RE: DDR logging line opening ? [7:44798]

[Herold Heiko]

Everybody,

thank you.

As I supposed nothing "passive" came up - sniffing and analyzing the
traffic, or remote snmp query to the call hist table need something polling
continuosly, or at least parsing the normal log in order to check when
necessary.
What woulb have been "nice and the correct way" (for some value of correct)
would be some way to make the router itself log the relevant information,
without need for external devices polling or sniffing and analyzing the
data, as with "debug dialer" active.
Bye
Heiko

-- 
-- PREVINET S.p.A.[EMAIL PROTECTED]
-- Via Ferretto, 1ph  x39-041-5907073
-- I-31021 Mogliano V.to (TV) fax x39-041-5907472
-- ITALY

> -Original Message-
> From: Chris Camplejohn [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, May 26, 2002 4:33 AM
> To: [EMAIL PROTECTED]
> Subject: Re: DDR logging line opening ? [7:44798]
> 
> 
> Check the SNMP MIBs...I can't remember the one off the top of 
> my head, but
> there is one for Call Detail History...You can query that and 
> get all sorts
> of good info  (like you see in sh isdn hist, sh isdn active...)
> 
> Chris
> 
> ""Herold Heiko""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hello,
> > ddr, dialer profiles, isdn (ininfluent though I think).
> > When a connection comes up something like this is logged:
> >
> > %LINK-3-UPDOWN: Interface BRI1/0:2, changed state to up
> > %DIALER-6-BIND: Interface BR1/0:2 bound to profile Di99
> > %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI1/0:2, 
> changed state to
> > up
> > %ISDN-6-CONNECT: Interface BRI1/0:2 is now connected to 0123456789
> > remotename
> >
> > Unfortunately that log is always the same, if the router 
> itself called out
> > or was called nothing changes. On the router itself at the 
> moment it is
> easy
> > to find that info (sh dialer, sh isdn hist, sh isdn act), 
> but not in the
> > logfile.
> >
> > The only way I found is keeping active debug dialer event, 
> probably not
> the
> > best thing on a production router.
> >
> > Any idea how to get some meaningfull log ?
> > Thanks
> > Heiko
> >
> > --
> > -- PREVINET S.p.A.[EMAIL PROTECTED]
> > -- Via Ferretto, 1ph  x39-041-5907073
> > -- I-31021 Mogliano V.to (TV) fax x39-041-5907472
> > -- ITALY




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45335&t=44798
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Bridging over FR subinterfaces [7:45336]

[Mohannad Khuffash]

Dear Group,
I have a problem for implementing the bridging over the Frame Relay
subinterfaces, Cisco say that you should only enable the bridging over the
main interface and the subinterface, i have made that but the problem still
present! Any one have any idea about that.
Note: When i issue the show bridge group command it show me that every thing
is ok , and that the subinterfaces are in forwarding state.

--




Mohannad N. Khuffash
Network Administrator
Palestine Telecom
Tel : 00970-09-2390509




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45336&t=45336
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

what's the difference btw the two routers config? [7:45337]

[Kenny Smith]

Hi..  Could you please check for me what is the difference between the 
following two router config ? RT1 and RT2.  I can connect to internet using 
RT2 but not RT1.  And I can't even telnet to RT1 from my firewall.  But both 
of them are having same config and IP.  Why?


RT1#sh conf
Using 2824 out of 32762 bytes
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname RT1
!
enable secret 5 
enable password 7 xx
!
ip subnet-zero
no ip source-route
no ip finger
ip name-server 200.116.1.93
ip name-server 200.116.254.150
!
!
!
interface Ethernet0
description To Office Ethernet
ip address 61.8.237.113 255.255.255.240
no ip directed-broadcast
ip accounting output-packets
ip route-cache same-interface
!
interface Serial0
description RT1 leased line :512k
bandwidth 512
ip address 100.24.9.58 255.255.255.252
no ip directed-broadcast
ip accounting output-packets
traffic-shape group 105 30 32 32 1000
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
!
ip nat translation timeout never
ip nat translation tcp-timeout never
ip nat translation udp-timeout never
ip nat translation finrst-timeout never
ip nat translation syn-timeout never
ip nat translation dns-timeout never
ip nat translation icmp-timeout never
ip classless
ip route 0.0.0.0 0.0.0.0 100.24.9.57
ip route 50.198.164.0 255.255.252.0 61.8.237.114
!
access-list 105 permit tcp any any eq ftp
access-list 105 permit tcp any eq ftp any
access-list 105 permit tcp any any eq smtp
access-list 105 permit tcp any eq smtp any
tftp-server flash \tftpboot\IGS-IN-L.BIN
snmp-server community X RO
banner exec ^C
Router-name: RT1
Platform   : Cisco2500
^C
banner login ^C

Unauthorised access is prohibited and may lead to
legal or disciplinary action being taken against you
^C
!
line con 0
exec-timeout 30 0
login
transport input none
line aux 0
exec-timeout 30 0
password 7 
transport input all
line vty 0
exec-timeout 15 0
password 7 x
login
length 0
line vty 1
exec-timeout 0 0
password 7 x
login
length 25
line vty 2 4
exec-timeout 15 0
password 7 x
login
!
end

RT2#sh conf
Using 1517 out of 32762 bytes
!
version 10.3
no service finger
service timestamps debug uptime
service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname RT2
!
enable secret 5 xx
!
ip subnet-zero
no ip source-route
!
interface Ethernet0
description To Office Ethernet
ip address 61.8.237.113 255.255.255.240
no ip directed-broadcast
ip accounting output-packets
ip route-cache same-interface
!
interface Serial0
description RT2 leased line :512k
ip address 100.24.9.58 255.255.255.252
no ip directed-broadcast
ip accounting output-packets
bandwidth 512
!
interface Serial1
no ip address
shutdown
!
ip name-server 200.116.1.93
ip name-server 200.116.254.150
ip classless
ip route 0.0.0.0 0.0.0.0 100.24.9.57
ip route 50.198.164.0 255.255.252.0 61.8.237.114
logging buffered
access-list 105 permit tcp any any eq ftp
access-list 105 permit tcp any eq ftp any
access-list 105 permit tcp any any eq smtp
access-list 105 permit tcp any eq smtp any
tftp-server flash \tftpboot\IGS-IN-L.BIN
snmp-server community X RO
banner exec ^C
Router-name: RT2
Platform   : Cisco2500
^C
banner login ^C

Unauthorised access is prohibited and may lead to
legal or disciplinary action being taken against you
^C
!
line con 0
line aux 0
transport input all
line vty 0
exec-timeout 15 0
password 7 xx
login
length 0
line vty 1
exec-timeout 0 0
password 7 xx
login
line vty 2 4
password 7 xx
login
!
end


_
Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45337&t=45337
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

DHCP [7:45338]

[Shane Stockman]

I have a Cisco 1720 router with 2 x BRI modules and a cisco switch connected 
with a couple of PC's.These dial into a Cisco 3640 router.I want to setup 
DHCP.I have a DHCP server on the 3640 side with an address range.I looked 
for a sample config on Cisco.com but all I got was how to configure a Router 
as a DHCP server.

Does anyone have a sample config on how to set this up.I know that one has 
to use ip helper address but where ???

Thanks


_
Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45338&t=45338
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

"ip nat inside" question [7:45339]

[TMS]

I have configuration which looks like that:

ISP --> S1/0 S1/1  --> S0
C2620C1720
 Fa0/0 --> LAN Fa0 --> LAN 2
   10.10.10.0/24   10.10.11.0/24

I configured NAT on C2620 to:

interface Serial1/0
  ip nat outside
!
inteface Fa0/0
  ip address 10.10.10.1 255.255.255.0
  ip nat inside
!
ip route 0.0.0.0 0.0.0.0 Serial1/0
ip nat inside source list 1 interface Serial1/0 overload
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit 10.10.11.0 0.0.0.255

Now C1720 is connected to C2620 and computers connected
behind C1720's Fa0 have access to internet via C2620
is necessary to set 'ip nat inside' on interface Serial1/1
on C2620 ?

-- 
TMS




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45339&t=45339
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Fast Ether Channel [7:45271]

[Antonio Malker]

Se the url about ether channel:
http://www.cisco.com/warp/public/473/index.shtml#EtherChannel

A.M




"Michael L. Williams"  escribis en el mensaje de
noticias [EMAIL PROTECTED]
> Do you have any documents or URLs that talk more about the etherchannel
> (that allows you to use 10Mbps ethernet in a bundle).
>
> I'm not saying I don't believe you, but twice today I've searched Cisco's
> website to find info on it, and I can't find anything but references to
> Fast- and Gig-Etherchannel  I even did a Google search on
'etherchannel'
> and of the non-Cisco websites that came up, they still indicated it would
> only work on 100/1000Mbps ethernet
>
> Thanks!
> Mike W.
>
> "dre"  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > ""Reza""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Does Fast EtherChannel support Ethernet, Fast Ethernet and Gigabit
> > Ethernet?
> >
> > fast etherchannel supports only fast ethernet.
> >
> > however, etherchannel is supported by all the
> > ethernet speeds you mentioned.
> >
> > it also works with 10-gigabit ethernet.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45340&t=45271
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Mail Relay [7:45144]

[richard dumoulin]

Ok guys, thx to all for ur help. I think I got the picture.

Regards.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45341&t=45144
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

voice and 802.11b [7:45342]

[Khurrum Shahzad]

Can we use voice through Wireless Ethernet Bridge (like cisco Aironet )? Is
is possible to use voice if two cisco router having voice module and FXO/FXS
are placed on two location connected through wireless bridge? I read that
802.11b has a drawback of lack of interoperability with voice devies.

regards

-- 
___
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45342&t=45342
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: voice and 802.11b [7:45342]

[Steven A. Ridder]

You can, but there haven't been any serious QOS techniques released yet in
the AiroNet series products yet.  The other problem is that the media isn't
switched, so it's basically a hub in the sky.

It's a rumor/myth that voice dose't work in 802.11b. There's actucally a
wireless 802.11b IP  phone out there by Symbol.  Anything that works in
ethernet will work in 802.11b (except for trunking).

--

RFC 1149 Compliant.



""Khurrum Shahzad""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Can we use voice through Wireless Ethernet Bridge (like cisco Aironet )?
Is
> is possible to use voice if two cisco router having voice module and
FXO/FXS
> are placed on two location connected through wireless bridge? I read that
> 802.11b has a drawback of lack of interoperability with voice devies.
>
> regards
>
> --
> ___
> Sign-up for your own FREE Personalized E-mail at Mail.com
> http://www.mail.com/?sr=signup




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45344&t=45342
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX + VPN Router or Just VPN Router? [7:45315]

[Jeffrey Reed]

Mark, this was very helpful. I appreciate the response!!

Jeffrey Reed
Classic Networking, Inc.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Mark
Odette II
Sent: Wednesday, May 29, 2002 2:28 AM
To: [EMAIL PROTECTED]
Subject: RE: PIX + VPN Router or Just VPN Router? [7:45315]

This may be the answer to your question...

>From what I gather, your design description says that you have a central
office, with several point-to-point Frame Relay connections to some
remote "sites", as well as you will have in the future, several more
remote "sites" that will be connecting via xDSL, CableModem, or even
local-POP FR-to-Internet connections.  For those broadband and
Local-POP-Frame Internet connections, a VPN Tunnel is needed to connect
to the Central sites' LAN.

For those Broadband and POP-Frame connections to the net, you want to
also give the remote sites internet access, so you figure to just route
them out the Internet GW of the Central Site... which is the same
ingress point of the VPN Tunnel termination.  Here in lays the problem.
You can't route VPN traffic (encrypted data) in and back out the same
interface.  VPN's don't route... PIXen don't route... they only allow
traffic to pass from one interface to the next (defined by rules).

Now, even though the PIX doesn't have "routing" functionality, you can
specify a default route (quad zero) and say what interface to send that
traffic to.  But that's as far as "routing" goes.

Also, the CCIE was probably taking into account for CPU/Memory
horsepower for each remote site's data throughput.

This is what I would do to modify the design plan.

For the remote sites that are connecting via xDSL or Cable-Modem:
Substitute the 1720+PIX 506 for a PIX 501.  This combines the
Firewall/VPN Tunnel and "Router" functionality into to, and allows for
safe access to the internet for those remote offices without having to
traverse the Central Site for this access.  At the same time, the VPN
Tunnels can be dynamically or statically configured.  Most remote
"offices" that use xDSL or Cable-Modem don't have more than 10 users, so
the PIX 501 is perfect for this job you have the option of a 10 or
50 user license (read 10 or 50 IPs statically assigned for translation)
anyway.  This would also meet the customers' requirement for cost
efficiency.

If the remote "sites" require more than 5 VPN Peers, i.e., they are
connecting to more than just the Central Site for a partial meshed VPN
configuration, then the 506 and a 1720 should be used instead.

If you are using Local-POP FR Internet connections, I would stick to the
1720/PIX 506 combination, which still gives you that Internet access and
VPN Tunnel support, all without the "Split-Tunnel" security risk.

... And now the caveat to the PIX 501.  You might have some trouble
getting the 501 to work with certain Cable-Modems.  This problem is only
present when the Cable provider is extremely "less-than-helpful" about
MAC Address management and their "policies" on MAC registration in
conjunction with the Modem.  Some Cable-Modems don't have the ability to
locally reset its MAC table registration, and you have to rely on the
cable provider to perform this reset procedure, allowing the PIX
interface to register itself with the Cable-modem/Network.  If they
aren't willing to do it on the basis that they only support PC setups,
then your up a creek with out a paddle.  Otherwise, the PIX works with
most cable-modems without problem.  This goes for the 501 and the 506
IIRC.

Hope this helps.

Mark




-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Jeffrey Reed
Sent: Tuesday, May 28, 2002 10:12 PM
To: [EMAIL PROTECTED]
Subject: RE: PIX + VPN Router or Just VPN Router? [7:45315]

Sorry for being so vague, I'm just going off a short conversation and a
design drawn on a beer-stained napkin...

The core PIX is shown as a 515E + VAC with 506s at remote sites.

Jeffrey Reed
Classic Networking, Inc.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, May 28, 2002 10:24 PM
To: [EMAIL PROTECTED]
Subject: Re: PIX + VPN Router or Just VPN Router? [7:45315]

I agree.  I am confused.

When you say the core pix, is that another 506?

Sorry but like I am confused.






"Henry D."
Sent by: [EMAIL PROTECTED]
05/29/2002 11:00 AM
Please respond to "Henry D."


To: [EMAIL PROTECTED]
cc:
Subject:Re: PIX + VPN Router or Just VPN Router?
[7:45315]


What you are describing doesn't really make sense. You say
you have connections back to the core site from all remotes.
If that was the case there would be no reason for the pix at remote
sites or an obvious reason for vpn tunnels between remotes and the core
site.
In that case, you could just put the core pix in front of the core site
and
the remotes,
terminate the remotes before the core pix, and no need for all the other

RE: "ip nat inside" question [7:45339]

[Mark Odette II]

As long as you have the following on C1720:

Int s0
Ip address 192.168.254.2 255.255.255.252

and

Ip route 0.0.0.0 0.0.0.0 192.168.254.1

And the following on the c2620:

Int s1/1
Ip addr 192.168.254.1 255.255.255.252

And 
Ip route 10.10.11.0 255.255.255.0 192.168.254.2

... then no, you shouldn't have to apply the "ip nat inside" to the s1/1
interface.

HTHs
Mark

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
TMS
Sent: Wednesday, May 29, 2002 3:47 AM
To: [EMAIL PROTECTED]
Subject: "ip nat inside" question [7:45339]

I have configuration which looks like that:

ISP --> S1/0 S1/1  --> S0
C2620C1720
 Fa0/0 --> LAN Fa0 --> LAN 2
   10.10.10.0/24   10.10.11.0/24

I configured NAT on C2620 to:

interface Serial1/0
  ip nat outside
!
inteface Fa0/0
  ip address 10.10.10.1 255.255.255.0
  ip nat inside
!
ip route 0.0.0.0 0.0.0.0 Serial1/0
ip nat inside source list 1 interface Serial1/0 overload
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit 10.10.11.0 0.0.0.255

Now C1720 is connected to C2620 and computers connected
behind C1720's Fa0 have access to internet via C2620
is necessary to set 'ip nat inside' on interface Serial1/1
on C2620 ?

-- 
TMS




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45345&t=45339
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX + VPN Router or Just VPN Router? [7:45315]

[Mark Odette II]

Sure... no problem

Also, I'll take this opportunity to make a minor addition/change to my
earlier statement about the 10 or 50 licenses... it actually applies to
10 or 50 hosts attempting outbound access from the PIX.

Mark

-Original Message-
From: Jeffrey Reed [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, May 29, 2002 5:13 AM
To: Mark Odette II; [EMAIL PROTECTED]
Subject: RE: PIX + VPN Router or Just VPN Router? [7:45315]

Mark, this was very helpful. I appreciate the response!!

Jeffrey Reed
Classic Networking, Inc.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Mark
Odette II
Sent: Wednesday, May 29, 2002 2:28 AM
To: [EMAIL PROTECTED]
Subject: RE: PIX + VPN Router or Just VPN Router? [7:45315]

This may be the answer to your question...

>From what I gather, your design description says that you have a
central
office, with several point-to-point Frame Relay connections to some
remote "sites", as well as you will have in the future, several more
remote "sites" that will be connecting via xDSL, CableModem, or even
local-POP FR-to-Internet connections.  For those broadband and
Local-POP-Frame Internet connections, a VPN Tunnel is needed to connect
to the Central sites' LAN.

For those Broadband and POP-Frame connections to the net, you want to
also give the remote sites internet access, so you figure to just route
them out the Internet GW of the Central Site... which is the same
ingress point of the VPN Tunnel termination.  Here in lays the problem.
You can't route VPN traffic (encrypted data) in and back out the same
interface.  VPN's don't route... PIXen don't route... they only allow
traffic to pass from one interface to the next (defined by rules).

Now, even though the PIX doesn't have "routing" functionality, you can
specify a default route (quad zero) and say what interface to send that
traffic to.  But that's as far as "routing" goes.

Also, the CCIE was probably taking into account for CPU/Memory
horsepower for each remote site's data throughput.

This is what I would do to modify the design plan.

For the remote sites that are connecting via xDSL or Cable-Modem:
Substitute the 1720+PIX 506 for a PIX 501.  This combines the
Firewall/VPN Tunnel and "Router" functionality into to, and allows for
safe access to the internet for those remote offices without having to
traverse the Central Site for this access.  At the same time, the VPN
Tunnels can be dynamically or statically configured.  Most remote
"offices" that use xDSL or Cable-Modem don't have more than 10 users, so
the PIX 501 is perfect for this job you have the option of a 10 or
50 user license (read 10 or 50 IPs statically assigned for translation)
anyway.  This would also meet the customers' requirement for cost
efficiency.

If the remote "sites" require more than 5 VPN Peers, i.e., they are
connecting to more than just the Central Site for a partial meshed VPN
configuration, then the 506 and a 1720 should be used instead.

If you are using Local-POP FR Internet connections, I would stick to the
1720/PIX 506 combination, which still gives you that Internet access and
VPN Tunnel support, all without the "Split-Tunnel" security risk.

... And now the caveat to the PIX 501.  You might have some trouble
getting the 501 to work with certain Cable-Modems.  This problem is only
present when the Cable provider is extremely "less-than-helpful" about
MAC Address management and their "policies" on MAC registration in
conjunction with the Modem.  Some Cable-Modems don't have the ability to
locally reset its MAC table registration, and you have to rely on the
cable provider to perform this reset procedure, allowing the PIX
interface to register itself with the Cable-modem/Network.  If they
aren't willing to do it on the basis that they only support PC setups,
then your up a creek with out a paddle.  Otherwise, the PIX works with
most cable-modems without problem.  This goes for the 501 and the 506
IIRC.

Hope this helps.

Mark




-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Jeffrey Reed
Sent: Tuesday, May 28, 2002 10:12 PM
To: [EMAIL PROTECTED]
Subject: RE: PIX + VPN Router or Just VPN Router? [7:45315]

Sorry for being so vague, I'm just going off a short conversation and a
design drawn on a beer-stained napkin...

The core PIX is shown as a 515E + VAC with 506s at remote sites.

Jeffrey Reed
Classic Networking, Inc.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, May 28, 2002 10:24 PM
To: [EMAIL PROTECTED]
Subject: Re: PIX + VPN Router or Just VPN Router? [7:45315]

I agree.  I am confused.

When you say the core pix, is that another 506?

Sorry but like I am confused.






"Henry D."
Sent by: [EMAIL PROTECTED]
05/29/2002 11:00 AM
Please respond to "Henry D."


To: [EMAIL PROTECTED]
cc:
Subject:Re: PIX + VPN Router or Just VPN Router

how to filter a MAC packet at 6509 or 4006 and WIN2000 server [7:45347]

[jackie xu]

hi,everybody here:
My dhcp server was attacked by a hacker,and the dhcp server would down
with the following messages(win2000 server platform):
"meet another server with the DHCP/BINL service, and the DHCP/BINL serivce
is closing"

I found that the attacking pc was a campus user,and i got its mac address
from arp table at router,so i want to filter the pc by its mac address not
ip address,but i don't know how to realize it?
any one can tell me?
Thank in advance!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45347&t=45347
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISP 30bit net question [7:45257]

[Kaminski, Shawn G]

I'm still trying to figure out how some of these people on the list have
time to answer or comment on almost every question that comes through this
list! :-) I'm lucky if I can read through half of them!

> -Original Message-
> From: Nigel Taylor [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, May 29, 2002 12:31 AM
> To:   [EMAIL PROTECTED]
> Subject:  Re: ISP 30bit net question [7:45257]
> 
> Dre,
>  Question?  When did you ever find time to read all of these
> RFC's?
> I'm I to assume
> that both you and "Howard" have quite a bit more in common than you
> seemingly endless
> depth of knowledge in our field.
> 
> Maybe the next time I speak with my mother, I'll talk to here about what
> possibilities existed
> if any, in bringing me into the world a whole lot sooner. :->
> 
> Nigel
> 
> 
> - Original Message -
> From: "dre" 
> To: 
> Sent: Tuesday, May 28, 2002 12:59 PM
> Subject: Re: ISP 30bit net question [7:45257]
> 
> 
> > ""Patrick Ramsey""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Is there a specific reason why isp's do not use private addess space
> for
> > > their 30bit networks to customers?
> >
> > Because if those links somehow send ICMP messages back to sources
> > (e.g. host-/net-/prot-/port- unreachables, squench, time exceeded, needs
> > frag unreachables, etc), it looks a lot better if these are publically
> > routable
> > IP addresses.  Some people also would end up blocking these messages
> > more often if they had a deny filter for, say, 10-dot space (if that ISP
> > used
> > 10-dot space for their infrastructure addressing).  This could end up
> > affecting
> > things like traceroutes, path MTU discovery, and other unfriendly
> things.
> >
> > http://www.ietf.org/rfc/rfc1191.txt
> > RFC 1191 Path MTU discovery. J.C. Mogul, S.E. Deering. Nov-01-1990.
> >  (Format: TXT=47936 bytes) (Obsoletes RFC1063) (Status: DRAFT
> >  STANDARD)
> > http://www.ietf.org/rfc/rfc2923.txt
> > RFC 2923 TCP Problems with Path MTU Discovery. K. Lahey. September 2000.
> >  (Format: TXT=30976 bytes) (Status: INFORMATIONAL)
> > http://www.ietf.org/rfc/rfc792.txt
> > RFC 792 Internet Control Message Protocol. J. Postel. Sep-01-1981.
> >  (Format: TXT=30404 bytes) (Obsoletes RFC0777) (Updated by RFC0950)
> >  (Also STD0005) (Status: STANDARD)
> >
> > So when you do a traceroute through an ISP, especially the time exceeded
> > messages will come from publically routable IP space that not only is
> > available
> > in the BGP table and marked as owned by a particular ASN, but also
> available
> > in the Internet routing registries (e.g. RADB) and regional internet
> > registries (e.g.
> > ARIN) as ISP-owned space that can be accounted for.  This could be
> important
> > for a number of reasons.
> >
> > Also, if you want to give those links "DNS", in particular, "Reverse
> DNS",
> > there
> > is no global authority for 10-dot or private address space as far as
> reverse
> > DNS
> > is concerned.  There would be no way to update that type of information
> for
> > any
> > ISP.  This would affect more things as well (esp. traceroutes again).
> >
> > For more information on the above, you might want to check out this
> > Internet-
> > Draft,
> >
> http://www.ietf.org/internet-drafts/draft-ietf-dnsop-dontpublish-unreachab
> le
> > -03.txt
> >
> > Here is another Internet-Draft that somewhat covers these issues:
> > http://www.ietf.org/internet-drafts/draft-iana-special-ipv4-03.txt
> >
> > You'll also note that a customer might find it difficult to set his
> next-hop
> > (or default
> > gateway) to an ISP infrastructure address that's made up of 10-dots,
> > especially if
> > that customer is already routing 10-dots on his/her internal network(s).
> > You could
> > eventually hit router-id problems, etc etc.  This wouldn't work so well
> for
> > routing
> > protocols.
> >
> > > I can't think of anything right off hand that would prevent an isp
> from
> > > being able to route properly using private addresses for serial links.
> >
> > Basically, because it breaks things and it is also ugly and
> unmanageable.
> >
> > I can't think of any reason that would allow an ISP to route properly
> using
> > private addresses, yet somehow some ISP's in the past may have gotten
> away
> > with it here and there.  Consider all the reasons above before you
> implement
> > something like that.
> >
> > I highly recommend that ISP's use PI public address space for their
> > infrastructure
> > addresses, including /30's and /32 loopback addresses.  I also implore
> > vendors and
> > ISP's to implement RFC 3021 and use 31-bit prefixes instead of 30-bit
> > prefixes for
> > point-to-point interfaces.
> >
> > http://www.ietf.org/rfc/rfc3021.txt
> > RFC 3021 Using 31-Bit Prefixes on IPv4 Point-to-Point Links. A. Retana,
> R.
> >  White, V. Fuller, D. McPherson. December 2000. (Format: TXT=19771
> >  bytes) (Status: PROPOSED STANDARD)
> >
> > I also suggest impleme

Re: what's the difference btw the two routers config? [7:45337]

[Gaz]

Can't see anything obvious in the config, so I will have to just have a
guess.
Could this be an ARP problem? If the firewall has the MAC address of RT2
cached.
Can you either clear the firewall ARP entries, or if you have the luxury,
reboot the firewall when you install the new router.

I don't want to teach you to suck eggs, but just checking as you gave us
Show Conf. You know that Show Conf gives you the start up config and not the
running config (in case there is any difference).


Gaz

""Kenny Smith""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi..  Could you please check for me what is the difference between the
> following two router config ? RT1 and RT2.  I can connect to internet
using
> RT2 but not RT1.  And I can't even telnet to RT1 from my firewall.  But
both
> of them are having same config and IP.  Why?
>
>
> RT1#sh conf
> Using 2824 out of 32762 bytes
> !
> version 12.0
> service timestamps debug uptime
> service timestamps log uptime
> service password-encryption
> !
> hostname RT1
> !
> enable secret 5 
> enable password 7 xx
> !
> ip subnet-zero
> no ip source-route
> no ip finger
> ip name-server 200.116.1.93
> ip name-server 200.116.254.150
> !
> !
> !
> interface Ethernet0
> description To Office Ethernet
> ip address 61.8.237.113 255.255.255.240
> no ip directed-broadcast
> ip accounting output-packets
> ip route-cache same-interface
> !
> interface Serial0
> description RT1 leased line :512k
> bandwidth 512
> ip address 100.24.9.58 255.255.255.252
> no ip directed-broadcast
> ip accounting output-packets
> traffic-shape group 105 30 32 32 1000
> !
> interface Serial1
> no ip address
> no ip directed-broadcast
> shutdown
> !
> ip nat translation timeout never
> ip nat translation tcp-timeout never
> ip nat translation udp-timeout never
> ip nat translation finrst-timeout never
> ip nat translation syn-timeout never
> ip nat translation dns-timeout never
> ip nat translation icmp-timeout never
> ip classless
> ip route 0.0.0.0 0.0.0.0 100.24.9.57
> ip route 50.198.164.0 255.255.252.0 61.8.237.114
> !
> access-list 105 permit tcp any any eq ftp
> access-list 105 permit tcp any eq ftp any
> access-list 105 permit tcp any any eq smtp
> access-list 105 permit tcp any eq smtp any
> tftp-server flash \tftpboot\IGS-IN-L.BIN
> snmp-server community X RO
> banner exec ^C
> Router-name: RT1
> Platform   : Cisco2500
> ^C
> banner login ^C
>
> Unauthorised access is prohibited and may lead to
> legal or disciplinary action being taken against you
> ^C
> !
> line con 0
> exec-timeout 30 0
> login
> transport input none
> line aux 0
> exec-timeout 30 0
> password 7 
> transport input all
> line vty 0
> exec-timeout 15 0
> password 7 x
> login
> length 0
> line vty 1
> exec-timeout 0 0
> password 7 x
> login
> length 25
> line vty 2 4
> exec-timeout 15 0
> password 7 x
> login
> !
> end
>
> RT2#sh conf
> Using 1517 out of 32762 bytes
> !
> version 10.3
> no service finger
> service timestamps debug uptime
> service password-encryption
> no service udp-small-servers
> no service tcp-small-servers
> !
> hostname RT2
> !
> enable secret 5 xx
> !
> ip subnet-zero
> no ip source-route
> !
> interface Ethernet0
> description To Office Ethernet
> ip address 61.8.237.113 255.255.255.240
> no ip directed-broadcast
> ip accounting output-packets
> ip route-cache same-interface
> !
> interface Serial0
> description RT2 leased line :512k
> ip address 100.24.9.58 255.255.255.252
> no ip directed-broadcast
> ip accounting output-packets
> bandwidth 512
> !
> interface Serial1
> no ip address
> shutdown
> !
> ip name-server 200.116.1.93
> ip name-server 200.116.254.150
> ip classless
> ip route 0.0.0.0 0.0.0.0 100.24.9.57
> ip route 50.198.164.0 255.255.252.0 61.8.237.114
> logging buffered
> access-list 105 permit tcp any any eq ftp
> access-list 105 permit tcp any eq ftp any
> access-list 105 permit tcp any any eq smtp
> access-list 105 permit tcp any eq smtp any
> tftp-server flash \tftpboot\IGS-IN-L.BIN
> snmp-server community X RO
> banner exec ^C
> Router-name: RT2
> Platform   : Cisco2500
> ^C
> banner login ^C
>
> Unauthorised access is prohibited and may lead to
> legal or disciplinary action being taken against you
> ^C
> !
> line con 0
> line aux 0
> transport input all
> line vty 0
> exec-timeout 15 0
> password 7 xx
> login
> length 0
> line vty 1
> exec-timeout 0 0
> password 7 xx
> login
> line vty 2 4
> password 7 xx
> login
> !
> end
>
>
> _
> Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45349&t=45337
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DHCP [7:45338]

[Gaz]

You need the IP-Helper address on the router interface which is nearest to
your DHCP clients, so if I'm understanding your set-up, it would be on the
1720 ethernet and the helper address would be that of your DHCP server.
Obviously you will have to have a scope on your DHCP server which
corresponds to the ethernet subnet on your 1720.
You may want to control which ports are forwarded as an IP helper address
sends a lot more than just DHCP, such as TFTP, Bootp, DNS, and a few others
IIRC, so use no ip forward-protocol udp [port number]

I'm sure others will chip in with pointers for ISDN usage.


Gaz

""Shane Stockman""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have a Cisco 1720 router with 2 x BRI modules and a cisco switch
connected
> with a couple of PC's.These dial into a Cisco 3640 router.I want to setup
> DHCP.I have a DHCP server on the 3640 side with an address range.I looked
> for a sample config on Cisco.com but all I got was how to configure a
Router
> as a DHCP server.
>
> Does anyone have a sample config on how to set this up.I know that one has
> to use ip helper address but where ???
>
> Thanks
>
>
> _
> Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45351&t=45338
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: how to filter a MAC packet at 6509 or 4006 and WIN2000 [7:45350]

[Lowell Sharrah]

access-list 700-799 

>>> "jackie xu"  05/29/02 08:03AM >>>
hi,everybody here:
My dhcp server was attacked by a hacker,and the dhcp server would down
with the following messages(win2000 server platform):
"meet another server with the DHCP/BINL service, and the DHCP/BINL
serivce
is closing"

I found that the attacking pc was a campus user,and i got its mac
address
from arp table at router,so i want to filter the pc by its mac address
not
ip address,but i don't know how to realize it?
any one can tell me?
Thank in advance!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45350&t=45350
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Bridging over FR subinterfaces [7:45336]

[MADMAN]

You ae correct in that you configure your bridge group on the physical
and subinterface.  You obviously have to configure bridging on some
other interface like your LAN, send a copy of your config.

  dave

Mohannad Khuffash wrote:
> 
> Dear Group,
> I have a problem for implementing the bridging over the Frame Relay
> subinterfaces, Cisco say that you should only enable the bridging over the
> main interface and the subinterface, i have made that but the problem still
> present! Any one have any idea about that.
> Note: When i issue the show bridge group command it show me that every
thing
> is ok , and that the subinterfaces are in forwarding state.
> 
> --
> 
> Mohannad N. Khuffash
> Network Administrator
> Palestine Telecom
> Tel : 00970-09-2390509
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45352&t=45336
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP addressing..i think i understand but i am not sure [7:45353]

[stephen skinner1]

chaps,,


many thanks for everyone`s input...
it has been extremly insightful./.

in answer to howards question

the problem i ma tying to solve is this...


i wish to effectly (as much as i can )...load balance whilst keeping my
redundency to a full ...

i want to take the most advantage of my E3`s coming into my UK pop...

i had not even considered multi-homing to the same ISP (via different
POP`s)..

any comments as to the best way to achive thisi

I am getting lots of VFM ( Value For Money) request from the directors

and i wont to know i am doing as much as is possible to give them that...


again many thanks


steve

- Original Message -
From: "dre" 
To: 
Sent: Tuesday, May 28, 2002 7:52 PM
Subject: Re: BGP addressing..i think i understand but i am not sure
[7:45278]


> ""Peter van Oene""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I'm not sure where to point you.  All I can tell you is that it is
> > commonplace and likely will continue to be so.  I'm currently not aware
of
> > any routing issues that this behavior would induce.
> ""Howard C. Berkowitz""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I'm not sure I could point you to anything more specific than the
> > IDR, NANOG, and RIPE routing group archives.  I hadn't noticed this
> > desire of the RSNG; the impression I have was the inconsistent routes
> > to be reported were those who were NOT registered in the IRR.  Such
> > unregistered routes are far more likely to be due to error.
> >
> > RFC 1930, while a wonderful document certainly worth reading by any
> > CCIE candidate, is informational rather than standards-track.
>
> Ahem.
> http://www.nanog.org/mtg-0110/lixia.html
>
> I know of many instances where this has been used to hijack traffic.
> It's not just a rumor, this is real.  AS3847 used to participate in such
> overbearing rediculous practices (for fun and profit).
>
> Announcing inconsistent routes can also have many operational benefits.
> Most of the "why" is included in the NANOG presentation, but not
> necesarily the "how".
>
> -dre




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45353&t=45353
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Bandwidth Throttling [7:45354]

[Wayne Jang]

Hello,

We have some servers at a colocation site.  We have a 10MB pipe but we are
paying for 3MB.  The ISP charges us more $$ if we use more than 3 MB.  Can I
configure my router to not allow me to use more than 3MB?

Thanks,
Wayne


--
Wayne Jang
Advanced Computer Technologies, Inc.
108 Main Street
Norwalk, CT 06851
Wk 203-847-9433
Cell 203-943-6603




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45354&t=45354
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

MCNS help needed [7:45355]

[Shoaib Waqar]

Hi Fellas,

Can anybody provide me some good links, study material
besides Cisco press book for MCNS preparation? I have
finished the book, now just preparing to go to Testing
center.
Plus if anyone has got Boson old version 4.23?? 

Any sort of help will be highly appreciated. 

Thanks and regards
Shoaib

__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45355&t=45355
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Bandwidth Throttling [7:45354]

[Brunner Joseph]

use traffic shaping. low overhead, easy to configure.

see http://www.cisco.com/warp/public/105/policevsshape.html#traffic


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45357&t=45354
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Bandwidth Throttling [7:45354]

[Tim O'Brien]

Here ya go...

http://www.cisco.com/warp/public/105/cbpcar.html

Tim
CCIE 9015


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Wayne Jang
Sent: Wednesday, May 29, 2002 9:52 AM
To: [EMAIL PROTECTED]
Subject: Bandwidth Throttling [7:45354]


Hello,

We have some servers at a colocation site.  We have a 10MB pipe but we are
paying for 3MB.  The ISP charges us more $$ if we use more than 3 MB.  Can I
configure my router to not allow me to use more than 3MB?

Thanks,
Wayne


--
Wayne Jang
Advanced Computer Technologies, Inc.
108 Main Street
Norwalk, CT 06851
Wk 203-847-9433
Cell 203-943-6603




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45356&t=45354
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

VOIP Interface for 3600 ...!! [7:45358]

[Gunjan Mathur]

Hi All,

I wanted to know the hardware requirement for enabling
cisco router for Voice. We are planning to buy 3600
router and I'm not sure what card I buy to enable
this. 
We are planning to connect PBX directly to router,
which mean VIC-2FXO is what I can think of but I could
not understand the utility of NM-2V, are we need this
to enable Voice over router?
Also if get T1 line then WIC-2T will server the
purpose or we need to buy anything else. or if we get
DSL connection then what card I need to start with.

Regards,



__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45358&t=45358
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: what's the difference btw the two routers config? [7:45337]

[steve mole]

What about the ip nat translation timeout statements?


- Original Message -
From: "Kenny Smith" 
To: 
Sent: Wednesday, May 29, 2002 3:54 AM
Subject: what's the difference btw the two routers config? [7:45337]


> Hi..  Could you please check for me what is the difference between the
> following two router config ? RT1 and RT2.  I can connect to internet
using
> RT2 but not RT1.  And I can't even telnet to RT1 from my firewall.  But
both
> of them are having same config and IP.  Why?
>
>
> RT1#sh conf
> Using 2824 out of 32762 bytes
> !
> version 12.0
> service timestamps debug uptime
> service timestamps log uptime
> service password-encryption
> !
> hostname RT1
> !
> enable secret 5 
> enable password 7 xx
> !
> ip subnet-zero
> no ip source-route
> no ip finger
> ip name-server 200.116.1.93
> ip name-server 200.116.254.150
> !
> !
> !
> interface Ethernet0
> description To Office Ethernet
> ip address 61.8.237.113 255.255.255.240
> no ip directed-broadcast
> ip accounting output-packets
> ip route-cache same-interface
> !
> interface Serial0
> description RT1 leased line :512k
> bandwidth 512
> ip address 100.24.9.58 255.255.255.252
> no ip directed-broadcast
> ip accounting output-packets
> traffic-shape group 105 30 32 32 1000
> !
> interface Serial1
> no ip address
> no ip directed-broadcast
> shutdown
> !
> ip nat translation timeout never
> ip nat translation tcp-timeout never
> ip nat translation udp-timeout never
> ip nat translation finrst-timeout never
> ip nat translation syn-timeout never
> ip nat translation dns-timeout never
> ip nat translation icmp-timeout never
> ip classless
> ip route 0.0.0.0 0.0.0.0 100.24.9.57
> ip route 50.198.164.0 255.255.252.0 61.8.237.114
> !
> access-list 105 permit tcp any any eq ftp
> access-list 105 permit tcp any eq ftp any
> access-list 105 permit tcp any any eq smtp
> access-list 105 permit tcp any eq smtp any
> tftp-server flash \tftpboot\IGS-IN-L.BIN
> snmp-server community X RO
> banner exec ^C
> Router-name: RT1
> Platform   : Cisco2500
> ^C
> banner login ^C
>
> Unauthorised access is prohibited and may lead to
> legal or disciplinary action being taken against you
> ^C
> !
> line con 0
> exec-timeout 30 0
> login
> transport input none
> line aux 0
> exec-timeout 30 0
> password 7 
> transport input all
> line vty 0
> exec-timeout 15 0
> password 7 x
> login
> length 0
> line vty 1
> exec-timeout 0 0
> password 7 x
> login
> length 25
> line vty 2 4
> exec-timeout 15 0
> password 7 x
> login
> !
> end
>
> RT2#sh conf
> Using 1517 out of 32762 bytes
> !
> version 10.3
> no service finger
> service timestamps debug uptime
> service password-encryption
> no service udp-small-servers
> no service tcp-small-servers
> !
> hostname RT2
> !
> enable secret 5 xx
> !
> ip subnet-zero
> no ip source-route
> !
> interface Ethernet0
> description To Office Ethernet
> ip address 61.8.237.113 255.255.255.240
> no ip directed-broadcast
> ip accounting output-packets
> ip route-cache same-interface
> !
> interface Serial0
> description RT2 leased line :512k
> ip address 100.24.9.58 255.255.255.252
> no ip directed-broadcast
> ip accounting output-packets
> bandwidth 512
> !
> interface Serial1
> no ip address
> shutdown
> !
> ip name-server 200.116.1.93
> ip name-server 200.116.254.150
> ip classless
> ip route 0.0.0.0 0.0.0.0 100.24.9.57
> ip route 50.198.164.0 255.255.252.0 61.8.237.114
> logging buffered
> access-list 105 permit tcp any any eq ftp
> access-list 105 permit tcp any eq ftp any
> access-list 105 permit tcp any any eq smtp
> access-list 105 permit tcp any eq smtp any
> tftp-server flash \tftpboot\IGS-IN-L.BIN
> snmp-server community X RO
> banner exec ^C
> Router-name: RT2
> Platform   : Cisco2500
> ^C
> banner login ^C
>
> Unauthorised access is prohibited and may lead to
> legal or disciplinary action being taken against you
> ^C
> !
> line con 0
> line aux 0
> transport input all
> line vty 0
> exec-timeout 15 0
> password 7 xx
> login
> length 0
> line vty 1
> exec-timeout 0 0
> password 7 xx
> login
> line vty 2 4
> password 7 xx
> login
> !
> end
>
>
> _
> Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45359&t=45337
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Bandwidth Throttling [7:45354]

[[EMAIL PROTECTED]]

Yes,

Committed Access Rate (CAR) was the old way of doing it. Now Class Based 
Policing is the way.

HTH

Dom Stocqueler.






"Wayne Jang" 
Sent by: [EMAIL PROTECTED]
29/05/2002 14:52
Please respond to "Wayne Jang"

 
To: [EMAIL PROTECTED]
cc: 
Subject:Bandwidth Throttling [7:45354]


Hello,

We have some servers at a colocation site.  We have a 10MB pipe but we are
paying for 3MB.  The ISP charges us more $$ if we use more than 3 MB.  Can 
I
configure my router to not allow me to use more than 3MB?

Thanks,
Wayne


--
Wayne Jang
Advanced Computer Technologies, Inc.
108 Main Street
Norwalk, CT 06851
Wk 203-847-9433
Cell 203-943-6603




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45360&t=45354
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: how to filter a MAC packet at 6509 or 4006 and WIN2000 [7:45361]

[Kent Hundley]

First, I think you need to determine that this is an actual attack before
you start blocking anything.  It could be someone who didn't know better
enabled a DHCP server without even knowing what it did.  I would recommend
going to the person who did it and asking them why they are enabling a DHCP
server.  Even if it is malicious, a friendly visit can sometimes do wonders
to curtail future activity.

Second, there is probably something you can tweak to keep your DHCP server
from going down if it detects another DHCP server.  I don't think you want
your server so easily DOSed.

Finally, if you really want to block traffic at the MAC layer, you can do it
with access-lists on the router, but that won't stop someone from playing
havoc on they're own subnet.

http://www.cisco.com/univercd/cc/td/doc/product/software/ssr83/rpc_r/53998.h
tm#xtocid1116615


If you want to run a secure operation you should assign MAC addresses to
ports on your switch and require users to go through a registration process
to obtain access to a port.  Also make them sign an AUP stating they are
responsible for any and all activity from their MAC address.

You can research securing ports on your switches by doing a search on "port
security" at cisco's site.

More useful info on Cisco security is here:

http://www.cisco.com/warp/public/707/index.shtml

You can find sample AUP's and other good policy templates here:

http://www.sans.org/newlook/resources/policies/policies.htm

One final point, if you don't have a security policy in place, no amount of
work will keep malicious activity from occuring.  Malicious activity inside
your network is principally a "people" problem and it is highly unlikely
you'll be able to solve those problems just with technology.

HTH,
Kent

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
jackie xu
Sent: Wednesday, May 29, 2002 5:03 AM
To: [EMAIL PROTECTED]
Subject: how to filter a MAC packet at 6509 or 4006 and WIN2000 server
[7:45347]


hi,everybody here:
My dhcp server was attacked by a hacker,and the dhcp server would down
with the following messages(win2000 server platform):
"meet another server with the DHCP/BINL service, and the DHCP/BINL serivce
is closing"

I found that the attacking pc was a campus user,and i got its mac address
from arp table at router,so i want to filter the pc by its mac address not
ip address,but i don't know how to realize it?
any one can tell me?
Thank in advance!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45361&t=45361
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN Client failing to connect to PIX using rsa-sig [7:45362]

[Ufuk Yasibeyli]

I have solved the problem and I can share the details, if 
anyone is interested. Please contact me...
It was related to certificates issued by MS CA.

Regards,

Ufuk Yasibeyli




-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Ufuk Yasibeyli
Sent: 28 May}s 2002 Sal} 23:59
To: [EMAIL PROTECTED]
Subject: VPN Client failing to connect to PIX using rsa-sig [7:45284]


Hello everybody,

This is a long message for a question regarding 
a VPN connection problem with Cisco VPN Client, PIX, rsa-signatures,
Microsoft IAS Radius and Microsoft CA server. Please ignore the message 
if you are not interested with the scenario.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45362&t=45362
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISP 30bit net question [7:45257]

[Ken Diliberto]

I think they have bigger processors than I do.  Either that or they have
special time machines that give them more than 24 hours in a day.

Ken

>>> "Kaminski, Shawn G"  05/29/02 07:09AM >>>
I'm still trying to figure out how some of these people on the list have
time to answer or comment on almost every question that comes through this
list! :-) I'm lucky if I can read through half of them!

> -Original Message-
> From: Nigel Taylor [SMTP:[EMAIL PROTECTED]] 
> Sent: Wednesday, May 29, 2002 12:31 AM
> To:   [EMAIL PROTECTED] 
> Subject:  Re: ISP 30bit net question [7:45257]
> 
> Dre,
>  Question?  When did you ever find time to read all of these
> RFC's?
> I'm I to assume
> that both you and "Howard" have quite a bit more in common than you
> seemingly endless
> depth of knowledge in our field.
> 
> Maybe the next time I speak with my mother, I'll talk to here about what
> possibilities existed
> if any, in bringing me into the world a whole lot sooner. :->
> 
> Nigel
> 
> 
[snip]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45364&t=45257
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

support for X.25 setup [7:45366]

[pankaj kulkarni]

Hi Friends,


I am facing certian difficulties with X.25 setup. Would appreciate tips for
the same. The details of the setup along with the router configuration is
given below:
X.25 SCENARIO
The following is the scenario that we have tested for one our customers who
is implemented his network and wants to connect on x.25
We as a Service Provider have the connectivity as the following :
1133  10261024 1023
 R1 --R2-R3
 S 0/1  s 1/6 BRI 6/2BRI 0/1
 
R1  2600
R2  3662
R3  7206 (CPE)
 
There are 2 routers  R1 and R2 at our end  which are directly connected back
to back on serial. Router1s Serial is been configured for x.25 and
necessary routes have been injected to reach R2. R3  is at  the customers
premises which is dialing into R2 on a BRI interface and getting connected.
When R3 gets connected to R2 at the service providers end  an SVC is
created, After the creation of SVC  R1 gets a path to reach R3
 
Problem Scenario :
R1 is able to reach R2
 pad 1026 is successful
Pad 1024 gives an error
 
R1 is unable to reach R3
Pad 1023 gives an error
 
R2 is able to reach R3
Pad 1023 is successful
 
R2 is able to reach R1
Pad 1133 is successful
 
R3 is able to reach R1
Pad 1133 is successful
l
The running configs of the routers is as below
 
R1# show runn
 
service pad to-xot
service pad from-xot
service tcp-keepalives-in
 
x29 profile abc 1:0 2:0 3:0 4:2 5:0 6:5 7:0 8:0 9:0 10:0 12:0 13:0 14:0 15:0
 16:0 17:0 18:0 19:0 20:0 22:0
x25 routing
call rsvp-sync
!
!
fax interface-type modem
mta receive maximum-recipients 0
!
!
controller E1 3/0
!
controller E1 4/0
!
!
interface Serial1/6
 no ip address
 no ip redirects
 no ip proxy-arp
 encapsulation x25
 x25 address 1026
 x25 ltc 16
 x25 htc 4095
 no cdp enable
!
interface BRI6/2
 no ip address
 encapsulation x25 dce ietf
 no ip mroute-cache
 dialer idle-timeout 25000
 x25 address 1024
 x25 ltc 16
 x25 htc 4095
 isdn switch-type basic-net3
 cdapi buffers regular 0
 cdapi buffers raw 0
 cdapi buffers large 0
 no cdp enable
!
x25 route ^404322017800 interface BRI6/2
x25 route 1023 interface BRI6/2
x25 route 1101 interface Serial1/6
x25 route 1100 interface Serial1/6
x25 route  interface BRI6/2
x25 route ^1133 interface Serial1/6
x25 route 1026 interface Serial1/6
x25 route 1024 interface BRI6/2
x25 host gtl-3662-nbm 1025
!
 
 
Configuration for R2 :
x29 profile abc 1:0 2:0 3:0 4:2 5:0 6:5 7:0 8:0 9:0 10:0 12:0 13:0 14:0 15:0
 16:0 17:0 18:0 19:0 20:0 22:0
isdn switch-type basic-net3
x25
routing
 
interface Serial1/6
no ip address
no ip redirects
no ip proxy-arp
encapsulation x25
x25 address 1026
x25 ltc 16
x25 htc 4095
no cdp enable   
 
x25 route ^404322017800 interface BRI6/2
x25 route 1023 interface BRI6/2
x25 route 1101 interface Serial1/6
x25 route 1100 interface Serial1/6
x25 route  interface BRI6/2
x25 route ^1133 interface
Serial1/6
 
R3 configuration is as follows:
 
isdn voice-call-failure 0
x25 routing
!
!
!
 
!
interface BRI4/4
 description ***For Globle Testing***
 no ip address
 no ip directed-broadcast
 encapsulation x25
 no ip route-cache
 no ip mroute-cache
 dialer idle-timeout 2147483
 dialer string 7619300
 x25 address 1023
 x25 ltc 16
 x25 htc 4095
 isdn switch-type basic-net3
 isdn tei-negotiation first-call
!
x25 route 1024 interface BRI4/4
x25 route ^1025 interface BRI4/4
x25 route 1100 interface BRI4/4
x25 route 1133 interface BRI4/4
 
Get Your Private, Free E-mail from Indiatimes at  http://email.indiatimes.com
Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from
http://www.planetm.co.in




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45366&t=45366
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

support for X.25 setup [7:45365]

[pankaj kulkarni]

Hi Friends,


I am facing certian difficulties with X.25 setup. Would appreciate tips for
the same. The details of the setup along with the router configuration is
given below:
X.25 SCENARIO
The following is the scenario that we have tested for one our customers who
is implemented his network and wants to connect on x.25
We as a Service Provider have the connectivity as the following :
1133  10261024 1023
 R1 --R2-R3
 S 0/1  s 1/6 BRI 6/2BRI 0/1
 
R1  2600
R2  3662
R3  7206 (CPE)
 
There are 2 routers  R1 and R2 at our end  which are directly connected back
to back on serial. Router1s Serial is been configured for x.25 and
necessary routes have been injected to reach R2. R3  is at  the customers
premises which is dialing into R2 on a BRI interface and getting connected.
When R3 gets connected to R2 at the service providers end  an SVC is
created, After the creation of SVC  R1 gets a path to reach R3
 
Problem Scenario :
R1 is able to reach R2
 pad 1026 is successful
Pad 1024 gives an error
 
R1 is unable to reach R3
Pad 1023 gives an error
 
R2 is able to reach R3
Pad 1023 is successful
 
R2 is able to reach R1
Pad 1133 is successful
 
R3 is able to reach R1
Pad 1133 is successful
l
The running configs of the routers is as below
 
R1# show runn
 
service pad to-xot
service pad from-xot
service tcp-keepalives-in
 
x29 profile abc 1:0 2:0 3:0 4:2 5:0 6:5 7:0 8:0 9:0 10:0 12:0 13:0 14:0 15:0
 16:0 17:0 18:0 19:0 20:0 22:0




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45365&t=45365
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: why copy tftp run retain some old config ??? [7:45323]

[sam sneed]

A copy to NVRAM (startup-config) or tftp server totaly replaces the config.
A copy to runnnig-config merges the configs.

So you need to do the following:

copy tftp startup-config
reload


""Sim, CT (Chee Tong)""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi.. Dear all,
>
> Why you I copy the config from the tftp server to replace the old config
on
> the router (copy tftp run) or copy the config from startup to running
(copy
> star run).  But the resulting config is not exactly the same as the config
> that I copy run.  It retain some of the old parameter or config.  For eg.
>
> When I copy start run
>
> My start-up config is
> ip route 10.0.0.0 255.0.0.0 50.100.45.4
>
> My running config is
> ip route 10.0.0.0 255.0.0.0 50.100.45.3
>
> After I copy start run, the resulting config become
> ip route 10.0.0.0 255.0.0.0 50.100.45.4
> ip route 10.0.0.0 255.0.0.0 50.100.45.3
>
>
> And when I copy the config from tftp server to my run config (copy tftp
run)
>
> My tftp config
>
> interface Ethernet0
>  description To Office Ethernet
>  ip address 80.8.200.113 255.255.255.240
>  no ip directed-broadcast
>  ip accounting output-packets
>  ip route-cache same-interface
>
> My running config
>
> interface Ethernet0
>  description To Office Ethernet
>  ip address 70.8.200.113 255.255.255.240
>  no ip directed-broadcast
>  ip accounting output-packets
>  ip route-cache same-interface
>  traffic-shape group 105 5000 7000 7000 1000
>
> But the resulting config become as below
> interface Ethernet0
>  description To Office Ethernet
>  ip address 80.8.200.113 255.255.255.240
>  no ip directed-broadcast
>  ip accounting output-packets
>  ip route-cache same-interface
>  traffic-shape group 105 5000 7000 7000 1000
>
> WHY???   Why it is not the same as the config that I copy from but the
> combination.  How to solve this??
>
> CT
>
>
>
>
> ==
> De informatie opgenomen in dit bericht kan vertrouwelijk zijn en
> is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
> onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en
> de afzender direct te informeren door het bericht te retourneren.
> ==
> The information contained in this message may be confidential
> and is intended to be exclusively for the addressee. Should you
> receive this message unintentionally, please do not use the contents
> herein and notify the sender immediately by return e-mail.
>
>
> ==




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45368&t=45323
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Fast Ether Channel [7:45271]

[Shawn Heisey]

I believe that will all currently supported hardware, FE or GE are the
minimum requirements.  You should be able to run it at any supported
speed, as long as both ends match.

Some of the older switches like the Cat3000 supported EtherChannel on
10Mb interfaces.  While you can still find these switches, they have
reached End Of Life.

As far as routers, only the larger hardware like the 7x00 series and the
router modules for the Cat5K/Cat6K support etherchannel.  As far as I
have been able to determine, it's not supported on 10Mb router
interfaces at all.  I haven't verified this absolutely, though.

Thanks,
Shawn

"Michael L. Williams" wrote:
> 
> I appreciate your information, Joseph.  I guess my question was more toward
> the types of interfaces that will run etherchannel.  i.e. if you're
knocking
> the speed down on a FastEthernet interface to 10Mbps, it's still a
> FastEthernet interface, not Ethernet interface.
> 
> One of the requirements for an etherchannel bundle is that all of the ports
> (interfaces) in the bundle all be matching speed/duplex.  So it would make
> sense that you could knock 100Mbps interfaces down to 10Mbps (as long as
> they all match) and it still work.
> 
> But are they any Ethernet interfaces (not Fast- or Gig-Ethernet) on any
> Cisco devices that support Etherchannel.  I'm thinking there's not, but
> that's not to say there's not some switch/router out there that may violate
> this Cisco "rule of thumb"  (being you can only do EtherChannel on Fast- or
> Gig-Ethernet)
> 
> Mike W.
> 
> "Brunner Joseph"  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > tested it.. works on 3548XL but not on 7206VXR (command was not under int
> > e4/0). On the 3548XL I just set hardcode 10, so it must be in the
hardware
> >
> > !3548XL
> >
> > !
> > interface FastEthernet0/1
> >  speed 10
> >  port group 3
> >  spanning-tree portfast
> > !
> > interface FastEthernet0/2
> >  speed 10
> >  port group 3
> >  spanning-tree portfast
> > !
> >
> >
> > 3548XL_1#sh port group
> > Group  Interface  Transmit Distribution
> > -  -  -
> > 3  FastEthernet0/2source address
> > 3  FastEthernet0/1source address




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45369&t=45271
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VOIP Interface for 3600 ...!! [7:45358]

[Michael Williams]

Okay. voice gurus. please correct me if I'm wrong, but I want to
take a stab as this just to make sure my info is right... (because we're
looking at a similar situation)

You need the NM-2V  (or NM-1V) which would plug into the module slot on the
2600/3600.  That module then has 1 or 2 (for the 1V or 2V respectively) VIC
slots.  So you would insert the VIC-2FXO into a slot on the NM.

As far as the module goes, are you going to handle individual calls or
trunks directly from the PBX?  If you want to do trunking (to handle many
calls) use the VIC-2E/M.

Here's a great URL that actually shows the NM-1V and NM-2V so you can see
the slots on them, as well as showing the VICs.

http://www.cisco.com/univercd/cc/td/doc/pcat/vone__p1.htm

As far as the WIC-T2, that will work if you have external CSU/DSUs and if
you need 2 T1 lines.  If you only need one T1, you can use the WIC-1DSU-T1. 
I like them because they have the built-in CSU/DSU (one less thing to worry
about) and takes the RJ-45 T1 directly.  Here is more info on this WIC:

http://www.cisco.com/univercd/cc/td/doc/pcat/t1duwny1.htm

Here are examples of configurations of this WIC (this URL *will* wrap,
so watch out)

http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113t/113t_3/36t1csu.htm

Hope this helps!
Mike W.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45370&t=45358
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN Client failing to connect to PIX using rsa-sig [7:45371]

[Alex Lee]

Can you share your insight ? Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45371&t=45371
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: voice and 802.11b [7:45342]

[Priscilla Oppenheimer]

Yup, I was going to say the same thing about lack of QoS, etc. Really I 
was. ;-)

I would add that delay is non deterministic with 802.11b. It's carrier 
sense multiple access. Although it's also collision avoidance (CSMA/CA), 
collisions do happen nonetheless.

Voice prefers short and non-variable delay. But it would probably work 
anyway. The good news is that you're only planning to have two devices 
share the medium (air), if you plan to just use wireless between the two 
bridges. So, the delay is somewhat less variable than it would be if you 
were running voice with multiple devices accessing an Access Point.

Priscilla

At 06:14 AM 5/29/02, Steven A. Ridder wrote:
>You can, but there haven't been any serious QOS techniques released yet in
>the AiroNet series products yet.  The other problem is that the media isn't
>switched, so it's basically a hub in the sky.
>
>It's a rumor/myth that voice dose't work in 802.11b. There's actucally a
>wireless 802.11b IP  phone out there by Symbol.  Anything that works in
>ethernet will work in 802.11b (except for trunking).
>
>--
>
>RFC 1149 Compliant.
>
>
>
>""Khurrum Shahzad""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Can we use voice through Wireless Ethernet Bridge (like cisco Aironet )?
>Is
> > is possible to use voice if two cisco router having voice module and
>FXO/FXS
> > are placed on two location connected through wireless bridge? I read that
> > 802.11b has a drawback of lack of interoperability with voice devies.
> >
> > regards
> >
> > --
> > ___
> > Sign-up for your own FREE Personalized E-mail at Mail.com
> > http://www.mail.com/?sr=signup


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45372&t=45342
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CISCO 803 [7:45373]

[[EMAIL PROTECTED]]

Hi friends,

I have two networks connected to an ISP using a CISCO 803 (ISDN). They have
VOIP over the ISDN connection..

I need to know if can connect both networks using a ethernet port (switch)
and transfer VOIP between both networks using the ethernet connection,
instead the ISDN connection.

Do you know if this is possible?

Regards,

Joseba Izaga




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45373&t=45373
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: why copy tftp run retain some old config ??? [7:45323]

[Priscilla Oppenheimer]

Copying to running config does a merge. It's as if you were typing the 
commands. They get added to what you already have in most cases.

Someone correct me if I'm wrong here

copy run start  REPLACES
copy start run  MERGES
copy run tftp   REPLACES
copy tftp run   MERGES
copy start tftp REPLACES
copy tftp start REPLACES

Priscilla

At 10:43 PM 5/28/02, Sim, CT (Chee Tong) wrote:
>Hi.. Dear all,
>
>Why you I copy the config from the tftp server to replace the old config on
>the router (copy tftp run) or copy the config from startup to running (copy
>star run).  But the resulting config is not exactly the same as the config
>that I copy run.  It retain some of the old parameter or config.  For eg.
>
>When I copy start run
>
>My start-up config is
>ip route 10.0.0.0 255.0.0.0 50.100.45.4
>
>My running config is
>ip route 10.0.0.0 255.0.0.0 50.100.45.3
>
>After I copy start run, the resulting config become
>ip route 10.0.0.0 255.0.0.0 50.100.45.4
>ip route 10.0.0.0 255.0.0.0 50.100.45.3
>
>
>And when I copy the config from tftp server to my run config (copy tftp run)
>
>My tftp config
>
>interface Ethernet0
>  description To Office Ethernet
>  ip address 80.8.200.113 255.255.255.240
>  no ip directed-broadcast
>  ip accounting output-packets
>  ip route-cache same-interface
>
>My running config
>
>interface Ethernet0
>  description To Office Ethernet
>  ip address 70.8.200.113 255.255.255.240
>  no ip directed-broadcast
>  ip accounting output-packets
>  ip route-cache same-interface
>  traffic-shape group 105 5000 7000 7000 1000
>
>But the resulting config become as below
>interface Ethernet0
>  description To Office Ethernet
>  ip address 80.8.200.113 255.255.255.240
>  no ip directed-broadcast
>  ip accounting output-packets
>  ip route-cache same-interface
>  traffic-shape group 105 5000 7000 7000 1000
>
>WHY???   Why it is not the same as the config that I copy from but the
>combination.  How to solve this??
>
>CT
>
>
>
>
>==
>De informatie opgenomen in dit bericht kan vertrouwelijk zijn en
>is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
>onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en
>de afzender direct te informeren door het bericht te retourneren.
>==
>The information contained in this message may be confidential
>and is intended to be exclusively for the addressee. Should you
>receive this message unintentionally, please do not use the contents
>herein and notify the sender immediately by return e-mail.
>
>
>==


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45374&t=45323
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Proxy arp [7:45375]

[Hector Miranda]

I am trying to use proxy arp for some of the computers in my network, at one
time it worked fine, but one time i removed the proxy arp on the 4908g-l3
switch and then re-enable it on all the interfaces, since then i can't
connect to the internet using proxy arp.

Is there a way to troubleshoot this issue? Is there any way to tell if a
different device is responding?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45375&t=45375
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: MCNS help needed [7:45355]

[David Vital]

Gonna be sorry I asked this..but which test is that?   looked at the
Cisco site and couldn't find an MCNS.

David


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45377&t=45355
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Proxy arp [7:45375]

[Patrick Ramsey]

take a trace!

debug on the router or grab a sniffer... if you have linux installed, use
tcpdump... otherwise, ethereal w/ winpcap works!

-Patrick

>>> "Hector Miranda"  05/29/02 01:54PM >>>
I am trying to use proxy arp for some of the computers in my network, at one
time it worked fine, but one time i removed the proxy arp on the 4908g-l3
switch and then re-enable it on all the interfaces, since then i can't
connect to the internet using proxy arp.

Is there a way to troubleshoot this issue? Is there any way to tell if a
different device is responding?
>  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. ("WellStar") and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45376&t=45375
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: MCNS help needed [7:45355]

[David Armstrong]

I'm not sure either but this comes to mind: Mastering Certifications for New
Students


""David Vital""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Gonna be sorry I asked this..but which test is that?   looked at the
> Cisco site and couldn't find an MCNS.
>
> David




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45378&t=45355
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Answered my Own question [7:45355]

[David Vital]

Managing Cisco Network Security. ok...I should have used the search
function in the first place.

David


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45380&t=45355
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Which WIC?????? [7:45379]

[Stuart Pittwood]

I hope someone can help me as I'm confused by the bewildering array or
WICs available.
 
I need a WIC for a Cisco 1720 series router which will allow me to use a
PRI Interface (Europe/UK).  I have been told by one supplier that one
doesn't exist and I should upgrade to a 2600 or 3600 (which I'm happy to
do if necessary) another supplier has told me that there is one but he
cannot source the part number.
 
HELP
 
Thanks
 
Stu




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45379&t=45379
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Proxy arp [7:45375]

[Lupi, Guy]

Check your computers arp cache, entries that are not for local IP addresses
should point to the mac address of the device that is responding to the arp
requests for destinations on the Internet.  Then, with the mac address, you
can compare that to all the arp entries for that mac address and find the IP
address on the local subnet.


*-Original Message-
*From: Hector Miranda [mailto:[EMAIL PROTECTED]]
*Sent: Wednesday, May 29, 2002 1:54 PM
*To: [EMAIL PROTECTED]
*Subject: Proxy arp [7:45375]
*
*
*I am trying to use proxy arp for some of the computers in my 
*network, at one
*time it worked fine, but one time i removed the proxy arp on 
*the 4908g-l3
*switch and then re-enable it on all the interfaces, since then i can't
*connect to the internet using proxy arp.
*
*Is there a way to troubleshoot this issue? Is there any way to 
*tell if a
*different device is responding?
*
*
*
*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45381&t=45375
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: MCNS help needed [7:45355]

[John Golovich]

Try Managing Cisco Network Security

--- David Armstrong  wrote:
> I'm not sure either but this comes to mind:
> Mastering Certifications for New
> Students
> 
> 
> ""David Vital""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Gonna be sorry I asked this..but which test is
> that?   looked at the
> > Cisco site and couldn't find an MCNS.
> >
> > David
> [EMAIL PROTECTED]
> 
> 


__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45382&t=45355
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: why copy tftp run retain some old config ??? [7:45323]

[sam sneed]

This is true, the general rule is config thats copied to run merges, copied
to tftp and start is replaced.. It does not matter where the source config
is copied from, its the destiantion that counts.


""Priscilla Oppenheimer""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Copying to running config does a merge. It's as if you were typing the
> commands. They get added to what you already have in most cases.
>
> Someone correct me if I'm wrong here
>
> copy run start  REPLACES
> copy start run  MERGES
> copy run tftp   REPLACES
> copy tftp run   MERGES
> copy start tftp REPLACES
> copy tftp start REPLACES
>
> Priscilla
>
> At 10:43 PM 5/28/02, Sim, CT (Chee Tong) wrote:
> >Hi.. Dear all,
> >
> >Why you I copy the config from the tftp server to replace the old config
on
> >the router (copy tftp run) or copy the config from startup to running
(copy
> >star run).  But the resulting config is not exactly the same as the
config
> >that I copy run.  It retain some of the old parameter or config.  For eg.
> >
> >When I copy start run
> >
> >My start-up config is
> >ip route 10.0.0.0 255.0.0.0 50.100.45.4
> >
> >My running config is
> >ip route 10.0.0.0 255.0.0.0 50.100.45.3
> >
> >After I copy start run, the resulting config become
> >ip route 10.0.0.0 255.0.0.0 50.100.45.4
> >ip route 10.0.0.0 255.0.0.0 50.100.45.3
> >
> >
> >And when I copy the config from tftp server to my run config (copy tftp
run)
> >
> >My tftp config
> >
> >interface Ethernet0
> >  description To Office Ethernet
> >  ip address 80.8.200.113 255.255.255.240
> >  no ip directed-broadcast
> >  ip accounting output-packets
> >  ip route-cache same-interface
> >
> >My running config
> >
> >interface Ethernet0
> >  description To Office Ethernet
> >  ip address 70.8.200.113 255.255.255.240
> >  no ip directed-broadcast
> >  ip accounting output-packets
> >  ip route-cache same-interface
> >  traffic-shape group 105 5000 7000 7000 1000
> >
> >But the resulting config become as below
> >interface Ethernet0
> >  description To Office Ethernet
> >  ip address 80.8.200.113 255.255.255.240
> >  no ip directed-broadcast
> >  ip accounting output-packets
> >  ip route-cache same-interface
> >  traffic-shape group 105 5000 7000 7000 1000
> >
> >WHY???   Why it is not the same as the config that I copy from but
the
> >combination.  How to solve this??
> >
> >CT
> >
> >
> >
> >
> >==
> >De informatie opgenomen in dit bericht kan vertrouwelijk zijn en
> >is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
> >onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en
> >de afzender direct te informeren door het bericht te retourneren.
> >==
> >The information contained in this message may be confidential
> >and is intended to be exclusively for the addressee. Should you
> >receive this message unintentionally, please do not use the contents
> >herein and notify the sender immediately by return e-mail.
> >
> >
> >==
> 
>
> Priscilla Oppenheimer
> http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45383&t=45323
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Which WIC?????? [7:45379]

[M.C. van den Bovenkamp]

Stuart Pittwood wrote:

> I need a WIC for a Cisco 1720 series router which will allow me to use a
> PRI Interface (Europe/UK).  I have been told by one supplier that one
> doesn't exist and I should upgrade to a 2600 or 3600 (which I'm happy to
> do if necessary) another supplier has told me that there is one but he
> cannot source the part number.

As far as I can see, the first is right. There doesn't seem to be a PRI
WIC. Looks like you need a 2600 and an NM-1CE1B (UTP) or NM-1CE1U
(coax).

But I'm willing to be corrected :-).

Regards,

Marco.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45384&t=45379
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Proxy arp & DNS [7:45385]

[Hector Miranda]

When i set a computer with proxy arp there is no connection to the internet,
i sniff and the arp request,arp reply was pointing to the right place, but
when i check the arp cache in the pc the dns server's physical address was
all 00. It looks like when i use arp DNS in not working but when i
manually assign the gateway it does.

Help !!!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45385&t=45385
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIP - who is doing this one? [7:45166]

[Tom Scott]

Neal Rauhauser 402-301-9555 wrote:

> I'm back to reading groupstudy after an eighteen month abscence. My
> CCNP/CCDP certs which I finished 12/2000 and 1/2001 are working wonders
> career wise, but I am doing a lot of carrier type stuff now and I've
> lined up projects that pretty much cover the BSCI, MCAST+QoS, and MPLS
> tests for CCIP - no reason not to get it done if I am going to do the
> reading anyway.
>
>   I am curious to know the stats - how many people have completed this
> cert?

I'm sorry to see there are no responses in this thread.

Maybe that's a sign we should give up on CCIP study groups for now and wait
till
there's more interest in it after, say, 2005 or even 2010. :-(

-- TT




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45363&t=45166
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN Design [7:44953]

[Marshal Schoener]

I am in agreement.
Why put the external nic in the DMZ at all?

- connect a hub to your router
- Firewall external nic gets connected to hub
- concentrator external nic gets put into hub
- both internal nics get connected to switch (Secure LAN)

As far as I know, this is the manufacturer's suggested practice, and the
most reasonable...
After this, you point the packets where they are supposed to go :-)

Just make sure you only allow those authorized into your concentrator.

IMO, it is best to use the DMZ for things it is good for... Such as Web
servers ;-)
Regards,
Marshal


-Original Message-
From: Patrick Ramsey [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 28, 2002 11:03 AM
To: [EMAIL PROTECTED]
Subject: Re: VPN Design [7:44953]


Well, have you thought this setup through?

I mean... if you are placing the vpn device's external nic in the dmz, and
it's internal nic on your lan, you are defeating your firewall.  You still
have to allow access into the vpn device.(which is the same as having it on
the outside)  If you really want to have the double protection, you should
think about placing the vpn's external nic on the outside and creating a
tunnel though the dmz. (of course this also defeats your firewall, but at
least you can set the pix to only tunnel from the vpn device)

But at this point, it's a trust game.  You trust your firewall to protect
your corporate lan right?  Why would you not trust your vpn device?  There's
nothing wrong with running parallel firewalls or vpn scenarios.  I'm pretty
sure I can come up with a list of pros and cons for both.  In the end you'll
probably find them to be 50/50.

Of course, running in parallel may actualy cause issues for your clients on
the outside.  If the concentrator is not the default route, then you may run
into asymetric routing problems.

You might try just using one nic in the concentrator too.  Unless you are in
a scenario that requires high speed routing, chances are, that t1 to the
internet is not going to bog down your vpn device.

just somoe tidbits to think about.

-Patrick

>>> "neil K."  05/24/02 11:10AM >>>
Hi All,

1. Could anyone please tell me what needs to be done on the PIX firewall if
the
Cisco VPN concentrator is placed in such a way as the public interface is in
the DMZ and private interface on the inside network.
2. This design of placing the Concentraor in the DMZ is a little complex as
compared to keeping the Concentrator Parallel to Firewall, which has
security
risks.Also in the case of Parallel design concentrator public address has to
be in the IP subnet as the
Firewall and the External Router( If I am not wrong) can this be overcome by
placing the Concentrator in the DMZ.
3. Does the firewall need some routing capability so that it can route
Encrypted packets to go thru concentrator or can it be done by adding routes
to the servers pointing to concentrator.
4. What will have to be done if there are some AS-400 servers and we are
planning to use IPsec.

Any help will be highly appreciated.

Thanks,

Neil
>  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. ("WellStar") and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45386&t=44953
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Please confirm (conf#107493d00242e04bc6e984884b52cea1) [7:45388]

[Viet Tran]

--- [EMAIL PROTECTED] wrote:
> Hi,
> 
> You have tried to post to GroupStudy.com's
> Professional mailing list. Because
> the server does not recognize you as a confirmed
> poster, you will be required
> to authenticate that you are using a valid e-mail
> address and are not a
> spammer. By confirming this e-mail you certify that
> you are not sending
> Unsolicited Bulk Email (UBE).  
> 
> PLEASE DO NOT SEND YOUR ORIGINAL MESSAGE AGAIN!  BY
> CONFIRMING THIS EMAIL
> YOUR ORIGINAL MESSAGE (WHICH IS NOW QUEUED IN THE
> SERVER) WILL BE POSTED.
> 
> 
> By confirming this e-mail you also certify the
> following:
> 
> 1. The message does NOT break Cisco's Non-Disclosure
> requirements.
> 
> 2. The message is NOT designed to advertise a
> commercial product.
> 
> 3. You understand all postings become property of
> GroupStudy.com
> 
> 4. You have searched the archives prior to posting.
> 
> 5. The message is NOT inflammatory.
> 
> 6. The message is NOT a test message.
> 
> To confirm, simply reply to this message.  No
> editing is necessary.  Once
> confirmed, you will be able to post without
> additional confirmations.
> 
> 
> Welcome to GroupStudy.com!
> 
> 
> --ORIGINAL MESSAGE-
> 
> From [EMAIL PROTECTED]  Wed May 29 14:53:05 2002
> Received: from web11605.mail.yahoo.com
> (web11605.mail.yahoo.com [216.136.172.57])
>   by groupstudy.com (8.9.3/8.9.3) with SMTP id
> OAA29114
>   GroupStudy Mailer; Wed, 29 May 2002 14:53:05 -0400
> Message-ID:
> 
> Received: from [63.100.30.110] by
> web11605.mail.yahoo.com via HTTP; Wed, 29 May 2002
> 11:53:50 PDT
> Date: Wed, 29 May 2002 11:53:50 -0700 (PDT)
> From: Viet Tran 
> Subject: RE: Mail Relay [7:45144]
> To: [EMAIL PROTECTED]
> MIME-Version: 1.0
> Content-Type: text/plain; charset=us-ascii
> 
> Nobody knows ??
> Can anyone tell me what is a mail relay for ??
> 
> --
> In a typical mail flow, a source mail client sends
> message to its mail server.  This mai server then
> directs the message to its nearest mail relay, then
> to
> next mail relay, then to the next-next ... until the
> message reaches the mail server at the other end to
> be
> delivered to the destination mail client.
> --
> 
> I know it is not a Cisco issue, but for me it is
> related to the fact that I am only studying cisco
> stuff and therefore do not know anything about those
> kind of Microsoft things.
> 
> ---
> Actually it's not Microsoft or whatever thing, but
> should be called SMTP thing.  However, the majority
> of
> mail relay boxes out there implement their relay job
> running sendmail, an integrated GNU software found
> in
> every Unix machine including Linux of course. 
> Maintaining sendmail is challenging, but very
> rewarding.  You can start by reading DNS & BIND and
> Sendmail of O'Reilly, then jumping to Sendmail
> Theory
> & Practice of someone I don't recall the name right
> now.
> -
> 
> Hope it helps little bit.
> 
> Regards,
> 
> Victor Tran.
> Santa Clara County ISD.
> 
> __
> Do You Yahoo!?
> Yahoo! - Official partner of 2002 FIFA World Cup
> http://fifaworldcup.yahoo.com
> 


__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45388&t=45388
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Mail Relay [7:45144]

[Viet Tran]

Nobody knows ??
Can anyone tell me what is a mail relay for ??

--
In a typical mail flow, a source mail client sends
message to its mail server.  This mai server then
directs the message to its nearest mail relay, then to
next mail relay, then to the next-next ... until the
message reaches the mail server at the other end to be
delivered to the destination mail client.
--

I know it is not a Cisco issue, but for me it is
related to the fact that I am only studying cisco
stuff and therefore do not know anything about those
kind of Microsoft things.

---
Actually it's not Microsoft or whatever thing, but
should be called SMTP thing.  However, the majority of
mail relay boxes out there implement their relay job
running sendmail, an integrated GNU software found in
every Unix machine including Linux of course. 
Maintaining sendmail is challenging, but very
rewarding.  You can start by reading DNS & BIND and
Sendmail of O'Reilly, then jumping to Sendmail Theory
& Practice of someone I don't recall the name right
now.
-

Hope it helps little bit.

Regards,

Victor Tran.
Santa Clara County ISD.

__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45387&t=45144
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco VPN client software [7:45021]

[Lidiya White]

VPN 1.1 client - yes (it's ire client).
VPN Unity client (3.x) - no. It's using xauth.

-- Lidiya White

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
fahim
Sent: Monday, May 27, 2002 8:40 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco VPN client software [7:45021]

I dont think so,
Cisco VPN Client can be used only with Cisco devices.

fahim
""Santhanam, Thiyagarajan (Cognizant)""  wrote
in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi All,
>
> Can I use Cisco VPN client software to connect to NetScreen VPN
server...?
>
> Thanks
> Thiyagu
> This e-mail and any files transmitted with it are for the sole use of
the
> intended recipient(s) and may contain confidential and privileged
information.
> If you are not the intended recipient, please contact the sender by
reply
> e-mail and destroy all copies of the original message.
> Any unauthorised review, use, disclosure, dissemination, forwarding,
> printing or copying of this email or any action taken in reliance on
this
> e-mail is strictly
> prohibited and may be unlawful.
>
> Visit us at http://www.cognizant.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45389&t=45021
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Tacacs Question [7:45390]

[Richard Tufaro]

When configuring Cisco ACS server with a router across the WAN connected by
frame-relay, is there a way to tell the router to send the IP-originating
interface as the ethernet controller? Much like when setting up syslog
across a Frame WAN using: logging source-INTERFACE. Any ideas?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45390&t=45390
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX passing IPSEC traffic? [7:45197]

[Lidiya White]

In most cases, no - that is not possible.
But if you are terminating IPSec tunnel at the device that supports NAT
transparency, then yes, you'll be able to pass IPSec through PAT.

The issue here is that IPSec uses protocol ESP, that doesn't have ports.
So how can you use PAT (port address translation) for a protocol that
doesn't have ports?
Let's say Cisco VPN Concentrators has a feature like IPSec over UPD or
TCP. What is does is encapsulates esp in udp or tcp. 

So the answer to your question depends on can your VPN client and VPN
device support IPSec over tcp or udp?

-- Lidiya White

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Edward Sohn
Sent: Monday, May 27, 2002 9:56 PM
To: [EMAIL PROTECTED]
Subject: PIX passing IPSEC traffic? [7:45197]

Hello, all...

I have a PIX501 set up for PAT on one ip address through my cable modem.

I have a client on my internal network that needs to connect to a
corporate extranet via IPSEC, using it's own client software (Nortel).
In other words, there is no network-to-network or cisco-to-cisco IPSEC
connections.  The PIX simply passes the traffic.

The problem is that I cannot get the client to connect through the PIX.
I believe it's because the client needs its own statically translated
address on the PIX (because when I use my only ip address, I can make it
connect).  However, the challenge here is to make it so that I can make
this VPN client work through the PIX while still using PAT.  This way,
it doesn't hose all my other computers on the inside.

Is this possible?  I was thinking of a port address mapping statement,
but I wouldn't know which ports to use.  Anyone have any experience with
this?

Thanks,

Eddie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45391&t=45197
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX passing IPSEC traffic? [7:45197]

[sam sneed]

I'm not sure about Nortel VPN but I had the same problem with a chekpoint
client and got passed it using UDP encapsulation. See if nortel has
something simliar.

""Edward Sohn""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello, all...
>
> I have a PIX501 set up for PAT on one ip address through my cable modem.
>
> I have a client on my internal network that needs to connect to a
> corporate extranet via IPSEC, using it's own client software (Nortel).
> In other words, there is no network-to-network or cisco-to-cisco IPSEC
> connections.  The PIX simply passes the traffic.
>
> The problem is that I cannot get the client to connect through the PIX.
> I believe it's because the client needs its own statically translated
> address on the PIX (because when I use my only ip address, I can make it
> connect).  However, the challenge here is to make it so that I can make
> this VPN client work through the PIX while still using PAT.  This way,
> it doesn't hose all my other computers on the inside.
>
> Is this possible?  I was thinking of a port address mapping statement,
> but I wouldn't know which ports to use.  Anyone have any experience with
> this?
>
> Thanks,
>
> Eddie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45392&t=45197
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX passing IPSEC traffic? [7:45197]

[Marshal Schoener]

I had the same issue :-)
Where you trying to push a Securemote tunnel through a Linksys cable router
by any chance?  LOL...
It literally took months before the information on UDP encapsulation came
out and I was able to do that.
Not to mention the Linksys people were useless.  No offense if any are here
;-)
   Marshal

-Original Message-
From: sam sneed [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 29, 2002 4:40 PM
To: [EMAIL PROTECTED]
Subject: Re: PIX passing IPSEC traffic? [7:45197]


I'm not sure about Nortel VPN but I had the same problem with a chekpoint
client and got passed it using UDP encapsulation. See if nortel has
something simliar.

""Edward Sohn""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello, all...
>
> I have a PIX501 set up for PAT on one ip address through my cable modem.
>
> I have a client on my internal network that needs to connect to a
> corporate extranet via IPSEC, using it's own client software (Nortel).
> In other words, there is no network-to-network or cisco-to-cisco IPSEC
> connections.  The PIX simply passes the traffic.
>
> The problem is that I cannot get the client to connect through the PIX.
> I believe it's because the client needs its own statically translated
> address on the PIX (because when I use my only ip address, I can make it
> connect).  However, the challenge here is to make it so that I can make
> this VPN client work through the PIX while still using PAT.  This way,
> it doesn't hose all my other computers on the inside.
>
> Is this possible?  I was thinking of a port address mapping statement,
> but I wouldn't know which ports to use.  Anyone have any experience with
> this?
>
> Thanks,
>
> Eddie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45393&t=45197
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VOIP Interface for 3600 ...!! [7:45358]

[Steven A. Ridder]

You got it right.  But, you can do trunking over FXO as well.  The E&M and
FXO cards are both analog, just different signaling.  E&M is preferred.  And
you could also use a CAS/CCS T1 card between router and PBX if more than 4
calls may be needed at one time.

And as I'm a salesman, I'd say get rid of the PBX altogether and go CM/IPtel
all the way!


""Michael Williams""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Okay. voice gurus. please correct me if I'm wrong, but I want to
> take a stab as this just to make sure my info is right... (because we're
> looking at a similar situation)
>
> You need the NM-2V  (or NM-1V) which would plug into the module slot on
the
> 2600/3600.  That module then has 1 or 2 (for the 1V or 2V respectively)
VIC
> slots.  So you would insert the VIC-2FXO into a slot on the NM.
>
> As far as the module goes, are you going to handle individual calls or
> trunks directly from the PBX?  If you want to do trunking (to handle many
> calls) use the VIC-2E/M.
>
> Here's a great URL that actually shows the NM-1V and NM-2V so you can see
> the slots on them, as well as showing the VICs.
>
> http://www.cisco.com/univercd/cc/td/doc/pcat/vone__p1.htm
>
> As far as the WIC-T2, that will work if you have external CSU/DSUs and if
> you need 2 T1 lines.  If you only need one T1, you can use the
WIC-1DSU-T1.
> I like them because they have the built-in CSU/DSU (one less thing to
worry
> about) and takes the RJ-45 T1 directly.  Here is more info on this WIC:
>
> http://www.cisco.com/univercd/cc/td/doc/pcat/t1duwny1.htm
>
> Here are examples of configurations of this WIC (this URL *will* wrap,
> so watch out)
>
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113t/113t_
3/36t1csu.htm
>
> Hope this helps!
> Mike W.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45396&t=45358
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: why copy tftp run retain some old config ??? [7:45323]

[Thomas Larus]

Because when you "copy tftp run" you are merging the tftp file into your
running config, NOT replacing it.

Tom Larus
""Sim, CT (Chee Tong)""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi.. Dear all,
>
> Why you I copy the config from the tftp server to replace the old config
on
> the router (copy tftp run) or copy the config from startup to running
(copy
> star run).  But the resulting config is not exactly the same as the config
> that I copy run.  It retain some of the old parameter or config.  For eg.
>
> When I copy start run
>
> My start-up config is
> ip route 10.0.0.0 255.0.0.0 50.100.45.4
>
> My running config is
> ip route 10.0.0.0 255.0.0.0 50.100.45.3
>
> After I copy start run, the resulting config become
> ip route 10.0.0.0 255.0.0.0 50.100.45.4
> ip route 10.0.0.0 255.0.0.0 50.100.45.3
>
>
> And when I copy the config from tftp server to my run config (copy tftp
run)
>
> My tftp config
>
> interface Ethernet0
>  description To Office Ethernet
>  ip address 80.8.200.113 255.255.255.240
>  no ip directed-broadcast
>  ip accounting output-packets
>  ip route-cache same-interface
>
> My running config
>
> interface Ethernet0
>  description To Office Ethernet
>  ip address 70.8.200.113 255.255.255.240
>  no ip directed-broadcast
>  ip accounting output-packets
>  ip route-cache same-interface
>  traffic-shape group 105 5000 7000 7000 1000
>
> But the resulting config become as below
> interface Ethernet0
>  description To Office Ethernet
>  ip address 80.8.200.113 255.255.255.240
>  no ip directed-broadcast
>  ip accounting output-packets
>  ip route-cache same-interface
>  traffic-shape group 105 5000 7000 7000 1000
>
> WHY???   Why it is not the same as the config that I copy from but the
> combination.  How to solve this??
>
> CT
>
>
>
>
> ==
> De informatie opgenomen in dit bericht kan vertrouwelijk zijn en
> is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
> onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en
> de afzender direct te informeren door het bericht te retourneren.
> ==
> The information contained in this message may be confidential
> and is intended to be exclusively for the addressee. Should you
> receive this message unintentionally, please do not use the contents
> herein and notify the sender immediately by return e-mail.
>
>
> ==




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45395&t=45323
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

telnet terminal [7:45397]

[. .]

what is a popular (and free) telnet terminal for all of you using?

_
Chat with friends online, try MSN Messenger: http://messenger.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45397&t=45397
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

V3PN's [7:45398]

[Steven A. Ridder]

Does anyone know anything about the V3PN's out there that Cisco is hyping
up?  Is it based on new technology or just marketing hype.  I saw two things
that caught my eye:

1.  It can pass multicast traffic via IPSec.  Is that with GRE or some new
feature?
2.  It can mark voice and video once encrypted.  How?  That's pretty good if
true.

Is this marketing or new technologies/techniques I never heard of yet?

Here are some links:

Cisco: http://www.cisco.com/warp/public/cc/so/neso/vpn/vpne/v3pn/index.shtml
Network World:  http://www.nwfusion.com/news/2002/0529cisco.html

I have a feeling I'm becoming a victim of a marketing department.


--
RFC 1149 Compliant




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45398&t=45398
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: voice and 802.11b [7:45342]

[Michael L. Williams]

"Steven A. Ridder"  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> You can, but there haven't been any serious QOS techniques released yet in
> the AiroNet series products yet.  The other problem is that the media
isn't
> switched, so it's basically a hub in the sky.
>
> It's a rumor/myth that voice dose't work in 802.11b. There's actucally a
> wireless 802.11b IP  phone out there by Symbol.  Anything that works in
> ethernet will work in 802.11b (except for trunking).


Check out a post just a while back about this called "Trunk across Cisco
Wireless bridge".  It seems they were doing trunking over the 802.11b...
(but he may have not mean true trunking)

Mike W.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45399&t=45342
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VOIP Interface for 3600 ...!! [7:45358]

[Michael L. Williams]

You?  A Salesman?  You had me fooled thinking you were a techie... =)

I knew someone would have the correct answer  For some reason, I was
thinking that an FXO could only handle a single call like an FXS (just
didn't supply the dial-tone, etc) but now that I'm thinking back hard to
my CVoice days, I seem to have a faint memory that both FXO and E&M are used
for such trunking =)

Mike W.

"Steven A. Ridder"  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> You got it right.  But, you can do trunking over FXO as well.  The E&M and
> FXO cards are both analog, just different signaling.  E&M is preferred.
And
> you could also use a CAS/CCS T1 card between router and PBX if more than 4
> calls may be needed at one time.
>
> And as I'm a salesman, I'd say get rid of the PBX altogether and go
CM/IPtel
> all the way!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45400&t=45358
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Tacacs Question [7:45390]

[Steve Boer]

If I'm not mistaken, this would be a "ip tacacs source-interface fast3/0".
My only $0.02 would be, wouldn't a loopback interface be more appropriate
since A) It doesn't go down and B) would be a lot easier for either ACL'ing
or firewalling since you'd have a separate subnet allocated for lo0's? Feel
free to put me in my place as this is all new to me, but if you are, please
do explain why I'm wrong.


Steve
- Original Message -
From: "Richard Tufaro" 
To: 
Sent: Wednesday, May 29, 2002 4:28 PM
Subject: Tacacs Question [7:45390]


> When configuring Cisco ACS server with a router across the WAN connected
by
> frame-relay, is there a way to tell the router to send the IP-originating
> interface as the ethernet controller? Much like when setting up syslog
> across a Frame WAN using: logging source-INTERFACE. Any ideas?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45401&t=45390
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

How to Recover PIX 520 Password [7:45402]

[Karagozian Sarkis]

We have a PIX 520 with Software Version 5.1(1)
with a 1.44M  floppy drive.
with 128M of DRAM
and 4 ethernet Ports.

Problem: I can Not recover the Enable password:

Here is what happens:
When I boot it up, It beep twice with long beeps, then another short beep.
loads up to the normal prompt PIX520>> but I am locked out and Don't know
the Enable password !!!

So I tried the CIsco "Pasword Recovery and AAA Configuration Recovery for
PIX " Document:
and I downloaded the np5.1 file (for this Rev.) and the rawrite.exe (which
creates a Pasword Lockout Utility Disk)
 
When I insert the Utility Disk into the PIX floppy (Step 4 in Cisco Doc.) and
push the Reset button on on the front of the PIX ...
it will reboot from the floppy and displays Booting Floppy
.exec flop.
but the cursor drops to the next line and hangs up there...(no more action
but the Flopy LED stays lit )

and it nerver displays "Erasing Flash Password. Please eject diskette and
reboot" - that it is puposed to do...

So I remove the Diskette and reboot the PIX, But still shows me the old
PIX520>> prompt , and I am NOT able to
get into the privilege Enable prompt#.

Does anyone know how to over come this ? 
thanks
Sarkis Karagozian
[EMAIL PROTECTED]



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45402&t=45402
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Routing Beta Exam [7:45404]

[John Danner]

I came home today to find my score report for the routing beta I took in
March in the mail.
I passed with a 846.

I hope all find their beta score reports soon!

-John


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45404&t=45404
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: telnet terminal [7:45397]

[Mike Mandulak]

Here's a link for some shareware clients,
http://cws.internet.com/telnet.html

I think the only free one there is the Hyperterm Private Edition upgrade, It
adds amongst other things TCP/IP (Winsock) support.

- Original Message -
From: ". ." 
To: 
Sent: Wednesday, May 29, 2002 5:54 PM
Subject: telnet terminal [7:45397]


> what is a popular (and free) telnet terminal for all of you using?
>
> _
> Chat with friends online, try MSN Messenger: http://messenger.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45405&t=45397
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Mail Relay [7:45144]

[SAM Meng Wai]

Hi,

To my knowledge, Mail Relay is SMTP server forwording
the email which source don't belong to its client or
domain. For example, [EMAIL PROTECTED] want to send mail to
his friend. By default, [EMAIL PROTECTED] require to specify
its STMP server under abc.com domain ie SMTP server under
abc.com domain. If [EMAIL PROTECTED] specify its SMTP server as
xxx.def.com and xxx.def.com SMTP server allow this email
to forward its to global interenet, then xxx.def.com is
doing mail relay...

In conclusion, all the email client in the world can send 
mail to their friend as long as they specific their SMTP
server as xxx.def.com...which causing spamming...
Thus, to prevent mail relay, SMTP server should check the
source domain before forwarding the email out...

Do correct me if i am wrong.
Rgds,
Sam

-Original Message-
From: Viet Tran [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 30, 2002 4:19 AM
To: [EMAIL PROTECTED]
Subject: RE: Mail Relay [7:45144]


Nobody knows ??
Can anyone tell me what is a mail relay for ??

--
In a typical mail flow, a source mail client sends
message to its mail server.  This mai server then
directs the message to its nearest mail relay, then to
next mail relay, then to the next-next ... until the
message reaches the mail server at the other end to be
delivered to the destination mail client.
--

I know it is not a Cisco issue, but for me it is
related to the fact that I am only studying cisco
stuff and therefore do not know anything about those
kind of Microsoft things.

---
Actually it's not Microsoft or whatever thing, but
should be called SMTP thing.  However, the majority of
mail relay boxes out there implement their relay job
running sendmail, an integrated GNU software found in
every Unix machine including Linux of course. 
Maintaining sendmail is challenging, but very
rewarding.  You can start by reading DNS & BIND and
Sendmail of O'Reilly, then jumping to Sendmail Theory
& Practice of someone I don't recall the name right
now.
-

Hope it helps little bit.

Regards,

Victor Tran.
Santa Clara County ISD.

__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45406&t=45144
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Recommended books for BCRAN [7:45407]

[James Branson]

Dear Friends
Would like to find out the best  way to tackle the REMOTE ACESS exam. ie
Books,Practise exams, I have used Boson for the Routing exam , what is the 
best for Remote Access ?
Sincerely
James

_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45407&t=45407
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: telnet terminal [7:45397]

[Rob Bains]

Try PuTTY and/or TeraTerm. They are both free and they both are very
easu to use.

HTH.

 > Rob

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Mike Mandulak
Sent: Wednesday, May 29, 2002 5:06 PM
To: [EMAIL PROTECTED]
Subject: Re: telnet terminal [7:45397]

Here's a link for some shareware clients,
http://cws.internet.com/telnet.html

I think the only free one there is the Hyperterm Private Edition
upgrade, It
adds amongst other things TCP/IP (Winsock) support.

- Original Message -
From: ". ." 
To: 
Sent: Wednesday, May 29, 2002 5:54 PM
Subject: telnet terminal [7:45397]


> what is a popular (and free) telnet terminal for all of you using?
>
> _
> Chat with friends online, try MSN Messenger: http://messenger.msn.com
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.363 / Virus Database: 201 - Release Date: 5/21/2002




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45408&t=45397
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: telnet terminal [7:45397]

[Lupi, Guy]

Tera Term is a good, free program.  If you don't mind spending a little
money, SecureCRT is great. 

-Original Message-
From: . .
To: [EMAIL PROTECTED]
Sent: 5/29/2002 5:54 PM
Subject: telnet terminal [7:45397]

what is a popular (and free) telnet terminal for all of you using?

_
Chat with friends online, try MSN Messenger: http://messenger.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45409&t=45397
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

re: voice and 802.11b [7:45410]

[christopher brown]

I wanted to correct one respondents in that you can Trunk over 802.11b
wireless bridges, as well as a cisco access point and a workgroup
bridge.
The latest firmware 11.10T for cisco access points do have some form of
prioritizing traffic. You can forward or discard packets based on
Ethertype,
IP Protocol, IP Port Protocol Filters. If you use Spectralink Wireless
Phones there is a predefined filter on the cisco access point SVP
(Spectralink Voice Priority) that will give priority to voice on the
access
point over other traffic types. You would also need there SVP Server
which
is used to provide QoS along with a Access Point that uses SVP
filtering.
- Original Message -
From: "Priscilla Oppenheimer" 
To: 
Sent: Wednesday, May 29, 2002 12:32 PM
Subject: Re: voice and 802.11b [7:45342]


> Yup, I was going to say the same thing about lack of QoS, etc. Really
I
> was. ;-)
>
> I would add that delay is non deterministic with 802.11b. It's carrier
> sense multiple access. Although it's also collision avoidance
(CSMA/CA),
> collisions do happen nonetheless.
>
> Voice prefers short and non-variable delay. But it would probably work
> anyway. The good news is that you're only planning to have two devices
> share the medium (air), if you plan to just use wireless between the
two
> bridges. So, the delay is somewhat less variable than it would be if
you
> were running voice with multiple devices accessing an Access Point.
>
> Priscilla
>
> At 06:14 AM 5/29/02, Steven A. Ridder wrote:
> >You can, but there haven't been any serious QOS techniques released
yet
in
> >the AiroNet series products yet.  The other problem is that the media
isn't
> >switched, so it's basically a hub in the sky.
> >
> >It's a rumor/myth that voice dose't work in 802.11b. There's
actucally a
> >wireless 802.11b IP  phone out there by Symbol.  Anything that works
in
> >ethernet will work in 802.11b (except for trunking).
> >
> >--
> >
> >RFC 1149 Compliant.
> >
> >
> >
> >""Khurrum Shahzad""  wrote in message
> >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Can we use voice through Wireless Ethernet Bridge (like cisco
Aironet )?
> >Is
> > > is possible to use voice if two cisco router having voice module
and
> >FXO/FXS
> > > are placed on two location connected through wireless bridge? I
read
that
> > > 802.11b has a drawback of lack of interoperability with voice
devies.
> > >
> > > regards
> > >
> > > --
> > > ___
> > > Sign-up for your own FREE Personalized E-mail at Mail.com
> > > http://www.mail.com/?sr=signup
> 
>
> Priscilla Oppenheimer
> http://www.priscilla.com
&i=45372&t=45342
> --
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45410&t=45410
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: V3PN's [7:45398]

[itsme]

I'm not sure about the marketing term, but this is a relativity new
VPN solution. Basically how it works is for QOS and for
MPLS VPN solutions the "tagging" bits/info are placed in
the actual IP header that traverses the Public network
AFTER the encryption. The IPSEC in GRE is mainly used for
transferring Legacy packets over IPSEC.

AES is also real new, which is the new DES which is 256 vice
3DES 168.

-TV
""Steven A. Ridder""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Does anyone know anything about the V3PN's out there that Cisco is hyping
> up?  Is it based on new technology or just marketing hype.  I saw two
things
> that caught my eye:
>
> 1.  It can pass multicast traffic via IPSec.  Is that with GRE or some new
> feature?
> 2.  It can mark voice and video once encrypted.  How?  That's pretty good
if
> true.
>
> Is this marketing or new technologies/techniques I never heard of yet?
>
> Here are some links:
>
> Cisco:
http://www.cisco.com/warp/public/cc/so/neso/vpn/vpne/v3pn/index.shtml
> Network World:  http://www.nwfusion.com/news/2002/0529cisco.html
>
> I have a feeling I'm becoming a victim of a marketing department.
>
>
> --
> RFC 1149 Compliant




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45411&t=45398
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: telnet terminal [7:45397]

[itsme]

Also has a free SSH add on.

-TV

"". .""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> what is a popular (and free) telnet terminal for all of you using?
>
> _
> Chat with friends online, try MSN Messenger: http://messenger.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45412&t=45397
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: voice and 802.11b [7:45342]

[Steven A. Ridder]

I think I was one of the people who said, yes, you can do trunking in that
post, but I later checkd with Cisco, and they said not yet.

--

RFC 1149 Compliant.



""Michael L. Williams""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> "Steven A. Ridder"  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > You can, but there haven't been any serious QOS techniques released yet
in
> > the AiroNet series products yet.  The other problem is that the media
> isn't
> > switched, so it's basically a hub in the sky.
> >
> > It's a rumor/myth that voice dose't work in 802.11b. There's actucally a
> > wireless 802.11b IP  phone out there by Symbol.  Anything that works in
> > ethernet will work in 802.11b (except for trunking).
>
>
> Check out a post just a while back about this called "Trunk across Cisco
> Wireless bridge".  It seems they were doing trunking over the 802.11b...
> (but he may have not mean true trunking)
>
> Mike W.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45414&t=45342
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VOIP Interface for 3600 ...!! [7:45358]

[Steven A. Ridder]

I wear many hats :)

--

RFC 1149 Compliant.



""Michael L. Williams""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> You?  A Salesman?  You had me fooled thinking you were a techie... =)
>
> I knew someone would have the correct answer  For some reason, I
was
> thinking that an FXO could only handle a single call like an FXS (just
> didn't supply the dial-tone, etc) but now that I'm thinking back hard
to
> my CVoice days, I seem to have a faint memory that both FXO and E&M are
used
> for such trunking =)
>
> Mike W.
>
> "Steven A. Ridder"  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > You got it right.  But, you can do trunking over FXO as well.  The E&M
and
> > FXO cards are both analog, just different signaling.  E&M is preferred.
> And
> > you could also use a CAS/CCS T1 card between router and PBX if more than
4
> > calls may be needed at one time.
> >
> > And as I'm a salesman, I'd say get rid of the PBX altogether and go
> CM/IPtel
> > all the way!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45413&t=45358
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Which WIC?????? [7:45379]

[Benjamin Pierce]

I believe the WIC1-DSU-T1 will work for what you are
trying to do.  I believe this card will handle both
T1/PRI and E1/PRI.  You may want to check with someone
to make sure though, as I live in America and do not
have much experience with E1.

Thanks,
Benjamin Pierce

--- "M.C. van den Bovenkamp"
 wrote:
> Stuart Pittwood wrote:
> 
> > I need a WIC for a Cisco 1720 series router which
> will allow me to use a
> > PRI Interface (Europe/UK).  I have been told by
> one supplier that one
> > doesn't exist and I should upgrade to a 2600 or
> 3600 (which I'm happy to
> > do if necessary) another supplier has told me that
> there is one but he
> > cannot source the part number.
> 
> As far as I can see, the first is right. There
> doesn't seem to be a PRI
> WIC. Looks like you need a 2600 and an NM-1CE1B
> (UTP) or NM-1CE1U
> (coax).
> 
> But I'm willing to be corrected :-).
> 
>   Regards,
> 
>   Marco.
[EMAIL PROTECTED]


__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45415&t=45379
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Basic ISDN BRI config needed [7:45416]

[cebuano]

Hi, group.
I've been trying to get my ISDN working using Teltone ILS-2000. Here's my
config
and some basic show output. Please tell me what I'm missing. I tried doing
the
most
basic BRI config using HDLC as pointed out in Caslow, but even that did not
work.
Basically it seems to bring up the link for a few seconds and even bri 0 1
will show as
UP/UP but I am not getting any ping replies. Any help would be greatly
appreciated.

Elmer

2503#ping 172.16.1.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:
.
Success rate is 0 percent (0/5)

2503#
04:00:33: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
04:00:53: %ISDN-6-DISCONNECT: Interface BRI0:1  disconnected from 2002 , call
lasted 20 seconds
04:00:53: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down

2503#
isdn switch-type basic-ni
!
interface BRI0
 ip address 172.16.1.1 255.255.255.0
 dialer idle-timeout 90
 dialer string 2002
 dialer load-threshold 1 outbound
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 0835866101 8358661
 isdn spid2 0835866301 8358663
 cdapi buffers regular 0
 cdapi buffers raw 0
 cdapi buffers large 0
!
ip kerberos source-interface any
ip classless
!
dialer-list 1 protocol ip permit

2503#sh isdn stat
Global ISDN Switchtype = basic-ni
ISDN BRI0 interface
dsl 0, interface ISDN Switchtype = basic-ni
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 74, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
TEI = 75, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
TEI 74, ces = 1, state = 5(init)
spid1 configured, spid1 sent, spid1 valid
Endpoint ID Info: epsf = 0, usid = 1, tid = 1
TEI 75, ces = 2, state = 5(init)
spid2 configured, spid2 sent, spid2 valid
Endpoint ID Info: epsf = 0, usid = 3, tid = 1
Layer 3 Status:
0 Active Layer 3 Call(s)
Active dsl 0 CCBs = 0
The Free Channel Mask:  0x8003
Total Allocated ISDN CCBs = 0

2503#sh dialer

BRI0 - dialer type = ISDN

Dial String  Successes   FailuresLast DNIS   Last status
2002 7  000:07:11   successful   Default
0 incoming call(s) have been screened.
0 incoming call(s) rejected for callback.

BRI0:1 - dialer type = ISDN
Idle timer (90 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is idle

BRI0:2 - dialer type = ISDN
Idle timer (90 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is idle

2503#sh int bri0
BRI0 is up, line protocol is up (spoofing)
  Hardware is BRI
  Internet address is 172.16.1.1/24
  MTU 1500 bytes, BW 64 Kbit, DLY 2 usec,
 reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation HDLC, loopback not set
  Last input 00:00:03, output 00:00:04, output hang never
  Last clearing of "show interface" counters 00:27:32
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
 Conversations  0/1/16 (active/max active/max total)
 Reserved Conversations 0/0 (allocated/max allocated)
 Available Bandwidth 48 kilobits/sec
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
 138 packets input, 799 bytes, 0 no buffer
 Received 5 broadcasts, 0 runts, 0 giants, 0 throttles
 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
 155 packets output, 846 bytes, 0 underruns
 0 output errors, 0 collisions, 0 interface resets
 0 output buffer failures, 0 output buffers swapped out
 2 carrier transitions

2516#
isdn switch-type basic-ni
!
interface BRI0
 ip address 172.16.1.2 255.255.255.0
 dialer idle-timeout 90
 dialer string 2001
 dialer load-threshold 1 outbound
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 0835866201 8358662
 isdn spid2 0835866401 8358664
 cdapi buffers regular 0
 cdapi buffers raw 0
 cdapi buffers large 0
!
ip kerberos source-interface any
ip classless
!
dialer-list 1 protocol ip permit

2516#sh isdn stat
Global ISDN Switchtype = basic-ni
ISDN BRI0 interface
dsl 0, interface ISDN Switchtype = basic-ni
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 72, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
TEI = 73, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
TEI 72, ces = 1, state = 5(init)
spid1 configured, spid1 sent, spid1 valid
Endpoint ID Info: epsf = 0, usid = 2, tid = 1
TEI 73, ces = 2, state = 5(init)
spid2 configured, spid2 sent, spid2 valid
Endpoint ID Info: epsf = 0, usid = 4, tid = 1
Layer 3 Status:
0 Active Layer 3 Call(s)
Active dsl 0 CCBs = 0
The Free Channel Mask:  0x8003
Total Allocated ISDN CCBs = 0

2516#sh dialer

BRI0 - dialer type = ISDN

Dial Str

re: voice and 802.11b [7:45417]

[christopher brown]

I have actually performed trunking over a cisco point to point bridge. I
have also configure trunking between a cisco 350 series AP and a
Workgroup bridge. This actually is working for one of my customers.
Later on in the 802.11a access points you will be able to create
seperate vlans on the ap. The access points as well as cisco bridges
will pass 802.1Q trunking. I have not tested the configuration with ISL.
- Original Message - 
From: "Steven A. Ridder" 
To: 
Sent: Wednesday, May 29, 2002 8:16 PM
Subject: Re: voice and 802.11b [7:45342]
 
> I think I was one of the people who said, yes, you can do trunking in
that
> post, but I later checkd with Cisco, and they said not yet.
> 
> --
> 
> RFC 1149 Compliant.
> 
> 
> 
> ""Michael L. Williams""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > "Steven A. Ridder"  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > You can, but there haven't been any serious QOS techniques
released yet
> in
> > > the AiroNet series products yet.  The other problem is that the
media
> > isn't
> > > switched, so it's basically a hub in the sky.
> > >
> > > It's a rumor/myth that voice dose't work in 802.11b. There's
actucally a
> > > wireless 802.11b IP  phone out there by Symbol.  Anything that
works in
> > > ethernet will work in 802.11b (except for trunking).
> >
> >
> > Check out a post just a while back about this called "Trunk across
Cisco
> > Wireless bridge".  It seems they were doing trunking over the
802.11b...
> > (but he may have not mean true trunking)
> >
> > Mike W.
&i=45414&t=45342
> --
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45417&t=45417
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Basic ISDN BRI config needed [7:45416]

[Wes Stevens]

Your dialer sting needs to be the phone number of the other teletone port. 
For the first router it should be 8358662 and 8358661 for the second router.



>From: "cebuano" 
>Reply-To: "cebuano" 
>To: [EMAIL PROTECTED]
>Subject: Basic ISDN BRI config needed [7:45416]
>Date: Wed, 29 May 2002 21:32:23 -0400
>
>Hi, group.
>I've been trying to get my ISDN working using Teltone ILS-2000. Here's my
>config
>and some basic show output. Please tell me what I'm missing. I tried doing
>the
>most
>basic BRI config using HDLC as pointed out in Caslow, but even that did not
>work.
>Basically it seems to bring up the link for a few seconds and even bri 0 1
>will show as
>UP/UP but I am not getting any ping replies. Any help would be greatly
>appreciated.
>
>Elmer
>
>2503#ping 172.16.1.2
>
>Type escape sequence to abort.
>Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:
>.
>Success rate is 0 percent (0/5)
>
>2503#
>04:00:33: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
>04:00:53: %ISDN-6-DISCONNECT: Interface BRI0:1  disconnected from 2002 , 
>call
>lasted 20 seconds
>04:00:53: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
>
>2503#
>isdn switch-type basic-ni
>!
>interface BRI0
>  ip address 172.16.1.1 255.255.255.0
>  dialer idle-timeout 90
>  dialer string 2002
>  dialer load-threshold 1 outbound
>  dialer-group 1
>  isdn switch-type basic-ni
>  isdn spid1 0835866101 8358661
>  isdn spid2 0835866301 8358663
>  cdapi buffers regular 0
>  cdapi buffers raw 0
>  cdapi buffers large 0
>!
>ip kerberos source-interface any
>ip classless
>!
>dialer-list 1 protocol ip permit
>
>2503#sh isdn stat
>Global ISDN Switchtype = basic-ni
>ISDN BRI0 interface
> dsl 0, interface ISDN Switchtype = basic-ni
> Layer 1 Status:
> ACTIVE
> Layer 2 Status:
> TEI = 74, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
> TEI = 75, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
> TEI 74, ces = 1, state = 5(init)
> spid1 configured, spid1 sent, spid1 valid
> Endpoint ID Info: epsf = 0, usid = 1, tid = 1
> TEI 75, ces = 2, state = 5(init)
> spid2 configured, spid2 sent, spid2 valid
> Endpoint ID Info: epsf = 0, usid = 3, tid = 1
> Layer 3 Status:
> 0 Active Layer 3 Call(s)
> Active dsl 0 CCBs = 0
> The Free Channel Mask:  0x8003
> Total Allocated ISDN CCBs = 0
>
>2503#sh dialer
>
>BRI0 - dialer type = ISDN
>
>Dial String  Successes   FailuresLast DNIS   Last status
>2002 7  000:07:11   successful   
>Default
>0 incoming call(s) have been screened.
>0 incoming call(s) rejected for callback.
>
>BRI0:1 - dialer type = ISDN
>Idle timer (90 secs), Fast idle timer (20 secs)
>Wait for carrier (30 secs), Re-enable (15 secs)
>Dialer state is idle
>
>BRI0:2 - dialer type = ISDN
>Idle timer (90 secs), Fast idle timer (20 secs)
>Wait for carrier (30 secs), Re-enable (15 secs)
>Dialer state is idle
>
>2503#sh int bri0
>BRI0 is up, line protocol is up (spoofing)
>   Hardware is BRI
>   Internet address is 172.16.1.1/24
>   MTU 1500 bytes, BW 64 Kbit, DLY 2 usec,
>  reliability 255/255, txload 1/255, rxload 1/255
>   Encapsulation HDLC, loopback not set
>   Last input 00:00:03, output 00:00:04, output hang never
>   Last clearing of "show interface" counters 00:27:32
>   Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
>   Queueing strategy: weighted fair
>   Output queue: 0/1000/64/0 (size/max total/threshold/drops)
>  Conversations  0/1/16 (active/max active/max total)
>  Reserved Conversations 0/0 (allocated/max allocated)
>  Available Bandwidth 48 kilobits/sec
>   5 minute input rate 0 bits/sec, 0 packets/sec
>   5 minute output rate 0 bits/sec, 0 packets/sec
>  138 packets input, 799 bytes, 0 no buffer
>  Received 5 broadcasts, 0 runts, 0 giants, 0 throttles
>  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
>  155 packets output, 846 bytes, 0 underruns
>  0 output errors, 0 collisions, 0 interface resets
>  0 output buffer failures, 0 output buffers swapped out
>  2 carrier transitions
>
>2516#
>isdn switch-type basic-ni
>!
>interface BRI0
>  ip address 172.16.1.2 255.255.255.0
>  dialer idle-timeout 90
>  dialer string 2001
>  dialer load-threshold 1 outbound
>  dialer-group 1
>  isdn switch-type basic-ni
>  isdn spid1 0835866201 8358662
>  isdn spid2 0835866401 8358664
>  cdapi buffers regular 0
>  cdapi buffers raw 0
>  cdapi buffers large 0
>!
>ip kerberos source-interface any
>ip classless
>!
>dialer-list 1 protocol ip permit
>
>2516#sh isdn stat
>Global ISDN Switchtype = basic-ni
>ISDN BRI0 interface
> dsl 0, interface ISDN Switchtype = basic-ni
> Layer 1 Status:
> ACTIVE
> Layer 2 Status:
> TEI = 72, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
> TEI = 73, Ces = 2, SAPI = 0, State = MULTIPLE_FRAM

Urgent Help Plz!!!! Mobile ARP and DLSW+ [7:45419]

[IT Guy]

GUys,

I am confused abt configuring Mobile ARPIf I want to make my users 
mobile from Vlan 10  to VLan20. Where I shud conigure  mobile ARP???on Vlan 
10 or on Vlan 20??
2nd. do we have to define any network uner ROUTER MOBILE?? or just put it.

int e0(vlan20)
ip mobile arp
ip proxy arp

router mobile


router  ospp 1
redistribute mobile


Please correct me if IM wrong.

Thkx
TOM

_
Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45419&t=45419
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIP - who is doing this one? [7:45166]

[Brian Zeitz]

I don't know anyone doing the CCIP, a few reasons. People who pass BCSN
are not going to turn around and take the same test again and pay for it
(BSCI. I know IS-IS is an extra section. If you are going to take the
time to learn IS-IS and MPLS well, just do CCIE. 

CCIP is too closely related to other certs, and it is not really well
known yet. Beside the cert, the material is not unique. Cisco should
allow people to get credit for BCSN, and take some of those electives
and make them part of the core.

If you are doing projects with MCAST+QOS and MPLS, just buy a few books
and read about it. I have not seen any demand for people with CCIP,
maybe I am not looking in the right place.

I am doing the CSS1, it is very clear with what you need to know. All 4
test are useful and clear, they do not cross over with any other tracks,
and it prepares you for the CCIE Security. Most of the stuff in this
security cert is stuff you should know anyway.

The content and cable certs look good to, but CCIP doesn't really have
any appeal to me. However, I will give a suggestion. How about
requesting another group for the specialization tracks? 

I don't think anyone will be doing it in 2005 or 2010 unless the track
is changed. It needs to be more unique. It's like they pulled a few
random topics from the CCIE (and CCNP) and made a cert out of it. I
don't think many people are buying it.

Brian MCSE, CCNP

-Original Message-
From: Tom Scott [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, May 29, 2002 4:10 PM
To: [EMAIL PROTECTED]
Subject: Re: CCIP - who is doing this one? [7:45166]

Neal Rauhauser 402-301-9555 wrote:

> I'm back to reading groupstudy after an eighteen month abscence. My
> CCNP/CCDP certs which I finished 12/2000 and 1/2001 are working
wonders
> career wise, but I am doing a lot of carrier type stuff now and I've
> lined up projects that pretty much cover the BSCI, MCAST+QoS, and MPLS
> tests for CCIP - no reason not to get it done if I am going to do the
> reading anyway.
>
>   I am curious to know the stats - how many people have completed this
> cert?

I'm sorry to see there are no responses in this thread.

Maybe that's a sign we should give up on CCIP study groups for now and
wait
till
there's more interest in it after, say, 2005 or even 2010. :-(

-- TT




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45394&t=45166
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VOIP Interface for 3600 ...!! [7:45358]

[Brad Ellis]

Gunjan,

You can use an NM-1V or NM-2V in conjunction with an FXO or E/M card
depending on your PBX config.  There are several ways of doing this.

Sounds like you need to hire a consultant to help with the design and
implementation.

thanks,
-Brad Ellis
CCIE#5796 (R&S / Security)
Network Learning Inc
[EMAIL PROTECTED]
www.optsys.net (Cisco hardware)

""Gunjan Mathur""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi All,
>
> I wanted to know the hardware requirement for enabling
> cisco router for Voice. We are planning to buy 3600
> router and I'm not sure what card I buy to enable
> this.
> We are planning to connect PBX directly to router,
> which mean VIC-2FXO is what I can think of but I could
> not understand the utility of NM-2V, are we need this
> to enable Voice over router?
> Also if get T1 line then WIC-2T will server the
> purpose or we need to buy anything else. or if we get
> DSL connection then what card I need to start with.
>
> Regards,
>
>
>
> __
> Do You Yahoo!?
> Yahoo! - Official partner of 2002 FIFA World Cup
> http://fifaworldcup.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45367&t=45358
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How to Recover PIX 520 Password [7:45402]

[Brad Ellis]

KS,

I've had similar problems with pixes.  Try using a different floppy disk.
If that doesnt work, open up the Pix and make sure the cables are connected
properly and the memory is seated correctly.  If that still doesnt work, try
replacing the DRAM (sounds strange, but bad DRAM causes interesting
problems). If that still doesnt work, try upgrading or downgrading the PIX
OS and try using the other password recovery file that goes along with that
OS. Let me know what happens.

thanks,
-Brad Ellis
CCIE#5796 (R&S / Security)
Network Learning Inc
[EMAIL PROTECTED]
www.optsys.net (Cisco hardware)

""Karagozian Sarkis""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> We have a PIX 520 with Software Version 5.1(1)
> with a 1.44M  floppy drive.
> with 128M of DRAM
> and 4 ethernet Ports.
>
> Problem: I can Not recover the Enable password:
>
> Here is what happens:
> When I boot it up, It beep twice with long beeps, then another short beep.
> loads up to the normal prompt PIX520>> but I am locked out and Don't know
> the Enable password !!!
>
> So I tried the CIsco "Pasword Recovery and AAA Configuration Recovery for
> PIX " Document:
> and I downloaded the np5.1 file (for this Rev.) and the rawrite.exe (which
> creates a Pasword Lockout Utility Disk)
>
> When I insert the Utility Disk into the PIX floppy (Step 4 in Cisco Doc.)
and
> push the Reset button on on the front of the PIX ...
> it will reboot from the floppy and displays Booting Floppy
> .exec flop.
> but the cursor drops to the next line and hangs up there...(no more action
> but the Flopy LED stays lit )
>
> and it nerver displays "Erasing Flash Password. Please eject diskette and
> reboot" - that it is puposed to do...
>
> So I remove the Diskette and reboot the PIX, But still shows me the old
> PIX520>> prompt , and I am NOT able to
> get into the privilege Enable prompt#.
>
> Does anyone know how to over come this ?
> thanks
> Sarkis Karagozian
> [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45403&t=45402
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Routing Beta Exam [7:45404]

[Michael L. Williams]

Congrats!

"John Danner"  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I came home today to find my score report for the routing beta I took in
> March in the mail.
> I passed with a 846.
>
> I hope all find their beta score reports soon!
>
> -John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45420&t=45404
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

MRTG and ISDN [7:45421]

[Mohannad Khuffash]

Dear All,
I have the MRTG since a long time worked well for monitoring my 60 remote
sites where most of them 1601 sereis routers(11.2 IOS), when i decide to
have a backup link for some sites i install BRI WIC and make the
configuration, the probem that the MTRG being confused for monitoring the
primary link which is a TDM or a RF(the ISDN is not active) , it give me
either zero traffic or a little steady traffic, where either didn't reflect
the true traffic !! Any one have an idea ?

Thanks


--







Mohannad N. Khuffash
Network Administrator
Palestine Telecommunication Company
Tel: 00972-02-2982330
Fax:00972-02-2980235




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45421&t=45421
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIP - who is doing this one? [7:45166]

[Michael L. Williams]

"Brian Zeitz"  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> It's like they pulled a few
> random topics from the CCIE (and CCNP) and made a cert out of it. I
> don't think many people are buying it.

I agree, but that wouldn't make the certification invalid as such.  Take
CCNP for example.  Since CCIE was around first, couldn't it be said that "it
looks like they took topics (routing, switch, remote access,
troubleshooting) and made a cert out of it" (CCNP).  And that would be a
(mostly) true statement.  But anyone who has done CCNP and at least the CCIE
written can testify that the depth of knowledge of the CCIE can't touch any
single CCNP exam.  I mean, CCIE written required you to know OSPF/BGP/EIGRP
but nowhere (IMHO) near the detail as the CCNP Routing exam.  Especially the
switching.  The CCIE written should challenge anyone's switching knowledge
that has passed the BCMSN exam..

Having said that, I think (although I'm not personally pursuing it) that the
CCIP, with it's focus on MCAST, QoS, and MPLS, is going to be a much more
detailed exam track similar to the way CCNP was compared to CCIE.  I think
the depth of knowledge on each subject will not be touched by that required
for CCNP/CCIE  (except the Routing CCNP exam, which as pointed out, is
virtually identical to the CCNP routing exam except for IS-IS).  I don't
think the little bit of Multicast learned in CCNP switching (which is more
than required for CCIE written, IMHO) would be adequate to pass the MCAST
exam.  Etc etc.

To summarize, I'm personally not going for CCIP, but I could see how
employers in the right environment (i.e. using MPLS, Multicast, etc) might
perfer someone with a deeper background in those topics as opposed to a CCNP
or even a CCIE..

My 2 cents.

Mike W.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45422&t=45166
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Which WIC?????? [7:45379]

[Michael L. Williams]

Although I love the WIC-1DSU-T1, it appears that it only supports up to 24
channels of 56/64Kbps per channel (T1) AFAIK, this WIC also doesn't
support ISDN.

Here's more info:

http://www.cisco.com/univercd/cc/td/doc/pcat/t1duwny1.htm

HTH,
Mike W.

"Benjamin Pierce"  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I believe the WIC1-DSU-T1 will work for what you are
> trying to do.  I believe this card will handle both
> T1/PRI and E1/PRI.  You may want to check with someone
> to make sure though, as I live in America and do not
> have much experience with E1.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45423&t=45379
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

support for X25 [7:45424]

[pankaj kulkarni]

Hi Friends,


 


I am facing certian difficulties with X.25 setup. Would appreciate tips for
the same. The details of the setup along with the router configuration is
given below:


X.25 SCENARIO


The following is the scenario that we have tested for one our customers who
is implemented his network and wants to connect on x.25


We as a Service Provider have the connectivity as the following :


1133 1026 1024 1023


R1 --R2-R3


S 0/1 s 1/6 BRI 6/2 BRI 0/1





R1 2600


R2 3662


R3 7206 (CPE)





There are 2 routers R1 and R2 at our end which are directly connected back
to back on serial. Router1s Serial is been configured for x.25 and necessary
routes have been injected to reach R2. R3 is at the customers premises which
is dialing into R2 on a BRI interface and getting connected. When R3 gets
connected to R2 at the service providers end an SVC is created, After the
creation of SVC R1 gets a path to reach R3





Problem Scenario :


R1 is able to reach R2


pad 1026 is successful


Pad 1024 gives an error





R1 is unable to reach R3


Pad 1023 gives an error





R2 is able to reach R3


Pad 1023 is successful





R2 is able to reach R1


Pad 1133 is successful





R3 is able to reach R1


Pad 1133 is successful


l


The running configs of the routers is as below





R1# show runn





service pad to-xot


service pad from-xot


service tcp-keepalives-in





x29 profile abc 1:0 2:0 3:0 4:2 5:0 6:5 7:0 8:0 9:0 10:0 12:0 13:0 14:0 15:0


16:0 17:0 18:0 19:0 20:0 22:0
Get Your Private, Free E-mail from Indiatimes at  http://email.indiatimes.com
Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from
http://www.planetm.co.in




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45424&t=45424
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIP - who is doing this one? [7:45166]

[[EMAIL PROTECTED]]

I am going to get the CCIP, only one test away BSCI and I can't pass it 
because I simply don't know IS-IS.

I am getting it just to get it.  I hope one day to get more money from it 
but I know this year I won't.

Theo






"Michael L. Williams" 
Sent by: [EMAIL PROTECTED]
05/30/2002 12:28 PM
Please respond to "Michael L. Williams"

 
To: [EMAIL PROTECTED]
cc: 
Subject:Re: CCIP - who is doing this one? [7:45166]


"Brian Zeitz"  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> It's like they pulled a few
> random topics from the CCIE (and CCNP) and made a cert out of it. I
> don't think many people are buying it.

I agree, but that wouldn't make the certification invalid as such.  Take
CCNP for example.  Since CCIE was around first, couldn't it be said that 
"it
looks like they took topics (routing, switch, remote access,
troubleshooting) and made a cert out of it" (CCNP).  And that would be a
(mostly) true statement.  But anyone who has done CCNP and at least the 
CCIE
written can testify that the depth of knowledge of the CCIE can't touch 
any
single CCNP exam.  I mean, CCIE written required you to know 
OSPF/BGP/EIGRP
but nowhere (IMHO) near the detail as the CCNP Routing exam.  Especially 
the
switching.  The CCIE written should challenge anyone's switching knowledge
that has passed the BCMSN exam..

Having said that, I think (although I'm not personally pursuing it) that 
the
CCIP, with it's focus on MCAST, QoS, and MPLS, is going to be a much more
detailed exam track similar to the way CCNP was compared to CCIE.  I think
the depth of knowledge on each subject will not be touched by that 
required
for CCNP/CCIE  (except the Routing CCNP exam, which as pointed out, is
virtually identical to the CCNP routing exam except for IS-IS).  I don't
think the little bit of Multicast learned in CCNP switching (which is more
than required for CCIE written, IMHO) would be adequate to pass the MCAST
exam.  Etc etc.

To summarize, I'm personally not going for CCIP, but I could see how
employers in the right environment (i.e. using MPLS, Multicast, etc) might
perfer someone with a deeper background in those topics as opposed to a 
CCNP
or even a CCIE..

My 2 cents.

Mike W.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45425&t=45166
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Materials on Internet. [7:45426]

[Hosui Tse]

Hello,

Besides the CISCO WebSite and this StudyGroup.  Any good site for study CCIE?
I cannot find the books that you guys said which is good for CCIE Study in
HK.
Can I find it (Soft copy) on the Net?


FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Bridging over FR subinterfaces [7:45336]

[Mohannad Khuffash]

Hello MADMAN,
The config simplely is :

LAN interface
interface FastEthernet0/1
 ip address 172.31.0.1 255.255.0.0
 duplex auto
 speed auto
 bridge-group 1
Main Interface
interface Serial2/0:0
 no ip address
 encapsulation frame-relay
 ip mroute-cache
 frame-relay lmi-type ansi
 bridge-group 1
Suninterface
interface Serial2/0:0.1 point-to-point
 bandwidth 2048
 ip address 192.168.1.17 255.255.255.252
 ip mroute-cache
 no arp frame-relay
 frame-relay interface-dlci 19

Hope that it can help ?.


--




Mohannad N. Khuffash
Network Administrator
Palestine Telecom
Tel : 00970-09-2390509
""MADMAN""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> You ae correct in that you configure your bridge group on the physical
> and subinterface.  You obviously have to configure bridging on some
> other interface like your LAN, send a copy of your config.
>
>   dave
>
> Mohannad Khuffash wrote:
> >
> > Dear Group,
> > I have a problem for implementing the bridging over the Frame Relay
> > subinterfaces, Cisco say that you should only enable the bridging over
the
> > main interface and the subinterface, i have made that but the problem
still
> > present! Any one have any idea about that.
> > Note: When i issue the show bridge group command it show me that every
> thing
> > is ok , and that the subinterfaces are in forwarding state.
> >
> > --
> >
> > Mohannad N. Khuffash
> > Network Administrator
> > Palestine Telecom
> > Tel : 00970-09-2390509
> --
> David Madland
> Sr. Network Engineer
> CCIE# 2016
> Qwest Communications Int. Inc.
> [EMAIL PROTECTED]
> 612-664-3367
>
> "Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45427&t=45336
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIP - who is doing this one? [7:45166]

[[EMAIL PROTECTED]]

"I think the depth of knowledge on each subject will not be touched by that 
required
for CCNP/CCIE..." 
Hmmph.  I have done the BSCI, but none of the other exams for the CCIP (I 
had the option of doing a freebie exam at Networkers, which is the only 
reason I did it).  The level of routing protocol knowledge required for 
BSCI was very shallow, in my opinion.  I haven't done the BSCN, either (I 
did ACRC a few years ago), so I don't know how the BSCI compares to BSCN, 
but the BSCI required *far* less detailed knowledge than the ACRC did. 
I hope that the BSCN requires more routing knowledge than the BSCI, 
because if not, I reckon the CCNP is going towards a cornflakes cert (or 
maybe I just struck the easy BSCI questions). 

JMcL
- Forwarded by Jenny Mcleod/NSO/CSDA on 30/05/2002 04:12 pm -


"Michael L. Williams" 
Sent by: [EMAIL PROTECTED]
30/05/2002 01:28 pm
Please respond to "Michael L. Williams"

 
To: [EMAIL PROTECTED]
cc: 
Subject:Re: CCIP - who is doing this one? [7:45166]
Is this part of a business decision process?: 


"Brian Zeitz"  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> It's like they pulled a few
> random topics from the CCIE (and CCNP) and made a cert out of it. I
> don't think many people are buying it.

I agree, but that wouldn't make the certification invalid as such.  Take
CCNP for example.  Since CCIE was around first, couldn't it be said that 
"it
looks like they took topics (routing, switch, remote access,
troubleshooting) and made a cert out of it" (CCNP).  And that would be a
(mostly) true statement.  But anyone who has done CCNP and at least the 
CCIE
written can testify that the depth of knowledge of the CCIE can't touch 
any
single CCNP exam.  I mean, CCIE written required you to know 
OSPF/BGP/EIGRP
but nowhere (IMHO) near the detail as the CCNP Routing exam.  Especially 
the
switching.  The CCIE written should challenge anyone's switching knowledge
that has passed the BCMSN exam..

Having said that, I think (although I'm not personally pursuing it) that 
the
CCIP, with it's focus on MCAST, QoS, and MPLS, is going to be a much more
detailed exam track similar to the way CCNP was compared to CCIE.  I think
the depth of knowledge on each subject will not be touched by that 
required
for CCNP/CCIE  (except the Routing CCNP exam, which as pointed out, is
virtually identical to the CCNP routing exam except for IS-IS).  I don't
think the little bit of Multicast learned in CCNP switching (which is more
than required for CCIE written, IMHO) would be adequate to pass the MCAST
exam.  Etc etc.

To summarize, I'm personally not going for CCIP, but I could see how
employers in the right environment (i.e. using MPLS, Multicast, etc) might
perfer someone with a deeper background in those topics as opposed to a 
CCNP
or even a CCIE..

My 2 cents.

Mike W.
Important:  This e-mail is intended for the use of the addressee and may
contain information that is confidential, commercially valuable or subject
to legal or parliamentary privilege.  If you are not the intended recipient
you are notified that any review, re-transmission, disclosure, use or
dissemination of this communication is strictly prohibited by several
Commonwealth Acts of Parliament.  If you have received this communication in
error please notify the sender immediately and delete all copies of this
transmission together with any attachments.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45430&t=45166
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Tacacs Question [7:45390]

[Keyur Shah]

Try global config command,

ip tacacs source-interface 

-Keyur Shah-
CCIE# 4799 (Security; Routing and Switching)
CISSP,ccsa,css1,scsa,scna,mct,mcse,cni,mcne
Hello Computers
"Say Hello to Your Future!"
http://www.hellocomputers.com
Toll-Free: 1.877.794.3556 


-Original Message-
From: Richard Tufaro [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, May 29, 2002 1:29 PM
To: [EMAIL PROTECTED]
Subject: Tacacs Question [7:45390]


When configuring Cisco ACS server with a router across the WAN connected by
frame-relay, is there a way to tell the router to send the IP-originating
interface as the ethernet controller? Much like when setting up syslog
across a Frame WAN using: logging source-INTERFACE. Any ideas?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45431&t=45390
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]