my config...why you think there is a route missing > >somewhere, > > >as > > > > >I > > > > > > can still use extended ping to ping and I can use it to surf net > >as > > > > >normal. > > > > > > The only thing that I can't do is to normal ping from here.. >What > > >should > > > > >me > > > > > > the problem? It is related to the new ISP? > > > > > > > > > > > > 2500new#sh conf > > > > > > Using 1561 out of 32762 bytes > > > > > > ! > > > > > > version 10.3 > > > > > > no service finger > > > > > > service password-encryption > > > > > > no service udp-small-servers > > > > > > no service tcp-small-servers > > > > > > ! > > > > > > hostname 2500new > > > > > > ! > > > > > > enable secret xx > > > > > > ! > > > > > > ip subnet-zero > > > > >
Re: Recommended study books for CCNP routing (BSCN) [7:43713]
Could you please help us with the url or paths to those cisco docs you used. Thanks and best regards. Joe "ashish" Sent by: [EMAIL PROTECTED] 05/09/2002 01:14 PM AST Please respond to "ashish" To: [EMAIL PROTECTED] cc: bcc: Subject: Re: Recommended study books for CCNP routing (BSCN) [7:43713] docs in cisco site are also very informative... sometimes i find them better than any book - Original Message - From: Tel Khan To: Sent: Thursday, May 09, 2002 6:15 AM Subject: RE: Recommended study books for CCNP routing (BSCN) [7:43713] > Hi, > > I have the following; > > 640-503 - Routing Exam Cert guide by Clare Gough > 640-504 - Switching Exam Cert guide by Tim Boyles an Dave Hucaby > 640-505 - Remote Access Cert Guide by Brian Morgan > 640-506 - Supoort Cert Guide by Amir S.Ranjbar > > I used both Cisco an Sybex for the Routing i'm now onto the Switching. > > Good luck > > Regards > > Tel Message Posted at: http://www.g roupstudy.com/form/read.php?f=7&i=43758&t=43713 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list /cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43815&t=43713 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: why I can't use normal ping in new router??? [7:43709]
Thanks.. Priscilla.. I understamd what you mean about the route issue and I think it is right. But I don't have one more issue. That's the DNS. I tried to test whether new DNS is working or not with the following. But it always give me Bad IP address, but the DNS IP is proven to be working when we put it to our proxy. Beside, when I do the same thing in my old router, it did get translated. Why my new router DNS can't resolve my URL while the DNS is proven to be to working fine?? 2500new#ping Protocol [ip]: Target IP address: www.channelnewsasia.com Translating "www.channelnewsasia.com"...domain server (203.116.1.93) (203.116.254.150) % Bad IP address 2500old#ping Protocol [ip]: Target IP address: www.channelnewsasia.com Translating "www.channelnewsasia.com"...domain server (210.80.58.205) [OK] Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 202.172.227.114, timeout is 2 seconds: !!.!! Success rate is 80 percent (4/5), round-trip min/avg/max = 196/253/324 ms >From: "Priscilla Oppenheimer" >Reply-To: "Priscilla Oppenheimer" >To: [EMAIL PROTECTED] >Subject: Re: why I can't use normal ping in new router??? [7:43709] >Date: Thu, 9 May 2002 17:17:19 -0400 > >Would upgrading solve his problem? > >At 03:00 PM 5/9/02, Larry Letterman wrote: > >I didn't say 10.3 would not handle it, did I...I just said to update the > >ios because its old... > > > >Larry Letterman > >Cisco Systems > >[EMAIL PROTECTED] > >- Original Message - > >From: "Priscilla Oppenheimer" > >To: > >Sent: Thursday, May 09, 2002 10:37 AM > >Subject: Re: why I can't use normal ping in new router??? [7:43709] > > > > > > > At 03:57 AM 5/9/02, Larry Letterman wrote: > > > >Update the IOS to something modern... > > > > > > Do you work for TAC? Cisco IOS 10.3 could certainly handle ping just >fine. > > > ;-) > > > > > > I have a guess. Notice that the serial link has a subnet mask of > > > 255.255.255.252. This is a subnet mask that you typically see on a > > > point-to-point link with just two devices on it (the routers at either > > > end). The link has no purpose other than to connect the customer's LAN >to > > > the ISP. Hence, there's no reason for the ISP to advertise a route to >that > > > point-to-point 100.20.90.56/30 network. In fact, for security reasons, > >it's > > > probably a good idea to make sure there is not a route to this >dedicated > > > network that has just two memebers, the two router interfaces. > > > > > > So, this means that there's no way for a ping reply to get back to the > > > 100.20.90.58 address. > > > > > > Now, the LAN is addressed with a network number and subnet mask that >you > > > might see used for a typical small customer (60.80.200.113 > > > 255.255.255.240). Undoubtedly, there are no problems getting back to >this > > > LAN. The fact that he can surf the Web proves that point. > > > > > > Priscilla > > > > > > > > > > > > > > > >Larry Letterman > > > >Cisco Systems > > > >[EMAIL PROTECTED] > > > >- Original Message - > > > >From: "Kenny Smith" > > > >To: > > > >Sent: Thursday, May 09, 2002 12:20 AM > > > >Subject: RE: why I can't use normal ping in new router??? [7:43709] > > > > > > > > > > > > > Below is my config...why you think there is a route missing >somewhere, > >as > > > >I > > > > > can still use extended ping to ping and I can use it to surf net >as > > > >normal. > > > > > The only thing that I can't do is to normal ping from here.. What > >should > > > >me > > > > > the problem? It is related to the new ISP? > > > > > > > > > > 2500new#sh conf > > > > > Using 1561 out of 32762 bytes > > > > > ! > > > > > version 10.3 > > > > > no service finger > > > > > service password-encryption > > > > > no service udp-small-servers > > > > > no service tcp-small-servers > > > > > ! > > > > > hostname 2500new > > > > > ! > > > > > enable secret xx > > > > > ! > > > > > ip subnet-zero > > > > > no ip source-route > > > > > ! > > > > > interface Ethernet0 > > > > > description To Office Ethernet > > > > > ip address 60.80.200.113 255.255.255.240 > > > > > no ip directed-broadcast > > > > > ip accounting output-packets > > > > > ip route-cache same-interface > > > > > ! > > > > > interface Serial0 > > > > > description XXX > > > > > ip address 100.20.90.58 255.255.255.252 > > > > > no ip directed-broadcast > > > > > ip accounting output-packets > > > > > bandwidth 512 > > > > > ! > > > > > interface Serial1 > > > > > no ip address > > > > > shutdown > > > > > ! > > > > > ip name-server 203.116.1.78 > > > > > ip name-server 203.116.1.94 > > > > > ip classless > > > > > ip route 0.0.0.0 0.0.0.0 100.20.90.57 > > > > > tftp-server flash \tftpboot\IGS-IN-L.BIN > > > > > snmp-server community public RO > > > > > banner exec ^C > > > > > > > > > > Router name: 2500new > > > > >Platform: Cisco 2500 > > > > >Location: Equant > > > > >