TRANSCENDER AVAIABLE [7:43924]

[tran cender]

hi 


i have the following 

transcender,troytech,ucertify,cheetsheet,boson,learnkey 

if you need it mail me [EMAIL PROTECTED] 


company exam no: product name 
Cisco 640-507 AssociateCert 2.0 
Cisco 640-505 RemoteAccessCert 1.0 
Cisco 640-503 RoutingCert 1.0 
Cisco 640-506 SupportCert 1.0 
Cisco 640-504 SwitchingCert 1.0 
CIW 1D0-420 DesignerCert 1.0 
CIW 1D0-425 E-DesignerCert 1.0 
CIW 1D0-410 FoundationsCert 1.0 
CompTIA 220-221 Aઊ� 2.0 
CompTIA 220-222 ACert 2.0 
CompTIA IK0-001 i-Net৪ 1.0 
CompTIA XK0-001 Linux৪ 1.0 
CompTIA N10-002 Network৪ 2.0 
CompTIA SK0-001 Server৪ 1.0 
Microsoft 70-016 Cꮷ뉋 6.0 
Microsoft 70-015 Cꮷ닚 6.0 
Microsoft 70-057 CommerceCert 3.0 
Microsoft 70-152 DevCert 6.0 
Microsoft 70-217 DirectoryCert/Admin 2000 
Microsoft 70-219 DirectoryCert/Design 2000 
Microsoft 70-081 ExchangeCert 5.5a 
Microsoft 70-224 ExchangeCert/Admin 2000 
Microsoft 70-225 ExchangeCert/Design 2000 
Microsoft 70-080 ExplorerCert 5.0 
Microsoft 70-227 ISA-Cert 1.0 
Microsoft 70-244 MaintainCert 4.0 
Microsoft 70-218 ManageCert 2000 5.0 
Microsoft 70-222 MigrateCert 2000 
Microsoft 70-216 NetCert/Admin 2000 
Microsoft 70-221 NetCert/Design 2000 
Microsoft 70-210 ProCert 2000 
Microsoft 70-270 ProCert 6.0 for Windows XP 
Microsoft 70-088 ProxyCert 2.0a 
Microsoft 70-220 SecurityCert 2000 
Microsoft 70-215 ServerCert 2000 
Microsoft 70-056 SiteCert 3.0 
Microsoft 70-086 SMS-Cert 2.0 
Microsoft 70-100 SolutionCert 3.0 
Microsoft 70-228 SQL-AdminCert 2000 
Microsoft 70-028 SQL-AdminCert 7.0 
Microsoft 70-019 SQL-DataCert 7.0 
Microsoft 70-229 SQL-DesignCert 2000 
Microsoft 70-029 SQL-DesignCert 7.0 
Microsoft 70-176 VB-Cert/Desktop 6.0 
Microsoft 70-175 VB-Cert/Distributed 6.0 
Microsoft 70-091 VBA-Cert 6.0 
Microsoft 70-098 Win98Cert 5.0 
Novell 50-653 NWCert/Admin 5.1 
Novell 50-654 NWCert/Advanced 5.1 
Novell 50-659 NWCert/Design 5.1 
Novell 50-658 NWCert/Support 5.1 
Novell 50-649 NWCert/TCP/IP 5.0 
Novell 50-632 NWCert/Tech 5.1 
Oracle 1Z0-031 DBCert/Fundamentals I 9.0 
Oracle 1Z0-032 DBCert/Fundamentals II 9.0 
Oracle 1Z0-007 DBCert/SQL 9.0 
Sun 310-011 SolCert/Admin I 8.0 


lee 
-- 
___
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43924&t=43924
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

require module info on 3600 series router [7:43925]

[Amir Aziz]

Hi everybody,

I am here in Pakistan and we have E1 running at our ISP setup. OUR Telco
provide E1 facility on G703/704I want to terminate these E1 lines directly
into my router currently I am using CISCO 5300 for that purpose but I need
compatiable module for my 3600 series routers as well can anyone tell me the
module details or module number to use in my router I will be very thankful
to the person/s.

Regards,
Amir




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43925&t=43925
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Transcender Avaiable[tran1@post.com] [7:43923]

[tran1 t]

hi 


i have the following 

transcender,troytech,ucertify,cheetsheet,boson,learnkey 

if you need it mail me [EMAIL PROTECTED] 


company exam no: product name 
Cisco 640-507 AssociateCert 2.0 
Cisco 640-505 RemoteAccessCert 1.0 
Cisco 640-503 RoutingCert 1.0 
Cisco 640-506 SupportCert 1.0 
Cisco 640-504 SwitchingCert 1.0 
CIW 1D0-420 DesignerCert 1.0 
CIW 1D0-425 E-DesignerCert 1.0 
CIW 1D0-410 FoundationsCert 1.0 
CompTIA 220-221 Aઊ� 2.0 
CompTIA 220-222 ACert 2.0 
CompTIA IK0-001 i-Net৪ 1.0 
CompTIA XK0-001 Linux৪ 1.0 
CompTIA N10-002 Network৪ 2.0 
CompTIA SK0-001 Server৪ 1.0 
Microsoft 70-016 Cꮷ뉋 6.0 
Microsoft 70-015 Cꮷ닚 6.0 
Microsoft 70-057 CommerceCert 3.0 
Microsoft 70-152 DevCert 6.0 
Microsoft 70-217 DirectoryCert/Admin 2000 
Microsoft 70-219 DirectoryCert/Design 2000 
Microsoft 70-081 ExchangeCert 5.5a 
Microsoft 70-224 ExchangeCert/Admin 2000 
Microsoft 70-225 ExchangeCert/Design 2000 
Microsoft 70-080 ExplorerCert 5.0 
Microsoft 70-227 ISA-Cert 1.0 
Microsoft 70-244 MaintainCert 4.0 
Microsoft 70-218 ManageCert 2000 5.0 
Microsoft 70-222 MigrateCert 2000 
Microsoft 70-216 NetCert/Admin 2000 
Microsoft 70-221 NetCert/Design 2000 
Microsoft 70-210 ProCert 2000 
Microsoft 70-270 ProCert 6.0 for Windows XP 
Microsoft 70-088 ProxyCert 2.0a 
Microsoft 70-220 SecurityCert 2000 
Microsoft 70-215 ServerCert 2000 
Microsoft 70-056 SiteCert 3.0 
Microsoft 70-086 SMS-Cert 2.0 
Microsoft 70-100 SolutionCert 3.0 
Microsoft 70-228 SQL-AdminCert 2000 
Microsoft 70-028 SQL-AdminCert 7.0 
Microsoft 70-019 SQL-DataCert 7.0 
Microsoft 70-229 SQL-DesignCert 2000 
Microsoft 70-029 SQL-DesignCert 7.0 
Microsoft 70-176 VB-Cert/Desktop 6.0 
Microsoft 70-175 VB-Cert/Distributed 6.0 
Microsoft 70-091 VBA-Cert 6.0 
Microsoft 70-098 Win98Cert 5.0 
Novell 50-653 NWCert/Admin 5.1 
Novell 50-654 NWCert/Advanced 5.1 
Novell 50-659 NWCert/Design 5.1 
Novell 50-658 NWCert/Support 5.1 
Novell 50-649 NWCert/TCP/IP 5.0 
Novell 50-632 NWCert/Tech 5.1 
Oracle 1Z0-031 DBCert/Fundamentals I 9.0 
Oracle 1Z0-032 DBCert/Fundamentals II 9.0 
Oracle 1Z0-007 DBCert/SQL 9.0 
Sun 310-011 SolCert/Admin I 8.0 


lee 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43923&t=43923
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VUE vs Sylvan [7:43579]

[Lou]

Same pool of questions... So does not matter
I was ready to use VUE but they have hard and fast rules regarding
rescheduling...  I missed my scheduled CCIE test (Death in Family) and
ask for a reschedule date at THEIR discretion...  I was told my personal
problem was not their problem!   Needless to say Sylvan will get all
my follow on business... and anyone I can tell my story to!

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, May 08, 2002 1:59 AM
To: [EMAIL PROTECTED]
Subject: VUE vs Sylvan [7:43579]

Hi there!
Took the CCIE Written yesterday at VUE and faild. And, I will schedule
at
Prometric.

Does anyone know?  I'm assuming the Cisco exams are written by Cisco and
so it doesn't matter if you use Sylvan or VUE.  It that right?

TIA

David.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43922&t=43579
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Committed Access Rate [7:43757]

[Chris Camplejohn]

If you want good voice, then don't burst above CIR...otherwise, provider is
allowed to throw away the packets...He has no idea which are voice and which
are data.  You absolutely don't want your voice packets dumped or your voice
quality will suffer.

You should look at LLQ.  Apply inside CBWFQ.  Turn on traffic shaping on the
frame interface.  Apply your service policy to your FRTS map-class config.
And again, shape down to prevent bursts (of course you need to get rid of
that 0 CIR).

Fundamentally, the benefits of frame are in direct contrast to good network
design for voice.

My 2 cents...

Chris

""Gene Volpe""  wrote in message
news:[EMAIL PROTECTED]...
> I have a customer who needs to prioritze his voice over his frame relay
> network.  They have a PBX on each LAN and a switch that is setting the
DSCP
> bit in all the traffic coming from the PBX to a value of 6.
>
> I think it would be easy enough to just set up priority queueing with a
> match on the DSCP field, but the customer is pushing for CAR.  Anyone have
> any feelings on the subject and if so, how would I configure the CAR, as
far
> as the bps rates go?  The circuit has a CIR of 0 (I know, I know!!) and a
> burst of a full T.
>
> Assume that they will not be upgrading the CIR.
>
> Thanx in advance,
> -Gene




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43920&t=43757
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: GRE vs. IPIP tunnels [7:43744]

[suaveguru]

Using Gre allows one to encapusulate multiple
protocols across the tunnel . 


regards,

Jason Yee
--- ira  wrote:
> Hallo list,
> 
> What is the difference btw. GRE tunnel and IP-IP
> tunnel?
> Why should I use one and not the other and when?
> I am currently using GRE tunnels .
> Thanks.
> 
> __
> Do You Yahoo!?
> Yahoo! Shopping - Mother's Day is May 12th!
> http://shopping.yahoo.com
[EMAIL PROTECTED]


__
Do You Yahoo!?
LAUNCH - Your Yahoo! Music Experience
http://launch.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43919&t=43744
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX 501 Ver 6.1 [7:43896]

[Mark Odette II]

Or from a different perspective... even though it may not be technically
correct...

consider the "Inside" interface to be a Virtual or Logical interface, rather
than a Physical Interface.

Is that safe to say?!?!
... and this only applies to the PIX 501.

Mark

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
CiscoB
Sent: Friday, May 10, 2002 7:40 PM
To: [EMAIL PROTECTED]
Subject: Re: PIX 501 Ver 6.1 [7:43896]


Those ports are switched ports of the inside interface. Envision those four
ports as being a single port representing the inside interface.  So you only
have (2) interfaces avaiable (the inside and the outside).

thanks,
-Brad Ellis
CCIE#5796 (R&S / Security)
Network Learning Inc
[EMAIL PROTECTED]
www.optsys.net (Cisco hardware)

""Jablonski, Michael""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I'm trying to configure ethernet 2-4 on a PIX 501 (3DES), but it comes
back
> saying only 2 interfaces are active.  When I do a show version it say
> "maximum interfaces: 2"  Am I missing something or what?  Please lemme
> know!!!
>
> Thanx,
> mkj
>
> ~~~
> Michael Jablonski
> ABN AMRO Asset Management Holdings, Inc.
> 161 North Clark St.
> 9th Flr
> Chicago, IL  60601-2468
> PH: 312.884.2996
> FAX: 312.278.5550
> ~~~
>
> 
> This message (including any attachments) is confidential and may be
> privileged. If you have received it by mistake please notify the sender
> by return e-mail and delete this message from your system. Any
> unauthorized use or dissemination of this message in whole or in part
> is strictly prohibited. Please note that e-mails are susceptible to
> change. ABN AMRO Bank N.V. (including its group companies) shall not be
> responsible nor liable for the proper and complete transmission of the
> information contained in this communication nor for any delay in its
> receipt or damage to your system. ABN AMRO Bank N.V. (or its group
> companies) does not guarantee that the integrity of this communication
> has been maintained nor that this communication is free of viruses,
> interceptions or interference.
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43917&t=43896
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISP Topology Design [7:43836]

[JP]

""dre""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>> You also might want to check out Barry Greene / Philip Smith's
> new CiscoPress book, "Cisco ISP Essentials" and the website,
> http://www.ispbook.com/

I heard the book is partially based on the papers from this link:

 http://www.cisco.com/public/cons/isp/essentials/


HTHs
Kent




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43918&t=43836
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISP Topology Design [7:43836]

[Howard C. Berkowitz]

At 6:32 PM -0400 5/10/02, dre wrote:
>""Chris Headings""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>>  We are an ISP in So. Cal.  We are gearing up to open other offices in
>>  bewteen Arizona and Ca...
>>
>>  We are trying to decide what would be the best way of intergrating our
ISP
>>  network...like...
>>
>>  Should we just continue to use our one ASN and have all traffic come back
>to
>>  the Global NOC, or should get new ASN's for each location???
>
>Philip Smith's Multihoming NANOG presentation covers disconnected backbones
>and ASN usage.

There's also the "IOS Essentials Every ISP Should Know," the URL for 
which I don't have handy but is at Cisco, as well as the ISP Workshop 
series.

>
>>  Should we be using IS-IS, IBGP/EBGP, OSPF as the protocol to link all
>remote
>>  locations???
>
>Yes.  If you can afford it (and I can't see why you wouldn't be able to),
>you should
>have all routers take part in IBGP.

Just to clarify something I'm sure dre well knows, having all routers 
participate in iBGP doesn't mean they have to be in a flat topology. 
The rough rule of thumb has long been you don't want more than 20-30 
BGP sessions of any type on one physical router, which is the 
motivation for iBGP scalability techniques such as confederations and 
route reflectors.  Of course, this is a worst-case number, tending to 
assume full routes and a lot of churn.  You could probably get away 
with a good deal more if you're just having eBGP connections to 
customers advertising their own routes and accepting default.

Some of the scalability issues are in the IETF BMWG drafts 
(http://www.ietf.org/html.charters/bmwg-charter.html).  We've done 
eBGP first, but the terminology draft is relevant to both eBGP and 
iBGP, and the appendix to the eBGP methodology draft gives some 
typical sizing.

>Doesn't matter about the IGP, some
>people
>prefer IS-IS, and others prefer OSPF.  GlobalCrossing and AboveNet (and
>probably
>other ISP's) had to move to IS-IS eventually, and migration is terrible.  If
>you have
>the knowledge or time to invest in IS-IS, I would suggest looking into that
>as an option
>before your network grows too large.  Fortunately, there are a lot of really
>good
>resources out there today (for both IS-IS and OSPF, actually ;> ).
>
>>  Obviously cost in an issue, but throwing cost out the door, what is the
>>  ideal way of linking ALL offices, using a good level of redundancy and
>great
>>  preformance...
>
>Metro Ethernet and wavelength services make purchasing distance bandwidth a
>lot
>easier.  Co-location has also come a long way, making transit and peering
>very easy
>and cost effective.  You are no longer being forced to connect into some
>strange,
>unknown remote POP via costly (and difficult to provision) SONET circuits
>and router
>interfaces.  Look into your Exchange Points and Metro Providers (CLEC's for
>fiber and
>optical wavelengths) possibilities.

Very valid points.  There's a lot of discussion of exchange points at 
www.ripe.net.  Exchange points operated by many organizations are 
more common in Europe than in the US, and indeed there's now a 
European Exchange Operators Forum (or something along those lines -- 
you can find it at RIPE).

When doing these things, also think about local loop diversity.
-- 
"What Problem are you trying to solve?"
***send Cisco questions to the list, so all can benefit -- not 
directly to me***

Howard C. Berkowitz  [EMAIL PROTECTED]
Chief Technology Officer, GettLab/Gett Communications http://www.gettlabs.com
Technical Director, CertificationZone.com http://www.certificationzone.com
"retired" Certified Cisco Systems Instructor (CID) #93005




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43916&t=43836
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Policy Routing Resources.. [7:43915]

[B Rudy]

Hey guys,

If anybody has any good links or reading material on Policy routing please
respond to this posting.  I really want to get it down.  Ive searched
everywehere and found about 3 links on the Cisco Website with pertinent
information.  If anybody knows where i can find all about policy routing
just reply.. Thanx again my fellow Technologists!!! TIA.. =0)

Rudy B


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43915&t=43915
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: MCNS exam material [7:43505]

[Tim Potier]

The book is MORE than enough.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43912&t=43505
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: R/S recert [7:43890]

[CiscoB]

If you are going the security recert route, I can help you there.

thanks,
-Brad Ellis
CCIE#5796 (R&S / Security)
Network Learning Inc
[EMAIL PROTECTED]
www.optsys.net (Cisco hardware)

""John Conzone""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Any sites, boards or study material for the CCIE R/S recert written tests?
> Seems like an area thatno one has got covered.
>
> Thanks!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43911&t=43890
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISP Topology Design [7:43836]

[Howard C. Berkowitz]

At 6:32 PM -0400 5/10/02, dre wrote:
>""Chris Headings""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>>  We are an ISP in So. Cal.  We are gearing up to open other offices in
>>  bewteen Arizona and Ca...
>>
>>  We are trying to decide what would be the best way of intergrating our
ISP
>>  network...like...
>>
>>  Should we just continue to use our one ASN and have all traffic come back
>to
>>  the Global NOC, or should get new ASN's for each location???
>
>Philip Smith's Multihoming NANOG presentation covers disconnected backbones
>and ASN usage.

There's also the "IOS Essentials Every ISP Should Know," the URL for 
which I don't have handy but is at Cisco, as well as the ISP Workshop 
series.

>
>>  Should we be using IS-IS, IBGP/EBGP, OSPF as the protocol to link all
>remote
>>  locations???
>
>Yes.  If you can afford it (and I can't see why you wouldn't be able to),
>you should
>have all routers take part in IBGP.

Just to clarify something I'm sure dre well knows, having all routers 
participate in iBGP doesn't mean they have to be in a flat topology. 
The rough rule of thumb has long been you don't want more than 20-30 
BGP sessions of any type on one physical router, which is the 
motivation for iBGP scalability techniques such as confederations and 
route reflectors.  Of course, this is a worst-case number, tending to 
assume full routes and a lot of churn.  You could probably get away 
with a good deal more if you're just having eBGP connections to 
customers advertising their own routes and accepting default.

Some of the scalability issues are in the IETF BMWG drafts 
(http://www.ietf.org/html.charters/bmwg-charter.html).  We've done 
eBGP first, but the terminology draft is relevant to both eBGP and 
iBGP, and the appendix to the eBGP methodology draft gives some 
typical sizing.

>Doesn't matter about the IGP, some
>people
>prefer IS-IS, and others prefer OSPF.  GlobalCrossing and AboveNet (and
>probably
>other ISP's) had to move to IS-IS eventually, and migration is terrible.  If
>you have
>the knowledge or time to invest in IS-IS, I would suggest looking into that
>as an option
>before your network grows too large.  Fortunately, there are a lot of really
>good
>resources out there today (for both IS-IS and OSPF, actually ;> ).
>
>>  Obviously cost in an issue, but throwing cost out the door, what is the
>>  ideal way of linking ALL offices, using a good level of redundancy and
>great
>>  preformance...
>
>Metro Ethernet and wavelength services make purchasing distance bandwidth a
>lot
>easier.  Co-location has also come a long way, making transit and peering
>very easy
>and cost effective.  You are no longer being forced to connect into some
>strange,
>unknown remote POP via costly (and difficult to provision) SONET circuits
>and router
>interfaces.  Look into your Exchange Points and Metro Providers (CLEC's for
>fiber and
>optical wavelengths) possibilities.

Very valid points.  There's a lot of discussion of exchange points at 
www.ripe.net.  Exchange points operated by many organizations are 
more common in Europe than in the US, and indeed there's now a 
European Exchange Operators Forum (or something along those lines -- 
you can find it at RIPE).

When doing these things, also think about local loop diversity.
-- 
"What Problem are you trying to solve?"
***send Cisco questions to the list, so all can benefit -- not 
directly to me***

Howard C. Berkowitz  [EMAIL PROTECTED]
Chief Technology Officer, GettLab/Gett Communications http://www.gettlabs.com
Technical Director, CertificationZone.com http://www.certificationzone.com
"retired" Certified Cisco Systems Instructor (CID) #93005




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43910&t=43836
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX 501 Ver 6.1 [7:43896]

[CiscoB]

Those ports are switched ports of the inside interface. Envision those four
ports as being a single port representing the inside interface.  So you only
have (2) interfaces avaiable (the inside and the outside).

thanks,
-Brad Ellis
CCIE#5796 (R&S / Security)
Network Learning Inc
[EMAIL PROTECTED]
www.optsys.net (Cisco hardware)

""Jablonski, Michael""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I'm trying to configure ethernet 2-4 on a PIX 501 (3DES), but it comes
back
> saying only 2 interfaces are active.  When I do a show version it say
> "maximum interfaces: 2"  Am I missing something or what?  Please lemme
> know!!!
>
> Thanx,
> mkj
>
> ~~~
> Michael Jablonski
> ABN AMRO Asset Management Holdings, Inc.
> 161 North Clark St.
> 9th Flr
> Chicago, IL  60601-2468
> PH: 312.884.2996
> FAX: 312.278.5550
> ~~~
>
> 
> This message (including any attachments) is confidential and may be
> privileged. If you have received it by mistake please notify the sender
> by return e-mail and delete this message from your system. Any
> unauthorized use or dissemination of this message in whole or in part
> is strictly prohibited. Please note that e-mails are susceptible to
> change. ABN AMRO Bank N.V. (including its group companies) shall not be
> responsible nor liable for the proper and complete transmission of the
> information contained in this communication nor for any delay in its
> receipt or damage to your system. ABN AMRO Bank N.V. (or its group
> companies) does not guarantee that the integrity of this communication
> has been maintained nor that this communication is free of viruses,
> interceptions or interference.
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43909&t=43896
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNP604-503 ( Routing Exam) [7:43895]

[Tim Potier]

Buy the Cisco Press BSCN book... it has more information than you will need,
but worth the price.  BUT, since you are taking the exam next week, I doubt
you have time to read the entire book... so I would go to CCO and look at
the exam outline, and cram from online resources.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43908&t=43895
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX 501 Ver 6.1 [7:43896]

[Roberts, Larry]

On the 501 it only has 2 interfaces. The inside and the outside. The other 4
ports are switch ports and they are not configurable.


Thanks

Larry 

-Original Message-
From: Jablonski, Michael [mailto:[EMAIL PROTECTED]] 
Sent: Friday, May 10, 2002 4:44 PM
To: [EMAIL PROTECTED]
Subject: PIX 501 Ver 6.1 [7:43896]


I'm trying to configure ethernet 2-4 on a PIX 501 (3DES), but it comes back
saying only 2 interfaces are active.  When I do a show version it say
"maximum interfaces: 2"  Am I missing something or what?  Please lemme
know!!! 

Thanx,
mkj

~~~
Michael Jablonski
ABN AMRO Asset Management Holdings, Inc.
161 North Clark St.
9th Flr
Chicago, IL  60601-2468
PH: 312.884.2996 
FAX: 312.278.5550
~~~


This message (including any attachments) is confidential and may be 
privileged. If you have received it by mistake please notify the sender 
by return e-mail and delete this message from your system. Any 
unauthorized use or dissemination of this message in whole or in part 
is strictly prohibited. Please note that e-mails are susceptible to 
change. ABN AMRO Bank N.V. (including its group companies) shall not be 
responsible nor liable for the proper and complete transmission of the 
information contained in this communication nor for any delay in its 
receipt or damage to your system. ABN AMRO Bank N.V. (or its group 
companies) does not guarantee that the integrity of this communication 
has been maintained nor that this communication is free of viruses, 
interceptions or interference.





Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43907&t=43896
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: easy VPN tutorial ... [7:43901]

[Mark Odette II]

If your "VPN Client" is behind a Router, such as a DSL/Cablemodem Router for
the home, you will need to make sure that the device allows NAT, and you
configure a static map from a public IP to the private IP of the host in
question.

Otherwise, you will experience the problems your describing.

I've been working on establishing VPN Dynamic and Static connections with
every possible combination cisco has documented for just one of my
clients... and what I mentioned above has been the common rule.

I've successfully gotten the PIX to VPN Client (3.5.1C)(Dynamic Tunnel
Establishment), PIX to PPTP Client (Dynamic Tunnel Establishment), and PIX
to PIX VPN (Static Tunnel Establishment) scenario to work, but the common
denominator has been that both ends have to have Public Static IPs to get
the tunnels to work.  If the Client end doesn't come up, it's usually
because of PAT, rather than NAT on the client end that is stopping it.

I'll be working on tring to get the PIX to PIX Dynamic VPN scenario working
this weekend... but again, that will be a challenge, due to the Client PIX
being behind a CableModem.

Your best bet for configuring your scenario is CCO; do a search for Security
Tips, and then go through the numerous config samples until you find the one
that matches your scenario... it should be pretty straight forward, and have
troubleshooting tips at the end of each scenario.

If you have any more questions, feel free to ask!

Disclaimer: I am not a PIX expert, but have gained some interesting
experience recently on the subject, so I may be able to help. :)  If you've
got a SmartNet contract, or you have a valid warranty on the PIX... call
TAC! They are top notch with this stuff, and can get you going quickly...

-Mark



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Paul Doyle
Sent: Friday, May 10, 2002 5:26 PM
To: [EMAIL PROTECTED]
Subject: easy VPN tutorial ... [7:43901]


Does anyone know of any websites with an easy to follow guide, or easy
steps for creating 'client to Pix VPN' ??? I'm having difficulty setting
this up ... I've even tried PPTP with no authentication without success
...

I am using ver 6.1 for the Pix and 3.5 for the Cisco VPN client ...

Any help or suggestions would be greatly welcomed ...

Kind regards ...

Paul ...




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43906&t=43901
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: What to do........ 2 parts [7:43843]

[Peter Walker]

Jason

Being as I am in a similar position to you in that I have completed all of 
the exams for CCNP (still awaiting results from support beta exam) I can 
tell you what I am have been doing and am planning. I will let you decide 
if this is relevent or useful to you.

1) First of all as I have been using VPN concentrator and pix systems for a 
while now and using IPSEC for a lot longer (hand crafting and debugging 
IPSEC tunnels between OpenBSD systems) I figured that it shouldnt be too 
big a step to pass the CSS1 exams and took the four exams last month.  The 
only difficult bit was trying to learn about the IDS system without access 
to any cisco IDS kit (too expensive to buy for home use, and it would be 
unprofessional to recommend it for work). So now I am a CSS1 (and it is 
only a 1/4 paper cert :-).

2) Figuring that my experience is more appropriate to a Security CCIE 
rather than a routing and switching CCIE (in particular as far as the non 
ip desktop protocols are concerned) I am going to go for the CCIE Security 
written exam next month.

3) Based on the blueprints for the CCIE exams I also figure that there are 
certain areas in which my knowledge and experience is weak - particularly 
Packet Telephony, IS-IS (and to a lesser extent BGP), QOS, and MPLS I am 
planning some extra study in those areas. As these all are components of 
the various CCIP exams I have planned on taking the matching CCIP exams to 
validate my study at each step in the study plan (PKTEL, MCAST+QOS, BCSI 
(includes IS-IS and gives me a chance to revalidate my BGP knowledge), and 
MPLS.  If I fail any of these exams (or even pass with too low a pass mark) 
I will postpone my CCIE written until I can be confident I am close to 
having an adequate level of knowledge and skill in the relevant area (and 
have validated my knowledge with a corresponding exam).

4) Even after all of the above I am sure I will have some weak areas and 
may fail the written exam. In which case I will revisit my weak areas and 
spend more time on them.

5) Assuming I get through the the written exam I plan to spend more time on 
study and 'practice' with a view to taking the lab exam towards the end of 
the year.

As to lab kit

I have worked with cisco kit for about 4 years (2500, 2600, 3600, cat 
2900/3500, cat4k, PIX, VPN 3000 series) with about 25% of my 
responsibilities involving this network kit.


In addition to this I have two 2500s, a Cat 2820 and a PIX 501 (I love 
these things) at home. As part of my cert plans I am adding a few 2500s, 
some 4500s a Cat 3900 and an Etherswitch 2200 (runs cat5k OS) with 
appropriate interfaces for my lab practice. With these I will be able to 
'play' with a number of features that I currently cant. With my budget 
there is no real way I can get hold of equipment for some stuff (ATM, MPLS 
label switch routers etc), for these I will have to rely on online virtual 
labs and when nearer to the practical exam to real hands on lab rental.

I am sure there will be some on this list who may have some comments on 
whether I will classify as a lab rat or not, and perhaps on the short time 
I am cramming a lot of this into (and I havent even mentioned the CISSP 
exam in I am taking two weeks time), but I have a number of time 
constraints that are applicable (not least of which is the likely ending of 
my current employment on June 28th - sometimes it sucks when your employer 
is acquired by a bigger company).

Hope this helps

Peter



--On Friday, May 10, 2002 12:39 PM -0400 "Kleberg, Jason" 
 wrote:

> this is a 2 part question that I hope to hear everyone's opinion on.
>
> 1.  What to do next?  Im done with ccnp, is it worth it to move to
> ccda\dp, what about css1, or just shoot for the ccie.  i know that ccie
> will cost the most by far, and the others could give me more of a
> foundation to build on for ccie, but is it worth the wait or would you
> reccomend i just start buckleing down for the IE?  SO MANY QUESTIONS
>
>
> 2.  If I do start to study for CCIE, what kind of a lab should I build
> I probably wont take the lab for 12-18 months and the equipment list could
> change(token,atm,4500,2500,cat5k)  What are the safest bets, or if someone
> could give me a link to a diagram of a very current lab i could plan from
> that.  I think 2600,3600 are safe,, what else is a sure bet to be around?
> Is the set based switch going to make it?  What is the best or least
> expensive ios based switch that you can train from?(cat x9xx layer 3?)  I
> could really use some help here and i look forward to hearing from you
> all.
>
> Thanks
>
> Jason
> Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43905&t=43843
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: URGENT: Router crashes frequently [7:43711]

[PING]

First, the traceback  -Traceback= 60EC68D4 60EDD6B8 60EC74E0 60EBD4CC
60E9FE34 60EADCE8
6043407C 60434068 can be decoded by symbol files by Cisco and that will pin
point what
the problem is.

When you say "Flash" you mean the external PCMCIA flash card, right?
It is used only during the boot process. I assume here is what you are doing:
you have 12.2T on the flash and you load router from it. If the image on the
flash has
problem and
if you remove it, router might load the backup copy of IOS. The problemed
image is on
the card
and anywhere you take it, problem goes with it.
Did you verify after remocving the flash that what version it boots with and
from where
it came?
Also, try removing all modules out and just reboot the chasis. It is very
likely that
image has some
problem.
I have seen similar problems with 12.2T with Enhanced ATM cards, specially
when PVCs are

configured. This could be a bug also.

/Nadeem





Hamid Ali Asgari wrote:

> Thnaks for the replies.
>
> It's very strange. I replaced the FLASH and everything got OK. I put
> the FLASH to another router and that router got the same problem.
>
> I thought FLASH is only used during the Boot Process to get the IOS.
> What makes this strange is that the router won't restart when it
> isn't in service. I pinged the router for 3 hours and it didn't
> restart. As soon as I routed VoIP calls to the gateway and the
> gateway is in service, It will restart after a while.
>
> Any ideas?
>
> Hamid
>
> --- "lijingyu (Jingyu,Li)"  wrote:
> > Hi,
> >You'd better check your hardware,especially NM-2V module.
> >I'd ever used NM-2V + 2E&M with C3640,it was always rebooting
> > and come into ROM.The IOS is OK,but when I checked my NM-2V
> > module,the chip was burned.After changing a new one,it works well.
> >
> >
> > Jingyu Li
> > --ACE,CCNA
> >
> > PS:
> > The following messages are taken from my log database,it displays
> > the process of my question.
> > May it useful for you.
> >
> > - cut here 
> > System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
> > Copyright (c) 1999 by cisco Systems, Inc.
> > TAC:Home:SW:IOS:Specials for info
> > C2600 platform with 32768 Kbytes of main memory
> >
> > program load complete, entry point: 0x80008000, size: 0x617b90
> > Self decompressing the image :
> > #
> >
>

> >
>

> >
>

> >
>

> >
>

> >
>

> >
>

> >
>

> > ## [OK]
> >
> >   Restricted Rights Legend
> >
> > Use, duplication, or disclosure by the Government is
> > subject to restrictions as set forth in subparagraph
> > (c) of the Commercial Computer Software - Restricted
> > Rights clause at FAR sec. 52.227-19 and subparagraph
> > (c) (1) (ii) of the Rights in Technical Data and Computer
> > Software clause at DFARS sec. 252.227-7013.
> >
> >cisco Systems, Inc.
> >170 West Tasman Drive
> >San Jose, California 95134-1706
> >
> >
> >
> > Cisco Internetwork Operating System Software
> > IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(5)T1,  RELEASE
> > SOFTWARE (fc1)
> >
> > Copyright (c) 1986-1999 by cisco Systems, Inc.
> > Compiled Tue 17-Aug-99 14:39 by cmong
> > Image text-base: 0x80008088, data-base: 0x80B5E15C
> >
> >
> > *** System received a SegV exception ***
> > signal= 0xb, code= 0x100, context= 0x810fe118
> > PC = 0x802b5998, Vector = 0x100, SP = 0x811578a0
> >
> > System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
> > Copyright (c) 1999 by cisco Systems, Inc.
> > TAC:Home:SW:IOS:Specials for info
> > C2600 platform with 32768 Kbytes of main memory
> > Self decompressing the image :
> > #
> >
>

> >
>

> >
>

> >
>

> >
>

> >
>

> >
>
#

Re: ISP Topology Design [7:43836]

[dre]

""Chris Headings""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> We are an ISP in So. Cal.  We are gearing up to open other offices in
> bewteen Arizona and Ca...
>
> We are trying to decide what would be the best way of intergrating our ISP
> network...like...
>
> Should we just continue to use our one ASN and have all traffic come back
to
> the Global NOC, or should get new ASN's for each location???

Philip Smith's Multihoming NANOG presentation covers disconnected backbones
and ASN usage.

> Should we be using IS-IS, IBGP/EBGP, OSPF as the protocol to link all
remote
> locations???

Yes.  If you can afford it (and I can't see why you wouldn't be able to),
you should
have all routers take part in IBGP.  Doesn't matter about the IGP, some
people
prefer IS-IS, and others prefer OSPF.  GlobalCrossing and AboveNet (and
probably
other ISP's) had to move to IS-IS eventually, and migration is terrible.  If
you have
the knowledge or time to invest in IS-IS, I would suggest looking into that
as an option
before your network grows too large.  Fortunately, there are a lot of really
good
resources out there today (for both IS-IS and OSPF, actually ;> ).

> Obviously cost in an issue, but throwing cost out the door, what is the
> ideal way of linking ALL offices, using a good level of redundancy and
great
> preformance...

Metro Ethernet and wavelength services make purchasing distance bandwidth a
lot
easier.  Co-location has also come a long way, making transit and peering
very easy
and cost effective.  You are no longer being forced to connect into some
strange,
unknown remote POP via costly (and difficult to provision) SONET circuits
and router
interfaces.  Look into your Exchange Points and Metro Providers (CLEC's for
fiber and
optical wavelengths) possibilities.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43899&t=43836
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISP Topology Design [7:43836]

[Jeff Harris]

If you are going to have local uplinks in your other locations (and it is not
just a hub-and-spoke design with no need for internet redundancy), then I
would run the same ASN throughout, use BGP Confederations (maybe not,
depending on the number of uplinks, routers and your client's transport
requirements). Stick to using OSPF (or another IGP) for the local lans in
each location.

If it is just a central-office, branch-office kind of thing, with no
external uplink redundancy, you might be able to get away with OSPF for the
entire topology.

It really depends on the specifics which I don't have. :)

Can be done many different ways as well..

Jeff Harris
CCNA, CCNP Routing, Remote Access Passed


On Fri, May 10, 2002 at 02:53:21PM -0400, Chris Headings wrote:
> Thanks!!!
> 
> We are an ISP in So. Cal.  We are gearing up to open other offices in
> bewteen Arizona and Ca...
> 
> We are trying to decide what would be the best way of intergrating our ISP
> network...like...
> 
> Should we just continue to use our one ASN and have all traffic come back
to
> the Global NOC, or should get new ASN's for each location???
> 
> Should we be using IS-IS, IBGP/EBGP, OSPF as the protocol to link all
remote
> locations???
> 
> Obviously cost in an issue, but throwing cost out the door, what is the
> ideal way of linking ALL offices, using a good level of redundancy and
great
> preformance...
> 
> Regards,
> 
> Chris




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43892&t=43836
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 1924 Switch: Takes long time to ping device after [7:43903]

[Dallas]

The port will take upto 50 seconds to come up.  This is due to Spanning Tree
Protocol.
The switch is making sure you do not have a switching loop.  For all the
switch ports
that are attached to and end node (workstation, printer..etc)  you should
enable
PortFast.  Then the port will come up in a few seconds.

KM Reynolds wrote:

> Hi,
>
> I installed a Catalyst 1924 switch on the LAN.  It seems to work ok,
> however, I am concerned, because when I first plug a device (any device)
> into a new switch port.  It takes a long time (minutes) before I can ping
> it.  After that if I unplug it and reconnect I can ping immediately.
>
> Does anyone know if this is normal?
>
> Thanks in advance.
>
> KM
>
> _
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43903&t=43903
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISP Topology Design [7:43836]

[Howard C. Berkowitz]

At 2:53 PM -0400 5/10/02, Chris Headings wrote:
>Thanks!!!
>
>We are an ISP in So. Cal.  We are gearing up to open other offices in
>bewteen Arizona and Ca...
>
>We are trying to decide what would be the best way of intergrating our ISP
>network...like...
>
>Should we just continue to use our one ASN and have all traffic come back to
>the Global NOC, or should get new ASN's for each location??

Well, at least at the continental level, you won't be able to get 
more than one registered AS. You can certainly use private ASNs, 
which don't even need to be in confederations.  The Cisco 
remove-private-AS feature lets you play lots of games with multiple 
private AS but without confederations.

You can even use the same private ASN for different customers. See RFC 2270.

Essentially, you want multiple AS if you have different routing 
policies in different areas. Most ISPs don't, although some of the 
early ones use lots of registered AS since they got them at a time 
when they were readily available.

It's really hard to say without knowing your topology and policy.

>?
>
>Should we be using IS-IS, IBGP/EBGP, OSPF as the protocol to link all remote
>locations???

You will need BGP _and_ an IGP.  You MAY want MPLS as well, 
especially if you are offering lots of VPNs of a kind where it's 
appropriate.

The choice between ISIS and OSPF is a tossup.  Some of the arguments 
for each one:

  ISISOSPF
  
  More scalable in flat networksMore aggregation capability
  Lots of undocumented practice Well known
  Probably better supported for TE features beginning to come in
   traffic engineering
  Until you use some new and subtle Wide range of choices of area
   methods such as L1L2 leaking, structure allowing a range of
   can be very inflexible foralternatives from best-exit
   best-exit routing to closest-exit
  Lower processor utilization   Higher processor utilization.
  Designer preference.  DesignerDesigner preference.  Designer
   is a Radia Perlman groupie.   is a John Moy groupie

>
>Obviously cost in an issue, but throwing cost out the door, what is the
>ideal way of linking ALL offices, using a good level of redundancy and great
>preformance...

I'm afraid the answer is "it depends".

-- 
"What Problem are you trying to solve?"
***send Cisco questions to the list, so all can benefit -- not 
directly to me***

Howard C. Berkowitz  [EMAIL PROTECTED]
Chief Technology Officer, GettLab/Gett Communications http://www.gettlabs.com
Technical Director, CertificationZone.com http://www.certificationzone.com
"retired" Certified Cisco Systems Instructor (CID) #93005




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43888&t=43836
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

DDR [7:43902]

[PING]

1. I want to configure DDR on 2600/3600 back-to-back:
Router-ADDR--Router-B
What BRI modules do I need?

2. I have this setup;
Analog Phone---Router-A--BRI--Router-B-Analog Phone
Both analog phones connected to VIC-2FXS in NM-2V
Router A has VIC-2BRI-S/T-TE and Router-B has VIC-2BRI-NT/TE in
NM-2V(another)
The interfaces are up and L1/L2 is up.
I came to know that this setup is only good for voice calls, no DDR, no
IP would work on it.
If that is correct, for at least voice call, how can I place the voice
call on BRI if I cannot
use an IPV4 session target in the dial-peer?

PING




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43902&t=43902
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

easy VPN tutorial ... [7:43901]

[Paul Doyle]

Does anyone know of any websites with an easy to follow guide, or easy
steps for creating 'client to Pix VPN' ??? I'm having difficulty setting
this up ... I've even tried PPTP with no authentication without success
...

I am using ver 6.1 for the Pix and 3.5 for the Cisco VPN client ...

Any help or suggestions would be greatly welcomed ... 

Kind regards ...

Paul ...




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43901&t=43901
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX 501 Ver 6.1 [7:43896]

[Paul Jin]

If you have a PIX 501, it only has 2 interfaces.

There are some additional RJ-45 ports, but that is not configurable, they
are more or less built in switch ports...

0 = outside
1 = inside
2-4 = ports so you can attach PCs directly into the firewall.

- Paul


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43900&t=43896
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISP Topology Design [7:43836]

[Howard C. Berkowitz]

>On Fri, May 10, 2002 at 02:40:13PM -0400, Howard C. Berkowitz wrote:
>
>>  >Hello all!
>>  >
>>  >Does anyone know of any books/material that would be geared more toward
ISP
>>  >network design?  Looking for as much as I can find...
>>  >
>>  >Thanks
>>  >
>>  >
>>
>>  My new book, "Building Service Provider Networks" from Wiley, should
>>  be in bookstores around Memorial Day.  I don't yet have the ISBN.  It
>>  specifically deals with ISP design.
>
>I believe the ISBN is 0471099228
>http://www.amazon.com/exec/obidos/ASIN/0471099228/qid=1021062282/sr=2-1/ref=sr_2_1/104-3571923-2859119

:-) Isn't there a phrase something like "the husband is the last to 
know?"  It wasn't on the page proofs from the publisher.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43898&t=43836
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISP Topology Design [7:43836]

[dre]

There were some really good answers to this question.

In particular, I liked the person who mentioned the NetPro
IDC design session (Cisco's SRND's are also really good).

Howard's new book will be interesting to check out.  His
other suggestions of checking out NANOG, RADB, RIPE,
etc are also dead on.

In addition, here are some other resources:

You also might want to check out Barry Greene / Philip Smith's
new CiscoPress book, "Cisco ISP Essentials" and the website,
http://www.ispbook.com/

The link on that website to Philip's NANOG presentation on
Multihoming is really good.  They also have some E-Learning
slides specifically on-topic (POP and ISP design).

Finally, here is another site that I found as an excellent resource:
http://www.isocws.isoc.org/index-old.htm

And the Cisco Networkers presentations are also very good.

-dre

""Chris Headings""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello all!
>
> Does anyone know of any books/material that would be geared more toward
ISP
> network design?  Looking for as much as I can find...
>
> Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43897&t=43836
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX 501 Ver 6.1 [7:43896]

[Jablonski, Michael]

I'm trying to configure ethernet 2-4 on a PIX 501 (3DES), but it comes back
saying only 2 interfaces are active.  When I do a show version it say
"maximum interfaces: 2"  Am I missing something or what?  Please lemme
know!!! 

Thanx,
mkj

~~~
Michael Jablonski
ABN AMRO Asset Management Holdings, Inc.
161 North Clark St.
9th Flr
Chicago, IL  60601-2468
PH: 312.884.2996 
FAX: 312.278.5550
~~~


This message (including any attachments) is confidential and may be 
privileged. If you have received it by mistake please notify the sender 
by return e-mail and delete this message from your system. Any 
unauthorized use or dissemination of this message in whole or in part 
is strictly prohibited. Please note that e-mails are susceptible to 
change. ABN AMRO Bank N.V. (including its group companies) shall not be 
responsible nor liable for the proper and complete transmission of the 
information contained in this communication nor for any delay in its 
receipt or damage to your system. ABN AMRO Bank N.V. (or its group 
companies) does not guarantee that the integrity of this communication 
has been maintained nor that this communication is free of viruses, 
interceptions or interference.





Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43896&t=43896
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCNP604-503 ( Routing Exam) [7:43895]

[rtiwari]

Hi Folks,
Next week I am going to give my
CCNP Routing (640-503) exam.Please give me your
suggestion like which area should I concentrate
more.
Thanks
Ravi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43895&t=43895
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISP Topology Design [7:43836]

[Irwan Hadi]

On Fri, May 10, 2002 at 02:40:13PM -0400, Howard C. Berkowitz wrote:

> >Hello all!
> >
> >Does anyone know of any books/material that would be geared more toward
ISP
> >network design?  Looking for as much as I can find...
> >
> >Thanks
> >
> >
> 
> My new book, "Building Service Provider Networks" from Wiley, should 
> be in bookstores around Memorial Day.  I don't yet have the ISBN.  It 
> specifically deals with ISP design.

I believe the ISBN is 0471099228
http://www.amazon.com/exec/obidos/ASIN/0471099228/qid=1021062282/sr=2-1/ref=sr_2_1/104-3571923-2859119




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43894&t=43836
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE Written Practice Questions [7:43893]

[Mark Godfrey]

Can somebody recommend some good CCIE pratice questions. Preferably low cost
as my company won't help pay for it.

MG

Network Engineer

RoadRunner High Speed Online




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43893&t=43893
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE Written Practice Questions [7:43891]

[Mark Godfrey]

Can somebody recommend some good CCIE pratice questions. Preferably low cost
as my company won't help pay for it.

MG
Network Engineer
RoadRunner High Speed Online




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43891&t=43891
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

R/S recert [7:43890]

[John Conzone]

Any sites, boards or study material for the CCIE R/S recert written tests?
Seems like an area thatno one has got covered.

Thanks!


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43890&t=43890
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ios question? [7:43882]

[Kent Yu]

George,

http://www.cisco.com/warp/customer/620/1.html

http://www.cisco.com/kobayashi/support/tac/t_index.shtml looking for
Software Advisor


You can always open a ticket with TAC to make sure you are choosing the
right/recommended version.


HTH
Kent


- Original Message -
From: "GEORGE" 
To: 
Sent: Friday, May 10, 2002 3:11 PM
Subject: ios question? [7:43882]


> I use Cisco routers  and switches  throughout my hole network,. I been
> learning as I go and read the posts here so  far I feel confident in
> operating certain hardware models .However, we I have a need to
> understand more is the ios, from what I read so far each model and
> depending on what you planning to configure you would need a certain
> ios, being that one would have the required flash and memory. My
> question is there are many ios out there for a particular model and most
> have for example 12.1(8a)E2 , whatever, which one should I choose, What
> does does number mean?. Can someone here explain me this, and if some
> one  has some links that goes over basic stuff it would be great




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43889&t=43882
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ios question? [7:43882]

[Craig Columbus]

Go to Cisco's website.

There's a link called the ABC's of IOS.  I'm sure there's more than you'd 
ever want to know here:

http://www.cisco.com/warp/public/732/abc/

Regards,
Craig


At 03:11 PM 5/10/2002 -0400, you wrote:
>I use Cisco routers  and switches  throughout my hole network,. I been
>learning as I go and read the posts here so  far I feel confident in
>operating certain hardware models .However, we I have a need to
>understand more is the ios, from what I read so far each model and
>depending on what you planning to configure you would need a certain
>ios, being that one would have the required flash and memory. My
>question is there are many ios out there for a particular model and most
>have for example 12.1(8a)E2 , whatever, which one should I choose, What
>does does number mean?. Can someone here explain me this, and if some
>one  has some links that goes over basic stuff it would be great




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43887&t=43882
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco Certification Digest V2 #2069 (Vacation) [7:43886]

[Stephen Siu]

I will be on vacation from 5-7-02 to 5-22-02.  Any matter regarding network
management please forward to Bob Taylor @ 213-979-0032.  Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43886&t=43886
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: encapsulation failure on an 806 router [7:43813]

[dj]

It is actually very basic.  If someone can run this test on their Cisco 806
and report
their findings.  I can see the problem by just doing the following:

erase startup-config
reload
assign IP addresses to both Ethernet interfaces
connect my laptop to E0 (4 port LAN hub)
connect ISP router to E1 (WAN port)
I can ping everything just fine and get out to the Internet once I set up
the default
route

Now I swap the ethernet cables where
laptop on E1 (WAN port)
ISP router on E0 (4 port hub),
then I swap IP addresses at the 806 Ethernet interfaces

now
-laptop can ping both 806 Ethernet ports
-806 can ping laptop,
-but neither laptop nor 806 can ping ISP router, nor ISP router can ping 806
-when I turn on "Debug Ip Packet", I get the message "encapsulation failure"
while
sending packets to E0 and I also see no packets on the wire with my sniffer.
-when I do a show interface on the 806 router, encapsulation is set to ARPA
for both
Ethernet ports.

One other piece of information I find unusual is that I get an UP/UP
indication when I
do a show ethernet 0 (on 4 port LAN hub), even when there are no cables
connected to any
of the 4 ports.

regards,
dj


John Huston wrote:

> cut and paste your config in here so we can see what are doing.
>
> ""Dimitrije""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Got an 806 router with two Ethernet interfaces used for broadband access
to
> > the
> > Internet.  Ethernet 1 is typically the WAN interface pointing towards the
> > Internet router, while  Ethernet 0 is a 4-port hub used for the local
LAN.
> >
> > Everything works properly when the 806 is configured in the conventional
> way,
> > with WAN pointing toward Internet router.
> >
> > However, I have a VPN appliance (with dual Ethernet ports) that needs to
be
> > in
> > parallel to the 806.  So I wanted to set-up the 806 with Ethernet 0 (4
port
> > hub)
> > pointing toward the Internet router along with the public side of the VPN
> > applicance while Ethernet 1 of the 806 connected to the corporate LAN
> switch
> > along with the private side of the VPN.
> >
> > When I turn the 806 around like this, I get an "encapsulation failure"
> > message
> > during debug ip packet when sending data over the Ethernet 0 (4 port hub
> > connected to the Internet router), thus no packets get sent out that
> > Interface.
> > I get this error even after I do erase startup-config, reload and only
> > assign IP
> > addresses to the Ethernet Interfaces.  I am not using PPPoe and my
> > encapsulation
> > type shows ARPA when I display a show interface for both Ethernet ports.
> >
> > any thoughts??
> > dj




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43885&t=43813
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ws-x6516-GE-TX: Auto discovery X-over? [7:43876]

[MADMAN]

I think the issue is not the link, you can get a link light with
either, it the tx-tx, rx-rx  that is the problem with the wrong cable. 
IOW the wire responsible for link doesn't change.

  Dave

Jeffrey Reed wrote:
> 
> We were playing with a WS-X6516-GE-TX in the lab and someone used a
> cross-over cable to connect a PC. We received a LINK, even though it was
> PC-to-switch. We had the same results with a straight patch cable.  Can any
> confirm these are auto sensing transmit and receive pairs of a CAT5 cable
> and adjusting accordingly?
> 
> Thanks!!
> 
> Jeffrey Reed
> Classic Networking, Inc.
> Cell 717-805-5536
> Office 717-737-8586
> FAX 717-737-0290
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43884&t=43876
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: dual-homed hosts problems [7:43677]

[gragido]

LOL.  OSPF is a wonderful thing, remember that life has a funny way of
punishing those who can't recognize its little gifts, you could be working
with IS-IS .

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Priscilla Oppenheimer
Sent: Friday, May 10, 2002 1:43 PM
To: [EMAIL PROTECTED]
Subject: RE: dual-homed hosts problems [7:43677]


Sob as in cry! OSPF makes me cry. ;-)

At 07:15 PM 5/10/02, Rah Hussain wrote:
>Priscilla,
>That's not very lady like ;-) Just kidding too :-)
>
>Rah
>
>-Original Message-
>From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
>Sent: 10 May 2002 17:58
>To: [EMAIL PROTECTED]
>Subject: Re: dual-homed hosts problems [7:43677]
>
>At 12:35 PM 5/10/02, Maximus wrote:
> >Sorry list members, the spell-checker changed OSPF to SOP.
>
>I think OSPF should be SOB. Just kidding! :-)
>
>Priscilla
>
>
> >- Original Message -
> >From: "Maximus"
> >To:
> >Sent: Friday, May 10, 2002 12:40 PM
> >Subject: Re: dual-homed hosts problems [7:43677]
> >
> >
> > > I may be wrong but your friend is using a routing protocol and
therefore
> >the
> > > below would not apply to the scenario.
> > > As for running SOP on the server IMHO it would be overkill for this
> >specific
> > > situation.  "Keep it simple."
> > > Would I run SOP on a server?
> > > Depends on why I had the server built in the first place.  Have a nice
> >day!
> > >
> > > - Original Message -
> > > From: "Jeffrey Reed"
> > > To:
> > > Sent: Friday, May 10, 2002 8:27 AM
> > > Subject: RE: dual-homed hosts problems [7:43677]
> > >
> > >
> > > > I just talked to someone yesterday who said they are running OSPF on
>the
> > > > WIN2000 servers and using dual NICs effectively. Is this a better
way
>to
> > > > dual home servers?
> > > >
> > > > Jeffrey Reed
> > > > Classic Networking, Inc.
> > > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf
Of
> > > Galo
> > > > Villacis
> > > > Sent: Thursday, May 09, 2002 7:18 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Re: dual-homed hosts problems [7:43677]
> > > >
> > > > I believe your issue may relate to the single IP stack on 2000.  Try
> > > > defaulting traffic to the internet and adding a static route to the
> > > internal
> > > > network opposed to specifying the gateway on the internal IP
>interface.
> > > > Also I would go as far as disabling any NETBIOS on the external
> >interface
> > > > for security.
> > > >
> > > > cmd would be:
> > > >
> > > > route add -p Network Mask Gateway
> > > >
> > > > - Original Message -
> > > > From: "Henrique Duarte"
> > > > To:
> > > > Sent: Thursday, May 09, 2002 5:48 PM
> > > > Subject: Re: dual-homed hosts problems [7:43677]
> > > >
> > > >
> > > > > Bulent,
> > > > >
> > > > > Thank you for the reply.  I am afraid you may have misunderstood
>this
> > > > > problem.  Allow me to be more clear:
> > > > >
> > > > >
> > > > >   192.168.0.1 - 192.168.0.150 - Host A -
> >128.59.39.3
> > > > >   |
>(dual
> > > > homed
> > > > > server)
> > > > >   |
> > > > > |
> > > > >   |
> > > > > |
> > > > >   |
> > > > > 128.59.39.2
> > > > > router A
> >router
> > > > > C  Internet
> > > > >   |
> > > > > 192.168.1.1
> > > > >  |
> > > > >  |
> > > > >T1
> > > > >  |
> > > > >  |
> > > > > 192.168.1.2
> > > > >  |
> > > > > router B
> > > > >  |
> > > > > 192.168.2.1
> > > > >
> > > > >
> > > > > The problem happens on Host A.  Host A is a WebServer with  2
> > > interfaces:
> > > > a
> > > > > public (which goes out to the internet) and a private (which talks
>to
> > > the
> > > > > database).  The private interface has IP 192.168.0.150 and default
>GW
> > > > > 192.168.0.1.  The public has ip 128.59.39.3 and default GW
> >128.59.39.2.
> > > > > Everything works fine if I leave the private interface's default
GW
> > > blank.
> > > > > If I put Router C's address as the private interface's default
> >gateway,
> > > > > after some time I cannot ping anywhere from Host A, even though I
>can
> > > ping
> > > > > it from the outside world.  I need to have the private interface
> > > > configured
> > > > > with 192.168.0.1 as the default GW because remote users need to be
> >able
> > > to
> > > > > connect to that server via the back-end T1.  Any light would be
> >greatly
> > > > > appreciated.
> > > > >
> > > > > Thanks,
> > > > >
> > > > > -H
> > > > >
> > > > >
> > > > > - Original Message -
> > > > > From: "B|lent ^ahin"
> > > > > To:
> > > > > Sent: Thursday, May 09, 2002 3:17 AM
> > > > > Subject: RE: dual-homed hosts problems [7:43677]
> > > > >
> > > > >
> > > > > > When configuring ethernet interfaces on MS environment, you have
> >three
> > > > > blank
> > > > > > spaces to fill: IP_address, Subnet_mask and Default_gateway. So
>the
> > > > people
> > > > > > start to think every ethernet interface as a router: "This
>interface
> 

ios question? [7:43882]

[GEORGE]

I use Cisco routers  and switches  throughout my hole network,. I been
learning as I go and read the posts here so  far I feel confident in
operating certain hardware models .However, we I have a need to
understand more is the ios, from what I read so far each model and
depending on what you planning to configure you would need a certain
ios, being that one would have the required flash and memory. My
question is there are many ios out there for a particular model and most
have for example 12.1(8a)E2 , whatever, which one should I choose, What
does does number mean?. Can someone here explain me this, and if some
one  has some links that goes over basic stuff it would be great




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43882&t=43882
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: dual-homed hosts problems [7:43677]

[Rah Hussain]

Oh I see hehehe

Rah

-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] 
Sent: 10 May 2002 19:43
To: [EMAIL PROTECTED]
Subject: RE: dual-homed hosts problems [7:43677]

Sob as in cry! OSPF makes me cry. ;-)

At 07:15 PM 5/10/02, Rah Hussain wrote:
>Priscilla,
>That's not very lady like ;-) Just kidding too :-)
>
>Rah
>
>-Original Message-
>From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
>Sent: 10 May 2002 17:58
>To: [EMAIL PROTECTED]
>Subject: Re: dual-homed hosts problems [7:43677]
>
>At 12:35 PM 5/10/02, Maximus wrote:
> >Sorry list members, the spell-checker changed OSPF to SOP.
>
>I think OSPF should be SOB. Just kidding! :-)
>
>Priscilla
>
>
> >- Original Message -
> >From: "Maximus"
> >To:
> >Sent: Friday, May 10, 2002 12:40 PM
> >Subject: Re: dual-homed hosts problems [7:43677]
> >
> >
> > > I may be wrong but your friend is using a routing protocol and
therefore
> >the
> > > below would not apply to the scenario.
> > > As for running SOP on the server IMHO it would be overkill for this
> >specific
> > > situation.  "Keep it simple."
> > > Would I run SOP on a server?
> > > Depends on why I had the server built in the first place.  Have a nice
> >day!
> > >
> > > - Original Message -
> > > From: "Jeffrey Reed"
> > > To:
> > > Sent: Friday, May 10, 2002 8:27 AM
> > > Subject: RE: dual-homed hosts problems [7:43677]
> > >
> > >
> > > > I just talked to someone yesterday who said they are running OSPF on
>the
> > > > WIN2000 servers and using dual NICs effectively. Is this a better
way
>to
> > > > dual home servers?
> > > >
> > > > Jeffrey Reed
> > > > Classic Networking, Inc.
> > > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf
Of
> > > Galo
> > > > Villacis
> > > > Sent: Thursday, May 09, 2002 7:18 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Re: dual-homed hosts problems [7:43677]
> > > >
> > > > I believe your issue may relate to the single IP stack on 2000.  Try
> > > > defaulting traffic to the internet and adding a static route to the
> > > internal
> > > > network opposed to specifying the gateway on the internal IP
>interface.
> > > > Also I would go as far as disabling any NETBIOS on the external
> >interface
> > > > for security.
> > > >
> > > > cmd would be:
> > > >
> > > > route add -p Network Mask Gateway
> > > >
> > > > - Original Message -
> > > > From: "Henrique Duarte"
> > > > To:
> > > > Sent: Thursday, May 09, 2002 5:48 PM
> > > > Subject: Re: dual-homed hosts problems [7:43677]
> > > >
> > > >
> > > > > Bulent,
> > > > >
> > > > > Thank you for the reply.  I am afraid you may have misunderstood
>this
> > > > > problem.  Allow me to be more clear:
> > > > >
> > > > >
> > > > >   192.168.0.1 - 192.168.0.150 - Host A -
> >128.59.39.3
> > > > >   |
>(dual
> > > > homed
> > > > > server)
> > > > >   |
> > > > > |
> > > > >   |
> > > > > |
> > > > >   |
> > > > > 128.59.39.2
> > > > > router A
> >router
> > > > > C  Internet
> > > > >   |
> > > > > 192.168.1.1
> > > > >  |
> > > > >  |
> > > > >T1
> > > > >  |
> > > > >  |
> > > > > 192.168.1.2
> > > > >  |
> > > > > router B
> > > > >  |
> > > > > 192.168.2.1
> > > > >
> > > > >
> > > > > The problem happens on Host A.  Host A is a WebServer with  2
> > > interfaces:
> > > > a
> > > > > public (which goes out to the internet) and a private (which talks
>to
> > > the
> > > > > database).  The private interface has IP 192.168.0.150 and default
>GW
> > > > > 192.168.0.1.  The public has ip 128.59.39.3 and default GW
> >128.59.39.2.
> > > > > Everything works fine if I leave the private interface's default
GW
> > > blank.
> > > > > If I put Router C's address as the private interface's default
> >gateway,
> > > > > after some time I cannot ping anywhere from Host A, even though I
>can
> > > ping
> > > > > it from the outside world.  I need to have the private interface
> > > > configured
> > > > > with 192.168.0.1 as the default GW because remote users need to be
> >able
> > > to
> > > > > connect to that server via the back-end T1.  Any light would be
> >greatly
> > > > > appreciated.
> > > > >
> > > > > Thanks,
> > > > >
> > > > > -H
> > > > >
> > > > >
> > > > > - Original Message -
> > > > > From: "B|lent ^ahin"
> > > > > To:
> > > > > Sent: Thursday, May 09, 2002 3:17 AM
> > > > > Subject: RE: dual-homed hosts problems [7:43677]
> > > > >
> > > > >
> > > > > > When configuring ethernet interfaces on MS environment, you have
> >three
> > > > > blank
> > > > > > spaces to fill: IP_address, Subnet_mask and Default_gateway. So
>the
> > > > people
> > > > > > start to think every ethernet interface as a router: "This
>interface
> > > > will
> > > > > > route IP packets to the other interface, so the default gateway
of
> >the
> > > > > first
> > > > > > interface should be same as the IP address of the 

RE: ISP Topology Design [7:43836]

[Chris Headings]

Thanks!!!

We are an ISP in So. Cal.  We are gearing up to open other offices in
bewteen Arizona and Ca...

We are trying to decide what would be the best way of intergrating our ISP
network...like...

Should we just continue to use our one ASN and have all traffic come back to
the Global NOC, or should get new ASN's for each location???

Should we be using IS-IS, IBGP/EBGP, OSPF as the protocol to link all remote
locations???

Obviously cost in an issue, but throwing cost out the door, what is the
ideal way of linking ALL offices, using a good level of redundancy and great
preformance...

Regards,

Chris


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43850&t=43836
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Give up...Cannot ping from one spoke to anothe [7:43795]

[Nikolay Nikolov]

The ping problem is not related to the routing or OSPF protocol. Trying to
ping remote IP over FR with no frame map statement will cause of
encapsulation failure. The router doesn't know how to encapsulate the IP
packet in DLCI number.

Since you can not use frame map statement, the only option is to use
frame-relay interface-dlci xxx  command. This tells the router to encap. all
packets in DLCI xxx. But this doesn't work on the physical interface!! You
have to change the spoke FR interface to subinterface multipoint or
point-2-point (the second will involved IP redesign, separate net. for each
FR link to the  HUB router).


Nick


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Cisco Nuts
Sent: Thursday, May 09, 2002 8:15 PM
To: [EMAIL PROTECTED]
Subject: Give up...Cannot ping from one spoke to another?? [7:43795]


Hello,

I have RTA configed as a FR hub with multipoint subif. I have RTB, RTC and
RTE configed as spokes using only the serial intf. - FR network type
Non-Broadcast. Have 1 single FR map statement on the spokes pointing to the
hub. Have 3 map statements on the hub pointing back to each of the 3 spokes.

Have Ospf configed. Area 0 the FR network for the serials. Area 1 on RTA,
Area 10 on RTB and Area 4 on RTE each for the Ethernet side. Also have the
neighbor statement on each spoke pointing to the hub with a priority of 2.

A show ip route reveals all the OSPF networks (O IA routes) on each router.
I can only ping from the hub router RTA to networks on the spoke routers BUT
I cannot ping from one spoke router to a network on another spoke router
EVEN though the routes are in the routing table?

Why is that?

A CATCH: I am not allowed to use the ip ospf network command anywhere nor FR
map statements on each spoke pointing to the other spokes??

What is the way that will allow me to ping from RTB to RTC thru RTA the hub
router?

I tried the default-information originate on the hub rtr. RTA but this does
not seem to help - even though it installs a default route on each spoke
router.

I am giving up after tiring me eyes on CCO.

Anyone with any ideas?

Thank you for your help.





_
MSN Photos is the easiest way to share and print your photos:
http://photos.msn.com/support/worldwide.aspx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43871&t=43795
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE communication and services [7:43714]

[CiscoB]

Cool, I didnt know the ISP Dial qualification exam applied to the C&S lab
exam.  I'll have to schedule the C&S lab exam then.  Anyone else taking it?

thanks,
-Brad Ellis
CCIE#5796 (R&S / Security)
Network Learning Inc
[EMAIL PROTECTED]
www.optsys.net (Cisco hardware)

""nrf""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Allright. Sean Knox has pretty much nailed it on the head.  But let me try
> one more time.
>
> To become a R/S CCIE you must
> #1) pass the R/S written
> #2) pass the R/S lab
>
> To become a Security CCIE you must
> #1)pass the Security written
> #2) pass the Security lab
>
> To become a C/S CCIE you must
> #1)Pass one of 8 possible C/S writtens  - or - have passed either the old
> ISPDial or WAN-switching CCIE writtens back when they were still available
> (so if you have never done this, then unless you have a time machine, you
> cannot do it now)
> #2)Pass the C/S lab.
>
>
> Bottom line - the labs are absolutely NOT the same for all three, believe
> me.  I've tried all 3 labs, and they are significantly different.  There
are
> some base-level similarities, but beyond that they are quite divergent. If
> you don't believe me, read their descriptions:
>
> http://www.cisco.com/warp/public/625/ccie/certifications/services.html#4
> http://www.cisco.com/warp/public/625/ccie/certifications/routing.html#4
> http://www.cisco.com/warp/public/625/ccie/certifications/security.html#4
>
>
>
>
> ""Sean Knox""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > The lab is not the same for all three. As nrf has repeatedly tried to
tell
> > you, they are three SEPARATE tracks. To achieve the R/S CCIE, you need
to
> > pass the R/S written and the R/S CCIE Lab. To get your C/S CCIE, even if
> you
> > already have, say, you R/S CCIE *completed*, you still need to complete
> the
> > C/S written then take the C/S lab.
> >
> > Sean
> >
> > > -Original Message-
> > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > > Sent: Friday, May 10, 2002 5:07 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: CCIE communication and services [7:43714]
> > >
> > >
> > > Sorry, I guess that wasn't very clear. Suppose you attain an
> > > R/S CCIE and
> > > now wish to go for security or C/S. As the lab is the same
> > > for all three, is
> > > it necessary to keep retaking the lab or will the written be enough? I
> > > assume you probably do have to take the lab again, however
> > > since it is the
> > > same test you have already passed,it  just seems redundant.
> > >
> > > nrf wrote:
> > > >
> > > > Uh, what?  I don't understand your question.  If you're saying
> > > > that you're
> > > > thinking that you can just keep getting more than one C/S CCIE
> > > > by taking
> > > > that lab over and over again (but by passing different C/S
> > > > writtens), then
> > > > the answer is absolutely not.  Contrary to what many people
> > > > believe, there
> > > > are no different 'flavors' of the C/S.  There is only 1 C/S
> > > > CCIE, and you're
> > > > either a C/S CCIE or you're not.   And really, this makes
> > > > perfect sense,
> > > > since there is only one unified C/S lab which every C/S
> > > > candidate takes, no
> > > > matter which written he/she passed.
> > > >
> > > >
> > > >
> > > >
> > > > ""Jason Owens""  wrote in message
> > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > > Based on your post above, as the lab is the same general
> > > > knowledge, would
> > > > > you need to keep taking it, providing you have passed it
> > > > once, to get more
> > > > > than one CCIE? Or would the various written exams suffice?
> > > > Just curious.
> > > [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43874&t=43714
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Give up...Cannot ping from one spoke to anothe [7:43795]

[Rob Ehlers]

Sounds like bootcamp lab #1 to me... heh.

Try policy-based routing on the frame interfaces of the spokes.

You want it to change the next hop to point back to the hub router's IP...


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43808&t=43795
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISP Topology Design [7:43836]

[Chris Headings]

Thanks to everyone!!!

Chris


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43880&t=43836
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Give up...Cannot ping from one spoke to another?? [7:43795]

[Tom Petzold]

If you don't have map statement at the spokes this will not work.  Basically
what you are missing is the layer 2 to layer 3 mapping.  Just like ARP on
ethernet the router needs to map a layer 3 address to a layer 2 address.  In
this case you do it with a map statement which links the IP address with the
layer 2 DLCI.

Using frame map statements you would point all the spoke IPs to the DLCI
going to the hub.  So the trick here is what else can you use to do this?
Take a look at policy routing.  Policy routing can force all traffic going
to the spokes through the hub can't it?

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Cisco Nuts
Sent: Thursday, May 09, 2002 9:15 PM
To: [EMAIL PROTECTED]
Subject: Give up...Cannot ping from one spoke to another?? [7:43795]


Hello,

I have RTA configed as a FR hub with multipoint subif. I have RTB, RTC and
RTE configed as spokes using only the serial intf. - FR network type
Non-Broadcast. Have 1 single FR map statement on the spokes pointing to the
hub. Have 3 map statements on the hub pointing back to each of the 3 spokes.

Have Ospf configed. Area 0 the FR network for the serials. Area 1 on RTA,
Area 10 on RTB and Area 4 on RTE each for the Ethernet side. Also have the
neighbor statement on each spoke pointing to the hub with a priority of 2.

A show ip route reveals all the OSPF networks (O IA routes) on each router.
I can only ping from the hub router RTA to networks on the spoke routers BUT
I cannot ping from one spoke router to a network on another spoke router
EVEN though the routes are in the routing table?

Why is that?

A CATCH: I am not allowed to use the ip ospf network command anywhere nor FR
map statements on each spoke pointing to the other spokes??

What is the way that will allow me to ping from RTB to RTC thru RTA the hub
router?

I tried the default-information originate on the hub rtr. RTA but this does
not seem to help - even though it installs a default route on each spoke
router.

I am giving up after tiring me eyes on CCO.

Anyone with any ideas?

Thank you for your help.





_
MSN Photos is the easiest way to share and print your photos:
http://photos.msn.com/support/worldwide.aspx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43865&t=43795
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Tag Switching [7:43830]

[[EMAIL PROTECTED]]

Not supported.

Eric Lange
651-205-1329


   

   
James

cc:
Sent by: Subject: Tag Switching
[7:43830]
   
nobody@groups
   
tudy.com
   

   

   
05/10/2002
09:22
AM
   
Please
respond
to
   
James
   

   





Hello all

This  is a rephrase of my previous question on MPLS.
Does anyone know if it is possible to use
Tag-switching on 2500 platforms ? I have tried using
tag-switching ip interface command on 2511s on a test
lab but the command is not available. Is there a
different IOS version that I need, I am running on
12.2 enterprise ? Any info on this is greatly
appreciated.

Thank you

James

__
Do You Yahoo!?
Yahoo! Shopping - Mother's Day is May 12th!
http://shopping.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43878&t=43830
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: dual-homed hosts problems [7:43677]

[Priscilla Oppenheimer]

Sob as in cry! OSPF makes me cry. ;-)

At 07:15 PM 5/10/02, Rah Hussain wrote:
>Priscilla,
>That's not very lady like ;-) Just kidding too :-)
>
>Rah
>
>-Original Message-
>From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
>Sent: 10 May 2002 17:58
>To: [EMAIL PROTECTED]
>Subject: Re: dual-homed hosts problems [7:43677]
>
>At 12:35 PM 5/10/02, Maximus wrote:
> >Sorry list members, the spell-checker changed OSPF to SOP.
>
>I think OSPF should be SOB. Just kidding! :-)
>
>Priscilla
>
>
> >- Original Message -
> >From: "Maximus"
> >To:
> >Sent: Friday, May 10, 2002 12:40 PM
> >Subject: Re: dual-homed hosts problems [7:43677]
> >
> >
> > > I may be wrong but your friend is using a routing protocol and
therefore
> >the
> > > below would not apply to the scenario.
> > > As for running SOP on the server IMHO it would be overkill for this
> >specific
> > > situation.  "Keep it simple."
> > > Would I run SOP on a server?
> > > Depends on why I had the server built in the first place.  Have a nice
> >day!
> > >
> > > - Original Message -
> > > From: "Jeffrey Reed"
> > > To:
> > > Sent: Friday, May 10, 2002 8:27 AM
> > > Subject: RE: dual-homed hosts problems [7:43677]
> > >
> > >
> > > > I just talked to someone yesterday who said they are running OSPF on
>the
> > > > WIN2000 servers and using dual NICs effectively. Is this a better way
>to
> > > > dual home servers?
> > > >
> > > > Jeffrey Reed
> > > > Classic Networking, Inc.
> > > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf
Of
> > > Galo
> > > > Villacis
> > > > Sent: Thursday, May 09, 2002 7:18 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Re: dual-homed hosts problems [7:43677]
> > > >
> > > > I believe your issue may relate to the single IP stack on 2000.  Try
> > > > defaulting traffic to the internet and adding a static route to the
> > > internal
> > > > network opposed to specifying the gateway on the internal IP
>interface.
> > > > Also I would go as far as disabling any NETBIOS on the external
> >interface
> > > > for security.
> > > >
> > > > cmd would be:
> > > >
> > > > route add -p Network Mask Gateway
> > > >
> > > > - Original Message -
> > > > From: "Henrique Duarte"
> > > > To:
> > > > Sent: Thursday, May 09, 2002 5:48 PM
> > > > Subject: Re: dual-homed hosts problems [7:43677]
> > > >
> > > >
> > > > > Bulent,
> > > > >
> > > > > Thank you for the reply.  I am afraid you may have misunderstood
>this
> > > > > problem.  Allow me to be more clear:
> > > > >
> > > > >
> > > > >   192.168.0.1 - 192.168.0.150 - Host A -
> >128.59.39.3
> > > > >   |
>(dual
> > > > homed
> > > > > server)
> > > > >   |
> > > > > |
> > > > >   |
> > > > > |
> > > > >   |
> > > > > 128.59.39.2
> > > > > router A
> >router
> > > > > C  Internet
> > > > >   |
> > > > > 192.168.1.1
> > > > >  |
> > > > >  |
> > > > >T1
> > > > >  |
> > > > >  |
> > > > > 192.168.1.2
> > > > >  |
> > > > > router B
> > > > >  |
> > > > > 192.168.2.1
> > > > >
> > > > >
> > > > > The problem happens on Host A.  Host A is a WebServer with  2
> > > interfaces:
> > > > a
> > > > > public (which goes out to the internet) and a private (which talks
>to
> > > the
> > > > > database).  The private interface has IP 192.168.0.150 and default
>GW
> > > > > 192.168.0.1.  The public has ip 128.59.39.3 and default GW
> >128.59.39.2.
> > > > > Everything works fine if I leave the private interface's default GW
> > > blank.
> > > > > If I put Router C's address as the private interface's default
> >gateway,
> > > > > after some time I cannot ping anywhere from Host A, even though I
>can
> > > ping
> > > > > it from the outside world.  I need to have the private interface
> > > > configured
> > > > > with 192.168.0.1 as the default GW because remote users need to be
> >able
> > > to
> > > > > connect to that server via the back-end T1.  Any light would be
> >greatly
> > > > > appreciated.
> > > > >
> > > > > Thanks,
> > > > >
> > > > > -H
> > > > >
> > > > >
> > > > > - Original Message -
> > > > > From: "B|lent ^ahin"
> > > > > To:
> > > > > Sent: Thursday, May 09, 2002 3:17 AM
> > > > > Subject: RE: dual-homed hosts problems [7:43677]
> > > > >
> > > > >
> > > > > > When configuring ethernet interfaces on MS environment, you have
> >three
> > > > > blank
> > > > > > spaces to fill: IP_address, Subnet_mask and Default_gateway. So
>the
> > > > people
> > > > > > start to think every ethernet interface as a router: "This
>interface
> > > > will
> > > > > > route IP packets to the other interface, so the default gateway
of
> >the
> > > > > first
> > > > > > interface should be same as the IP address of the second
> >interface.",
> > > > but
> > > > > > there is one router on the PC: CPU. Try to configure only one
> >default
> > > > > > gateway. You can use the command "route print" to see what
happens
> > > 

Re: ISP Topology Design [7:43836]

[Howard C. Berkowitz]

>Hello all!
>
>Does anyone know of any books/material that would be geared more toward ISP
>network design?  Looking for as much as I can find...
>
>Thanks
>
>

My new book, "Building Service Provider Networks" from Wiley, should 
be in bookstores around Memorial Day.  I don't yet have the ISBN.  It 
specifically deals with ISP design.

In the meantime, do look at the archives at www.nanog.org, 
www.ripe.net, and www.radb.net.

-- 
"What Problem are you trying to solve?"
***send Cisco questions to the list, so all can benefit -- not 
directly to me***

Howard C. Berkowitz  [EMAIL PROTECTED]
Chief Technology Officer, GettLab/Gett Communications http://www.gettlabs.com
Technical Director, CertificationZone.com http://www.certificationzone.com
"retired" Certified Cisco Systems Instructor (CID) #93005




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43877&t=43836
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ws-x6516-GE-TX: Auto discovery X-over? [7:43876]

[Jeffrey Reed]

We were playing with a WS-X6516-GE-TX in the lab and someone used a
cross-over cable to connect a PC. We received a LINK, even though it was
PC-to-switch. We had the same results with a straight patch cable.  Can any
confirm these are auto sensing transmit and receive pairs of a CAT5 cable
and adjusting accordingly?

Thanks!!

Jeffrey Reed
Classic Networking, Inc.
Cell 717-805-5536
Office 717-737-8586
FAX 717-737-0290




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43876&t=43876
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: dual-homed hosts problems [7:43677]

[Rah Hussain]

Priscilla,
That's not very lady like ;-) Just kidding too :-)

Rah

-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] 
Sent: 10 May 2002 17:58
To: [EMAIL PROTECTED]
Subject: Re: dual-homed hosts problems [7:43677]

At 12:35 PM 5/10/02, Maximus wrote:
>Sorry list members, the spell-checker changed OSPF to SOP.

I think OSPF should be SOB. Just kidding! :-)

Priscilla


>- Original Message -
>From: "Maximus"
>To:
>Sent: Friday, May 10, 2002 12:40 PM
>Subject: Re: dual-homed hosts problems [7:43677]
>
>
> > I may be wrong but your friend is using a routing protocol and therefore
>the
> > below would not apply to the scenario.
> > As for running SOP on the server IMHO it would be overkill for this
>specific
> > situation.  "Keep it simple."
> > Would I run SOP on a server?
> > Depends on why I had the server built in the first place.  Have a nice
>day!
> >
> > - Original Message -
> > From: "Jeffrey Reed"
> > To:
> > Sent: Friday, May 10, 2002 8:27 AM
> > Subject: RE: dual-homed hosts problems [7:43677]
> >
> >
> > > I just talked to someone yesterday who said they are running OSPF on
the
> > > WIN2000 servers and using dual NICs effectively. Is this a better way
to
> > > dual home servers?
> > >
> > > Jeffrey Reed
> > > Classic Networking, Inc.
> > >
> > > -Original Message-
> > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Galo
> > > Villacis
> > > Sent: Thursday, May 09, 2002 7:18 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: dual-homed hosts problems [7:43677]
> > >
> > > I believe your issue may relate to the single IP stack on 2000.  Try
> > > defaulting traffic to the internet and adding a static route to the
> > internal
> > > network opposed to specifying the gateway on the internal IP
interface.
> > > Also I would go as far as disabling any NETBIOS on the external
>interface
> > > for security.
> > >
> > > cmd would be:
> > >
> > > route add -p Network Mask Gateway
> > >
> > > - Original Message -
> > > From: "Henrique Duarte"
> > > To:
> > > Sent: Thursday, May 09, 2002 5:48 PM
> > > Subject: Re: dual-homed hosts problems [7:43677]
> > >
> > >
> > > > Bulent,
> > > >
> > > > Thank you for the reply.  I am afraid you may have misunderstood
this
> > > > problem.  Allow me to be more clear:
> > > >
> > > >
> > > >   192.168.0.1 - 192.168.0.150 - Host A -
>128.59.39.3
> > > >   | 
(dual
> > > homed
> > > > server)
> > > >   |
> > > > |
> > > >   |
> > > > |
> > > >   |
> > > > 128.59.39.2
> > > > router A
>router
> > > > C  Internet
> > > >   |
> > > > 192.168.1.1
> > > >  |
> > > >  |
> > > >T1
> > > >  |
> > > >  |
> > > > 192.168.1.2
> > > >  |
> > > > router B
> > > >  |
> > > > 192.168.2.1
> > > >
> > > >
> > > > The problem happens on Host A.  Host A is a WebServer with  2
> > interfaces:
> > > a
> > > > public (which goes out to the internet) and a private (which talks
to
> > the
> > > > database).  The private interface has IP 192.168.0.150 and default
GW
> > > > 192.168.0.1.  The public has ip 128.59.39.3 and default GW
>128.59.39.2.
> > > > Everything works fine if I leave the private interface's default GW
> > blank.
> > > > If I put Router C's address as the private interface's default
>gateway,
> > > > after some time I cannot ping anywhere from Host A, even though I
can
> > ping
> > > > it from the outside world.  I need to have the private interface
> > > configured
> > > > with 192.168.0.1 as the default GW because remote users need to be
>able
> > to
> > > > connect to that server via the back-end T1.  Any light would be
>greatly
> > > > appreciated.
> > > >
> > > > Thanks,
> > > >
> > > > -H
> > > >
> > > >
> > > > - Original Message -
> > > > From: "B|lent ^ahin"
> > > > To:
> > > > Sent: Thursday, May 09, 2002 3:17 AM
> > > > Subject: RE: dual-homed hosts problems [7:43677]
> > > >
> > > >
> > > > > When configuring ethernet interfaces on MS environment, you have
>three
> > > > blank
> > > > > spaces to fill: IP_address, Subnet_mask and Default_gateway. So
the
> > > people
> > > > > start to think every ethernet interface as a router: "This
interface
> > > will
> > > > > route IP packets to the other interface, so the default gateway of
>the
> > > > first
> > > > > interface should be same as the IP address of the second
>interface.",
> > > but
> > > > > there is one router on the PC: CPU. Try to configure only one
>default
> > > > > gateway. You can use the command "route print" to see what happens
> > when
> > > > you
> > > > > configure two or more default gateways.
> > > > >
> > > > > Bulent
> > > > >
> > > > >
> > > > > -Original Message-
> > > > > From: Henrique Duarte [mailto:[EMAIL PROTECTED]]
> > > > > Sent: Thursday, May 09, 2002 12:39 AM
> > > > > To: [EMAIL PROTECTED]
> > > > > Subject: dual-homed hosts problems [7:4

Re: Give up...Cannot ping from one spoke to another?? [7:43795]

[Scott H.]

Define an acl on each spoke with all of the remote networks ie:

access-list 100 permit any (ip of remote network)

Do this for each of the remote networks.  Then define a route map matching
on that access list and set the next hop to the ip of the hub router.  Apply
to the outgoing serial interface and don't forget to enable local policy
routing so you can ping from the router.  That should take care of it.

HTH,
Scott
""Cisco Nuts""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Yes, policy routing could very well be the solution without using FR map
> statements. But how would I go about doing this? I mean what kind of
policy
> routing needs to be in place on the spoke so that I can ping to the other
> spoke (going thru the Hub rtr). And thus, get to the Ethernets of the
spoke
> routers.
>
> The hub router is the only one that can get to the ethernets on the spokes
> and the spoke routers can ONLY get to the ethernet of the hub router not
to
> the ethernet of the other spoke.
>
> Could it be just static routes on the hub router pointing the next hop to
> the serial of the spoke router?
> I will try this.
>
> But any other ideas are gratefully appreciatedI have tired my eyes on
> CCO till 3:00am in the morning and still not find the freaking answer.
>
> Thank you.
>
>
> >From: Stephen Barlow
> >To: 'Cisco Nuts'
> >Subject: RE: Give up...Cannot ping from one spoke to another?? [7:43795]
> >Date: Fri, 10 May 2002 07:58:19 -0400
> >
> >I believe policy routing or frame maps on each spoke would solve it.  Is
> >the
> >next hop of the spokes the other spoke?  If yes, frame needs a layer 2
(or
> >routing) to get around this.
> >Hope it helps
> >
> >Steve
> >
> >-Original Message-
> >From: Cisco Nuts [mailto:[EMAIL PROTECTED]]
> >Sent: May 9, 2002 9:15 PM
> >To: [EMAIL PROTECTED]
> >Subject: Give up...Cannot ping from one spoke to another?? [7:43795]
> >
> >
> >Hello,
> >
> >I have RTA configed as a FR hub with multipoint subif. I have RTB, RTC
and
> >RTE configed as spokes using only the serial intf. - FR network type
> >Non-Broadcast. Have 1 single FR map statement on the spokes pointing to
the
> >hub. Have 3 map statements on the hub pointing back to each of the 3
> >spokes.
> >
> >Have Ospf configed. Area 0 the FR network for the serials. Area 1 on RTA,
> >Area 10 on RTB and Area 4 on RTE each for the Ethernet side. Also have
the
> >neighbor statement on each spoke pointing to the hub with a priority of
2.
> >
> >A show ip route reveals all the OSPF networks (O IA routes) on each
router.
> >I can only ping from the hub router RTA to networks on the spoke routers
> >BUT
> >
> >I cannot ping from one spoke router to a network on another spoke router
> >EVEN though the routes are in the routing table?
> >
> >Why is that?
> >
> >A CATCH: I am not allowed to use the ip ospf network command anywhere nor
> >FR
> >
> >map statements on each spoke pointing to the other spokes??
> >
> >What is the way that will allow me to ping from RTB to RTC thru RTA the
hub
> >router?
> >
> >I tried the default-information originate on the hub rtr. RTA but this
does
> >not seem to help - even though it installs a default route on each spoke
> >router.
> >
> >I am giving up after tiring me eyes on CCO.
> >
> >Anyone with any ideas?
> >
> >Thank you for your help.
> >
> >
> >
> >
> >
> >_
> >MSN Photos is the easiest way to share and print your photos:
> >http://photos.msn.com/support/worldwide.aspx
> >This e-mail message is intended only for the person or entity to which it
> >is addressed
> >and is confidential, subject to copyright and may be legally privileged.
> >Any
> >unauthorized review, use or disclosure is prohibited.  If you received
this
> >in error,
> >please contact the sender and delete all copies of the e-mail together
with
> >any
> >attachments.
> >
>
>
>
>
>
>
> _
> MSN Photos is the easiest way to share and print your photos:
> http://photos.msn.com/support/worldwide.aspx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43873&t=43795
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Need help on crtl-shift-6 [7:43844]

[Joupin]

Hi , you should press ctrl+shift+6+x many times




""Kenneth Yeung""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I found it difficult to use crtl-shift-6 to get back the terminal server.
> Sometimes okay but sometimes not!
> Can anyone help me?  Can I change this with a simplier key?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43868&t=43844
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: why "ip inspect" block my traffic? [7:43802]

[Don Nguyen]

You need to apply your IP inspect in the opposite direction of your external
interfaces ACL.  So, if you have an ACL applied inbound on your external
interface you need to apply your IP Inspect list outbound.  The reason
being, CBAC will inspect your outbound packets and then dynamically insert
"permit" entries at the top of your inbound ACL to allow traffic flow that's
part of the same session back in to your network.

HTH,

Don Nguyen


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43872&t=43802
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Need help on crtl-shift-6 [7:43844]

[Marko Milivojevic]

> I found it difficult to use crtl-shift-6 to get back the 
> terminal server. 
> Sometimes okay but sometimes not!
> Can anyone help me?  Can I change this with a simplier key?

You can set it to escape by doing this:


line vty 0 4
 escape-character 27
!

Same apples if you want to set it for console access.

line con 0
 escape-character 27
!

Marko.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43870&t=43844
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISP Topology Design [7:43836]

[Greene, Patrick]

Check out the Tech Talk at 
http://forums.cisco.com/eforum/servlet/NetProf?page=Emerging_Technologies_discussion
on Internet Data Center Design...it may be of some use.
 
Patrick

-Original Message- 
From: Chris Headings [mailto:[EMAIL PROTECTED]] 
Sent: Fri 5/10/2002 11:52 AM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: ISP Topology Design [7:43836]



Hello all!

Does anyone know of any books/material that would be geared more toward ISP
network design?  Looking for as much as I can find...

Thanks


Chris




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43869&t=43836
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Give up...Cannot ping from one spoke to another?? [7:43795]

[Cisco Nuts]

Yes, policy routing could very well be the solution without using FR map 
statements. But how would I go about doing this? I mean what kind of policy 
routing needs to be in place on the spoke so that I can ping to the other 
spoke (going thru the Hub rtr). And thus, get to the Ethernets of the spoke 
routers.

The hub router is the only one that can get to the ethernets on the spokes 
and the spoke routers can ONLY get to the ethernet of the hub router not to 
the ethernet of the other spoke.

Could it be just static routes on the hub router pointing the next hop to 
the serial of the spoke router?
I will try this.

But any other ideas are gratefully appreciatedI have tired my eyes on 
CCO till 3:00am in the morning and still not find the freaking answer.

Thank you.


>From: Stephen Barlow 
>To: 'Cisco Nuts' 
>Subject: RE: Give up...Cannot ping from one spoke to another?? [7:43795]
>Date: Fri, 10 May 2002 07:58:19 -0400
>
>I believe policy routing or frame maps on each spoke would solve it.  Is 
>the
>next hop of the spokes the other spoke?  If yes, frame needs a layer 2 (or
>routing) to get around this.
>Hope it helps
>
>Steve
>
>-Original Message-
>From: Cisco Nuts [mailto:[EMAIL PROTECTED]]
>Sent: May 9, 2002 9:15 PM
>To: [EMAIL PROTECTED]
>Subject: Give up...Cannot ping from one spoke to another?? [7:43795]
>
>
>Hello,
>
>I have RTA configed as a FR hub with multipoint subif. I have RTB, RTC and
>RTE configed as spokes using only the serial intf. - FR network type
>Non-Broadcast. Have 1 single FR map statement on the spokes pointing to the
>hub. Have 3 map statements on the hub pointing back to each of the 3 
>spokes.
>
>Have Ospf configed. Area 0 the FR network for the serials. Area 1 on RTA,
>Area 10 on RTB and Area 4 on RTE each for the Ethernet side. Also have the
>neighbor statement on each spoke pointing to the hub with a priority of 2.
>
>A show ip route reveals all the OSPF networks (O IA routes) on each router.
>I can only ping from the hub router RTA to networks on the spoke routers 
>BUT
>
>I cannot ping from one spoke router to a network on another spoke router
>EVEN though the routes are in the routing table?
>
>Why is that?
>
>A CATCH: I am not allowed to use the ip ospf network command anywhere nor 
>FR
>
>map statements on each spoke pointing to the other spokes??
>
>What is the way that will allow me to ping from RTB to RTC thru RTA the hub
>router?
>
>I tried the default-information originate on the hub rtr. RTA but this does
>not seem to help - even though it installs a default route on each spoke
>router.
>
>I am giving up after tiring me eyes on CCO.
>
>Anyone with any ideas?
>
>Thank you for your help.
>
>
>
>
>
>_
>MSN Photos is the easiest way to share and print your photos:
>http://photos.msn.com/support/worldwide.aspx
>This e-mail message is intended only for the person or entity to which it 
>is addressed
>and is confidential, subject to copyright and may be legally privileged.  
>Any
>unauthorized review, use or disclosure is prohibited.  If you received this 
>in error,
>please contact the sender and delete all copies of the e-mail together with 
>any
>attachments.
>






_
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43867&t=43795
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Give up...Cannot ping from one spoke to another?? [7:43795]

[Cisco Nuts]

No, I have not used the ip ospf network command on the spokes or the hub. 
All I have is 1 FR map statement and 1 neighbor statement on each spoke 
pointing to the hub rtr. Yes, the hub is the DR(with the command #neigbor 
10.10.1.1 priority 2 on the spokes)
NO, no redistribution of routes either.

>From what I can make out, the spoke routers are advertising the routes to 
the hub and then the hub router is advertising it out to the other spokes. 
This is why I see the networks in the routing table of all the routers. BUT, 
I cannot ping from one spoke to another and thus obviously, cannot ping from 
one ethernet of one spoke to the ethernet of another spoke.

Using FR map statments on the spoke routers is the solution. But the whole 
goal of this is NOT layer 3 to layer 2, Just a layer 3 routing 
solution...which obviously, I do not know how or what?

What could be the possible way for me to ping from one spoke to another 
WITHOUT using FR map statements??

Thank you for your help.




>From: "Greene, Patrick" 
>Reply-To: "Greene, Patrick" 
>To: [EMAIL PROTECTED]
>Subject: RE: Give up...Cannot ping from one spoke to another?? [7:43795]
>Date: Fri, 10 May 2002 09:26:38 -0400
>
>If are not using the "ip ospf network" command, then how are you
>advertising your routes, static route and then redistrubute static
>within OSPF?  When you do a show routes on one of the hub routers, are
>you seeing the routing table for all network in your WAN or just the 2
>network that router is connected to?
>
>Sincerely,
>Patrick J Greene
>
>
>
>-Original Message-
>From: Cisco Nuts [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, May 09, 2002 9:15 PM
>To: [EMAIL PROTECTED]
>Subject: Give up...Cannot ping from one spoke to another?? [7:43795]
>
>
>Hello,
>
>I have RTA configed as a FR hub with multipoint subif. I have RTB, RTC
>and
>RTE configed as spokes using only the serial intf. - FR network type
>Non-Broadcast. Have 1 single FR map statement on the spokes pointing to
>the
>hub. Have 3 map statements on the hub pointing back to each of the 3
>spokes.
>
>Have Ospf configed. Area 0 the FR network for the serials. Area 1 on
>RTA,
>Area 10 on RTB and Area 4 on RTE each for the Ethernet side. Also have
>the
>neighbor statement on each spoke pointing to the hub with a priority of
>2.
>
>A show ip route reveals all the OSPF networks (O IA routes) on each
>router.
>I can only ping from the hub router RTA to networks on the spoke routers
>BUT
>I cannot ping from one spoke router to a network on another spoke router
>
>EVEN though the routes are in the routing table?
>
>Why is that?
>
>A CATCH: I am not allowed to use the ip ospf network command anywhere
>nor FR
>map statements on each spoke pointing to the other spokes??
>
>What is the way that will allow me to ping from RTB to RTC thru RTA the
>hub
>router?
>
>I tried the default-information originate on the hub rtr. RTA but this
>does
>not seem to help - even though it installs a default route on each spoke
>
>router.
>
>I am giving up after tiring me eyes on CCO.
>
>Anyone with any ideas?
>
>Thank you for your help.
>
>
>
>
>
>_
>MSN Photos is the easiest way to share and print your photos:
>http://photos.msn.com/support/worldwide.aspx
_
Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43866&t=43795
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Give up...Cannot ping from one spoke to another?? [7:43795]

[Cisco Nuts]

That's the catch.I am not allowed to use the fr map statements pointing 
from one spoke to another.( as I mentioned in my initial mail).  That 
obviously would work!! :-)
Would you know of any way? I just cannot find the answer!!



>From: "eejioforManny" 
>To: "Cisco Nuts" 
>Subject: Re: Give up...Cannot ping from one spoke to another?? [7:43795]
>Date: Fri, 10 May 2002 06:53:42 -0400
>
>CISCONUT
>You need a mapping statement from each of the spoke to the other 2 spoke 
>for
>your ping to work since there is no direct pvc connectivity between the
>apokes.
>
>Try that and let the group know you made out
>
>Thanks
>- Original Message -
>From: "Cisco Nuts" 
>To: 
>Sent: Thursday, May 09, 2002 9:14 PM
>Subject: Give up...Cannot ping from one spoke to another?? [7:43795]
>
>
> > Hello,
> >
> > I have RTA configed as a FR hub with multipoint subif. I have RTB, RTC 
>and
> > RTE configed as spokes using only the serial intf. - FR network type
> > Non-Broadcast. Have 1 single FR map statement on the spokes pointing to
>the
> > hub. Have 3 map statements on the hub pointing back to each of the 3
>spokes.
> >
> > Have Ospf configed. Area 0 the FR network for the serials. Area 1 on 
>RTA,
> > Area 10 on RTB and Area 4 on RTE each for the Ethernet side. Also have 
>the
> > neighbor statement on each spoke pointing to the hub with a priority of 
>2.
> >
> > A show ip route reveals all the OSPF networks (O IA routes) on each
>router.
> > I can only ping from the hub router RTA to networks on the spoke routers
>BUT
> > I cannot ping from one spoke router to a network on another spoke router
> > EVEN though the routes are in the routing table?
> >
> > Why is that?
> >
> > A CATCH: I am not allowed to use the ip ospf network command anywhere 
>nor
>FR
> > map statements on each spoke pointing to the other spokes??
> >
> > What is the way that will allow me to ping from RTB to RTC thru RTA the
>hub
> > router?
> >
> > I tried the default-information originate on the hub rtr. RTA but this
>does
> > not seem to help - even though it installs a default route on each spoke
> > router.
> >
> > I am giving up after tiring me eyes on CCO.
> >
> > Anyone with any ideas?
> >
> > Thank you for your help.
> >
> >
> >
> >
> >
> > _
> > MSN Photos is the easiest way to share and print your photos:
> > http://photos.msn.com/support/worldwide.aspx
_
Chat with friends online, try MSN Messenger: http://messenger.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43864&t=43795
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco Certification Digest V2 #2068 (Vacation) [7:43860]

[Stephen Siu]

I will be on vacation from 5-7-02 to 5-22-02.  Any matter regarding network
management please forward to Bob Taylor @ 213-979-0032.  Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43860&t=43860
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: dual-homed hosts problems [7:43677]

[Priscilla Oppenheimer]

At 12:35 PM 5/10/02, Maximus wrote:
>Sorry list members, the spell-checker changed OSPF to SOP.

I think OSPF should be SOB. Just kidding! :-)

Priscilla


>- Original Message -
>From: "Maximus"
>To:
>Sent: Friday, May 10, 2002 12:40 PM
>Subject: Re: dual-homed hosts problems [7:43677]
>
>
> > I may be wrong but your friend is using a routing protocol and therefore
>the
> > below would not apply to the scenario.
> > As for running SOP on the server IMHO it would be overkill for this
>specific
> > situation.  "Keep it simple."
> > Would I run SOP on a server?
> > Depends on why I had the server built in the first place.  Have a nice
>day!
> >
> > - Original Message -
> > From: "Jeffrey Reed"
> > To:
> > Sent: Friday, May 10, 2002 8:27 AM
> > Subject: RE: dual-homed hosts problems [7:43677]
> >
> >
> > > I just talked to someone yesterday who said they are running OSPF on
the
> > > WIN2000 servers and using dual NICs effectively. Is this a better way
to
> > > dual home servers?
> > >
> > > Jeffrey Reed
> > > Classic Networking, Inc.
> > >
> > > -Original Message-
> > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Galo
> > > Villacis
> > > Sent: Thursday, May 09, 2002 7:18 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: dual-homed hosts problems [7:43677]
> > >
> > > I believe your issue may relate to the single IP stack on 2000.  Try
> > > defaulting traffic to the internet and adding a static route to the
> > internal
> > > network opposed to specifying the gateway on the internal IP interface.
> > > Also I would go as far as disabling any NETBIOS on the external
>interface
> > > for security.
> > >
> > > cmd would be:
> > >
> > > route add -p Network Mask Gateway
> > >
> > > - Original Message -
> > > From: "Henrique Duarte"
> > > To:
> > > Sent: Thursday, May 09, 2002 5:48 PM
> > > Subject: Re: dual-homed hosts problems [7:43677]
> > >
> > >
> > > > Bulent,
> > > >
> > > > Thank you for the reply.  I am afraid you may have misunderstood this
> > > > problem.  Allow me to be more clear:
> > > >
> > > >
> > > >   192.168.0.1 - 192.168.0.150 - Host A -
>128.59.39.3
> > > >   | 
(dual
> > > homed
> > > > server)
> > > >   |
> > > > |
> > > >   |
> > > > |
> > > >   |
> > > > 128.59.39.2
> > > > router A
>router
> > > > C  Internet
> > > >   |
> > > > 192.168.1.1
> > > >  |
> > > >  |
> > > >T1
> > > >  |
> > > >  |
> > > > 192.168.1.2
> > > >  |
> > > > router B
> > > >  |
> > > > 192.168.2.1
> > > >
> > > >
> > > > The problem happens on Host A.  Host A is a WebServer with  2
> > interfaces:
> > > a
> > > > public (which goes out to the internet) and a private (which talks to
> > the
> > > > database).  The private interface has IP 192.168.0.150 and default GW
> > > > 192.168.0.1.  The public has ip 128.59.39.3 and default GW
>128.59.39.2.
> > > > Everything works fine if I leave the private interface's default GW
> > blank.
> > > > If I put Router C's address as the private interface's default
>gateway,
> > > > after some time I cannot ping anywhere from Host A, even though I can
> > ping
> > > > it from the outside world.  I need to have the private interface
> > > configured
> > > > with 192.168.0.1 as the default GW because remote users need to be
>able
> > to
> > > > connect to that server via the back-end T1.  Any light would be
>greatly
> > > > appreciated.
> > > >
> > > > Thanks,
> > > >
> > > > -H
> > > >
> > > >
> > > > - Original Message -
> > > > From: "B|lent ^ahin"
> > > > To:
> > > > Sent: Thursday, May 09, 2002 3:17 AM
> > > > Subject: RE: dual-homed hosts problems [7:43677]
> > > >
> > > >
> > > > > When configuring ethernet interfaces on MS environment, you have
>three
> > > > blank
> > > > > spaces to fill: IP_address, Subnet_mask and Default_gateway. So the
> > > people
> > > > > start to think every ethernet interface as a router: "This
interface
> > > will
> > > > > route IP packets to the other interface, so the default gateway of
>the
> > > > first
> > > > > interface should be same as the IP address of the second
>interface.",
> > > but
> > > > > there is one router on the PC: CPU. Try to configure only one
>default
> > > > > gateway. You can use the command "route print" to see what happens
> > when
> > > > you
> > > > > configure two or more default gateways.
> > > > >
> > > > > Bulent
> > > > >
> > > > >
> > > > > -Original Message-
> > > > > From: Henrique Duarte [mailto:[EMAIL PROTECTED]]
> > > > > Sent: Thursday, May 09, 2002 12:39 AM
> > > > > To: [EMAIL PROTECTED]
> > > > > Subject: dual-homed hosts problems [7:43677]
> > > > >
> > > > >
> > > > > Hello All,
> > > > >
> > > > > I am working on some dual homed servers at a co-location where
there
> > is
> > > a
> > > > > public and private interface on each. The public interfaces attach
>to
> > > the
> > >

Re: Recommended study books for CCNP routing (BSCN) [7:43713]

[ashish]

   Could you please help us with the url or paths to those cisco docs you
used.

  Thanks and best regards.

  Joe

  "ashish" 
  Sent by: [EMAIL PROTECTED]
  05/09/2002 01:14 PM AST
  Please respond to "ashish"

  To: [EMAIL PROTECTED]
  cc:
  bcc:
  Subject: Re: Recommended study books for CCNP routing (BSCN) [7:43713]




  docs in cisco site are also very informative... sometimes i find them
better
  than any book


  - Original Message -
  From: Tel Khan
  To:
  Sent: Thursday, May 09, 2002 6:15 AM
  Subject: RE: Recommended study books for CCNP routing (BSCN) [7:43713]


  > Hi,
  >
  > I have the following;
  >
  > 640-503 - Routing Exam Cert guide by Clare Gough
  > 640-504 - Switching Exam Cert guide by  Tim Boyles an Dave Hucaby
  > 640-505 - Remote Access Cert Guide by Brian Morgan
  > 640-506 - Supoort Cert Guide by Amir S.Ranjbar
  >
  > I used both Cisco an Sybex for the Routing i'm now onto the Switching.
  >
  > Good luck
  >
  > Regards
  >
  > Tel
  =




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43858&t=43713
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: why I can't use normal ping in new router??? [7:43709]

[Priscilla Oppenheimer]

At 04:20 AM 5/10/02, Kenny Smith wrote:
>sorry me again, I think I know why my router can't query the DNS. The reason
>is when I do a extended ping as follow, it tried to query the DNS server for
>real IP with the source address of the serial0 (default) before we can
>specify to use ethernet0 as the source address. And ISP never advertise
>route for the serial link. That's why I can't query the DNS.  How do you
>think??

I think that's it. Ping should let you specify the source first! You could 
report that to Cisco.

Priscilla


> >2500new#ping
> >Protocol [ip]:
> >Target IP address: www.channelnewsasia.com
> >Translating "www.channelnewsasia.com"...domain server (203.116.1.93)
> >(203.116.254.150)
> >
> >% Bad IP address
>
> >From: "Kenny Smith"
> >Reply-To: "Kenny Smith"
> >To: [EMAIL PROTECTED]
> >Subject: Re: why I can't use normal ping in new router??? [7:43709]
> >Date: Fri, 10 May 2002 02:58:45 -0400
> >
> >Thanks.. Priscilla.. I understamd what you mean about the route issue and
I
> >think it is right.   But I have one more issue.  That's the DNS.  I
> >tried to test whether new DNS is working or not with the following. But it
> >always give me Bad IP address, but the DNS IP is proven to be working when
> >we put it to our proxy.  Beside, when I do the same thing in my old
router,
> >it did get translated.  Why my new router DNS can't resolve my URL while
> >the
> >DNS is proven to be to working fine??
> >
> >2500new#ping
> >Protocol [ip]:
> >Target IP address: www.channelnewsasia.com
> >Translating "www.channelnewsasia.com"...domain server (203.116.1.93)
> >(203.116.254.150)
> >
> >% Bad IP address
> >
> >2500old#ping
> >Protocol [ip]:
> >Target IP address: www.channelnewsasia.com
> >Translating "www.channelnewsasia.com"...domain server (210.80.58.205) [OK]
> >
> >Repeat count [5]:
> >Datagram size [100]:
> >Timeout in seconds [2]:
> >Extended commands [n]:
> >Sweep range of sizes [n]:
> >Type escape sequence to abort.
> >Sending 5, 100-byte ICMP Echos to 202.172.227.114, timeout is 2 seconds:
> >!!.!!
> >Success rate is 80 percent (4/5), round-trip min/avg/max = 196/253/324 ms
> >
> >
> > >From: "Priscilla Oppenheimer"
> > >Reply-To: "Priscilla Oppenheimer"
> > >To: [EMAIL PROTECTED]
> > >Subject: Re: why I can't use normal ping in new router??? [7:43709]
> > >Date: Thu, 9 May 2002 17:17:19 -0400
> > >
> > >Would upgrading solve his problem?
> > >
> > >At 03:00 PM 5/9/02, Larry Letterman wrote:
> > > >I didn't say 10.3 would not handle it, did I...I just said to update
> >the
> > > >ios because its old...
> > > >
> > > >Larry Letterman
> > > >Cisco Systems
> > > >[EMAIL PROTECTED]
> > > >- Original Message -
> > > >From: "Priscilla Oppenheimer"
> > > >To:
> > > >Sent: Thursday, May 09, 2002 10:37 AM
> > > >Subject: Re: why I can't use normal ping in new router??? [7:43709]
> > > >
> > > >
> > > > > At 03:57 AM 5/9/02, Larry Letterman wrote:
> > > > > >Update the IOS to something modern...
> > > > >
> > > > > Do you work for TAC? Cisco IOS 10.3 could certainly handle ping
just
> > >fine.
> > > > > ;-)
> > > > >
> > > > > I have a guess. Notice that the serial link has a subnet mask of
> > > > > 255.255.255.252. This is a subnet mask that you typically see on a
> > > > > point-to-point link with just two devices on it (the routers at
> >either
> > > > > end). The link has no purpose other than to connect the customer's
> >LAN
> > >to
> > > > > the ISP. Hence, there's no reason for the ISP to advertise a route
> >to
> > >that
> > > > > point-to-point 100.20.90.56/30 network. In fact, for security
> >reasons,
> > > >it's
> > > > > probably a good idea to make sure there is not a route to this
> > >dedicated
> > > > > network that has just two memebers, the two router interfaces.
> > > > >
> > > > > So, this means that there's no way for a ping reply to get back to
> >the
> > > > > 100.20.90.58 address.
> > > > >
> > > > > Now, the LAN is addressed with a network number and subnet mask
that
> > >you
> > > > > might see used for a typical small customer (60.80.200.113
> > > > > 255.255.255.240). Undoubtedly, there are no problems getting back
to
> > >this
> > > > > LAN. The fact that he can surf the Web proves that point.
> > > > >
> > > > > Priscilla
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > >Larry Letterman
> > > > > >Cisco Systems
> > > > > >[EMAIL PROTECTED]
> > > > > >- Original Message -
> > > > > >From: "Kenny Smith"
> > > > > >To:
> > > > > >Sent: Thursday, May 09, 2002 12:20 AM
> > > > > >Subject: RE: why I can't use normal ping in new router???
[7:43709]
> > > > > >
> > > > > >
> > > > > > > Below is my config...why you think there is a route missing
> > >somewhere,
> > > >as
> > > > > >I
> > > > > > > can still use extended ping to ping and I can use it to surf
net
> > >as
> > > > > >normal.
> > > > > > > The only thing that I can't do is to normal ping from here..
> >What
> > > >should
> > > > > >me
> > > > > > > the problem? It is related to the new ISP?
> > > > >

Re: why I can't use normal ping in new router??? [7:43709]

[Priscilla Oppenheimer]

Maybe the DNS replies can't back to the source either? I notice that the 
router hasn't give you a chance yet to say that it should use e0 as source 
instead of s0.

Can you ping the DNS server from the router? Do you have to make sure to 
use e0 as the source to successfully ping the DNS server?

Priscilla

At 02:58 AM 5/10/02, Kenny Smith wrote:
>Thanks.. Priscilla.. I understamd what you mean about the route issue and I
>think it is right.   But I don't have one more issue.  That's the DNS.  I
>tried to test whether new DNS is working or not with the following. But it
>always give me Bad IP address, but the DNS IP is proven to be working when
>we put it to our proxy.  Beside, when I do the same thing in my old router,
>it did get translated.  Why my new router DNS can't resolve my URL while the
>DNS is proven to be to working fine??
>
>2500new#ping
>Protocol [ip]:
>Target IP address: www.channelnewsasia.com
>Translating "www.channelnewsasia.com"...domain server (203.116.1.93)
>(203.116.254.150)
>
>% Bad IP address
>
>2500old#ping
>Protocol [ip]:
>Target IP address: www.channelnewsasia.com
>Translating "www.channelnewsasia.com"...domain server (210.80.58.205) [OK]
>
>Repeat count [5]:
>Datagram size [100]:
>Timeout in seconds [2]:
>Extended commands [n]:
>Sweep range of sizes [n]:
>Type escape sequence to abort.
>Sending 5, 100-byte ICMP Echos to 202.172.227.114, timeout is 2 seconds:
>!!.!!
>Success rate is 80 percent (4/5), round-trip min/avg/max = 196/253/324 ms
>
>
> >From: "Priscilla Oppenheimer"
> >Reply-To: "Priscilla Oppenheimer"
> >To: [EMAIL PROTECTED]
> >Subject: Re: why I can't use normal ping in new router??? [7:43709]
> >Date: Thu, 9 May 2002 17:17:19 -0400
> >
> >Would upgrading solve his problem?
> >
> >At 03:00 PM 5/9/02, Larry Letterman wrote:
> > >I didn't say 10.3 would not handle it, did I...I just said to update the
> > >ios because its old...
> > >
> > >Larry Letterman
> > >Cisco Systems
> > >[EMAIL PROTECTED]
> > >- Original Message -
> > >From: "Priscilla Oppenheimer"
> > >To:
> > >Sent: Thursday, May 09, 2002 10:37 AM
> > >Subject: Re: why I can't use normal ping in new router??? [7:43709]
> > >
> > >
> > > > At 03:57 AM 5/9/02, Larry Letterman wrote:
> > > > >Update the IOS to something modern...
> > > >
> > > > Do you work for TAC? Cisco IOS 10.3 could certainly handle ping just
> >fine.
> > > > ;-)
> > > >
> > > > I have a guess. Notice that the serial link has a subnet mask of
> > > > 255.255.255.252. This is a subnet mask that you typically see on a
> > > > point-to-point link with just two devices on it (the routers at
either
> > > > end). The link has no purpose other than to connect the customer's
LAN
> >to
> > > > the ISP. Hence, there's no reason for the ISP to advertise a route to
> >that
> > > > point-to-point 100.20.90.56/30 network. In fact, for security
reasons,
> > >it's
> > > > probably a good idea to make sure there is not a route to this
> >dedicated
> > > > network that has just two memebers, the two router interfaces.
> > > >
> > > > So, this means that there's no way for a ping reply to get back to
the
> > > > 100.20.90.58 address.
> > > >
> > > > Now, the LAN is addressed with a network number and subnet mask that
> >you
> > > > might see used for a typical small customer (60.80.200.113
> > > > 255.255.255.240). Undoubtedly, there are no problems getting back to
> >this
> > > > LAN. The fact that he can surf the Web proves that point.
> > > >
> > > > Priscilla
> > > >
> > > >
> > > >
> > > >
> > > > >Larry Letterman
> > > > >Cisco Systems
> > > > >[EMAIL PROTECTED]
> > > > >- Original Message -
> > > > >From: "Kenny Smith"
> > > > >To:
> > > > >Sent: Thursday, May 09, 2002 12:20 AM
> > > > >Subject: RE: why I can't use normal ping in new router??? [7:43709]
> > > > >
> > > > >
> > > > > > Below is my config...why you think there is a route missing
> >somewhere,
> > >as
> > > > >I
> > > > > > can still use extended ping to ping and I can use it to surf net
> >as
> > > > >normal.
> > > > > > The only thing that I can't do is to normal ping from here.. 
What
> > >should
> > > > >me
> > > > > > the problem? It is related to the new ISP?
> > > > > >
> > > > > > 2500new#sh conf
> > > > > > Using 1561 out of 32762 bytes
> > > > > > !
> > > > > > version 10.3
> > > > > > no service finger
> > > > > > service password-encryption
> > > > > > no service udp-small-servers
> > > > > > no service tcp-small-servers
> > > > > > !
> > > > > > hostname 2500new
> > > > > > !
> > > > > > enable secret xx
> > > > > > !
> > > > > > ip subnet-zero
> > > > > > no ip source-route
> > > > > > !
> > > > > > interface Ethernet0
> > > > > > description To Office Ethernet
> > > > > > ip address 60.80.200.113 255.255.255.240
> > > > > > no ip directed-broadcast
> > > > > > ip accounting output-packets
> > > > > > ip route-cache same-interface
> > > > > > !
> > > > > > interface Serial0
> > > > > > description XXX
> > > > > > ip address 100.20.90.58 255.255.255.252
>

Re: CCIE communication and services [7:43714]

[nrf]

Allright. Sean Knox has pretty much nailed it on the head.  But let me try
one more time.

To become a R/S CCIE you must
#1) pass the R/S written
#2) pass the R/S lab

To become a Security CCIE you must
#1)pass the Security written
#2) pass the Security lab

To become a C/S CCIE you must
#1)Pass one of 8 possible C/S writtens  - or - have passed either the old
ISPDial or WAN-switching CCIE writtens back when they were still available
(so if you have never done this, then unless you have a time machine, you
cannot do it now)
#2)Pass the C/S lab.


Bottom line - the labs are absolutely NOT the same for all three, believe
me.  I've tried all 3 labs, and they are significantly different.  There are
some base-level similarities, but beyond that they are quite divergent. If
you don't believe me, read their descriptions:

http://www.cisco.com/warp/public/625/ccie/certifications/services.html#4
http://www.cisco.com/warp/public/625/ccie/certifications/routing.html#4
http://www.cisco.com/warp/public/625/ccie/certifications/security.html#4




""Sean Knox""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> The lab is not the same for all three. As nrf has repeatedly tried to tell
> you, they are three SEPARATE tracks. To achieve the R/S CCIE, you need to
> pass the R/S written and the R/S CCIE Lab. To get your C/S CCIE, even if
you
> already have, say, you R/S CCIE *completed*, you still need to complete
the
> C/S written then take the C/S lab.
>
> Sean
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, May 10, 2002 5:07 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: CCIE communication and services [7:43714]
> >
> >
> > Sorry, I guess that wasn't very clear. Suppose you attain an
> > R/S CCIE and
> > now wish to go for security or C/S. As the lab is the same
> > for all three, is
> > it necessary to keep retaking the lab or will the written be enough? I
> > assume you probably do have to take the lab again, however
> > since it is the
> > same test you have already passed,it  just seems redundant.
> >
> > nrf wrote:
> > >
> > > Uh, what?  I don't understand your question.  If you're saying
> > > that you're
> > > thinking that you can just keep getting more than one C/S CCIE
> > > by taking
> > > that lab over and over again (but by passing different C/S
> > > writtens), then
> > > the answer is absolutely not.  Contrary to what many people
> > > believe, there
> > > are no different 'flavors' of the C/S.  There is only 1 C/S
> > > CCIE, and you're
> > > either a C/S CCIE or you're not.   And really, this makes
> > > perfect sense,
> > > since there is only one unified C/S lab which every C/S
> > > candidate takes, no
> > > matter which written he/she passed.
> > >
> > >
> > >
> > >
> > > ""Jason Owens""  wrote in message
> > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > Based on your post above, as the lab is the same general
> > > knowledge, would
> > > > you need to keep taking it, providing you have passed it
> > > once, to get more
> > > > than one CCIE? Or would the various written exams suffice?
> > > Just curious.
> > [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43848&t=43714
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISP Topology Design [7:43836]

[Mike Bernico]

I've recently gone through a redesign of a large ISP.  There are excellent
"best practices" types of ideas on NANOG's website in the form of old
presentations.  If you have any specific questions I can try to answer them.

---
Mike Bernico [EMAIL PROTECTED]
Illinois Century Network  http://www.illinois.net
(217) 557-6555


> -Original Message-
> From: Chris Headings [mailto:[EMAIL PROTECTED]]
> Sent: Friday, May 10, 2002 10:53 AM
> To: [EMAIL PROTECTED]
> Subject: ISP Topology Design [7:43836]
> 
> 
> Hello all!
> 
> Does anyone know of any books/material that would be geared 
> more toward ISP
> network design?  Looking for as much as I can find...
> 
> Thanks
> 
> 
> Chris




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43845&t=43836
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Need help on crtl-shift-6 [7:43844]

[Kenneth Yeung]

I found it difficult to use crtl-shift-6 to get back the terminal server. 
Sometimes okay but sometimes not!
Can anyone help me?  Can I change this with a simplier key?



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43844&t=43844
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

What to do........ 2 parts [7:43843]

[Kleberg, Jason]

this is a 2 part question that I hope to hear everyone's opinion on.

1.  What to do next?  Im done with ccnp, is it worth it to move to ccda\dp,
what about css1, or just shoot for the ccie.  i know that ccie will cost the
most by far, and the others could give me more of a foundation to build on
for ccie, but is it worth the wait or would you reccomend i just start
buckleing down for the IE?  SO MANY QUESTIONS


2.  If I do start to study for CCIE, what kind of a lab should I build
I probably wont take the lab for 12-18 months and the equipment list could
change(token,atm,4500,2500,cat5k)  What are the safest bets, or if someone
could give me a link to a diagram of a very current lab i could plan from
that.  I think 2600,3600 are safe,, what else is a sure bet to be around?
Is the set based switch going to make it?  What is the best or least
expensive ios based switch that you can train from?(cat x9xx layer 3?)  I
could really use some help here and i look forward to hearing from you all.

Thanks

Jason




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43843&t=43843
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: dual-homed hosts problems [7:43677]

[Maximus]

Sorry list members, the spell-checker changed OSPF to SOP.

- Original Message -
From: "Maximus" 
To: 
Sent: Friday, May 10, 2002 12:40 PM
Subject: Re: dual-homed hosts problems [7:43677]


> I may be wrong but your friend is using a routing protocol and therefore
the
> below would not apply to the scenario.
> As for running SOP on the server IMHO it would be overkill for this
specific
> situation.  "Keep it simple."
> Would I run SOP on a server?
> Depends on why I had the server built in the first place.  Have a nice
day!
>
> - Original Message -
> From: "Jeffrey Reed" 
> To: 
> Sent: Friday, May 10, 2002 8:27 AM
> Subject: RE: dual-homed hosts problems [7:43677]
>
>
> > I just talked to someone yesterday who said they are running OSPF on the
> > WIN2000 servers and using dual NICs effectively. Is this a better way to
> > dual home servers?
> >
> > Jeffrey Reed
> > Classic Networking, Inc.
> >
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Galo
> > Villacis
> > Sent: Thursday, May 09, 2002 7:18 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: dual-homed hosts problems [7:43677]
> >
> > I believe your issue may relate to the single IP stack on 2000.  Try
> > defaulting traffic to the internet and adding a static route to the
> internal
> > network opposed to specifying the gateway on the internal IP interface.
> > Also I would go as far as disabling any NETBIOS on the external
interface
> > for security.
> >
> > cmd would be:
> >
> > route add -p Network Mask Gateway
> >
> > - Original Message -
> > From: "Henrique Duarte"
> > To:
> > Sent: Thursday, May 09, 2002 5:48 PM
> > Subject: Re: dual-homed hosts problems [7:43677]
> >
> >
> > > Bulent,
> > >
> > > Thank you for the reply.  I am afraid you may have misunderstood this
> > > problem.  Allow me to be more clear:
> > >
> > >
> > >   192.168.0.1 - 192.168.0.150 - Host A -
128.59.39.3
> > >   |  (dual
> > homed
> > > server)
> > >   |
> > > |
> > >   |
> > > |
> > >   |
> > > 128.59.39.2
> > > router A
router
> > > C  Internet
> > >   |
> > > 192.168.1.1
> > >  |
> > >  |
> > >T1
> > >  |
> > >  |
> > > 192.168.1.2
> > >  |
> > > router B
> > >  |
> > > 192.168.2.1
> > >
> > >
> > > The problem happens on Host A.  Host A is a WebServer with  2
> interfaces:
> > a
> > > public (which goes out to the internet) and a private (which talks to
> the
> > > database).  The private interface has IP 192.168.0.150 and default GW
> > > 192.168.0.1.  The public has ip 128.59.39.3 and default GW
128.59.39.2.
> > > Everything works fine if I leave the private interface's default GW
> blank.
> > > If I put Router C's address as the private interface's default
gateway,
> > > after some time I cannot ping anywhere from Host A, even though I can
> ping
> > > it from the outside world.  I need to have the private interface
> > configured
> > > with 192.168.0.1 as the default GW because remote users need to be
able
> to
> > > connect to that server via the back-end T1.  Any light would be
greatly
> > > appreciated.
> > >
> > > Thanks,
> > >
> > > -H
> > >
> > >
> > > - Original Message -
> > > From: "B|lent ^ahin"
> > > To:
> > > Sent: Thursday, May 09, 2002 3:17 AM
> > > Subject: RE: dual-homed hosts problems [7:43677]
> > >
> > >
> > > > When configuring ethernet interfaces on MS environment, you have
three
> > > blank
> > > > spaces to fill: IP_address, Subnet_mask and Default_gateway. So the
> > people
> > > > start to think every ethernet interface as a router: "This interface
> > will
> > > > route IP packets to the other interface, so the default gateway of
the
> > > first
> > > > interface should be same as the IP address of the second
interface.",
> > but
> > > > there is one router on the PC: CPU. Try to configure only one
default
> > > > gateway. You can use the command "route print" to see what happens
> when
> > > you
> > > > configure two or more default gateways.
> > > >
> > > > Bulent
> > > >
> > > >
> > > > -Original Message-
> > > > From: Henrique Duarte [mailto:[EMAIL PROTECTED]]
> > > > Sent: Thursday, May 09, 2002 12:39 AM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: dual-homed hosts problems [7:43677]
> > > >
> > > >
> > > > Hello All,
> > > >
> > > > I am working on some dual homed servers at a co-location where there
> is
> > a
> > > > public and private interface on each. The public interfaces attach
to
> > the
> > > > internet via a router while the private ones are on its own separate
> > > private
> > > > subnet. The private subnet is attached to another router, which
> provides
> > > > remote users access to the private network via a T1 line. I am
> > > encountering
> > > > the following issue. When I set the private interfaces' default
> gateway
> > to
> > > > the private interface's router address, it w

Re: dual-homed hosts problems [7:43677]

[Maximus]

I may be wrong but your friend is using a routing protocol and therefore the
below would not apply to the scenario.
As for running SOP on the server IMHO it would be overkill for this specific
situation.  "Keep it simple."
Would I run SOP on a server?
Depends on why I had the server built in the first place.  Have a nice day!

- Original Message -
From: "Jeffrey Reed" 
To: 
Sent: Friday, May 10, 2002 8:27 AM
Subject: RE: dual-homed hosts problems [7:43677]


> I just talked to someone yesterday who said they are running OSPF on the
> WIN2000 servers and using dual NICs effectively. Is this a better way to
> dual home servers?
>
> Jeffrey Reed
> Classic Networking, Inc.
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Galo
> Villacis
> Sent: Thursday, May 09, 2002 7:18 PM
> To: [EMAIL PROTECTED]
> Subject: Re: dual-homed hosts problems [7:43677]
>
> I believe your issue may relate to the single IP stack on 2000.  Try
> defaulting traffic to the internet and adding a static route to the
internal
> network opposed to specifying the gateway on the internal IP interface.
> Also I would go as far as disabling any NETBIOS on the external interface
> for security.
>
> cmd would be:
>
> route add -p Network Mask Gateway
>
> - Original Message -
> From: "Henrique Duarte"
> To:
> Sent: Thursday, May 09, 2002 5:48 PM
> Subject: Re: dual-homed hosts problems [7:43677]
>
>
> > Bulent,
> >
> > Thank you for the reply.  I am afraid you may have misunderstood this
> > problem.  Allow me to be more clear:
> >
> >
> >   192.168.0.1 - 192.168.0.150 - Host A - 128.59.39.3
> >   |  (dual
> homed
> > server)
> >   |
> > |
> >   |
> > |
> >   |
> > 128.59.39.2
> > router A  router
> > C  Internet
> >   |
> > 192.168.1.1
> >  |
> >  |
> >T1
> >  |
> >  |
> > 192.168.1.2
> >  |
> > router B
> >  |
> > 192.168.2.1
> >
> >
> > The problem happens on Host A.  Host A is a WebServer with  2
interfaces:
> a
> > public (which goes out to the internet) and a private (which talks to
the
> > database).  The private interface has IP 192.168.0.150 and default GW
> > 192.168.0.1.  The public has ip 128.59.39.3 and default GW 128.59.39.2.
> > Everything works fine if I leave the private interface's default GW
blank.
> > If I put Router C's address as the private interface's default gateway,
> > after some time I cannot ping anywhere from Host A, even though I can
ping
> > it from the outside world.  I need to have the private interface
> configured
> > with 192.168.0.1 as the default GW because remote users need to be able
to
> > connect to that server via the back-end T1.  Any light would be greatly
> > appreciated.
> >
> > Thanks,
> >
> > -H
> >
> >
> > - Original Message -
> > From: "B|lent ^ahin"
> > To:
> > Sent: Thursday, May 09, 2002 3:17 AM
> > Subject: RE: dual-homed hosts problems [7:43677]
> >
> >
> > > When configuring ethernet interfaces on MS environment, you have three
> > blank
> > > spaces to fill: IP_address, Subnet_mask and Default_gateway. So the
> people
> > > start to think every ethernet interface as a router: "This interface
> will
> > > route IP packets to the other interface, so the default gateway of the
> > first
> > > interface should be same as the IP address of the second interface.",
> but
> > > there is one router on the PC: CPU. Try to configure only one default
> > > gateway. You can use the command "route print" to see what happens
when
> > you
> > > configure two or more default gateways.
> > >
> > > Bulent
> > >
> > >
> > > -Original Message-
> > > From: Henrique Duarte [mailto:[EMAIL PROTECTED]]
> > > Sent: Thursday, May 09, 2002 12:39 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: dual-homed hosts problems [7:43677]
> > >
> > >
> > > Hello All,
> > >
> > > I am working on some dual homed servers at a co-location where there
is
> a
> > > public and private interface on each. The public interfaces attach to
> the
> > > internet via a router while the private ones are on its own separate
> > private
> > > subnet. The private subnet is attached to another router, which
provides
> > > remote users access to the private network via a T1 line. I am
> > encountering
> > > the following issue. When I set the private interfaces' default
gateway
> to
> > > the private interface's router address, it works fine for about 10
> minutes
> > > or so, but after that the server cannot ping and/or access the
internet,
> > > even though it is set with the public NIC to be the primary one.
> However,
> > as
> > > soon as I take the default gateway out of the private interface NIC it
> > works
> > > fine and is able to ping the outside world. Does anyone have any ideas
> why
> > > this is happening and/or how to fix it? The servers are running
Win

Re: ISP Topology Design [7:43836]

[MADMAN]

Internet Routing Architectures 2nd edition would be one.

  Dave

Chris Headings wrote:
> 
> Hello all!
> 
> Does anyone know of any books/material that would be geared more toward ISP
> network design?  Looking for as much as I can find...
> 
> Thanks
> 
> Chris
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43841&t=43836
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CID Test wonderings [7:43678]

[[EMAIL PROTECTED]]

Just wondering...was this the new format or the old?

Regards,

Frank




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43839&t=43678
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE communication and services [7:43714]

[Sean Knox]

The lab is not the same for all three. As nrf has repeatedly tried to tell
you, they are three SEPARATE tracks. To achieve the R/S CCIE, you need to
pass the R/S written and the R/S CCIE Lab. To get your C/S CCIE, even if you
already have, say, you R/S CCIE *completed*, you still need to complete the
C/S written then take the C/S lab.

Sean

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Friday, May 10, 2002 5:07 AM
> To: [EMAIL PROTECTED]
> Subject: Re: CCIE communication and services [7:43714]
>
>
> Sorry, I guess that wasn't very clear. Suppose you attain an
> R/S CCIE and
> now wish to go for security or C/S. As the lab is the same
> for all three, is
> it necessary to keep retaking the lab or will the written be enough? I
> assume you probably do have to take the lab again, however
> since it is the
> same test you have already passed,it  just seems redundant.
>
> nrf wrote:
> >
> > Uh, what?  I don't understand your question.  If you're saying
> > that you're
> > thinking that you can just keep getting more than one C/S CCIE
> > by taking
> > that lab over and over again (but by passing different C/S
> > writtens), then
> > the answer is absolutely not.  Contrary to what many people
> > believe, there
> > are no different 'flavors' of the C/S.  There is only 1 C/S
> > CCIE, and you're
> > either a C/S CCIE or you're not.   And really, this makes
> > perfect sense,
> > since there is only one unified C/S lab which every C/S
> > candidate takes, no
> > matter which written he/she passed.
> >
> >
> >
> >
> > ""Jason Owens""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Based on your post above, as the lab is the same general
> > knowledge, would
> > > you need to keep taking it, providing you have passed it
> > once, to get more
> > > than one CCIE? Or would the various written exams suffice?
> > Just curious.
> [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43838&t=43714
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP Nexthop attribute propagation using RR [7:43730]

[Kent Yu]

Peter,

Seems to me, according to this:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120
limit/120st/120st16/st_bgpnh.htm#xtocid188001

next-hop can be rewrote across IBGPs.

I agree that the 2500 is doing something wrong, as the normal neighor based
next-hop should only affect ebgp routes.

Thanks
Kent

- Original Message -
From: "Peter van Oene" [EMAIL PROTECTED]
To: 
Sent: Thursday, May 09, 2002 1:29 PM
Subject: RE: BGP Nexthop attribute propagation using RR [7:43730]


> I have not seen an IOS that offers the ability to rewrite Next_Hop on an
> IBGP connection.  The behavior of the GSR in this case is what you should
> expect.  Juniper on the other hand will rewrite Next_Hop in this same
> scenario and one needs to keep that in mind if you happen to work with
both.
>
> Pete
>
>
> At 12:00 PM 5/9/2002 -0400, JunoGuy wrote:
> >What should happen is that on any RR, the NH should not be modified.  The
NH
> >should be the originator of the route unless you set the NHS at the entry
> >point to the network.  I am not a Cisco expert but this does not sound
> >correct for the GSR to still send out the originating NH even when the
NHS
> >is set.  So in this case, I believe the 2500 is acting appropriately.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43837&t=43730
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ISP Topology Design [7:43836]

[Chris Headings]

Hello all!

Does anyone know of any books/material that would be geared more toward ISP
network design?  Looking for as much as I can find...

Thanks


Chris


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43836&t=43836
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE communication and services [7:43714]

[Jason Owens]

OK. I have no idea if the labs are the same or not. I was basing my question
on the earlier post.

The deal is, you pass one of 8 possible writtens (although only 4 are 
available as of today), which consist of 50% general knowledge material, and 
the other 50% of subject-specific material, where those are defined on the 
Cisco website. Then, no matter which written you took, everybody takes the 
same lab which covers only general knowledge material.

Good luck on your lab!

Roberts, Larry wrote:
> 
> Only one small flaw in logic.
> 
> The labs are NOT the same. The security lab only has IP routing
> , but it
> also includes a PIX firewall as well as IDS and IOS FW problems.
> Those are not present in the R&S lab ( Or at least this is what
> Im told, I
> haven't actually been to the lab. 45 days and counting )
> 
> 
> Thanks
> 
> Larry 
> 
> -Original Message-
> From: Jason Owens [mailto:[EMAIL PROTECTED]] 
> Sent: Friday, May 10, 2002 7:07 AM
> To: [EMAIL PROTECTED]
> Subject: Re: CCIE communication and services [7:43714]
> 
> 
> Sorry, I guess that wasn't very clear. Suppose you attain an
> R/S CCIE and
> now wish to go for security or C/S. As the lab is the same for
> all three, is
> it necessary to keep retaking the lab or will the written be
> enough? I
> assume you probably do have to take the lab again, however
> since it is the
> same test you have already passed,it  just seems redundant.
> 
> nrf wrote:
> > 
> > Uh, what?  I don't understand your question.  If you're
> saying that
> > you're thinking that you can just keep getting more than one
> C/S CCIE
> > by taking
> > that lab over and over again (but by passing different C/S
> > writtens), then
> > the answer is absolutely not.  Contrary to what many people
> > believe, there
> > are no different 'flavors' of the C/S.  There is only 1 C/S
> > CCIE, and you're
> > either a C/S CCIE or you're not.   And really, this makes
> > perfect sense,
> > since there is only one unified C/S lab which every C/S
> > candidate takes, no
> > matter which written he/she passed.
> > 
> > 
> > 
> > 
> > ""Jason Owens""  wrote in message 
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Based on your post above, as the lab is the same general
> > knowledge, would
> > > you need to keep taking it, providing you have passed it
> > once, to get more
> > > than one CCIE? Or would the various written exams suffice?
> > Just curious.
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43835&t=43714
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Tag Switching [7:43830]

[Cohen, Michael]

I don't believe it is possible to run MPLS or Tag-Switching on the 2500's.
I purchased a few 4500M's pretty cheap which support most MPLS/Tag-Switching
features.  Otherwise it's the 2600's and up...

-Michael Cohen

-Original Message-
From: James
To: [EMAIL PROTECTED]
Sent: 5/10/02 10:22 AM
Subject: Tag Switching [7:43830]

Hello all

This  is a rephrase of my previous question on MPLS.
Does anyone know if it is possible to use
Tag-switching on 2500 platforms ? I have tried using
tag-switching ip interface command on 2511s on a test
lab but the command is not available. Is there a
different IOS version that I need, I am running on
12.2 enterprise ? Any info on this is greatly
appreciated.

Thank you

James

__
Do You Yahoo!?
Yahoo! Shopping - Mother's Day is May 12th!
http://shopping.yahoo.com
Note:  The information contained in this message may be privileged and
confidential and protected from disclosure.  If the reader of this message
is not the intended recipient, or an employee or agent responsible for
delivering this message to the intended recipient, you are hereby notified
that any dissemination, distribution or copying of this communication is
strictly prohibited.  If you have received this communication in error,
please notify us immediately by replying to the message and deleting it from
your computer. Thank you.  ThruPoint, Inc.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43834&t=43830
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE communication and services [7:43714]

[Roberts, Larry]

Only one small flaw in logic.

The labs are NOT the same. The security lab only has IP routing , but it
also includes a PIX firewall as well as IDS and IOS FW problems.
Those are not present in the R&S lab ( Or at least this is what Im told, I
haven't actually been to the lab. 45 days and counting )


Thanks

Larry 

-Original Message-
From: Jason Owens [mailto:[EMAIL PROTECTED]] 
Sent: Friday, May 10, 2002 7:07 AM
To: [EMAIL PROTECTED]
Subject: Re: CCIE communication and services [7:43714]


Sorry, I guess that wasn't very clear. Suppose you attain an R/S CCIE and
now wish to go for security or C/S. As the lab is the same for all three, is
it necessary to keep retaking the lab or will the written be enough? I
assume you probably do have to take the lab again, however since it is the
same test you have already passed,it  just seems redundant.

nrf wrote:
> 
> Uh, what?  I don't understand your question.  If you're saying that 
> you're thinking that you can just keep getting more than one C/S CCIE
> by taking
> that lab over and over again (but by passing different C/S
> writtens), then
> the answer is absolutely not.  Contrary to what many people
> believe, there
> are no different 'flavors' of the C/S.  There is only 1 C/S
> CCIE, and you're
> either a C/S CCIE or you're not.   And really, this makes
> perfect sense,
> since there is only one unified C/S lab which every C/S
> candidate takes, no
> matter which written he/she passed.
> 
> 
> 
> 
> ""Jason Owens""  wrote in message 
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Based on your post above, as the lab is the same general
> knowledge, would
> > you need to keep taking it, providing you have passed it
> once, to get more
> > than one CCIE? Or would the various written exams suffice?
> Just curious.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43832&t=43714
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IP Based DLSAM [7:43827]

[Davide Ferrari]

The 6260 IS basically an ATM switch.
The IP functionalities are related to MPLS/VPN (Cell mode, or frame
mode over VP), PPP termination (PPPoA, PPPoE, L2X tunnelling...) and
ip routing (Eigrp, OSPF, ISIS, Rip, MP-BGP).

As wan interface it doesn't have a Giga Ethernet or POS.
It has only ATM interfaces (STM1, E3, 8E1IMA)
And a 10Mb Ethernet for management.

SO: it's just like a router with an ATM interface with ATM switching
capabilities..

The advantage is that you do not have to place a big aggregator in the
middle of the network.

cheers

davide
cisco systems




Friday, May 10, 2002, 4:11:33 PM, you wrote:
GP> Does Cisco offer a IP based DSLAM that does not require ATM?  All of the
GP> current solutions I can find, like the 6260, are all IP+ATM.  We have a
GP> Gig MAN in place and do not want to overlay an ATM infrastructure just
GP> to connect DSLAMs.  We would like to just put a DSLAM in place, connect
GP> it via Gig, or DS3 ( no ATM).

GP> Sincerely,
GP> Patrick J Greene
   Davide Ferrari
cisco Systems 
  New Service Provider
   Systems Engineer
  [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43833&t=43827
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IP Based DLSAM [7:43827]

[MADMAN]

I'm 99% sure Cisco doesn't have any such thing though I bounce this
off a DSL guy and he thought Cisco may be looking at something along
those line.  You may want to ping your local SE.

  Dave

"Greene, Patrick" wrote:
> 
> Does Cisco offer a IP based DSLAM that does not require ATM?  All of the
> current solutions I can find, like the 6260, are all IP+ATM.  We have a
> Gig MAN in place and do not want to overlay an ATM infrastructure just
> to connect DSLAMs.  We would like to just put a DSLAM in place, connect
> it via Gig, or DS3 ( no ATM).
> 
> Sincerely,
> Patrick J Greene
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43831&t=43827
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Tag Switching [7:43830]

[James]

Hello all

This  is a rephrase of my previous question on MPLS.
Does anyone know if it is possible to use
Tag-switching on 2500 platforms ? I have tried using
tag-switching ip interface command on 2511s on a test
lab but the command is not available. Is there a
different IOS version that I need, I am running on
12.2 enterprise ? Any info on this is greatly
appreciated.

Thank you

James

__
Do You Yahoo!?
Yahoo! Shopping - Mother's Day is May 12th!
http://shopping.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43830&t=43830
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: encapsulation failure on an 806 router [7:43813]

[John Huston]

cut and paste your config in here so we can see what are doing.

""Dimitrije""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Got an 806 router with two Ethernet interfaces used for broadband access to
> the
> Internet.  Ethernet 1 is typically the WAN interface pointing towards the
> Internet router, while  Ethernet 0 is a 4-port hub used for the local LAN.
>
> Everything works properly when the 806 is configured in the conventional
way,
> with WAN pointing toward Internet router.
>
> However, I have a VPN appliance (with dual Ethernet ports) that needs to be
> in
> parallel to the 806.  So I wanted to set-up the 806 with Ethernet 0 (4 port
> hub)
> pointing toward the Internet router along with the public side of the VPN
> applicance while Ethernet 1 of the 806 connected to the corporate LAN
switch
> along with the private side of the VPN.
>
> When I turn the 806 around like this, I get an "encapsulation failure"
> message
> during debug ip packet when sending data over the Ethernet 0 (4 port hub
> connected to the Internet router), thus no packets get sent out that
> Interface.
> I get this error even after I do erase startup-config, reload and only
> assign IP
> addresses to the Ethernet Interfaces.  I am not using PPPoe and my
> encapsulation
> type shows ARPA when I display a show interface for both Ethernet ports.
>
> any thoughts??
> dj




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43828&t=43813
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: NAT configuration for 2 service providers [7:43820]

[John Huston]

Overload it by port so you are doing PAT instead of NAT.  Is NAT a
requirement?
If so then create a second pool however it cannot be the same ip addresses as
the first pool.  Perhaps you could layout your objective with a little more
detail.

""brahmam lv""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi Friends,
>
> I have 2 Internet links working at present. One link terminated on Cisco
> router and another link terminated on Telindus Crocus router ( which doesnt
> have NAT functionality) To facilitate internet access i have configured NAT
> on Cisco with overload, for second i have installed Windows 2000 NAT and
> configured all clients with gateway as NAT.
>
> If i want to shift the second internet link to cisco device with 2 serial
> ports, how do i create second NAT entry for 2nd provider.
>
> Could you please help me.
>
> Thanks in Advance
>
> Brahmam.
> 415-339-0352 ex-0355




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43826&t=43820
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: why "ip inspect" block my traffic? [7:43802]

[Kent Hundley]

The command you reference is for context-based access control (cbac), part
of the firewall feature set (ffs).  What it is and how it works are clearly
explained in the cisco documentation at cisco.com.  Here's a shortcut link
that gives you all the basics:

http://www.cisco.com/warp/public/110/32.html

Your config was munged, so it's hard to say why your having the problems you
report.  Offhand it sounds like a dns lookup problem, but that's just a
guess.

HTH,
Kent

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Kenny Smith
Sent: Thursday, May 09, 2002 7:51 PM
To: [EMAIL PROTECTED]
Subject: why "ip inspect" block my traffic? [7:43802]


Hi..  Can you tell me what is the function of the following command ?  My
previous administrator configured it.  But we found that the we can!&t surf
the net thru this router.  The www traffic take very long time to load and
pass thru this router.  But after I issue !'no ip inspect name fw in!(, we
are able to access the web traffic.  Why??

ip inspect name fw tcp
ip inspect name fw udp
ip inspect name fw smtp
ip inspect name fw ftp

interface ethernet0
!K!K!K!K.
!K!K!K!K.
interface ethernet1
!K!K!K!K..
!K!K!K!K..
ip inspect name fw


_
Join the worlds largest e-mail service with MSN Hotmail.
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43829&t=43802
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IP Based DLSAM [7:43827]

[Greene, Patrick]

Does Cisco offer a IP based DSLAM that does not require ATM?  All of the
current solutions I can find, like the 6260, are all IP+ATM.  We have a
Gig MAN in place and do not want to overlay an ATM infrastructure just
to connect DSLAMs.  We would like to just put a DSLAM in place, connect
it via Gig, or DS3 ( no ATM).

Sincerely,
Patrick J Greene




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43827&t=43827
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: NAT configuration for 2 service providers [7:43820]

[Kent Hundley]

You can find lots of good info on Cisco NAT by surfing to cisco.com and
searching for NAT tips.  Here's a shortcut:


http://www.cisco.com/warp/public/556/index.shtml

And here's an example to help with your specific question:

http://www.cisco.com/warp/public/105/nat_routemap.html

This whitepaper might help also:

http://www.cisco.com/warp/public/cc/pd/iosw/ioft/ionetn/tech/emios_wp.htm


HTH,
Kent

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 10, 2002 4:57 AM
To: [EMAIL PROTECTED]
Subject: NAT configuration for 2 service providers [7:43820]


Hi Friends,

I have 2 Internet links working at present. One link terminated on Cisco
router and another link terminated on Telindus Crocus router ( which doesnt
have NAT functionality) To facilitate internet access i have configured NAT
on Cisco with overload, for second i have installed Windows 2000 NAT and
configured all clients with gateway as NAT.

If i want to shift the second internet link to cisco device with 2 serial
ports, how do i create second NAT entry for 2nd provider.

Could you please help me.

Thanks in Advance

Brahmam.
415-339-0352 ex-0355




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43825&t=43820
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Give up...Cannot ping from one spoke to another?? [7:43795]

[Rogell, Dennis]

Iam a little late on this thread, first of all put your neighbor statement
on the hub only pointing to the spokes. Next configure map statements from
the spokes to the hub and to the other spokes and you should be okay. You
should not have to change your network statement because by default a
multipoint sub interface and the physical interface are non-broadcast. Also
make sure the hub is the DR.

hth

Dennis Rogell CNE,NNSS,NNSE, CCNP
nextiraone
Email : [EMAIL PROTECTED]
Phone: (954) 846-5128

> -Original Message-
> From: Greene, Patrick [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, May 10, 2002 06:27
> To:   [EMAIL PROTECTED]
> Subject:  RE: Give up...Cannot ping from one spoke to another??
> [7:43795]
> 
> If are not using the "ip ospf network" command, then how are you
> advertising your routes, static route and then redistrubute static
> within OSPF?  When you do a show routes on one of the hub routers, are
> you seeing the routing table for all network in your WAN or just the 2
> network that router is connected to?
>  
> Sincerely,
> Patrick J Greene
> 
> 
> 
> -Original Message-
> From: Cisco Nuts [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, May 09, 2002 9:15 PM
> To: [EMAIL PROTECTED]
> Subject: Give up...Cannot ping from one spoke to another?? [7:43795]
> 
> 
> Hello,
> 
> I have RTA configed as a FR hub with multipoint subif. I have RTB, RTC
> and 
> RTE configed as spokes using only the serial intf. - FR network type 
> Non-Broadcast. Have 1 single FR map statement on the spokes pointing to
> the 
> hub. Have 3 map statements on the hub pointing back to each of the 3
> spokes.
> 
> Have Ospf configed. Area 0 the FR network for the serials. Area 1 on
> RTA, 
> Area 10 on RTB and Area 4 on RTE each for the Ethernet side. Also have
> the 
> neighbor statement on each spoke pointing to the hub with a priority of
> 2.
> 
> A show ip route reveals all the OSPF networks (O IA routes) on each
> router. 
> I can only ping from the hub router RTA to networks on the spoke routers
> BUT 
> I cannot ping from one spoke router to a network on another spoke router
> 
> EVEN though the routes are in the routing table?
> 
> Why is that?
> 
> A CATCH: I am not allowed to use the ip ospf network command anywhere
> nor FR 
> map statements on each spoke pointing to the other spokes??
> 
> What is the way that will allow me to ping from RTB to RTC thru RTA the
> hub 
> router?
> 
> I tried the default-information originate on the hub rtr. RTA but this
> does 
> not seem to help - even though it installs a default route on each spoke
> 
> router.
> 
> I am giving up after tiring me eyes on CCO.
> 
> Anyone with any ideas?
> 
> Thank you for your help.
> 
> 
> 
> 
> 
> _
> MSN Photos is the easiest way to share and print your photos: 
> http://photos.msn.com/support/worldwide.aspx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43824&t=43795
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Give up...Cannot ping from one spoke to another?? [7:43795]

[Greene, Patrick]

If are not using the "ip ospf network" command, then how are you
advertising your routes, static route and then redistrubute static
within OSPF?  When you do a show routes on one of the hub routers, are
you seeing the routing table for all network in your WAN or just the 2
network that router is connected to?
 
Sincerely,
Patrick J Greene



-Original Message-
From: Cisco Nuts [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, May 09, 2002 9:15 PM
To: [EMAIL PROTECTED]
Subject: Give up...Cannot ping from one spoke to another?? [7:43795]


Hello,

I have RTA configed as a FR hub with multipoint subif. I have RTB, RTC
and 
RTE configed as spokes using only the serial intf. - FR network type 
Non-Broadcast. Have 1 single FR map statement on the spokes pointing to
the 
hub. Have 3 map statements on the hub pointing back to each of the 3
spokes.

Have Ospf configed. Area 0 the FR network for the serials. Area 1 on
RTA, 
Area 10 on RTB and Area 4 on RTE each for the Ethernet side. Also have
the 
neighbor statement on each spoke pointing to the hub with a priority of
2.

A show ip route reveals all the OSPF networks (O IA routes) on each
router. 
I can only ping from the hub router RTA to networks on the spoke routers
BUT 
I cannot ping from one spoke router to a network on another spoke router

EVEN though the routes are in the routing table?

Why is that?

A CATCH: I am not allowed to use the ip ospf network command anywhere
nor FR 
map statements on each spoke pointing to the other spokes??

What is the way that will allow me to ping from RTB to RTC thru RTA the
hub 
router?

I tried the default-information originate on the hub rtr. RTA but this
does 
not seem to help - even though it installs a default route on each spoke

router.

I am giving up after tiring me eyes on CCO.

Anyone with any ideas?

Thank you for your help.





_
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43823&t=43795
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: dual-homed hosts problems [7:43677]

[Jeffrey Reed]

I just talked to someone yesterday who said they are running OSPF on the
WIN2000 servers and using dual NICs effectively. Is this a better way to
dual home servers?

Jeffrey Reed
Classic Networking, Inc.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Galo
Villacis
Sent: Thursday, May 09, 2002 7:18 PM
To: [EMAIL PROTECTED]
Subject: Re: dual-homed hosts problems [7:43677]

I believe your issue may relate to the single IP stack on 2000.  Try
defaulting traffic to the internet and adding a static route to the internal
network opposed to specifying the gateway on the internal IP interface.
Also I would go as far as disabling any NETBIOS on the external interface
for security.

cmd would be:

route add -p Network Mask Gateway

- Original Message -
From: "Henrique Duarte"
To:
Sent: Thursday, May 09, 2002 5:48 PM
Subject: Re: dual-homed hosts problems [7:43677]


> Bulent,
>
> Thank you for the reply.  I am afraid you may have misunderstood this
> problem.  Allow me to be more clear:
>
>
>   192.168.0.1 - 192.168.0.150 - Host A - 128.59.39.3
>   |  (dual
homed
> server)
>   |
> |
>   |
> |
>   |
> 128.59.39.2
> router A  router
> C  Internet
>   |
> 192.168.1.1
>  |
>  |
>T1
>  |
>  |
> 192.168.1.2
>  |
> router B
>  |
> 192.168.2.1
>
>
> The problem happens on Host A.  Host A is a WebServer with  2 interfaces:
a
> public (which goes out to the internet) and a private (which talks to the
> database).  The private interface has IP 192.168.0.150 and default GW
> 192.168.0.1.  The public has ip 128.59.39.3 and default GW 128.59.39.2.
> Everything works fine if I leave the private interface's default GW blank.
> If I put Router C's address as the private interface's default gateway,
> after some time I cannot ping anywhere from Host A, even though I can ping
> it from the outside world.  I need to have the private interface
configured
> with 192.168.0.1 as the default GW because remote users need to be able to
> connect to that server via the back-end T1.  Any light would be greatly
> appreciated.
>
> Thanks,
>
> -H
>
>
> - Original Message -
> From: "B|lent ^ahin"
> To:
> Sent: Thursday, May 09, 2002 3:17 AM
> Subject: RE: dual-homed hosts problems [7:43677]
>
>
> > When configuring ethernet interfaces on MS environment, you have three
> blank
> > spaces to fill: IP_address, Subnet_mask and Default_gateway. So the
people
> > start to think every ethernet interface as a router: "This interface
will
> > route IP packets to the other interface, so the default gateway of the
> first
> > interface should be same as the IP address of the second interface.",
but
> > there is one router on the PC: CPU. Try to configure only one default
> > gateway. You can use the command "route print" to see what happens when
> you
> > configure two or more default gateways.
> >
> > Bulent
> >
> >
> > -Original Message-
> > From: Henrique Duarte [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, May 09, 2002 12:39 AM
> > To: [EMAIL PROTECTED]
> > Subject: dual-homed hosts problems [7:43677]
> >
> >
> > Hello All,
> >
> > I am working on some dual homed servers at a co-location where there is
a
> > public and private interface on each. The public interfaces attach to
the
> > internet via a router while the private ones are on its own separate
> private
> > subnet. The private subnet is attached to another router, which provides
> > remote users access to the private network via a T1 line. I am
> encountering
> > the following issue. When I set the private interfaces' default gateway
to
> > the private interface's router address, it works fine for about 10
minutes
> > or so, but after that the server cannot ping and/or access the internet,
> > even though it is set with the public NIC to be the primary one.
However,
> as
> > soon as I take the default gateway out of the private interface NIC it
> works
> > fine and is able to ping the outside world. Does anyone have any ideas
why
> > this is happening and/or how to fix it? The servers are running Windows
> 2000
> > Server and the T1 router is a Cisco 1601.
> >
> > Thanks,
> >
> > -Henrique




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43822&t=43677
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE communication and services [7:43714]

[Jason Owens]

Sorry, I guess that wasn't very clear. Suppose you attain an R/S CCIE and
now wish to go for security or C/S. As the lab is the same for all three, is
it necessary to keep retaking the lab or will the written be enough? I
assume you probably do have to take the lab again, however since it is the
same test you have already passed,it  just seems redundant.

nrf wrote:
> 
> Uh, what?  I don't understand your question.  If you're saying
> that you're
> thinking that you can just keep getting more than one C/S CCIE
> by taking
> that lab over and over again (but by passing different C/S
> writtens), then
> the answer is absolutely not.  Contrary to what many people
> believe, there
> are no different 'flavors' of the C/S.  There is only 1 C/S
> CCIE, and you're
> either a C/S CCIE or you're not.   And really, this makes
> perfect sense,
> since there is only one unified C/S lab which every C/S
> candidate takes, no
> matter which written he/she passed.
> 
> 
> 
> 
> ""Jason Owens""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Based on your post above, as the lab is the same general
> knowledge, would
> > you need to keep taking it, providing you have passed it
> once, to get more
> > than one CCIE? Or would the various written exams suffice?
> Just curious.
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43821&t=43714
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Designing a enterprise ,by Application not user [7:43614]

[steve skinner]

Hi

i am int the proccess of re-designing a network for 1,000 users over 4 sites 
, in 1 city.

and for the Lan`s themselfs i am thinking of changing my approch

i usually follow all the standard design principal`s laid down by
Miss P , and Mr H..( MANY THANKS..)but i am interested in changing the way i 
do things..

in particularly user bandwidth requirment ..

when i go about the task of a re-design i usually group all my users into 
user groups and define the amount of bandwidth needed from there...

i.e
power users/traders will need a 100 meg connection and use on average 20% of 
it ..
ordinary users need 10 meg and will use 30-40% on average..
servers need multiple 100/1000 meg (depends on layout) and will use 60% of 
it
(these figures are based a on a very loose generic standard  8 hours ..so 
dont slate me to much)

then i would calculate how much i need ...( taking into account the layout 
of the users ...which floor they are on)

power users run a constant feed of data from a broadcast server
users dont always have constant open connections ( i.e there level of 
traffic can stay at 1% for long periods...while working on a static download 
form)
servers are constantly acessing multiple feeds and there traffic is preety 
much constant ...

what t i am thinking of doing here is instead of segragating the users by 
type i was thinking about segragating them by the applications they use ..

i.e
Lotus notes/exchnage needs x bandwidth per port
Web needs X bandwidth per port
SQL/Oracle needs X bandwidth per port
Server-server needs Z bandwidth per port

i was thinking that this would give me a more acurate idea of how much 
bandwidth the users will need ..and therefore giving a more concentrated 
focus of network resources.

this way i could use (a sort of) QOS on the lan to direct the bandwidth were 
it was needed...instead of just building a "standard" network which is OK 
for everyonei want to refine the way i build the network to optimise 
what resources i have 

E.G

if all the traders were split over various floors ,i could put them all in 
one Vlan ...but they would still be running over the same trunks as all 
other Vlan`s...so i want to add a QOS to push this VLan traffic through with 
priority..

i am keen for everyones input in the techologies i could use to help me 
achive my goal and any comments on wht i think (and am probably wrong 
!!!) is a different twist on the lan design ..


cheers


steve

_
Chat with friends online, try MSN Messenger: http://messenger.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43614&t=43614
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

NAT configuration for 2 service providers [7:43820]

[brahmam lv]

Hi Friends,

I have 2 Internet links working at present. One link terminated on Cisco
router and another link terminated on Telindus Crocus router ( which doesnt
have NAT functionality) To facilitate internet access i have configured NAT
on Cisco with overload, for second i have installed Windows 2000 NAT and
configured all clients with gateway as NAT.

If i want to shift the second internet link to cisco device with 2 serial
ports, how do i create second NAT entry for 2nd provider.

Could you please help me.

Thanks in Advance

Brahmam.
415-339-0352 ex-0355



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43820&t=43820
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: pix access-list [7:43595]

[Ufuk Yasibeyli]

The statement below does not sound correct.
Please check the following link : 

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/config/
mngacl.htm

(watch for line wrap)

It says : 

Allowing Inbound Connections
By default, the PIX Firewall denies access to an internal or perimeter
(more secure) network 
from an external (less secure) network. You specifically allow inbound
connections by 
using access lists. Access lists work on a first-match basis, so for
inbound access, 
you must deny first and then permit after.


So it is not a longest match, but rather a first match...
For the original question of  "adding a rule line in the middle of a
list easily using CLI", 
I think copy/paste is the fastest method. Here is an example : 

Assume following is your current access-list : 

access-list acl_in permit tcp any host xx.xx.xx.xx eq www
access-list acl_in permit tcp any host xx.xx.xx.xx eq ftp
access-list acl_in permit tcp any any eq www
access-list acl_in deny tcp any any

Now, to add line " access-list acl_in deny ip host 10.10.10.10 any eq
icmp" as the second line in the list
copy the folowing text and paste it to the PIX.


**
no access-list acl_in permit tcp any host xx.xx.xx.xx eq ftp
no access-list acl_in permit tcp any any eq www
no access-list acl_in deny tcp any any

access-list acl_in deny ip host 10.10.10.10 any eq icmp

access-list acl_in permit tcp any host xx.xx.xx.xx eq ftp
access-list acl_in permit tcp any any eq www
access-list acl_in deny tcp any any


Note that, with this method, there is a time of "delta t" which may 
deny some access to inboud traffic (due to implicit deny at the end of
the list)
or grant access to outbound traffic (due to implicit permit at the end
of the list
if the traffic is to a less secure interface) This is not a security
leak though...

Best regards,

Ufuk Yasibeyli



>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
[EMAIL PROTECTED]
>Sent: 08 May}s 2002 Gar~amba 19:56
>To: [EMAIL PROTECTED]
>Subject: RE: pix access-list [7:43595]
>
>
>Hi,
>
>The access-list configured on the PIX does not get processed in the
order in which 
>you put the access-list (i.e top down approach)...It works very much
like how a router 
>selects the route based on the longest prefix. And when there is mix of
permit and deny 
>statements.Always keep your deny statements at the top and all your
permit at the bottom.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43737&t=43595
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: why "ip inspect" block my traffic? [7:43802]

[Steven A. Ridder]

IP inspect is the IOS based FW.  It looks at packets that go through router,
and depending on your config, let it through or not.

--

RFC 1149 Compliant.
Get in my head:
http://sar.dynu.com


""Kenny Smith""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi..  Can you tell me what is the function of the following command ?  My
> previous administrator configured it.  But we found that the we can!&t
surf
> the net thru this router.  The www traffic take very long time to load and
> pass thru this router.  But after I issue !'no ip inspect name fw in!(, we
> are able to access the web traffic.  Why??
>
> ip inspect name fw tcp
> ip inspect name fw udp
> ip inspect name fw smtp
> ip inspect name fw ftp
>
> interface ethernet0
> !K!K!K!K.
> !K!K!K!K.
> interface ethernet1
> !K!K!K!K..
> !K!K!K!K..
> ip inspect name fw
>
>
> _
> Join the worlds largest e-mail service with MSN Hotmail.
> http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43819&t=43802
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: why I can't use normal ping in new router??? [7:43709]

[Kenny Smith]

sorry me again, I think I know why my router can't query the DNS. The reason 
is when I do a extended ping as follow, it tried to query the DNS server for 
real IP with the source address of the serial0 (default) before we can 
specify to use ethernet0 as the source address. And ISP never advertise 
route for the serial link. That's why I can't query the DNS.  How do you 
think??

>2500new#ping
>Protocol [ip]:
>Target IP address: www.channelnewsasia.com
>Translating "www.channelnewsasia.com"...domain server (203.116.1.93)
>(203.116.254.150)
>
>% Bad IP address

>From: "Kenny Smith" 
>Reply-To: "Kenny Smith" 
>To: [EMAIL PROTECTED]
>Subject: Re: why I can't use normal ping in new router??? [7:43709]
>Date: Fri, 10 May 2002 02:58:45 -0400
>
>Thanks.. Priscilla.. I understamd what you mean about the route issue and I
>think it is right.   But I have one more issue.  That's the DNS.  I
>tried to test whether new DNS is working or not with the following. But it
>always give me Bad IP address, but the DNS IP is proven to be working when
>we put it to our proxy.  Beside, when I do the same thing in my old router,
>it did get translated.  Why my new router DNS can't resolve my URL while 
>the
>DNS is proven to be to working fine??
>
>2500new#ping
>Protocol [ip]:
>Target IP address: www.channelnewsasia.com
>Translating "www.channelnewsasia.com"...domain server (203.116.1.93)
>(203.116.254.150)
>
>% Bad IP address
>
>2500old#ping
>Protocol [ip]:
>Target IP address: www.channelnewsasia.com
>Translating "www.channelnewsasia.com"...domain server (210.80.58.205) [OK]
>
>Repeat count [5]:
>Datagram size [100]:
>Timeout in seconds [2]:
>Extended commands [n]:
>Sweep range of sizes [n]:
>Type escape sequence to abort.
>Sending 5, 100-byte ICMP Echos to 202.172.227.114, timeout is 2 seconds:
>!!.!!
>Success rate is 80 percent (4/5), round-trip min/avg/max = 196/253/324 ms
>
>
> >From: "Priscilla Oppenheimer"
> >Reply-To: "Priscilla Oppenheimer"
> >To: [EMAIL PROTECTED]
> >Subject: Re: why I can't use normal ping in new router??? [7:43709]
> >Date: Thu, 9 May 2002 17:17:19 -0400
> >
> >Would upgrading solve his problem?
> >
> >At 03:00 PM 5/9/02, Larry Letterman wrote:
> > >I didn't say 10.3 would not handle it, did I...I just said to update 
>the
> > >ios because its old...
> > >
> > >Larry Letterman
> > >Cisco Systems
> > >[EMAIL PROTECTED]
> > >- Original Message -
> > >From: "Priscilla Oppenheimer"
> > >To:
> > >Sent: Thursday, May 09, 2002 10:37 AM
> > >Subject: Re: why I can't use normal ping in new router??? [7:43709]
> > >
> > >
> > > > At 03:57 AM 5/9/02, Larry Letterman wrote:
> > > > >Update the IOS to something modern...
> > > >
> > > > Do you work for TAC? Cisco IOS 10.3 could certainly handle ping just
> >fine.
> > > > ;-)
> > > >
> > > > I have a guess. Notice that the serial link has a subnet mask of
> > > > 255.255.255.252. This is a subnet mask that you typically see on a
> > > > point-to-point link with just two devices on it (the routers at 
>either
> > > > end). The link has no purpose other than to connect the customer's 
>LAN
> >to
> > > > the ISP. Hence, there's no reason for the ISP to advertise a route 
>to
> >that
> > > > point-to-point 100.20.90.56/30 network. In fact, for security 
>reasons,
> > >it's
> > > > probably a good idea to make sure there is not a route to this
> >dedicated
> > > > network that has just two memebers, the two router interfaces.
> > > >
> > > > So, this means that there's no way for a ping reply to get back to 
>the
> > > > 100.20.90.58 address.
> > > >
> > > > Now, the LAN is addressed with a network number and subnet mask that
> >you
> > > > might see used for a typical small customer (60.80.200.113
> > > > 255.255.255.240). Undoubtedly, there are no problems getting back to
> >this
> > > > LAN. The fact that he can surf the Web proves that point.
> > > >
> > > > Priscilla
> > > >
> > > >
> > > >
> > > >
> > > > >Larry Letterman
> > > > >Cisco Systems
> > > > >[EMAIL PROTECTED]
> > > > >- Original Message -
> > > > >From: "Kenny Smith"
> > > > >To:
> > > > >Sent: Thursday, May 09, 2002 12:20 AM
> > > > >Subject: RE: why I can't use normal ping in new router??? [7:43709]
> > > > >
> > > > >
> > > > > > Below is my config...why you think there is a route missing
> >somewhere,
> > >as
> > > > >I
> > > > > > can still use extended ping to ping and I can use it to surf net
> >as
> > > > >normal.
> > > > > > The only thing that I can't do is to normal ping from here..  
>What
> > >should
> > > > >me
> > > > > > the problem? It is related to the new ISP?
> > > > > >
> > > > > > 2500new#sh conf
> > > > > > Using 1561 out of 32762 bytes
> > > > > > !
> > > > > > version 10.3
> > > > > > no service finger
> > > > > > service password-encryption
> > > > > > no service udp-small-servers
> > > > > > no service tcp-small-servers
> > > > > > !
> > > > > > hostname 2500new
> > > > > > !
> > > > > > enable secret xx
> > > > > > !
> > > > > > ip subnet-zero
> > > > >

Re: Recommended study books for CCNP routing (BSCN) [7:43713]

[BELAIKS Ep-Ng-Ist]

Could you please help us with the url or paths to those cisco docs you
used.

Thanks and best regards.

Joe

"ashish" 
Sent by: [EMAIL PROTECTED]
05/09/2002 01:14 PM AST
Please respond to "ashish"

To: [EMAIL PROTECTED]
cc:
bcc:
Subject: Re: Recommended study books for CCNP routing (BSCN) [7:43713]

docs in cisco site are also very informative... sometimes i find them
better
than any book

- Original Message -
From: Tel Khan
To:
Sent: Thursday, May 09, 2002 6:15 AM
Subject: RE: Recommended study books for CCNP routing (BSCN) [7:43713]

> Hi,
>
> I have the following;
>
> 640-503 - Routing Exam Cert guide by Clare Gough
> 640-504 - Switching Exam Cert guide by  Tim Boyles an Dave Hucaby
> 640-505 - Remote Access Cert Guide by Brian Morgan
> 640-506 - Supoort Cert Guide by Amir S.Ranjbar
>
> I used both Cisco an Sybex for the Routing i'm now onto the Switching.
>
> Good luck
>
> Regards
>
> Tel

Message Posted at:
http://www.g roupstudy.com/form/read.php?f=7&i=43758&t=43713
-- 
FAQ, list archives, and subscription info: http://www.groupstudy.com/list
/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=43815&t=43713
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: why I can't use normal ping in new router??? [7:43709]

[Kenny Smith]

Thanks.. Priscilla.. I understamd what you mean about the route issue and I 
think it is right.   But I don't have one more issue.  That's the DNS.  I 
tried to test whether new DNS is working or not with the following. But it 
always give me Bad IP address, but the DNS IP is proven to be working when 
we put it to our proxy.  Beside, when I do the same thing in my old router, 
it did get translated.  Why my new router DNS can't resolve my URL while the 
DNS is proven to be to working fine??

2500new#ping
Protocol [ip]:
Target IP address: www.channelnewsasia.com
Translating "www.channelnewsasia.com"...domain server (203.116.1.93) 
(203.116.254.150)

% Bad IP address

2500old#ping
Protocol [ip]:
Target IP address: www.channelnewsasia.com
Translating "www.channelnewsasia.com"...domain server (210.80.58.205) [OK]

Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.172.227.114, timeout is 2 seconds:
!!.!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 196/253/324 ms


>From: "Priscilla Oppenheimer" 
>Reply-To: "Priscilla Oppenheimer" 
>To: [EMAIL PROTECTED]
>Subject: Re: why I can't use normal ping in new router??? [7:43709]
>Date: Thu, 9 May 2002 17:17:19 -0400
>
>Would upgrading solve his problem?
>
>At 03:00 PM 5/9/02, Larry Letterman wrote:
> >I didn't say 10.3 would not handle it, did I...I just said to update the
> >ios because its old...
> >
> >Larry Letterman
> >Cisco Systems
> >[EMAIL PROTECTED]
> >- Original Message -
> >From: "Priscilla Oppenheimer"
> >To:
> >Sent: Thursday, May 09, 2002 10:37 AM
> >Subject: Re: why I can't use normal ping in new router??? [7:43709]
> >
> >
> > > At 03:57 AM 5/9/02, Larry Letterman wrote:
> > > >Update the IOS to something modern...
> > >
> > > Do you work for TAC? Cisco IOS 10.3 could certainly handle ping just
>fine.
> > > ;-)
> > >
> > > I have a guess. Notice that the serial link has a subnet mask of
> > > 255.255.255.252. This is a subnet mask that you typically see on a
> > > point-to-point link with just two devices on it (the routers at either
> > > end). The link has no purpose other than to connect the customer's LAN 
>to
> > > the ISP. Hence, there's no reason for the ISP to advertise a route to
>that
> > > point-to-point 100.20.90.56/30 network. In fact, for security reasons,
> >it's
> > > probably a good idea to make sure there is not a route to this 
>dedicated
> > > network that has just two memebers, the two router interfaces.
> > >
> > > So, this means that there's no way for a ping reply to get back to the
> > > 100.20.90.58 address.
> > >
> > > Now, the LAN is addressed with a network number and subnet mask that 
>you
> > > might see used for a typical small customer (60.80.200.113
> > > 255.255.255.240). Undoubtedly, there are no problems getting back to 
>this
> > > LAN. The fact that he can surf the Web proves that point.
> > >
> > > Priscilla
> > >
> > >
> > >
> > >
> > > >Larry Letterman
> > > >Cisco Systems
> > > >[EMAIL PROTECTED]
> > > >- Original Message -
> > > >From: "Kenny Smith"
> > > >To:
> > > >Sent: Thursday, May 09, 2002 12:20 AM
> > > >Subject: RE: why I can't use normal ping in new router??? [7:43709]
> > > >
> > > >
> > > > > Below is my config...why you think there is a route missing
>somewhere,
> >as
> > > >I
> > > > > can still use extended ping to ping and I can use it to surf net 
>as
> > > >normal.
> > > > > The only thing that I can't do is to normal ping from here..  What
> >should
> > > >me
> > > > > the problem? It is related to the new ISP?
> > > > >
> > > > > 2500new#sh conf
> > > > > Using 1561 out of 32762 bytes
> > > > > !
> > > > > version 10.3
> > > > > no service finger
> > > > > service password-encryption
> > > > > no service udp-small-servers
> > > > > no service tcp-small-servers
> > > > > !
> > > > > hostname 2500new
> > > > > !
> > > > > enable secret xx
> > > > > !
> > > > > ip subnet-zero
> > > > > no ip source-route
> > > > > !
> > > > > interface Ethernet0
> > > > > description To Office Ethernet
> > > > > ip address 60.80.200.113 255.255.255.240
> > > > > no ip directed-broadcast
> > > > > ip accounting output-packets
> > > > > ip route-cache same-interface
> > > > > !
> > > > > interface Serial0
> > > > > description XXX
> > > > > ip address 100.20.90.58 255.255.255.252
> > > > > no ip directed-broadcast
> > > > > ip accounting output-packets
> > > > > bandwidth 512
> > > > > !
> > > > > interface Serial1
> > > > > no ip address
> > > > > shutdown
> > > > > !
> > > > > ip name-server 203.116.1.78
> > > > > ip name-server 203.116.1.94
> > > > > ip classless
> > > > > ip route 0.0.0.0 0.0.0.0 100.20.90.57
> > > > > tftp-server flash \tftpboot\IGS-IN-L.BIN
> > > > > snmp-server community public RO
> > > > > banner exec ^C
> > > > >
> > > > > Router name:   2500new
> > > > >Platform:   Cisco 2500
> > > > >Location:   Equant
> > > > >