2v Voice card [7:45747]

[Amir Aziz]

Hello Everyone,

I am having problems with my Cisco router the router fails to recognise the
card and the "en" light intially shows red when the router boots then it
turns
off and remains off and the FXO and FXS card red lights remain lit. my IOS
version is as follows

Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3620-I-M), Version 12.0(7), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Thu 14-Oct-99 14:26 by phanguye

Kindly inform if it has to do with IOS or my card is faulty. any help will be
apprciated

Regards,
Amir Aziz




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45747&t=45747
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: show version? [7:45730]

[Mark Odette II]

Not that I really care, but... it's Mark, not Mike, just for
clarification sake :)


(Big Grin and Smirk)

It's late (1:45am)... and I need to get to bed, rather than trying to
catch up on the last 3 days-worth of posts. (I participate on the list
the same way Priscilla does... via SMTP ;-) )



And, yes Brian, it is a seemingly necessary step in asset management...
but try reminding the guy/gal that got put on the project to order such
items, and then they got excited 'cuz they also got to do the
programming and with all their excitement and focus on making sure
they programmed the Router/Switch correctly, they let the simple things
slip their mind before powering down and sending it out the door to the
remote location

... this also applies to the more seasoned lads and gents that are
simply under a time crunch, and also forget the simple things... much
ado to that situation of the silly Router won't come up, and they swear
they configured everything correctly little to their surprise, when
they were finally able to get console access to the unit, they exclaimed
" DOH! ... Helps to No Shut the Damned Interface before the Wr Mem,
power-down, and shipment!"


Mark

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, June 04, 2002 1:03 AM
To: [EMAIL PROTECTED]
Subject: Re: show version? [7:45730]

Yeah but if you need to know the serial number for some reason and you 
don't have access to records, Mike's comments really do the trick.





"Brian" 
Sent by: [EMAIL PROTECTED]
06/04/2002 02:37 PM
Please respond to "Brian"

 
To: [EMAIL PROTECTED]
cc: 
Subject:Re: show version? [7:45730]


Isn't this asset management, a seemingly necessary thing for a company
to
do?

order the router
receive the router
record serial number(s) for asset/finance folks
install the router

Brian

- Original Message -
From: "Mark Odette II"
To:
Sent: Monday, June 03, 2002 10:04 PM
Subject: RE: show version? [7:45730]


> You are correct the only way to have the serial number of the
> chassis in the startup-config of the router is to put it there under
the
> one of the Banners, or in the description of one of the interfaces.
> This obviously requires planning ahead. :)
>
> Until then, its called " Pick Up the phone, ask someone to go to the
> router, and write down the number on the sticker... possibly starting
> with JAB..., then have them call you back with that info... and then
put
> it in the router remotely so you don't forget it again." :)
>
> Mark
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf
Of
> Kaminski, Shawn G
> Sent: Monday, June 03, 2002 11:15 PM
> To: [EMAIL PROTECTED]
> Subject: RE: show version? [7:45730]
>
> If I remember correctly from a previous discussion on this list, there
> is no
> way to get the serial number of the router (possibly an exception with
> the
> 12000 series). You have to look at the outside of the router. The
"show
> diag" command will show serial numbers of the router motherboard and
> installed cards, but not the serial number of the router itself.
Someone
> please correct me if I'm wrong.
>
> Shawn K.
>
> > -Original Message-
> > From: ipguru1 [SMTP:[EMAIL PROTECTED]]
> > Sent: Monday, June 03, 2002 9:22 PM
> > To: [EMAIL PROTECTED]
> > Subject: show version? [7:45730]
> >
> > Is there a command to get the serial number of the router?  I did a
> > search on serial number on cisco.com and you can imagine what comes
up
> > when you type 'serial' in the search!!!
> >
> > Thanks,
> >
> > bk




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45746&t=45730
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: show version? [7:45730]

[[EMAIL PROTECTED]]

Yeah but if you need to know the serial number for some reason and you 
don't have access to records, Mike's comments really do the trick.





"Brian" 
Sent by: [EMAIL PROTECTED]
06/04/2002 02:37 PM
Please respond to "Brian"

 
To: [EMAIL PROTECTED]
cc: 
Subject:Re: show version? [7:45730]


Isn't this asset management, a seemingly necessary thing for a company to
do?

order the router
receive the router
record serial number(s) for asset/finance folks
install the router

Brian

- Original Message -
From: "Mark Odette II"
To:
Sent: Monday, June 03, 2002 10:04 PM
Subject: RE: show version? [7:45730]


> You are correct the only way to have the serial number of the
> chassis in the startup-config of the router is to put it there under the
> one of the Banners, or in the description of one of the interfaces.
> This obviously requires planning ahead. :)
>
> Until then, its called " Pick Up the phone, ask someone to go to the
> router, and write down the number on the sticker... possibly starting
> with JAB..., then have them call you back with that info... and then put
> it in the router remotely so you don't forget it again." :)
>
> Mark
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> Kaminski, Shawn G
> Sent: Monday, June 03, 2002 11:15 PM
> To: [EMAIL PROTECTED]
> Subject: RE: show version? [7:45730]
>
> If I remember correctly from a previous discussion on this list, there
> is no
> way to get the serial number of the router (possibly an exception with
> the
> 12000 series). You have to look at the outside of the router. The "show
> diag" command will show serial numbers of the router motherboard and
> installed cards, but not the serial number of the router itself. Someone
> please correct me if I'm wrong.
>
> Shawn K.
>
> > -Original Message-
> > From: ipguru1 [SMTP:[EMAIL PROTECTED]]
> > Sent: Monday, June 03, 2002 9:22 PM
> > To: [EMAIL PROTECTED]
> > Subject: show version? [7:45730]
> >
> > Is there a command to get the serial number of the router?  I did a
> > search on serial number on cisco.com and you can imagine what comes up
> > when you type 'serial' in the search!!!
> >
> > Thanks,
> >
> > bk




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45744&t=45730
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: show version? [7:45730]

[Brian]

Isn't this asset management, a seemingly necessary thing for a company to
do?

order the router
receive the router
record serial number(s) for asset/finance folks
install the router

Brian

- Original Message -
From: "Mark Odette II" 
To: 
Sent: Monday, June 03, 2002 10:04 PM
Subject: RE: show version? [7:45730]


> You are correct the only way to have the serial number of the
> chassis in the startup-config of the router is to put it there under the
> one of the Banners, or in the description of one of the interfaces.
> This obviously requires planning ahead. :)
>
> Until then, its called " Pick Up the phone, ask someone to go to the
> router, and write down the number on the sticker... possibly starting
> with JAB..., then have them call you back with that info... and then put
> it in the router remotely so you don't forget it again." :)
>
> Mark
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> Kaminski, Shawn G
> Sent: Monday, June 03, 2002 11:15 PM
> To: [EMAIL PROTECTED]
> Subject: RE: show version? [7:45730]
>
> If I remember correctly from a previous discussion on this list, there
> is no
> way to get the serial number of the router (possibly an exception with
> the
> 12000 series). You have to look at the outside of the router. The "show
> diag" command will show serial numbers of the router motherboard and
> installed cards, but not the serial number of the router itself. Someone
> please correct me if I'm wrong.
>
> Shawn K.
>
> > -Original Message-
> > From: ipguru1 [SMTP:[EMAIL PROTECTED]]
> > Sent: Monday, June 03, 2002 9:22 PM
> > To: [EMAIL PROTECTED]
> > Subject: show version? [7:45730]
> >
> > Is there a command to get the serial number of the router?  I did a
> > search on serial number on cisco.com and you can imagine what comes up
> > when you type 'serial' in the search!!!
> >
> > Thanks,
> >
> > bk




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45743&t=45730
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: show version? [7:45730]

[[EMAIL PROTECTED]]

I am looking for a way too.  I did sh tec and looked at it a few times and 
didn't see a serial number at all.

I have no idea  how to get this from the CLI.

Comments?






"Kaminski, Shawn G" 
Sent by: [EMAIL PROTECTED]
06/04/2002 01:14 PM
Please respond to "Kaminski, Shawn G"

 
To: [EMAIL PROTECTED]
cc: 
Subject:RE: show version? [7:45730]


If I remember correctly from a previous discussion on this list, there is 
no
way to get the serial number of the router (possibly an exception with the
12000 series). You have to look at the outside of the router. The "show
diag" command will show serial numbers of the router motherboard and
installed cards, but not the serial number of the router itself. Someone
please correct me if I'm wrong.

Shawn K.

> -Original Message-
> From: ipguru1 [SMTP:[EMAIL PROTECTED]]
> Sent: Monday, June 03, 2002 9:22 PM
> To:   [EMAIL PROTECTED]
> Subject:  show version? [7:45730]
>
> Is there a command to get the serial number of the router?  I did a
> search on serial number on cisco.com and you can imagine what comes up
> when you type 'serial' in the search!!!
>
> Thanks,
>
> bk




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45740&t=45730
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CAT 5000 simulator for BCMSN [7:45735]

[[EMAIL PROTECTED]]

Cisco's LAN Switching simulator should do.  I though it was confusing at 
first but it is doable.

Theo







"Hitesh Pathak R" 
Sent by: [EMAIL PROTECTED]
06/04/2002 12:05 PM
Please respond to "Hitesh Pathak R"

 
To: [EMAIL PROTECTED]
cc: 
Subject:CAT 5000 simulator for BCMSN [7:45735]


Dear Group

I remember there was some url posted for cat 5000 command simulator. I am
preparing for my BCMSN. Would anybody be able to help me .

Many thanks
Hitesh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45742&t=45735
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: show version? [7:45730]

[Mark Odette II]

You are correct the only way to have the serial number of the
chassis in the startup-config of the router is to put it there under the
one of the Banners, or in the description of one of the interfaces.
This obviously requires planning ahead. :)

Until then, its called " Pick Up the phone, ask someone to go to the
router, and write down the number on the sticker... possibly starting
with JAB..., then have them call you back with that info... and then put
it in the router remotely so you don't forget it again." :)

Mark

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Kaminski, Shawn G
Sent: Monday, June 03, 2002 11:15 PM
To: [EMAIL PROTECTED]
Subject: RE: show version? [7:45730]

If I remember correctly from a previous discussion on this list, there
is no
way to get the serial number of the router (possibly an exception with
the
12000 series). You have to look at the outside of the router. The "show
diag" command will show serial numbers of the router motherboard and
installed cards, but not the serial number of the router itself. Someone
please correct me if I'm wrong.

Shawn K. 

> -Original Message-
> From: ipguru1 [SMTP:[EMAIL PROTECTED]]
> Sent: Monday, June 03, 2002 9:22 PM
> To:   [EMAIL PROTECTED]
> Subject:  show version? [7:45730]
> 
> Is there a command to get the serial number of the router?  I did a
> search on serial number on cisco.com and you can imagine what comes up
> when you type 'serial' in the search!!!
> 
> Thanks,
> 
> bk




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45741&t=45730
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Off Topic - inauspicious beginning [7:45592]

[Chuck Larrieu]

haven't looked lately. In general, you can take the lab six months from now,
or you can take it tomorrow. I.e. there are always last minute
cancellations, so you can get in with very short notice. Otherwise, the wait
list is about 4 months

I picked December for a particular reason, or actually a couple of
particular reasons. I postponed from my scheduled June date.

Best wishes.

Chuck


- Original Message -
From: "Jay" 
To: 
Sent: Monday, 03 June, 2002 5:20 PM
Subject: RE: Off Topic - inauspicious beginning [7:45592]


> Hey out of curiosity,  is december the soonest you can get in to the lab
> now?  How long is the wait list?
>
> >
> >
> > Not worth dragging this one out much longer.
> >
> > the router model is 36xx, which alone should be a big clue. the router
is
> > situated so I can easily get to the serial ports, leaving the aux and
con
> > ports up against the wall, so I have to reach behind, feel around with
my
> > fingers, find the port, and fumble around some more to plug in. all
other
> > models I have worked with have the con and aux port on the same side of
the
> > box as the data ports. I guess the last time I used it I was fooling
around
> > with aux port settings. it just never occurred to me that I was in the
aux.
> >
> > DOH!
> >
> > On the other hand, all was not lost. I've had a good time simulating my
> > customer network, checking out my policy routing etc. interesting
design. on
> > the clever side if I do say so myself. works like a charm, which means
the
> > implementation people either aren't getting it, or the vlans are not
> > configured correctly on the switch. more on that another time.
> >
> > Chuck
> > 182 and counting down.
> >
> > ""Kaminski, Shawn G""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Out of curiosity, what model router is the frame switch?
> > >
> > > Shawn K.
> > >
> > > > -Original Message-
> > > > From: Chuck [SMTP:[EMAIL PROTECTED]]
> > > > Sent: Saturday, June 01, 2002 2:32 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Off Topic - inauspicious beginning [7:45592]
> > > >
> > > > 183 days and counting. like the Flying Dutchman,  I'll pass the Lab
> > if...
> > > > nope - better not make that threat. you never can tell..
> > > >
> > > > actually, the gods of the Lab have already started with me.
> > > >
> > > > I haven't had the routers on in quite a few weeks. Been busy at
> > > > work.
> > Had
> > > > some big projects to keep me out of my own lab for a while.
> > > >
> > > > So I have a customer network that I need to clean up a few things
> > > > on. I set up a model in my own lab, cable everything up to emulate
> > > > the customer's situation, and begin. First step - configure the
> > > > frame relay switch.
> > > >
> > > > try to get into enable mode. Keep getting asked for a password.
> > > > Rats!
> > What
> > > > is the enable password? I try the usual suspects, and come up empty.
> > > >
> > > > no problem. I'll just do a quick password recovery. I do a search on
> > CCO,
> > > > quickly locate the procedure, and begin...
> > > >
> > > > power off. power on. control break. no luck - the router just boots
> > > > as normal.
> > > >
> > > > hhm I've done recoveries before. no biggie. why am I
> > > > having the problem?
> > > >
> > > > Now I know the smart guys among you will tell me it's because I use
> > hyper
> > > > terminal. so I close HT, and load up my copy of Tera Term. repeat
> > > > the power off power on sequence, try alt b, and no luck. the router
> > > > loads as
> > usual.
> > > >
> > > > now I'm panicking. I have been trying this via my term server. I go
> > > > directly into the router, replacing the term server cable with a
> > > > direct
> > connection.
> > > >
> > > > still no luck. alt b with Tera term, control break with hyper term.
> > > > the router still loads as normal.
> > > >
> > > > Well, I've figured out the problem. I've gotten into the router. I'm
> > > > happily working on my customer simulation. the frame switch is
> > > > configured as I wish.
> > > >
> > > > the question to all of you - what was the problem? what was the
> > solution?
> > > >
> > > > regards
> > > >
> > > > Chuck
> > > > December 2 - 183 days and counting
> > > > the gods of the Lab permitting ;->




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45739&t=45592
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CAT 5000 simulator for BCMSN [7:45735]

[Kaminski, Shawn G]

I believe it was Ole Drews Jensen's site, www.routerchief.com , that had
this Cat 5000 simulator.
Shawn K.


> -Original Message-
> From: Hitesh Pathak R [SMTP:[EMAIL PROTECTED]]
> Sent: Monday, June 03, 2002 11:06 PM
> To:   [EMAIL PROTECTED]
> Subject:  CAT 5000 simulator for BCMSN [7:45735]
> 
> Dear Group
> 
> I remember there was some url posted for cat 5000 command simulator. I am
> preparing for my BCMSN. Would anybody be able to help me .
> 
> Many thanks
> Hitesh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45738&t=45735
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: show version? [7:45730]

[Kaminski, Shawn G]

If I remember correctly from a previous discussion on this list, there is no
way to get the serial number of the router (possibly an exception with the
12000 series). You have to look at the outside of the router. The "show
diag" command will show serial numbers of the router motherboard and
installed cards, but not the serial number of the router itself. Someone
please correct me if I'm wrong.

Shawn K. 

> -Original Message-
> From: ipguru1 [SMTP:[EMAIL PROTECTED]]
> Sent: Monday, June 03, 2002 9:22 PM
> To:   [EMAIL PROTECTED]
> Subject:  show version? [7:45730]
> 
> Is there a command to get the serial number of the router?  I did a
> search on serial number on cisco.com and you can imagine what comes up
> when you type 'serial' in the search!!!
> 
> Thanks,
> 
> bk




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45737&t=45730
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CAT 5000 simulator for BCMSN [7:45735]

[Hitesh Pathak R]

Dear Group

I remember there was some url posted for cat 5000 command simulator. I am
preparing for my BCMSN. Would anybody be able to help me .

Many thanks
Hitesh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45735&t=45735
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: static route for port 21 [7:45682]

[Priscilla Oppenheimer]

And that doesn't even get into the issues of security and FTP. (I wonder if 
anyone is using WebDAV yet? Apple is pushing it. WebDAV, from what I 
understand, is for updating Web sites. It isn't really a general 
replacement for FTP, but it can be used in a lot of cases instead of FTP.)

I like the word "ephemeral." It means short-lived. It helps you understand 
that these ports are used for connections that get opened when needed, as 
opposed to a port that a server that runs a service keeps open all the time.

Not to be confused with this other categorization of port numbers:

1. Well-known port numbers are used to identify standard services that run 
above TCP (or UDP), including HTTP, Telnet, SMTP, and so on. Well-known 
port numbers are 0 to 1,023.
2. Registered port numbers identify an application that has been registered 
with the Internet Assigned Numbers Assigned Numbers Authority (IANA). 
Registered port numbers are 1,024 to 49,151.
3. Private port numbers are unregistered and can be dynamically assigned to 
any application. Private port numbers are 49,152 to 65,535.

The registered port numbers have fallen prey to the second law of 
thermodynamics, however. (Increasing chaos in the universe.) You will see 
them get used in an ephemeral manner in situations that have nothing to do 
with their registered meaning.

I cut and paste the FTP steps from my new book. (You all keep giving me 
chances to talk about it. ;-) There's more info about it here:

http://www.troubleshootingnetworks.com/

Thanks

Priscilla

At 05:06 PM 6/3/02, John Dorffler wrote:
>Way off topic:
>
>1. Priscilla mentions ephemeral ports at the end of this post. I just saw
>"Scanners" this weekend and the drug they use to give people wacky
>telepathic powers was "ephemerol". Apparently it gives you the ability to
>make people's heads explode, just like networking can at times!
>
>2. Priscilla, please tell me you cut and paste that stuff from somewhere and
>don't just reel it off from memory (e.g. the 10-step FTP process below). If
>you do reel it off from memory, do you use some herbal memory supplement or
>something?
>
>-John
>
>
>""Priscilla Oppenheimer""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Although I can't answer your question, I can tell you how FTP works and
> > maybe that will help. I can believe that it has problems in your
>situation!
> > ;-)
> >
> > FTP does not use both TCP and UDP. It does, however, open multiple TCP
> > connections.
> >
> > Assuming you are using Active (non-passive, aka PORT mode), here's what
> > happens:
> >
> > 1. The client sends a TCP SYN to the well-known FTP control port (port
21)
> > on the server. The client uses an ephemeral (short-lived, not well-known,
> > greater than 1024) port as its source port.
> > 2. The server sends the client a SYN ACK from port 21 to the ephemeral
>port
> > on the client.
> > 3. The client sends an ACK. The client uses this connection to send FTP
> > commands and the server uses this connection to send FTP replies.
> > 4. When the user requests a directory listing or initiates the sending or
> > receiving of a file, the client software sends a PORT command that
>includes
> > an ephemeral port number that the client wishes the server to use when
> > opening the data connection. The PORT command also includes an IP
address,
> > which is usually the client's own IP address, although FTP also supports
a
> > third-party mode where a client can tell a server to send a file to a
> > different host. (Third-party mode is rarely used.)
> > 5. The server sends a SYN from port 20 to the client's ephemeral port
> > number, which was provided to the server in the client's PORT command.
> > 6. The client sends a SYN ACK from its ephemeral port to port 20.
> > 7. The server sends an ACK.
> > 8. The host that is sending data uses this new connection to send the
data
> > in TCP segments, which the other host ACKs. (With some commands, such as
> > STOR, the client sends data. With other commands, such as RETR, the
server
> > sends data.)
> > 9. After the data transfer is complete, the host sending data closes the
> > data connection with a FIN, which the other host ACKs. The other host
also
> > sends its own FIN, which the sending host ACKs.
> > 10. The client can send more commands on the control connection, which
may
> > cause additional data connections to be opened and then closed. At some
> > point, when the user is finished, the client closes the control
connection
> > with a FIN. The server ACKs the client's FIN. The server also sends its
>own
> > FIN, which the client ACKs.
> >
> > Notice that an additional command (DIR, in your example) opens another
>data
> > connection. (In Active mode, these data connections come from the
server's
> > port 20.)
> >
> > Now, if you're using Passive mode, the client opens the data connection,
> > from an ephemeral port to an ephemeral port on the server. Here are the
> > steps:
> >
> > 1. The client sends a 

Re: static route for port 21-theory rules. [7:45682]

[Carroll Kong]

I am going to take a wild guess at how she "memorized" it, because I do not
think she memorized it, nor copied and pasted it from somewhere.  She
probably derived it, and possibly cut and paste it from
there.  At least that is what I would do.
Not sure if you said the last line in jest, but here is my take on just in
case you were serious.

My guess is all she needed to know is, the theory.  Yes, if you learn the
theory, holy moly, you do not have to memorize every little detail.  Why? 
Because, she only needs to know 3 basic theories.

Passive FTP
Active FTP
Basic TCP/IP (yes, the one thing that everyone seems to put on their resume,
but knows squat about).

Basic TCP/IP handles the concept of the different ports.  FTP being a
befangled protocol from heck, will have the listening port either be on the
client or server. This of course, just creates "wonderful" scenarios for
firewalls that do not have some kind of "proxy" like feature.  I leave that
as an exercise for the reader.

I hope this post does not come off as trying to downplay Priscilla.  I am
not trying to downplay Priscilla, I think she rocks the casbah!  :)  Just
saying that, a little bit of theory goes a long long long long way if you
know how to apply it.  And that, in my opinion, is infinitely better than
any amount of raw memorization.  (same as the teach someone to fish instead
of giving him fish statement).  It is unfortunate that theory has been
downplayed as the "oh I know the theory, but I do not know how it reallly
works" (that just reeks of an oxymoron to me in so many ways).

Read some RFCs on how the FTP protocol is meant to work and the two
different forms of how FTP will transfer data.  Also, learn how basic TCP/IP
works.  SYN, SYN+ACK, ACK, RST, FINs, ephermal ports, well-
known ports, that should be as clear to you as your native language if you
know how TCP/IP works.  I did not mean to be offensive, I mean to be as
helpful as possible!  Good luck!

> Way off topic:
> 
> 1. Priscilla mentions ephemeral ports at the end of this post. I just
> saw "Scanners" this weekend and the drug they use to give people wacky
> telepathic powers was "ephemerol". Apparently it gives you the ability
> to make people's heads explode, just like networking can at times!
> 
> 2. Priscilla, please tell me you cut and paste that stuff from
> somewhere and don't just reel it off from memory (e.g. the 10-step FTP
> process below). If you do reel it off from memory, do you use some
> herbal memory supplement or something?
> 
> -John
> 
> 
> ""Priscilla Oppenheimer""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Although I can't answer your question, I can tell you how FTP works
> > and maybe that will help. I can believe that it has problems in your
> situation!
> > ;-)
> >
> > FTP does not use both TCP and UDP. It does, however, open multiple
> > TCP connections.
> >
> > Assuming you are using Active (non-passive, aka PORT mode), here's
> > what happens:
> >
> > 1. The client sends a TCP SYN to the well-known FTP control port
> > (port 21) on the server. The client uses an ephemeral (short-lived,
> > not well-known, greater than 1024) port as its source port. 2. The
> > server sends the client a SYN ACK from port 21 to the ephemeral
> port
> > on the client.
> > 3. The client sends an ACK. The client uses this connection to send
> > FTP commands and the server uses this connection to send FTP
> > replies. 4. When the user requests a directory listing or initiates
> > the sending or receiving of a file, the client software sends a PORT
> > command that
> includes
> > an ephemeral port number that the client wishes the server to use
> > when opening the data connection. The PORT command also includes an
> > IP address, which is usually the client's own IP address, although
> > FTP also supports a third-party mode where a client can tell a
> > server to send a file to a different host. (Third-party mode is
> > rarely used.) 5. The server sends a SYN from port 20 to the client's
> > ephemeral port number, which was provided to the server in the
> > client's PORT command. 6. The client sends a SYN ACK from its
> > ephemeral port to port 20. 7. The server sends an ACK. 8. The host
> > that is sending data uses this new connection to send the data in
> > TCP segments, which the other host ACKs. (With some commands, such
> > as STOR, the client sends data. With other commands, such as RETR,
> > the server sends data.) 9. After the data transfer is complete, the
> > host sending data closes the data connection with a FIN, which the
> > other host ACKs. The other host also sends its own FIN, which the
> > sending host ACKs. 10. The client can send more commands on the
> > control connection, which may cause additional data connections to
> > be opened and then closed. At some point, when the user is finished,
> > the client closes the control connection with a FIN. The server ACKs
> > the client's FIN. The server also send

Re: CSS Question [7:45713]

[Elijah Savage]

Not trying to be a jerk here but if you are making reference to the
circuits that are built on the css no they do not support secondary ip
addresses in my experience with them. You actually build the circuit then
apply that interface to the virtual circuits. I am not sure how you assign
a ip address or a secondary ip address for that matter directly to a
ethernet interface.
If someone know different please help me out here :)



> Dear All,
>
> Does a CSS supports secondary ip address on any of its Ethernet
> interfaces like a router ?
>
> Thanks in Advance.
>
> Regards,
>
> Zahid
> Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45722&t=45713
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: static route for port 21 [7:45682]

[Daniel Cotts]

Time to restart the blueberry thread.

> -Original Message-
> From: John Dorffler [mailto:[EMAIL PROTECTED]]
 do you use some herbal memory 
> supplement or
> something?
> 
> -John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45712&t=45682
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN Overhead [7:45719]

[Elijah Savage]

We have 2 3030 concentrators setup in a load balancing fashion and it
works very well. We have rolled this out to about 3000 users and have done
all types of testing with different applications and different types of
access. Over dialup we notice that there is about 12% overhead with the
cisco vpn client, with broadband it makes less of an impact. We noticed on
broadband that it was about 7% on dsl and about 5% on cable access. Hope
that helps out.
> We are currently using a VPN provider to get into the network but want
> to take more control and bring it in house. I did some testing though
> and found that the VPN was adding about 27% overhead compared to
> bypassing VPN and going direct to a server.
>
> I'm wondering if others have done testing and what were your results.
> We are currently using V-One but I will be looking at Cisco's solution.
> Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45723&t=45719
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Security hazard?? [7:45731]

[[EMAIL PROTECTED]]

Could you explain this a bit more.

I two just implemented a network somewhat like this.  I had 2 7206VXRs 
each connected to 1 PIX 535 each which were then connected to 2 6509s with 
IDS.  All running 1000FX

In my current implementation of the same network I have replaced the 
7206VXRs and 6509s with Foundry ServerIrons using Span with ISS RealSecure 
for the IDS running 100BaseT.  I haven't had any VLAN issues thus far. Let 
me guess, you are using the 6808s for FW loadbalancing right?  If yes, 
that is a great design if the customer will pay for it.  Highly scalable 
and there are all sorts of cool things you can do with it.

I can't see a security problem as long as you properly secure the machines 
ie disable unused ports physically if possible, don't insert a GBIC card, 
shut down unnecessary services on the router and switch and secure the 
VLAN.  I would be interested in what your uppers are concerned about for 
my own designs. 

You are right that is should be platform independent.  Of course people 
are going to say that each vendor is different requiring a different 
approach in security but I know you were not born yesterday so you are 
probably taking care of that :-)

Theo CISSP
CSS1








"ipguru1" 
Sent by: [EMAIL PROTECTED]
06/04/2002 10:30 AM
Please respond to "ipguru1"

 
To: [EMAIL PROTECTED]
cc: 
Subject:Security hazard?? [7:45731]


All,

We have two 3640's and two Extreme Black Diamond 6808's (aka 6509's).
The two 3640's are doing IBGP between them on each of their eth0's.  I
have created a vlan on the Extremes called 'unsecure'(there are only 2
ports on each Extreme in this vlan... one coming in from the 3640 and
the other going into the firewall).  I am getting some complaints from
the 'uppers' that bringing the 3640's into the Extreme's is a security
hazard.

I am sure someone is now working on a way to hack from one vlan to the
next, but for now, I don't see the difference between putting a hub in
there and using a couple of ports on these monster
'almost-never-go-down' switches.  I just don't want another unmanaged
piece of equipment in the flow.

Has anyone ever heard of this being a leak.  I worked in a datacenter
before and this is what we did with 6509's and we didn't blink!  I know
these are Extreme switches... which is probably taboo in the group, but
I am pretty sure this would be platform independent... right

Thanks,

bk




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45734&t=45731
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Haven't seen this lately..."A Guide to MPLS Terminology" [7:45733]

[Howard C. Berkowitz]

At 9:06 PM -0400 6/3/02, dre wrote:
>""Howard C. Berkowitz""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>>  My Product Line needs a new Story.
>>
>>  Label:
>>  Stuff you stick to the front of your box for product identification.
>
>Compare the new Cisco Press title (from http://www.ciscopress.com/):
>
>Traffic Engineering with MPLS
>Authors: Eric Osborne, Ajay Simha
>Available: July 15, 2002
>ISBN: 1587050315
>Pages: 724
>
>Hard to find information on how to use MPLS traffic engineering to
>optimize network bandwidth, save on network cost, and improve
>customer satisfaction
>
>With operator experience (from http://www.nanog.org):
>
>How the network would behave without MPLS
>
>WANDL simulations show that there would be no congestion in the
>network based on IGP TE with IS-IS, so MPLS is not needed today
>for TE.
>
>Bandwidth reservations for MPLS-based VPNs would not be as
>meaningful with large amounts of native IP traffic on backbone trunks.
>
>http://www.nanog.org/mtg-0202/ppt/siegel/sld031.htm
>

I agree that MPLS is not necessary for QoS if you have TE-aware 
routing protocols. There remain potential advantages to using MPLS, 
such as the various recovery and bundling mechanisms: 
http://www.ietf.org/internet-drafts/draft-ietf-mpls-recovery-frmwrk-04.txt
http://www.ietf.org/internet-drafts/draft-ietf-mpls-ldp-ft-02.txt
http://www.ietf.org/internet-drafts/draft-ietf-mpls-lsp-ping-00.txt
http://www.ietf.org/internet-drafts/draft-ietf-mpls-rsvp-lsp-fastreroute-00.txt
http://www.ietf.org/internet-drafts/draft-ietf-mpls-bundle-03.txt

The GMPLS extensions also provide a clean interface to 
non-packet-oriented transmission systems.

(G)MPLS is not a panacea,but it does have some useful functionality 
with which we are just starting to get operational experience.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45733&t=45733
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Security hazard?? [7:45731]

[ipguru1]

All,

We have two 3640's and two Extreme Black Diamond 6808's (aka 6509's).
The two 3640's are doing IBGP between them on each of their eth0's.  I
have created a vlan on the Extremes called 'unsecure'(there are only 2
ports on each Extreme in this vlan... one coming in from the 3640 and
the other going into the firewall).  I am getting some complaints from
the 'uppers' that bringing the 3640's into the Extreme's is a security
hazard.

I am sure someone is now working on a way to hack from one vlan to the
next, but for now, I don't see the difference between putting a hub in
there and using a couple of ports on these monster
'almost-never-go-down' switches.  I just don't want another unmanaged
piece of equipment in the flow.

Has anyone ever heard of this being a leak.  I worked in a datacenter
before and this is what we did with 6509's and we didn't blink!  I know
these are Extreme switches... which is probably taboo in the group, but
I am pretty sure this would be platform independent... right

Thanks,

bk




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45731&t=45731
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

show version? [7:45730]

[ipguru1]

Is there a command to get the serial number of the router?  I did a
search on serial number on cisco.com and you can imagine what comes up
when you type 'serial' in the search!!!

Thanks,

bk




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45730&t=45730
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Dropping Characters on Reverse Telnet [7:45729]

[Michael Gunnels]

I've been having a strange problem.  When reverse
telnetting from my 2514's AUX port to my 25xx's
console port (I've tried multiple routers).  I am
sometimes losing packets during show commands.  The
router that initiates the reverse telnet cpu is at
most 35%.  I've tried using variations of flow control
on both routers, but it doesn't seem to make much
difference.  Has anyone else experienced this?  It's
driving me nuts!  It skips and jumbles things
together.  It only shows up when reverse telnetting. 
If I'm consoled in or regular telnet ting their is no
problem.  Please help.

Mike

__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45729&t=45729
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Haven't seen this lately..."A Guide to MPLS Terminology" [7:45728]

[dre]

""Howard C. Berkowitz""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> My Product Line needs a new Story.
>
> Label:
> Stuff you stick to the front of your box for product identification.

Compare the new Cisco Press title (from http://www.ciscopress.com/):

   Traffic Engineering with MPLS
   Authors: Eric Osborne, Ajay Simha
   Available: July 15, 2002
   ISBN: 1587050315
   Pages: 724

   Hard to find information on how to use MPLS traffic engineering to
   optimize network bandwidth, save on network cost, and improve
   customer satisfaction

With operator experience (from http://www.nanog.org):

   How the network would behave without MPLS

   WANDL simulations show that there would be no congestion in the
   network based on IGP TE with IS-IS, so MPLS is not needed today
   for TE.

   Bandwidth reservations for MPLS-based VPNs would not be as
   meaningful with large amounts of native IP traffic on backbone trunks.

   http://www.nanog.org/mtg-0202/ppt/siegel/sld031.htm

-dre




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45728&t=45728
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX question [7:45658]

[[EMAIL PROTECTED]]

PIX no
Router yes.
FW-1 yes but you have to play with it.






"Anil Kumar" 
Sent by: [EMAIL PROTECTED]
06/03/2002 09:51 PM
Please respond to "Anil Kumar"

 
To: [EMAIL PROTECTED]
cc: 
Subject:PIX question [7:45658]


Hi All,

Does the PIX fw support secondary ip address option for the
interface, as which is carried out on router ethernet
interface?


Thanks in Advance.

Regards.. Anil


__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45726&t=45658
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Anyone seen this? [7:45664]

[[EMAIL PROTECTED]]

Thats a new one.  I will try to get ours to do the same.

Theo CSS1






"Maccubbin, Duncan" 
Sent by: [EMAIL PROTECTED]
06/03/2002 11:00 PM
Please respond to "Maccubbin, Duncan"

 
To: [EMAIL PROTECTED]
cc: 
Subject:Anyone seen this? [7:45664]


My IDS from time to time pulls this up. I don't know how to track it down
easily. Any ideas?

IDS ALERT at: 2002-06-03 09:30:06
SIGNATURE: BAD TRAFFIC same SRC/DST
HOST: TIP3-90Sub
SID: 1
CID: 945479
SRC IP: 4.0.0.3
DST IP: 4.0.0.3




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45727&t=45664
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN Overhead [7:45719]

[[EMAIL PROTECTED]]

If you look the the PIX 515E description, its throughput is 188 without 
encryption and 68 with DES and 3DES even with the VPN card.

This is just what happens when you do DES or 3DES.  Every time that I have 
used encryption this has occured.

Theo
CSS1






"Doug Korell" 
Sent by: [EMAIL PROTECTED]
06/04/2002 08:33 AM
Please respond to "Doug Korell"

 
To: [EMAIL PROTECTED]
cc: 
Subject:VPN Overhead [7:45719]


We are currently using a VPN provider to get into the network but want to
take more control and bring it in house. I did some testing though and 
found
that the VPN was adding about 27% overhead compared to bypassing VPN and
going direct to a server.

I'm wondering if others have done testing and what were your results. We 
are
currently using V-One but I will be looking at Cisco's solution.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45725&t=45719
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Aspiring CCNA ( 640-507 ) [7:45654]

[[EMAIL PROTECTED]]

www.examnotes.net  might be useful.







"Kaminski, Shawn G" 
Sent by: [EMAIL PROTECTED]
06/03/2002 10:43 PM
Please respond to "Kaminski, Shawn G"

 
To: [EMAIL PROTECTED]
cc: 
Subject:RE: Aspiring CCNA ( 640-507 ) [7:45654]


Go to www.packetattack.com where you will find a free 60-question CCNA
640-607 practice exam.

Shawn K.

> -Original Message-
> From: Rahul Salve [SMTP:[EMAIL PROTECTED]]
> Sent: Monday, June 03, 2002 5:58 AM
> To:   [EMAIL PROTECTED]
> Subject:  Aspiring CCNA ( 640-507 ) [7:45654]
>
> Hello to all,
>
> Can you help me, i am new I this field.
> I want to give CCNA ( 640-507 ) exam
>
> Can you just help me to locate the resources
> for CCNA on the web, I search a lot but most of the
> website are paid web site.
>
> I will be very greatful to you.
> Thanks you
>
>
> Regards-
> Rahul S. Salve
>
> 
--
> --
> 
> National Centre For Software Tech.,   Tel:  6201606 Ext 348 (O)
> Gulmohar Cross Road No.9 6400957 (R)
> Juhu , Mumbai -400050
> 
--
> --
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45724&t=45654
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT : routing design architecture [7:45680]

[Brian]

His 1998 book on ospf is the defacto reference, might be worth takin a
peek at this other one.  I see both at
http://www.awprofessional.com/authors/author.asp?authorid=%7B9170A1F0-3AFC-46D4-AB86-D3D5A211A045%7D,
though searching a price search site, like mysimon.com, since they are a
commodity, is likely a good idea.

Bri

On Mon, 3 Jun 2002, Peter van Oene wrote:

> Hi Ashish,
>
> John Moy has written a book related to coding an OSPF implementation and
> provides snippets of code from his own.  I lost my bookmark page, but I'm
> sure someone around might have a link to his homepage with provides
> additional detail and code IIRC.
>
>
>
http://www.amazon.com/exec/obidos/ASIN/0201309661/qid=1023147354/sr=8-4/ref=sr_8_4/104-7176424-7025553
>
>
> At 12:44 PM 6/3/2002 -0400, ashish nigam wrote:
> >Hi,
> >I have been searching about different ways routing can be implemented, in
> >terms of design and architecture.
> >zebra code is good enough to look at but it is without any documentation
at
> >the code and design level.
> >
> >So if anyone knows where I can find one, please let me know.
> >
> >Thanks,
> >Ashish




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45721&t=45680
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT : routing design architecture [7:45680]

[Peter van Oene]

Hi Ashish,

John Moy has written a book related to coding an OSPF implementation and 
provides snippets of code from his own.  I lost my bookmark page, but I'm 
sure someone around might have a link to his homepage with provides 
additional detail and code IIRC.


http://www.amazon.com/exec/obidos/ASIN/0201309661/qid=1023147354/sr=8-4/ref=sr_8_4/104-7176424-7025553


At 12:44 PM 6/3/2002 -0400, ashish nigam wrote:
>Hi,
>I have been searching about different ways routing can be implemented, in
>terms of design and architecture.
>zebra code is good enough to look at but it is without any documentation at
>the code and design level.
>
>So if anyone knows where I can find one, please let me know.
>
>Thanks,
>Ashish




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45720&t=45680
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

VPN Overhead [7:45719]

[Doug Korell]

We are currently using a VPN provider to get into the network but want to
take more control and bring it in house. I did some testing though and found
that the VPN was adding about 27% overhead compared to bypassing VPN and
going direct to a server.

I'm wondering if others have done testing and what were your results. We are
currently using V-One but I will be looking at Cisco's solution.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45719&t=45719
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Show Interface Output [7:45716]

[Shawn Heisey]

Zahid,

The 'show interface' command would show the actual going through the
interface.

You probably are after the 'show interface  rate-limit' command
instead [shown here on 12.2(7a)]:

milliways#show int f0/0.102 rate-limit
FastEthernet0/0.102 
  Input
matches: all traffic
  params:  128000 bps, 24000 limit, 32000 extended limit
  conformed 200597 packets, 36550102 bytes; action: transmit
  exceeded 616 packets, 895075 bytes; action: drop
  last packet: 59244ms ago, current burst: 7483 bytes
  last cleared 2w6d ago, conformed 0 bps, exceeded 0 bps
  Output
matches: all traffic
  params:  128000 bps, 24000 limit, 32000 extended limit
  conformed 220716 packets, 103342492 bytes; action: transmit
  exceeded 7757 packets, 11884318 bytes; action: drop
  last packet: 59168ms ago, current burst: 0 bytes
  last cleared 2w6d ago, conformed 0 bps, exceeded 0 bps
milliways#


Zahid Hassan wrote:
> 
> Dear All,
> 
> I would really appreciate if someone would shed some light into my
following
> question:
> 
> I have configured rate-limit on an interface. When I do show interface
fa0/0,
> do I see the
> number of bit/s under the 5 min input and output rate after the rate-limit
> has
> been applied or the
> actual bits/s the interface is receiving or transmitting ?
> 
> Thanks in advance,
> 
> Zahid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45718&t=45716
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Show Interface Output [7:45716]

[Zahid Hassan]

Dear All,


I would really appreciate if someone would shed some light into my following
question:

I have configured rate-limit on an interface. When I do show interface fa0/0,
do I see the
number of bit/s under the 5 min input and output rate after the rate-limit
has
been applied or the
actual bits/s the interface is receiving or transmitting ?


Thanks in advance,

Zahid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45716&t=45716
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco 770 to Nortel pp2430 [7:45652]

[[EMAIL PROTECTED]]

Well, I've never really used either a 770 or a Nortel Passport, but I'd 
advise checking your CHAP authentication.  2 seconds sounds about right 
for an authentication mismatch (at least between Cisco IOS devices), and 
the warning in the Nortel log "Failed to locate `pp2430` in WHOAMI table."
looks very much like it couldn't authenticate.

I can't help with how to configure the Nortel - sorry.  But I'd guess you 
have to define your 770 (pp2430) in a WHOAMI table.  ;-)

JMcL
- Forwarded by Jenny Mcleod/NSO/CSDA on 04/06/2002 08:39 am -


"pravin" 
Sent by: [EMAIL PROTECTED]
03/06/2002 05:11 pm
Please respond to "pravin"

 
To: [EMAIL PROTECTED]
cc: 
Subject:Cisco 770 to Nortel pp2430 [7:45652]
Is this part of a business decision process?: 


Hi
I am trying to connet from cisco 770 to nortel passport 2430 .Cisco dails
out and disconnet after 2 sec.i am using ppp with chap auth.
I don't have much knowledge about Nortel ..we r configuring it through
sitemanager.IF anyone has done this pls help me.

---
Nortel gives this log

-
#   11: 06/01/2002 01:24:40.241  INFO SLOT  1  SWSERV Code:
77
ISDN Connect Request for Call ID 168 on DSL 0.

#   12: 06/01/2002 01:24:40.330  INFO SLOT  1  SWSERV Code:
83
ISDN Connect Confirm Indication for Call ID 168 on DSL 0.

#   13: 06/01/2002 01:24:40.366  INFO SLOT  1  PPP Code:
200
Link layer for line 201301:0 initializing for circuit 65535.

#   14: 06/01/2002 01:24:41.289  INFO SLOT  1  PPP Code:
142
Link Establishment Phase complete on line 201301:0, circuit 65535.

#   15: 06/01/2002 01:24:41.293  INFO SLOT  1  PPP Code:
132
Type:  to page;  advance 1 line; Q to quit

 LCP up on line 201301:0, circuit 65535.

#   16: 06/01/2002 01:24:41.301  WARNING  SLOT  1  PPP Code:
98
Failed to locate `pp2430` in WHOAMI table.

#   17: 06/01/2002 01:24:41.331  INFO SLOT  1  PPP Code:
29
LCP down on circuit -1.

#   18: 06/01/2002 01:24:42.029  INFO SLOT  1  SWSERV Code:
71
ISDN Disconnect Indication for Call ID 168  with Cause 16 (NORMAL 
CLEARING)
on DSL 0.

#   19: 06/01/2002 01:24:42.030  INFO SLOT  1  SWSERV Code:
76
ISDN Clear Request for Call ID 168 on DSL 0.

#   20: 06/01/2002 01:24:42.033  INFO SLOT  1  SWSERV Code:
135
ISDN Connection Terminated for Call ID 168, Channel B1 on DSL 0.
Duration of call from NONE to NONE is 0 mins 2 secs

--
This is config of Cisco.
set systemname delhi
set switch net3
cd lan
set ip address 172.168.1.1
set ip netmask 255.255.0.0
set ip routing on
set bridging off
cd
set user pp2430
set ppp clientname pp2430
set ppp secret client
1234
1234
set ppp secret host
1234
1234
set bridging off
set ip address 195.0.0.2
set ip netmask 255.255.255.0
set ip routing on
set encapsulation ppp
set ppp authentication incoming chap
set timeout 300
set 1 number 916455267
set 2 number 916455267
SEt IP ROUTE DEstination 0.0.0.0/0 GAteway 195.0.0.1
set active
Important:  This e-mail is intended for the use of the addressee and may
contain information that is confidential, commercially valuable or subject
to legal or parliamentary privilege.  If you are not the intended recipient
you are notified that any review, re-transmission, disclosure, use or
dissemination of this communication is strictly prohibited by several
Commonwealth Acts of Parliament.  If you have received this communication in
error please notify the sender immediately and delete all copies of this
transmission together with any attachments.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45715&t=45652
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CSS Question [7:45713]

[Zahid Hassan]

Dear All,

Does a CSS supports secondary ip address on any of its Ethernet interfaces
like a router ?

Thanks in Advance.

Regards,

Zahid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45713&t=45713
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: C1912-EN CLI command for... [7:45688]

[MADMAN]

It's not a critical thing but some customers don't want anything on
VLAN 1 or they want the switches on network x which is VLAN x and x
isn't 1.

  Dave

Jason Viera wrote:
> 
> Just out of curiousity, why would you want to change the management VLAN to
> anything other than the default?
> Jason
> ""Edward Sohn""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Does anyone know what the CLI command on the C1912-EN switch is for
> > changing the management VLAN to something other than 1?  I know you can
> > do it in the menus, but I can't seem to find that CLI command.  Is there
> > even a command to do this?
> >
> > Please let me know.
> >
> > Thanks,
> >
> > Eddie
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45711&t=45688
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIP Content Networking [7:45699]

[dre]

"". .""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I am a CCNP (i.e. I passed BSCN) and I want to obtain the CCIP Content
> Networking.  Do I need to pass BSCI again, instead of the BSCN?
> From the tracking system, it looks like that I need BSCI

Well, are you trying to get certified in CCIP or Content Networking?
Or both?

If you want to be Cisco Certified in Content Networking without
retaking BSCI (you took it as BSCN), then you can take the Cisco
Content Networking Specialist track:
http://www.cisco.com/warp/public/10/wwtraining/certprog/cqs/cn/
which includes the 640-925-CN and 9E0-600 exams (requires
valid CCNP or CCIP certification).

Is someone requiring this certification?  Why are you interested in it?
Are you currently working with Cisco CDN products, or do you plan
to?  Is the interest in CSS products only, or also ECDN/ICDN and/or
Content Engines?

If you are only interested in CSS 11000, CE 500, and CR 4430B
configuration, then maybe you should instead go the CCIP route and
only take BSCI, MCAST+QOS, and CN exams.  If you are interested
in being "Cisco Content Networking Certified", meaning all products,
including ECDN/ICDN, all CE's, all CR's, *and* all CSS functionality,
then that's the CQS program above.

CN is CSS 11000, CE 500, and CR 4430B only.
CECOC is Router IOS WCCP, CSS 11000, CE 500 and CE 7320
CSSOC is CSS 11000 only
ECDN is the CDM 46x0 and CR 4430 (sans Boomerang) and CE-x-CDN models

So, basically, if you just want a simple (IMO, a joke and a waste of time)
overview,
take the CN class/exam.
If you want to learn do-it-yourself caching (WCCP, ICP, etc), take CECOC.
If you want to learn web-server load-balancing only, take CSSOC.
If you want to learn Cisco's CDN solutions (CDM, SODA, etc), take ECDN.

For individuals, the Cisco wants individuals to be certfied with the CQS
Cisco
Content Networking Specialization, which includes all of the above.  The
CCIP
specific Content Networking exam/course (i.e. CN) is just an elective, and
it's
just basic understand and overview.  The one nice thing about CN is that it
covers
Boomerang.  If you plan on doing ICDN stuff, CN is better to learn than
ECDN.

Cisco also has a partner certification for organizations in Content
Networking here:
http://www.cisco.com/warp/public/765/partner_programs/specialization/content
networking/

Have fun.

-dre




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45710&t=45699
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX - Why NO glaobal (outside) command [7:45676]

[Karagozian Sarkis]

OK 
Good to know, 
I will forget this Old PIX config and will look into more 
newer PIX 6.2 configs. Thanks for the advise.

Sarkis


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45709&t=45676
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How do I approach the company about my CCIE [7:40261]

[Wes Stevens]

Just a couple of points:

Cisco's sales on a quarterly basis bottomed last july. They have been 
recovering since. Last quarter they actually beat the sales from the year 
before. Fical year 02 which ends in july will be down 15% compared to 
Juniper's 02 ending in dec which will be down 40%. The enterprise market is 
in much better shape then the sp market.

Cisco over paid badly for quite a few of their acquisitions. But they paided 
for them with stock when it was at a very inflated price. That makes the 
price they paid not nearly so bad. That they bought companies with products 
that they really had no place for in their product lines is another issue. 
What hurts with the two recent Juniper purchases is they were cash/stock 
transactions with Juniper's stock sitting at very near it's all time low.

Juniper re-issued  employee stock options last week. It will be interesting 
to see what effect that has from a stock point of view.

As you point out they have the biggest and baddest router out there right 
now. The company is not going away. But from a shareholder and a job 
prospect point I think both are going to need patience for another year.

>From: "nrf" 
>Reply-To: "nrf" 
>To: [EMAIL PROTECTED]
>Subject: Re: How do I approach the company about my CCIE [7:40261]
>Date: Mon, 3 Jun 2002 11:35:23 -0400
>
>By no means am I a Juniper fanatic (nor am I a Cisco fanatic).  But allow 
>me
>to add some points here.
>
>
>""Wes Stevens""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Peter I have been following and trading Juniper stock for years. In the
> > beginning everyone loved it because it was so focused - just high end
> > routers. Two things came together in 2000 to help them grow sales 6x 
>over
> > 1999 one was the massive build out of the telcos and the other was the
>fact
> > that they had a year lead on cisco for delivering 192 interfaces.
>
>Juniper's biggest opening was indeed due to the fact that Cisco was late in
>delivering its 192 interfaces.   But even now that Cisco has its 124xx
>series out, Juniper's products still enjoy key technical advantages, as
>detailed in Lightreading and other studies.   Perhaps the key advantage is
>that Cisco's routers (all series) have been notorious for having its
>performance drop precipitously whenever you turn on a significant number of
>services,  something that does not happen with Juniper.  Other advantages
>include faster BGP convergence and the ability to handle huge BGP route
>tables, which is important if you want to implement lots of RFC2547 VPN's.
>Not to mention the bizarre Engine 0/1/2/4 paradigm and of course the sheer
>brawn of the new Juniper T640 which Cisco will not match anytime soon.
>
>That's not to say that Cisco doesn't hold some advantages of its own.  For
>example, Cisco's CoS implementation is more flexible.  Cisco has some
>interesting fault-tolerance features with its DPT technology that Juniper
>does not have.  And of course Cisco enjoys the advantages of being the
>incumbent, so that means that people are simply more familiar with their
>gear (but this can be looked at the other way too, as that makes the fact
>that Juniper has still managed to win significant share even more
>impressive).
>
> >In 2001
> > the telco's started cutting back and juniper sales growth went to up 32 
>%,
> > but all of it came in the first half. Since mid year last year sales 
>have
> > been dropping qtr over qtr. The biggest reason is the same reason the
> > analysts used to love it - focused only on the high end telco market. 
>Well
> > the telco's are in a world of trouble. They are so deep in dept that 
>most
> > will never climb out. Global xing bit the dust and it looks like wcom 
>may
> > follow. Quest is in deep trouble too. Believe it or not the only hope 
>for
>a
> > recovery in the next year is that these big guys go chapter 11 and then
> > reorg. All the investors get screwed but their debt goes away and they 
>may
> > have some money to invest again. All of the major telcos cut capex for 
>the
> > rest of this year and next in their first quarter report.
>
>Yes it is definitely true that the service-provider market is fuc*ed up 
>now.
>But that's not to say that Cisco hasn't been hurt by this as well.  In fact
>you may recall that 5 years ago or so Cisco's strategy to unseat the telco
>vendor incumbents at that time - Nortel, Lucent, Alcatel, Siemens, etc. -
>was to back "New-Economy" telcos, and this super-charged Cisco's growth
>through the late 90's.  Now of course these new telcos are mostly dead.
>
>Now I do agree completely that Juniper is being hurt proportionately more
>than Cisco is being hurt by the telco wasteland.  But that's not to say 
>that
>Cisco isn't being hurt at all.
>
> >Juniper's also has
> > to deal with cisco now as they are going after that same market and have
> > taken share away in the last year.
>
>I disagree with this, in this way.  Obviously I agree that Cisco has gained
>overall shar

Re: static route for port 21 [7:45682]

[Chuck]

to the famous "what problem are you trying to solve? should we also add
Murphy's corollary: "what problem are you trying to create?" ???

we do see so many questions about "how do I load share?" and none at all
about "how does the law of unintended consequences apply?"

BTW, having worked in a situation where I had equal cost paths to each of my
branch offices, I don't ever recall having telnet issues, even when during a
telnet session I deliberately shut down one of the links to a remote. I
appreciate your very thorough and sequence based presentation of the FTP
process, because now it begins to make sense as to how, why, and where the
FTP problem described has occurred.

Chuck


""Priscilla Oppenheimer""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Although I can't answer your question, I can tell you how FTP works and
> maybe that will help. I can believe that it has problems in your
situation!
> ;-)
>
> FTP does not use both TCP and UDP. It does, however, open multiple TCP
> connections.
>
> Assuming you are using Active (non-passive, aka PORT mode), here's what
> happens:
>
> 1. The client sends a TCP SYN to the well-known FTP control port (port 21)
> on the server. The client uses an ephemeral (short-lived, not well-known,
> greater than 1024) port as its source port.
> 2. The server sends the client a SYN ACK from port 21 to the ephemeral
port
> on the client.
> 3. The client sends an ACK. The client uses this connection to send FTP
> commands and the server uses this connection to send FTP replies.
> 4. When the user requests a directory listing or initiates the sending or
> receiving of a file, the client software sends a PORT command that
includes
> an ephemeral port number that the client wishes the server to use when
> opening the data connection. The PORT command also includes an IP address,
> which is usually the client's own IP address, although FTP also supports a
> third-party mode where a client can tell a server to send a file to a
> different host. (Third-party mode is rarely used.)
> 5. The server sends a SYN from port 20 to the client's ephemeral port
> number, which was provided to the server in the client's PORT command.
> 6. The client sends a SYN ACK from its ephemeral port to port 20.
> 7. The server sends an ACK.
> 8. The host that is sending data uses this new connection to send the data
> in TCP segments, which the other host ACKs. (With some commands, such as
> STOR, the client sends data. With other commands, such as RETR, the server
> sends data.)
> 9. After the data transfer is complete, the host sending data closes the
> data connection with a FIN, which the other host ACKs. The other host also
> sends its own FIN, which the sending host ACKs.
> 10. The client can send more commands on the control connection, which may
> cause additional data connections to be opened and then closed. At some
> point, when the user is finished, the client closes the control connection
> with a FIN. The server ACKs the client's FIN. The server also sends its
own
> FIN, which the client ACKs.
>
> Notice that an additional command (DIR, in your example) opens another
data
> connection. (In Active mode, these data connections come from the server's
> port 20.)
>
> Now, if you're using Passive mode, the client opens the data connection,
> from an ephemeral port to an ephemeral port on the server. Here are the
> steps:
>
> 1. The client sends a TCP SYN to the well-known FTP control port (port 21)
> on the server. The client uses an ephemeral port as the source port.
> 2. The server sends the client a SYN ACK from port 21 to the ephemeral
port
> on the client.
> 3. The client sends an ACK. The client uses this connection to send FTP
> commands and the server uses the connection to send FTP replies.
> 4. When the user requests a directory listing or initiates the sending or
> receiving of a file, the client software sends a PASV command to the
server
> indicating the desire to enter passive mode.
> 5. The server replies. The reply includes the IP address of the server and
> an ephemeral port number that the client should use when opening the
> connection for data transfer.
> 6. The client sends a SYN from a client-selected ephemeral port to the
> server's ephemeral port number, which was provided to the client in the
> reply to the client's PASV command.
> 7. The server sends a SYN ACK from its ephemeral port to the client's
> ephemeral port.
> 8. The client sends an ACK.
> 9. The host that is sending data uses this new connection to send the data
> in TCP segments, which the other host ACKs. (With some commands, such as
> STOR, the client sends data. With other commands, such as RETR, the server
> sends data.)
> 10. After the data transfer is complete, the host sending data closes the
> data connection with a FIN, which the other host ACKs. The other host also
> sends its own FIN, which the sending host ACKs.
> 11. The client can send more commands on the control session, whi

Re: static route for port 21 [7:45682]

[John Dorffler]

Way off topic:

1. Priscilla mentions ephemeral ports at the end of this post. I just saw
"Scanners" this weekend and the drug they use to give people wacky
telepathic powers was "ephemerol". Apparently it gives you the ability to
make people's heads explode, just like networking can at times!

2. Priscilla, please tell me you cut and paste that stuff from somewhere and
don't just reel it off from memory (e.g. the 10-step FTP process below). If
you do reel it off from memory, do you use some herbal memory supplement or
something?

-John


""Priscilla Oppenheimer""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Although I can't answer your question, I can tell you how FTP works and
> maybe that will help. I can believe that it has problems in your
situation!
> ;-)
>
> FTP does not use both TCP and UDP. It does, however, open multiple TCP
> connections.
>
> Assuming you are using Active (non-passive, aka PORT mode), here's what
> happens:
>
> 1. The client sends a TCP SYN to the well-known FTP control port (port 21)
> on the server. The client uses an ephemeral (short-lived, not well-known,
> greater than 1024) port as its source port.
> 2. The server sends the client a SYN ACK from port 21 to the ephemeral
port
> on the client.
> 3. The client sends an ACK. The client uses this connection to send FTP
> commands and the server uses this connection to send FTP replies.
> 4. When the user requests a directory listing or initiates the sending or
> receiving of a file, the client software sends a PORT command that
includes
> an ephemeral port number that the client wishes the server to use when
> opening the data connection. The PORT command also includes an IP address,
> which is usually the client's own IP address, although FTP also supports a
> third-party mode where a client can tell a server to send a file to a
> different host. (Third-party mode is rarely used.)
> 5. The server sends a SYN from port 20 to the client's ephemeral port
> number, which was provided to the server in the client's PORT command.
> 6. The client sends a SYN ACK from its ephemeral port to port 20.
> 7. The server sends an ACK.
> 8. The host that is sending data uses this new connection to send the data
> in TCP segments, which the other host ACKs. (With some commands, such as
> STOR, the client sends data. With other commands, such as RETR, the server
> sends data.)
> 9. After the data transfer is complete, the host sending data closes the
> data connection with a FIN, which the other host ACKs. The other host also
> sends its own FIN, which the sending host ACKs.
> 10. The client can send more commands on the control connection, which may
> cause additional data connections to be opened and then closed. At some
> point, when the user is finished, the client closes the control connection
> with a FIN. The server ACKs the client's FIN. The server also sends its
own
> FIN, which the client ACKs.
>
> Notice that an additional command (DIR, in your example) opens another
data
> connection. (In Active mode, these data connections come from the server's
> port 20.)
>
> Now, if you're using Passive mode, the client opens the data connection,
> from an ephemeral port to an ephemeral port on the server. Here are the
> steps:
>
> 1. The client sends a TCP SYN to the well-known FTP control port (port 21)
> on the server. The client uses an ephemeral port as the source port.
> 2. The server sends the client a SYN ACK from port 21 to the ephemeral
port
> on the client.
> 3. The client sends an ACK. The client uses this connection to send FTP
> commands and the server uses the connection to send FTP replies.
> 4. When the user requests a directory listing or initiates the sending or
> receiving of a file, the client software sends a PASV command to the
server
> indicating the desire to enter passive mode.
> 5. The server replies. The reply includes the IP address of the server and
> an ephemeral port number that the client should use when opening the
> connection for data transfer.
> 6. The client sends a SYN from a client-selected ephemeral port to the
> server's ephemeral port number, which was provided to the client in the
> reply to the client's PASV command.
> 7. The server sends a SYN ACK from its ephemeral port to the client's
> ephemeral port.
> 8. The client sends an ACK.
> 9. The host that is sending data uses this new connection to send the data
> in TCP segments, which the other host ACKs. (With some commands, such as
> STOR, the client sends data. With other commands, such as RETR, the server
> sends data.)
> 10. After the data transfer is complete, the host sending data closes the
> data connection with a FIN, which the other host ACKs. The other host also
> sends its own FIN, which the sending host ACKs.
> 11. The client can send more commands on the control session, which may
> cause additional data connections to be opened and then closed. At some
> point, when the user is finished, the client closes the contro

Re: Use Burned In Address for HSRP on 6500 MSFC? [7:45702]

[M.C. van den Bovenkamp]

Jeffrey Reed wrote:

> Is there a way to program HSRP to use the burned in address rather than the
> fictitious mac address??

'standby use-bia'. Cost me a minute to find on CCO...

Regards,

Marco.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45707&t=45702
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Haven't seen this lately..."A Guide to MPLS Terminology" [7:45706]

[Howard C. Berkowitz]

My Product Line needs a new Story.

Label:
Stuff you stick to the front of your box for product identification.

Label Swapping:
The process of swapping a "router" label with a "switch" label on a box.
Label
swapping typically requires an engineer or two but an entire marketing dept.

Label Information Base:
A database containing all the labels so far used in the industry, so that a
new
one may be selected by a company entering the fray. Taken labels include "IP
switching", "Cell Switch Router", "Tag switching", etc.

DLCI:
Dual-Label Communications Instrument - Term indicating products from some
companies optimistically jumping onto the IP switching bandwagon, based on
software additions to their existing ATM switch products. Such products may
be
used for both IP switching and for ATM, and they may be cleverly designed to
have the shortcomings of both ATM and IP switching.

Flow:
The influx of employees leaving a big corporation to join an IP switching
start-up.

Stream:
The aggregate of many flows; many employees leaving many big corporations in
droves to join many IP switching start-ups.

Layer 2:
OSI has defined three MPLS layers (see [Stallings97]): Layer 3 is the
marketing
hype. Layer 2 is the hand-waving logic to prop up the marketing hype. Layer 1
is the set of dubious performance numbers supporting layer 2. Some IP
switching
products also rely on a layer 0, which is the glib dismissal of anything ATM.

Layer 3:
See above.

VC:
Very Confounding - indicating arguments in favor of standardizing MPLS.

Shortcut VC:
A VC argument which skips unnecessary details such as performance results and
directly jumps to the conclusion that MPLS is the salvation.

Loop:
A circular strategy whereby a vendor uses doubts on conventional router
performance to sell IP switching products and skepticism about IP switching
to
sell more of its conventional routers.

Loop detection:
A stroke of luck whereby some customers manage to detect aforementioned
loops.

Loop prevention:
A drastic step whereby some customers stick to SNA over frame-relay to avoid
the whole nasty business altogether.

MPLS domain:
The marketing section in a company in charge of selling MPLS to the media and
customers.

VP:
Vice President.

MPLS node:
Office of the VP (Marketing), responsible for MPLS products.

Stack:
Steadily accumulating drafts and white papers on IP switching.

LDP:
Let's Do Packets - New slogan for ATM vendors.

LSR:
Low-Selling Router - A device being converted to an "IP switch" by a router
vendor.

NHS:
Not High Speed - An argument for MPLS in which policy and TOS-based routing
capabilities are touted when forwarding performance is questioned.

NHC:
Not Highly Capable - An argument against MPLS by companies which don't have
an
MPLS-type product.


Bala Rajagopalan
NEC USA, C&C Research Labs
4 Independence Way
Princeton, NJ 08540
U.S.A

Ph:+1-609-951-2969
Fax:+1-609-951-2499
Email:[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45706&t=45706
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Policy routing - directly connected interfaces [7:45628]

[Chuck]

coincidentally, I opened up Doyle as part of my research into the question.

As I understand things, the ip local policy command and process is for
packets that the router originates, such as routing protocol advertisements,
hellos, pings, etc. As such, ip local policy is for traffic originated by
the router itself, and outbound.

OTOH, ip policy is for inbound traffic on an interface that ( and here is
the point of clarification required ) is routed. My question is essentially,
if the packet destination is on a directly connected network, does that mean
it is not "routed" and therefore is not "policy routed" either. Does that
make sense?

In solution to my particular problem, I rewrote my nat list on the external
router such that I referenced a route map:

! access-list 101 determines which source addresses are allowed onto the CCC
network
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 host 10.1.1.1   ! business
partner extranet server
access-list 101 permit ip 192.168.1.0 0.0.0.255 host 172.31.2.1   ! shared
e-mail services server
access-list 101 deny ip 192.168.1.0 0.0.0.255 172.31.0.0 0.0.255.255  !
other organization subnets that are forbidden
access-list 101 permit ip 192.168.1.0 0.0.0.255 any  ! shared internet
access
! INSIDE_NET CCC, DPH, OR INTERNET
! used with nat pool construct

!
ip nat pool cccnat 172.31.10.25 172.31.10.250 netmask 255.255.255.0
ip nat inside source route-map CCC pool cccnat
!
route-map CCC permit 10
match ip address 101

route-map CCC deny 20  ! probably unnecessary

the neat thing about this construct is that only those packets with the
appropriate source AND destination addresses get out onto the network, NAT
or otherwise. Packets that are not NAT'ed can't be routed because there is
no gateway of last resort on the edge/NAT routers, nor does policy routing
on the central router permit anything other than packets with a source that
was created by the NAT process.

Chuck


""Daniel Cotts""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Check out page 819 of Doyle Vol 1. "ip local policy route-map"
> HTH
>
> > -Original Message-
> > From: Chuck [mailto:[EMAIL PROTECTED]]
> > Sent: Sunday, June 02, 2002 12:36 PM
> > To: [EMAIL PROTECTED]
> > Subject: Policy routing - directly connected interfaces [7:45628]
> >
> >
> > Continued policy routing testing of a customer network
> > simulation in my lab
> > has revealed something of interest to me. Can't find a
> > revelation in the
> > config and command references on CCO.
> >
> > I have a policy set up such that packets with a particular
> > source address
> > and a particular destination address are treated in various manners.
> >
> > debug ip policy is showing me that the policy is doing
> > exactly what I want
> > it to do EXCEPT when the destination address is a directly connected
> > network.
> >
> > that is, if the destination is a network on some other
> > router, with a route
> > in the routing table, everything is fine. the next hop is set
> > appropriately,
> > and the debug shows that policy is applied properly.
> >
> > however, when the destination is a directly connected network
> > ( either a
> > loopback or a LAN interface ) policy routing is not engaged.
> >
> > true? experience? reference? as I said, can't find anything in the
> > documentation on CCO.
> >
> > Chuck




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45704&t=45628
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT : routing design architecture [7:45680]

[Howard C. Berkowitz]

At 12:44 PM -0400 6/3/02, ashish nigam wrote:
>Hi,
>I have been searching about different ways routing can be implemented, in
>terms of design and architecture.
>zebra code is good enough to look at but it is without any documentation at
>the code and design level.
>
>So if anyone knows where I can find one, please let me know.
>
>Thanks,
>Ashish

Well, depends what you are looking for--current protocols or new 
proposals.  There are two draft requirements documents in the IRTF 
for next-generation interdomain routing.

At a book level, there's John Moy's second OSPF book that comes with 
a documented application. Alex Zinin's "Cisco IP Routing" is probably 
the best you'll find on IOS implementation.  Volume III of Knuth's 
"Art of Computer Programming" gives useful background on search 
algorithms.

There's quite a bit out there in published papers.  A good start 
would be to go to www.acm.org, and navigate down to the SIGCOMM 
proceedings. Also, look through the RFCs for "Implementation 
Experience" documents.  Also, look through www.nanog.org and find 
work on subsecond convergence, which, IIRC, was first presented at 
the last Washington meeting.

Be aware that you'll need some reasonable understanding of abstract 
data structures, graph theory, control systems theory, etc., to 
understand the basis of current work.

You certainly can go through the archives of the IETF working groups 
for each routing protocol and get a good idea how the design 
consensus evolved. It sometimes feels like the Inter-Domain Routing 
(IDR) group, which does BGP, is an exercise in herding cats. Sue 
Hares and Yakov Rekhter, the co-chairs, do a marvelous job of keeping 
things in a more-or-less consistent direction. OSPF and ISIS are much 
less controversial!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45705&t=45680
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How to hook up modem with router [7:45657]

[James Allen]

The following link will provide you with a sample Async DDR scenario:
http://www.cisco.com/warp/public/779/smbiz/service/configs/async/async_ip_static_aux.htm.
  I was able to get this to work successfully.  However, it appears that the author of 
this config neglected to add the following commands script dialer dialnum and script 
reset rstmdm under the line aux 0.  Once these commands were added, it worked fine.
HTH

James


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45703&t=45657
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Use Burned In Address for HSRP on 6500 MSFC? [7:45702]

[Jeffrey Reed]

Is there a way to program HSRP to use the burned in address rather than the
fictitious mac address??

Jeffrey Reed
Classic Networking, Inc.
Cell 717-805-5536
Office 717-737-8586
FAX 717-737-0290




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45702&t=45702
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Teltone TLS-x question for the group [7:45692]

[James Allen]

John, I am also in the faced with the same scenario.  But after doing some
research, I located a good article on that suggested using a Viking DLE-200,
which I located for $119 plus shipping.  The following link is to the
article which I found.
http://www.certcities.com/certs/cisco/columns/story.asp?EditorialsID=24

HTH

James


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45701&t=45692
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX - Why NO glaobal (outside) command [7:45676]

[Mears, Rob]

The statement 
NAT and GLOBAL is used for inside to outside communication.

STATIC is used for outside to inside communication.
No longer holds true but it is a good rule to keep you straight.  Check
out ios PIX 6.2, they have removed the rules as we know it.

You can now do a satatic (outside,inside)or a   nat 1 (outside)
x.x.x.x

Cool stuff

Thanks
Rob Mears III,  CCNP, MCSE, CNE, NNCDS, NNCSS, NNCPS, MCP+I, A+
Technical Mercenary
Valor Telecom.com


-Original Message-
From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] 
Sent: Monday, June 03, 2002 12:43 PM
To: [EMAIL PROTECTED]
Subject: RE: PIX - Why NO glaobal (outside) command [7:45676]


NAT and GLOBAL is used for inside to outside communication.

STATIC is used for outside to inside communication.

Since the device(s) we're talking about seems to be a server/service of
some kind located on your inside network, you use the NAT 0 to let the
server communicate outbound with the same (unNATed) IP address, and you
use STATIC with the same IP for global and local so outside clients can
access the services running on the server.

Hth,

Ole

~
 Ole Drews Jensen
 Systems Network Manager
 CCNP, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]
~
 http://www.RouterChief.com
~
 Need a Job?
 http://www.OleDrews.com/job
~




-Original Message-
From: Karagozian Sarkis [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 03, 2002 11:02 AM
To: [EMAIL PROTECTED]
Subject: RE: PIX - Why NO glaobal (outside) command [7:45676]


Thanks Ole,

I just noticed the nat 0 

Here is how this old PIX is configured:

nat (inside) 0 216.119.xx.0 255.255.255.0 0 0 
static (inside,outside) 216.119.xx.0 216.119.xx.0 netmask 255.255.255.0
0
0   -- why same IP for both??
static (websvers,oustide) 216.119.xx.240 216.119.xx.240 netmask
255.255.255.240 0 0  --- also same IP for both ??

Can u explain. more...
Thanks
Sarkis




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45700&t=45676
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIP Content Networking [7:45699]

[. .]

I am a CCNP (i.e. I passed BSCN) and I want to obtain the CCIP Content 
Networking.  Do I need to pass BSCI again, instead of the BSCN?
>From the tracking system, it looks like that I need BSCI



_
Chat with friends online, try MSN Messenger: http://messenger.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45699&t=45699
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: static route for port 21 [7:45682]

[Daniel Cotts]

Divide and conquer. If you had only one DSL line could you successfully ftp?
i.e. Is the problem at your end or the server end? Does the server end
require active or passive mode? Is there an access-list or firewall at the
remote end? At your end? 
Once that works then consider forcing traffic out one interface. Policy
routing based on traffic to the ftp server could be directed.

> -Original Message-
> From: question cisco [mailto:[EMAIL PROTECTED]]
> Sent: Monday, June 03, 2002 12:07 PM
> To: [EMAIL PROTECTED]
> Subject: static route for port 21 [7:45682]
> 
> 
> i have a question regarding static routing and ports.  i have 
> a 2621 router
> with two dsl lines going to two different dsl providers, and 
> one line going
> into my network.  using the "extendable" feature of nating, 
> i'm able to use
> both dsl line together to load balance traffic.  the problem 
> i run into,
> however, is when i try to ftp.  since the router is 
> forwarding packets in a
> "per packet" fashion, ie one goes out dsl 1, the other dsl2, 
> etc, etc...when
> i connect to an ftp server outside my network i often run 
> into problems.  i
> can connect to the ftp site, but usually the second command 
> (such as dir)
> responds saying that there is no ftp connection.  from what i 
> gather, the
> problem lies in the fact that ftp sends out both tcp and udp 
> packets, and
> since my router is forwarding on a per packet basis, they're going out
> different dsl lines and causing the problem.
> 
> how can i solve this?  i was wondering if there is a way that 
> i can set a
> static route, something like...ip static 0.0.0.0 :21 blah 
> blah, where all of
> my port 21 (ftp) traffic goes out one dsl line.
> 
> thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45698&t=45682
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX - Why NO glaobal (outside) command [7:45676]

[Karagozian Sarkis]

Thanks Ole,

Yes I see some access-lists like:
!
access-list JPS permit ip haost 216.119.x.6 host 166.90.1xx.50
access-list JPS permit ip 216.119.xx.0 255.255.255.0 166.90.1xx.48 ...
!then some crypto map entries as follows:

crypto map jps 1 ipsec-isakmp
crypto map jps 1 match address jps
crypto map jps 1 set peer 
crypto map jps 1 set transform-set strong
crypto map jps inteface outside  (hence acl named jps applied to outide
interface e0)
 
Ok Got it now.
Thanks for good info.



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45697&t=45676
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: C1912-EN CLI command for... [7:45689]

[David A. Ford]

I've had to do it.

The answer:  The client wouldn't listen and said it had to be done that way.
Sometimes you just have to bite the bullet.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Priscilla Oppenheimer
Sent: Monday, June 03, 2002 1:07 PM
To: [EMAIL PROTECTED]
Subject: RE: C1912-EN CLI command for... [7:45689]


What's the answer? Help us learn too. :-) Thanks.

Priscilla

At 01:52 PM 6/3/02, Edward Sohn wrote:
>Please disregard...figured it out RIGHT after i sent out the email...
>
>see ya,
>
>Ed
>
>-Original Message-
>From: Edward Sohn [mailto:[EMAIL PROTECTED]]
>Sent: Monday, June 03, 2002 1:51 PM
>To: '[EMAIL PROTECTED]'
>Subject: C1912-EN CLI command for...
>
>
>Does anyone know what the CLI command on the C1912-EN switch is for
>changing the management VLAN to something other than 1?  I know you can
>do it in the menus, but I can't seem to find that CLI command.  Is there
>even a command to do this?
>
>Please let me know.
>
>Thanks,
>
>Eddie


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45696&t=45689
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: C1912-EN CLI command for... [7:45689]

[Marko Milivojevic]

> What's the answer? Help us learn too. :-) Thanks.

Ha! Still getting ready for CCNA teaching? ;->


Marko.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45695&t=45689
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: C1912-EN CLI command for... [7:45689]

[M.C. van den Bovenkamp]

Priscilla Oppenheimer wrote:

> What's the answer? Help us learn too. :-) Thanks.

:-). 'ip mgmt-vlan '.

Regards,

Marco.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45694&t=45689
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Teltone TLS-x question for the group [7:45692]

[John Dorffler]

I have been thinking about buying a Teltone TLS (telephone line simulator)
and wanted to get your opinions on which model to get and which model to
avoid. I want to play with async dialup connections using routers and
modems, but after reading the specs on each model I am confused as to which
model would be good enough. I suppose I could get a -5 (the top model), but
do I really need it to just dial between two routers? I just want to have
one router dial a number and connect to another router, or simulate dialing
in to a router to manage it remotely. And please don't tell me to just use
two real phone lines :p

Thanks,
John Dorffler
CCIE #6677




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45692&t=45692
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: C1912-EN CLI command for... [7:45689]

[Priscilla Oppenheimer]

What's the answer? Help us learn too. :-) Thanks.

Priscilla

At 01:52 PM 6/3/02, Edward Sohn wrote:
>Please disregard...figured it out RIGHT after i sent out the email...
>
>see ya,
>
>Ed
>
>-Original Message-
>From: Edward Sohn [mailto:[EMAIL PROTECTED]]
>Sent: Monday, June 03, 2002 1:51 PM
>To: '[EMAIL PROTECTED]'
>Subject: C1912-EN CLI command for...
>
>
>Does anyone know what the CLI command on the C1912-EN switch is for
>changing the management VLAN to something other than 1?  I know you can
>do it in the menus, but I can't seem to find that CLI command.  Is there
>even a command to do this?
>
>Please let me know.
>
>Thanks,
>
>Eddie


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45691&t=45689
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: C1912-EN CLI command for... [7:45688]

[Jason Viera]

Just out of curiousity, why would you want to change the management VLAN to
anything other than the default?
Jason
""Edward Sohn""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Does anyone know what the CLI command on the C1912-EN switch is for
> changing the management VLAN to something other than 1?  I know you can
> do it in the menus, but I can't seem to find that CLI command.  Is there
> even a command to do this?
>
> Please let me know.
>
> Thanks,
>
> Eddie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45690&t=45688
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: C1912-EN CLI command for... [7:45689]

[Edward Sohn]

Please disregard...figured it out RIGHT after i sent out the email...

see ya,

Ed

-Original Message-
From: Edward Sohn [mailto:[EMAIL PROTECTED]] 
Sent: Monday, June 03, 2002 1:51 PM
To: '[EMAIL PROTECTED]'
Subject: C1912-EN CLI command for...


Does anyone know what the CLI command on the C1912-EN switch is for
changing the management VLAN to something other than 1?  I know you can
do it in the menus, but I can't seem to find that CLI command.  Is there
even a command to do this? 

Please let me know.

Thanks,

Eddie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45689&t=45689
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

C1912-EN CLI command for... [7:45688]

[Edward Sohn]

Does anyone know what the CLI command on the C1912-EN switch is for
changing the management VLAN to something other than 1?  I know you can
do it in the menus, but I can't seem to find that CLI command.  Is there
even a command to do this? 

Please let me know.

Thanks,

Eddie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45688&t=45688
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX - Why NO glaobal (outside) command [7:45676]

[Ole Drews Jensen]

NAT and GLOBAL is used for inside to outside communication.

STATIC is used for outside to inside communication.

Since the device(s) we're talking about seems to be a server/service of some
kind located on your inside network, you use the NAT 0 to let the server
communicate outbound with the same (unNATed) IP address, and you use STATIC
with the same IP for global and local so outside clients can access the
services running on the server.

Hth,

Ole

~
 Ole Drews Jensen
 Systems Network Manager
 CCNP, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]
~
 http://www.RouterChief.com
~
 Need a Job?
 http://www.OleDrews.com/job
~




-Original Message-
From: Karagozian Sarkis [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 03, 2002 11:02 AM
To: [EMAIL PROTECTED]
Subject: RE: PIX - Why NO glaobal (outside) command [7:45676]


Thanks Ole,

I just noticed the nat 0 

Here is how this old PIX is configured:

nat (inside) 0 216.119.xx.0 255.255.255.0 0 0 
static (inside,outside) 216.119.xx.0 216.119.xx.0 netmask 255.255.255.0 0
0   -- why same IP for both??
static (websvers,oustide) 216.119.xx.240 216.119.xx.240 netmask
255.255.255.240 0 0  --- also same IP for both ??

Can u explain. more...
Thanks
Sarkis




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45687&t=45676
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: static route for port 21 [7:45682]

[Priscilla Oppenheimer]

Although I can't answer your question, I can tell you how FTP works and 
maybe that will help. I can believe that it has problems in your situation!
;-)

FTP does not use both TCP and UDP. It does, however, open multiple TCP 
connections.

Assuming you are using Active (non-passive, aka PORT mode), here's what 
happens:

1. The client sends a TCP SYN to the well-known FTP control port (port 21) 
on the server. The client uses an ephemeral (short-lived, not well-known, 
greater than 1024) port as its source port.
2. The server sends the client a SYN ACK from port 21 to the ephemeral port 
on the client.
3. The client sends an ACK. The client uses this connection to send FTP 
commands and the server uses this connection to send FTP replies.
4. When the user requests a directory listing or initiates the sending or 
receiving of a file, the client software sends a PORT command that includes 
an ephemeral port number that the client wishes the server to use when 
opening the data connection. The PORT command also includes an IP address, 
which is usually the client's own IP address, although FTP also supports a 
third-party mode where a client can tell a server to send a file to a 
different host. (Third-party mode is rarely used.)
5. The server sends a SYN from port 20 to the client's ephemeral port 
number, which was provided to the server in the client's PORT command.
6. The client sends a SYN ACK from its ephemeral port to port 20.
7. The server sends an ACK.
8. The host that is sending data uses this new connection to send the data 
in TCP segments, which the other host ACKs. (With some commands, such as 
STOR, the client sends data. With other commands, such as RETR, the server 
sends data.)
9. After the data transfer is complete, the host sending data closes the 
data connection with a FIN, which the other host ACKs. The other host also 
sends its own FIN, which the sending host ACKs.
10. The client can send more commands on the control connection, which may 
cause additional data connections to be opened and then closed. At some 
point, when the user is finished, the client closes the control connection 
with a FIN. The server ACKs the client's FIN. The server also sends its own 
FIN, which the client ACKs.

Notice that an additional command (DIR, in your example) opens another data 
connection. (In Active mode, these data connections come from the server's 
port 20.)

Now, if you're using Passive mode, the client opens the data connection, 
from an ephemeral port to an ephemeral port on the server. Here are the
steps:

1. The client sends a TCP SYN to the well-known FTP control port (port 21) 
on the server. The client uses an ephemeral port as the source port.
2. The server sends the client a SYN ACK from port 21 to the ephemeral port 
on the client.
3. The client sends an ACK. The client uses this connection to send FTP 
commands and the server uses the connection to send FTP replies.
4. When the user requests a directory listing or initiates the sending or 
receiving of a file, the client software sends a PASV command to the server 
indicating the desire to enter passive mode.
5. The server replies. The reply includes the IP address of the server and 
an ephemeral port number that the client should use when opening the 
connection for data transfer.
6. The client sends a SYN from a client-selected ephemeral port to the 
server's ephemeral port number, which was provided to the client in the 
reply to the client's PASV command.
7. The server sends a SYN ACK from its ephemeral port to the client's 
ephemeral port.
8. The client sends an ACK.
9. The host that is sending data uses this new connection to send the data 
in TCP segments, which the other host ACKs. (With some commands, such as 
STOR, the client sends data. With other commands, such as RETR, the server 
sends data.)
10. After the data transfer is complete, the host sending data closes the 
data connection with a FIN, which the other host ACKs. The other host also 
sends its own FIN, which the sending host ACKs.
11. The client can send more commands on the control session, which may 
cause additional data connections to be opened and then closed. At some 
point, when the user is finished, the client closes the control connection 
with a FIN. The server ACKs the client's FIN. The server also sends its own 
FIN, which the client ACKs.


The gist of your problem is these multiple connections that happen. I 
assume that HTTP works fine. That's probably because it opens only one 
connection.

So, is there some more advanced configuration you can do to make FTP work? 
That's the question.

As far as your idea of fixing the problem with a static route, I'm afraid 
that won't work because static routes don't let you specify a port number. 
Would policy routing work? It's going to be tricky, though, because of 
those ephemeral ports.

Maybe you could just pull one of the connections when you do FTP! ;-)

HTH

Priscilla


At 01:06 PM 6/3/02, quest

Re: static route for port 21 [7:45682]

[John Golovich]

This may not be true.  Do you have the ftp fixup
turned on?

The data stream no longer runs on just the standard
ftp data port.  Unless you have it turned on, your pix
will see traffic it doesn't undersyamd and drop it.

--- question cisco  wrote:
> i have a question regarding static routing and
> ports.  i have a 2621 router
> with two dsl lines going to two different dsl
> providers, and one line going
> into my network.  using the "extendable" feature of
> nating, i'm able to use
> both dsl line together to load balance traffic.  the
> problem i run into,
> however, is when i try to ftp.  since the router is
> forwarding packets in a
> "per packet" fashion, ie one goes out dsl 1, the
> other dsl2, etc, etc...when
> i connect to an ftp server outside my network i
> often run into problems.  i
> can connect to the ftp site, but usually the second
> command (such as dir)
> responds saying that there is no ftp connection. 
> from what i gather, the
> problem lies in the fact that ftp sends out both tcp
> and udp packets, and
> since my router is forwarding on a per packet basis,
> they're going out
> different dsl lines and causing the problem.
> 
> how can i solve this?  i was wondering if there is a
> way that i can set a
> static route, something like...ip static 0.0.0.0 :21
> blah blah, where all of
> my port 21 (ftp) traffic goes out one dsl line.
> 
> thanks.
> [EMAIL PROTECTED]
> 
> 


__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45684&t=45682
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX - Why NO glaobal (outside) command [7:45676]

[John Golovich]

This is saying that from the inside to the outside do
not translate the 216.119 network (they would stay the
same).

>From the outside, connection to the 216.119.X.240
address can come through the PIX and do not translate
the address.

There should be an ACL that goes with this as well 
(outside to inside need both a static entry and an
ACL).
 
> nat (inside) 0 216.119.xx.0 255.255.255.0 0 0 
> static (inside,outside) 216.119.xx.0 216.119.xx.0
> netmask 255.255.255.0 0
> 0   -- why same IP for both??
> static (websvers,oustide) 216.119.xx.240
> 216.119.xx.240 netmask
> 255.255.255.240 0 0  --- also same IP for both
> ??
> 
> Can u explain. more...
> Thanks
> Sarkis 
> [EMAIL PROTECTED]
> 
> 


__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45683&t=45676
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

static route for port 21 [7:45682]

[question cisco]

i have a question regarding static routing and ports.  i have a 2621 router
with two dsl lines going to two different dsl providers, and one line going
into my network.  using the "extendable" feature of nating, i'm able to use
both dsl line together to load balance traffic.  the problem i run into,
however, is when i try to ftp.  since the router is forwarding packets in a
"per packet" fashion, ie one goes out dsl 1, the other dsl2, etc, etc...when
i connect to an ftp server outside my network i often run into problems.  i
can connect to the ftp site, but usually the second command (such as dir)
responds saying that there is no ftp connection.  from what i gather, the
problem lies in the fact that ftp sends out both tcp and udp packets, and
since my router is forwarding on a per packet basis, they're going out
different dsl lines and causing the problem.

how can i solve this?  i was wondering if there is a way that i can set a
static route, something like...ip static 0.0.0.0 :21 blah blah, where all of
my port 21 (ftp) traffic goes out one dsl line.

thanks.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45682&t=45682
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX - Why NO glaobal (outside) command [7:45676]

[Karagozian Sarkis]

Thanks Ole,

I just noticed the nat 0 

Here is how this old PIX is configured:

nat (inside) 0 216.119.xx.0 255.255.255.0 0 0 
static (inside,outside) 216.119.xx.0 216.119.xx.0 netmask 255.255.255.0 0
0   -- why same IP for both??
static (websvers,oustide) 216.119.xx.240 216.119.xx.240 netmask
255.255.255.240 0 0  --- also same IP for both ??

Can u explain. more...
Thanks
Sarkis 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45681&t=45676
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT : routing design architecture [7:45680]

[ashish nigam]

Hi,
I have been searching about different ways routing can be implemented, in
terms of design and architecture.
zebra code is good enough to look at but it is without any documentation at
the code and design level.

So if anyone knows where I can find one, please let me know.

Thanks,
Ashish




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45680&t=45680
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX - Why NO glaobal (outside) command [7:45676]

[Ole Drews Jensen]

To my best knowledge, you WILL NEED a global command when using the nat
command, UNLESS you are using the nat-id 0 to disable nat on devices located
on the inside network with public addresses.

Example:

  PIX(config)# nat (inside) 0 0 0
  nat 0 0.0.0.0 will be non-translated
  PIX(config)# show nat
  nat (inside) 0 0.0.0.0 0.0.0.0 0 0
  PIX(config)#

Hth,

Ole

~
 Ole Drews Jensen
 Systems Network Manager
 CCNP, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]
~
 http://www.RouterChief.com
~
 Need a Job?
 http://www.OleDrews.com/job
~




-Original Message-
From: Karagozian Sarkis [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 03, 2002 9:51 AM
To: [EMAIL PROTECTED]
Subject: PIX - Why NO glaobal (outside) command [7:45676]


I have seen some PIX configs with NO global (outside) 1 . command 
but only see NAT (inside) 1 0 0 command .
Does that mean all traffic is allowed to go out ??? 

Can someone expaln.
Thanks

Sarkis




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45679&t=45676
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Anyone seen this? [7:45664]

[Maccubbin, Duncan]

Host is just the name of the IDS location. Yes, it would have to generating
inside my network and since I don't own that network it is being pushed out
to the internet. Once it heads out to the internet the IDS sees it. Sadly,
my network is fairly large and flat so I don't have many places I can catch
it with an ACL. It is always the same address and it happens in bursts but
not at the same times.

-Original Message-
From: Daniel Cotts [mailto:[EMAIL PROTECTED]] 
Sent: Monday, June 03, 2002 12:05 PM
To: [EMAIL PROTECTED]
Subject: RE: Anyone seen this? [7:45664]

I can ping and trace to that address.
1654 ms48 ms48 ms  l0.washdc3-cmb1.bbnplanet.net [4.0.0.3]
What is the meaning of the "Host:" in your IDS output?
It would seem that the true source of the packet would be within your own
network. - Else how would it get there?
Again, it would seem to be local to the IDS or from a location that had a
default route to the IDS location.
Can you set up access-lists on various router ports that would log traffic
with those addresses? I'm assuming that it is the same ip address each time.

> -Original Message-
> From: Maccubbin, Duncan [mailto:[EMAIL PROTECTED]]
> Sent: Monday, June 03, 2002 10:12 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Anyone seen this? [7:45664]
> 
> 
> No, the Whois shows it belonging to BBN planet. 
> 
> 
> -Original Message-
> From: Daniel Cotts [mailto:[EMAIL PROTECTED]] 
> Sent: Monday, June 03, 2002 11:04 AM
> To: 'Maccubbin, Duncan'; [EMAIL PROTECTED]
> Subject: RE: Anyone seen this? [7:45664]
> 
> First question: Is 4.0.0.3 a valid address on your network? 
> 
> > -Original Message-
> > From: Maccubbin, Duncan [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, June 03, 2002 9:01 AM
> > To: [EMAIL PROTECTED]
> > Subject: Anyone seen this? [7:45664]
> > 
> > 
> > My IDS from time to time pulls this up. I don't know how to 
> > track it down
> > easily. Any ideas?
> >  
> > IDS ALERT at: 2002-06-03 09:30:06
> > SIGNATURE: BAD TRAFFIC same SRC/DST
> > HOST: TIP3-90Sub
> > SID: 1
> > CID: 945479
> > SRC IP: 4.0.0.3
> > DST IP: 4.0.0.3




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45678&t=45664
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Anyone seen this? [7:45664]

[Daniel Cotts]

I can ping and trace to that address.
1654 ms48 ms48 ms  l0.washdc3-cmb1.bbnplanet.net [4.0.0.3]
What is the meaning of the "Host:" in your IDS output?
It would seem that the true source of the packet would be within your own
network. - Else how would it get there?
Again, it would seem to be local to the IDS or from a location that had a
default route to the IDS location.
Can you set up access-lists on various router ports that would log traffic
with those addresses? I'm assuming that it is the same ip address each time.

> -Original Message-
> From: Maccubbin, Duncan [mailto:[EMAIL PROTECTED]]
> Sent: Monday, June 03, 2002 10:12 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Anyone seen this? [7:45664]
> 
> 
> No, the Whois shows it belonging to BBN planet. 
> 
> 
> -Original Message-
> From: Daniel Cotts [mailto:[EMAIL PROTECTED]] 
> Sent: Monday, June 03, 2002 11:04 AM
> To: 'Maccubbin, Duncan'; [EMAIL PROTECTED]
> Subject: RE: Anyone seen this? [7:45664]
> 
> First question: Is 4.0.0.3 a valid address on your network? 
> 
> > -Original Message-
> > From: Maccubbin, Duncan [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, June 03, 2002 9:01 AM
> > To: [EMAIL PROTECTED]
> > Subject: Anyone seen this? [7:45664]
> > 
> > 
> > My IDS from time to time pulls this up. I don't know how to 
> > track it down
> > easily. Any ideas?
> >  
> > IDS ALERT at: 2002-06-03 09:30:06
> > SIGNATURE: BAD TRAFFIC same SRC/DST
> > HOST: TIP3-90Sub
> > SID: 1
> > CID: 945479
> > SRC IP: 4.0.0.3
> > DST IP: 4.0.0.3




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45677&t=45664
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX - Why NO glaobal (outside) command [7:45676]

[Karagozian Sarkis]

I have seen some PIX configs with NO global (outside) 1 . command 
but only see NAT (inside) 1 0 0 command .
Does that mean all traffic is allowed to go out ??? 

Can someone expaln.
Thanks

Sarkis


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45676&t=45676
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

DQOS Exam [7:45666]

[Pierrek]

Anybody has idea about "9E0-601 Deploying QoS for Enterprise Networks" exam
does "IP quality of service"  Ciscopress book cover all the exam ?
Boson Test any good?

Thanks in advance

Pierrek




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45666&t=45666
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How do I approach the company about my CCIE [7:40261]

[nrf]

By no means am I a Juniper fanatic (nor am I a Cisco fanatic).  But allow me
to add some points here.


""Wes Stevens""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Peter I have been following and trading Juniper stock for years. In the
> beginning everyone loved it because it was so focused - just high end
> routers. Two things came together in 2000 to help them grow sales 6x over
> 1999 one was the massive build out of the telcos and the other was the
fact
> that they had a year lead on cisco for delivering 192 interfaces.

Juniper's biggest opening was indeed due to the fact that Cisco was late in
delivering its 192 interfaces.   But even now that Cisco has its 124xx
series out, Juniper's products still enjoy key technical advantages, as
detailed in Lightreading and other studies.   Perhaps the key advantage is
that Cisco's routers (all series) have been notorious for having its
performance drop precipitously whenever you turn on a significant number of
services,  something that does not happen with Juniper.  Other advantages
include faster BGP convergence and the ability to handle huge BGP route
tables, which is important if you want to implement lots of RFC2547 VPN's.
Not to mention the bizarre Engine 0/1/2/4 paradigm and of course the sheer
brawn of the new Juniper T640 which Cisco will not match anytime soon.

That's not to say that Cisco doesn't hold some advantages of its own.  For
example, Cisco's CoS implementation is more flexible.  Cisco has some
interesting fault-tolerance features with its DPT technology that Juniper
does not have.  And of course Cisco enjoys the advantages of being the
incumbent, so that means that people are simply more familiar with their
gear (but this can be looked at the other way too, as that makes the fact
that Juniper has still managed to win significant share even more
impressive).

>In 2001
> the telco's started cutting back and juniper sales growth went to up 32 %,
> but all of it came in the first half. Since mid year last year sales have
> been dropping qtr over qtr. The biggest reason is the same reason the
> analysts used to love it - focused only on the high end telco market. Well
> the telco's are in a world of trouble. They are so deep in dept that most
> will never climb out. Global xing bit the dust and it looks like wcom may
> follow. Quest is in deep trouble too. Believe it or not the only hope for
a
> recovery in the next year is that these big guys go chapter 11 and then
> reorg. All the investors get screwed but their debt goes away and they may
> have some money to invest again. All of the major telcos cut capex for the
> rest of this year and next in their first quarter report.

Yes it is definitely true that the service-provider market is fuc*ed up now.
But that's not to say that Cisco hasn't been hurt by this as well.  In fact
you may recall that 5 years ago or so Cisco's strategy to unseat the telco
vendor incumbents at that time - Nortel, Lucent, Alcatel, Siemens, etc. -
was to back "New-Economy" telcos, and this super-charged Cisco's growth
through the late 90's.  Now of course these new telcos are mostly dead.

Now I do agree completely that Juniper is being hurt proportionately more
than Cisco is being hurt by the telco wasteland.  But that's not to say that
Cisco isn't being hurt at all.

>Juniper's also has
> to deal with cisco now as they are going after that same market and have
> taken share away in the last year.

I disagree with this, in this way.  Obviously I agree that Cisco has gained
overall share for the simple reason that the whole provider subsegment is
down.  However, if you're talking about gaining share within that provider
subsegment, then this unclear. The only studies that have shown such a thing
is Dell'Oro, and these studies are problematic, specifically because they
choose to include any router that is OC-192 capable is counted as a provider
sale.  Doesn't matter whether that router is actually sold to a provider or
an enterprise.  It also doesn't matter whether the actual OC192 interfaces
themselves are sold, just the chassis.  It's been well know that Cisco has
sold quite a few of those 124xx routers to enterprises.  And in fact, no
significant Juniper customer has been lost to Cisco.So it's difficult to
say using just Dell'Oro whether share within the provider subsegment was
really gained or not.

>This will be especially a problem in
> markets outside the us where cisco already has a presence and juniper does
> not. The last two purchases by Juniper say the reconize the problem as
they
> are trying to broaden their product line. But they paid too much for
> Unishere and it will be dilutive this year.

Well, I would say that if Cisco is calling Juniper too acquisitive, then
it's really a case of the pot calling the kettle black.Cisco has been
one of the most rapaciously acquisitive companies in history.   And in fact
much of the reason that Cisco has been so successful is precisely due 

RE: Anyone seen this? [7:45664]

[Maccubbin, Duncan]

No, the Whois shows it belonging to BBN planet. 


-Original Message-
From: Daniel Cotts [mailto:[EMAIL PROTECTED]] 
Sent: Monday, June 03, 2002 11:04 AM
To: 'Maccubbin, Duncan'; [EMAIL PROTECTED]
Subject: RE: Anyone seen this? [7:45664]

First question: Is 4.0.0.3 a valid address on your network? 

> -Original Message-
> From: Maccubbin, Duncan [mailto:[EMAIL PROTECTED]]
> Sent: Monday, June 03, 2002 9:01 AM
> To: [EMAIL PROTECTED]
> Subject: Anyone seen this? [7:45664]
> 
> 
> My IDS from time to time pulls this up. I don't know how to 
> track it down
> easily. Any ideas?
>  
> IDS ALERT at: 2002-06-03 09:30:06
> SIGNATURE: BAD TRAFFIC same SRC/DST
> HOST: TIP3-90Sub
> SID: 1
> CID: 945479
> SRC IP: 4.0.0.3
> DST IP: 4.0.0.3




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45675&t=45664
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Anyone seen this? [7:45664]

[Daniel Cotts]

First question: Is 4.0.0.3 a valid address on your network? 

> -Original Message-
> From: Maccubbin, Duncan [mailto:[EMAIL PROTECTED]]
> Sent: Monday, June 03, 2002 9:01 AM
> To: [EMAIL PROTECTED]
> Subject: Anyone seen this? [7:45664]
> 
> 
> My IDS from time to time pulls this up. I don't know how to 
> track it down
> easily. Any ideas?
>  
> IDS ALERT at: 2002-06-03 09:30:06
> SIGNATURE: BAD TRAFFIC same SRC/DST
> HOST: TIP3-90Sub
> SID: 1
> CID: 945479
> SRC IP: 4.0.0.3
> DST IP: 4.0.0.3




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45674&t=45664
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 7202 Bootflash [7:45665]

[Daniel Cotts]

You can verify what boot image you have with: sh ver, sh bootflash:, or dir
bootflash:
You can update your boot image by copying it into bootflash: or onto a
PCMCIA Flash Card. I'm assuming that your router has one or two slots. If
you copy to a card then you will have to add a line in your config to point
to that file.
The exact procedure should be given on CCO. 

> -Original Message-
> From: NK Sat [mailto:[EMAIL PROTECTED]]
> Sent: Monday, June 03, 2002 9:07 AM
> To: [EMAIL PROTECTED]
> Subject: 7202 Bootflash [7:45665]
> 
> 
> Hi guys,
>   I have a 7202 running 11.1.   I cannot use "sh bootflash" 
> how do i upgrade 
> the bootflash.
> 
> I am trying to put 12.0.7 which needs a bootflash upgarde too..
> 
> Please help...
> 
> Thanks
> 
> _
> Chat with friends online, try MSN Messenger: http://messenger.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45672&t=45665
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Pix 501, DNS, and solution [7:45671]

[Justin C]

To all,

I had a lot of fun with a Pix 501 in the month of March/April.  After a few 
posts here and working with the suggestions received, the problem was 
narrowed down to the following:

- Initial configuration of Pix, using DHCP on the inside and outside 
interfaces.
- Pix software version 6.1
- I could telnet, send receive email using Outlook, ssh, etc through the 
Pix.
- I could NOT browse the web.
- Use of static IP addressing did not resolve the problem.
- Even TAC was puzzled by the problem, and they accessed the Pix remotely to 
check the settings.

It was discovered that I could browse the web, so long as I typed in the IP 
address.  DNS replies were not getting through the Pix to my PC.  I had/have 
only two PCs behind the Pix, and no MS DNS servers are being used.  
Eventually, I found two fixes for this problem:

1  Give the Pix a domain setting.  This can be done either in the PDM or 
using the dhcpd domain http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45671&t=45671
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: pix question [7:45639]

[Justin C]

Anthony,

>From what I read in your post:

Cable Modem Inside - 172.16.1.1/16
Pix Outside -172.16.1.1/16 (you have 172.161.1.1/16 below)
Pix Inside - 10.1.1.1/24
default route: in your post "route outside 0 0 172.16.1.2"
   what it should be "route outside 0 0 172.16.1.1"
   this is based on the above information

With the above configuration to be correct and the route outside statement 
changed, try to ping your cable modem from the pix.  If this works, then 
move on to getting from the inside of your pix to the outside.

Justin


From: "Anthony Ramsey" 
Reply-To: "Anthony Ramsey" 
To: [EMAIL PROTECTED]
Subject: pix question [7:45639]
Date: Sun, 2 Jun 2002 18:49:24 -0400

Hi all,
I appreciate any feedback to my question:
I am setting up a lab environment and intially trying to configure a router 
and a pix behind it.  my router's outside interface is connected to a cable 
modem and have a live ip address assigned to it.
cable modempix> inside hosts.

the router's inside interface has a private ip add.  of 172.16.1.1 /24 and 
the pix' outside interface is 172.161.1.2 /24.  the inside interface of the 
pix has an ip address of 10.1.1.1 /24 and all inside hosts have that as the 
default gateway.  securities are set up correctly on the inside and outside 
interfaces.  I am using a global pat address, different from the one on the 
router's interface connected to the cable modem (no statics going on in the 
pix).  i am unable to
reach the internet even when I use the statement: "conduit permit ip any 
any"  and no packets are able to reach the 172.16.1.0 network from the 
inside hosts not even the 172.16.1.2 address which belongs to the
pix's outside interface.  I have a "route outside 0 0 172.16.1.2" statement 
as well.  from the router I can ping inside hosts, with the
correct route statement.

hope this is enough information. please help!
thanks
Tony

_
Chat with friends online, try MSN Messenger: http://messenger.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45669&t=45639
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How to hook up modem with router [7:45657]

[Daniel Cotts]

I'm assuming that you have something like a TLS-5. TLS = Telephone Line
Simulator.
It substitutes for the Telephone Central Office. You will want to connect a
modem to your aux port and then connect the telco side of the modem to the
TLS. To do anything meaningful you'll need a second modem and a second
router.
CCO should have several sample configs.

> -Original Message-
> From: Omer Ehsan Dar [mailto:[EMAIL PROTECTED]]
> Sent: Monday, June 03, 2002 7:12 AM
> To: [EMAIL PROTECTED]
> Subject: How to hook up modem with router [7:45657]
> 
> 
> Hi all , 
> Could any one guide me how to hook up a teltone line simulator with a
> router. I have no experience in this. Do we use th AUX??
> thanks.
> Omer




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45670&t=45657
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

SecureCRT problems [7:45667]

[Peter Voirin]

Hi, im using SecureCRT to gain access to a friends router lab. Ive noticed
that in some instances when im configuring the routers, the system
automatically seems to reset when im opening up a pre existing session from
the TermServ. It goes into configuration mode i.e. askes me:

Would you like to enter the initial configuration dialog? [yes/no]:
.. etc .. and the router resets.

I'm not sure why this happens. I've also noticed when im configuring the
router, when i hold down the backspace key, the router also seems to reset:

System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE
Copyright (c) 1986-1995 by cisco Systems
2500 processor with 16384 Kbytes of main memory
.. etc ..

I've used other telnet applications. I've even gone on r1r2.com and noticed
the same peculiarity occuring with the various telnet clients i have.

Does anyone know exactly what's going on? How should the telnet client be
set up. I have it in vt100 mode.

Any help would be appreciated.
Many thanks.
Voirin.



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45667&t=45667
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

7202 Bootflash [7:45665]

[NK Sat]

Hi guys,
  I have a 7202 running 11.1.   I cannot use "sh bootflash" how do i upgrade 
the bootflash.

I am trying to put 12.0.7 which needs a bootflash upgarde too..

Please help...

Thanks

_
Chat with friends online, try MSN Messenger: http://messenger.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45665&t=45665
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Anyone seen this? [7:45664]

[Maccubbin, Duncan]

My IDS from time to time pulls this up. I don't know how to track it down
easily. Any ideas?
 
IDS ALERT at: 2002-06-03 09:30:06
SIGNATURE: BAD TRAFFIC same SRC/DST
HOST: TIP3-90Sub
SID: 1
CID: 945479
SRC IP: 4.0.0.3
DST IP: 4.0.0.3




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45664&t=45664
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Clarification needed on PIX [7:45663]

[Anil Kumar]

Hi All,

Does the PIX FW support secondary ip address option for the
interface, as in Cisco router ethernet interface?



Thanks in Advance for the reply.

Regards.. Anil



__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45663&t=45663
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Encryption [7:45649]

[Steven A. Ridder]

1.  To see the encrypted data, 1. do a show crypto sa (somethink like that)
and 2. do a show crypto map.  I'm not near any routers, so I can't verify
the commands.

2.  If you purchase the VPN HW for the routers, there will be no performance
degredation .
""Mamoon Dawood""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Dear All,
>
> Our customer ABC has the following Scenario:
> 1- HQ office with 3640 router and one Frame Relay (704Kbps speed)
connection
> to
> connect 11 branches,
> 2- In each branch there is 1750 router with one 64Kbps connection to the
HQ,
> there is planning to implement ISDN backup for these links in the near
> future,
> 3- Now we will propose inserting MOD1700-VPN in each 1750 router and the
> NM-VPN
> in the HQ 3640 router,  we will also update the IOS so that the new one
can
> work
> with the 3DES encryption function,
>
> Now, our planes:
>
> 2- We need a procedure to see that data after switching on encryption has
> been
> altered, so there is Encryption happened, we need command or such thing to
> show
> them
> 3- They are asking if there will be any performance degradation when
> switching
> on encryption, and if our solution is better/worst than the Cylink or
Thales
> solution
>
> Waiting your usual positive response,
>
> Kindest Regards,
> Mamoon Dawood




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45662&t=45649
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Aspiring CCNA ( 640-507 ) [7:45654]

[Kaminski, Shawn G]

Go to www.packetattack.com where you will find a free 60-question CCNA
640-607 practice exam.

Shawn K.

> -Original Message-
> From: Rahul Salve [SMTP:[EMAIL PROTECTED]]
> Sent: Monday, June 03, 2002 5:58 AM
> To:   [EMAIL PROTECTED]
> Subject:  Aspiring CCNA ( 640-507 ) [7:45654]
> 
> Hello to all,
> 
> Can you help me, i am new I this field.
> I want to give CCNA ( 640-507 ) exam
> 
> Can you just help me to locate the resources
> for CCNA on the web, I search a lot but most of the
> website are paid web site.
> 
> I will be very greatful to you.
> Thanks you
> 
> 
> Regards-
> Rahul S. Salve
> 
> --
> --
> 
> National Centre For Software Tech.,   Tel:  6201606 Ext 348 (O)
> Gulmohar Cross Road No.9 6400957 (R)
> Juhu , Mumbai -400050
> --
> --
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45661&t=45654
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX question [7:45658]

[Cisco Breaker]

PIX doesnt support that, routers or sups supports.

Best regards,



""Anil Kumar""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi All,
>
> Does the PIX fw support secondary ip address option for the
> interface, as which is carried out on router ethernet
> interface?
>
>
> Thanks in Advance.
>
> Regards.. Anil
>
>
> __
> Do You Yahoo!?
> Yahoo! - Official partner of 2002 FIFA World Cup
> http://fifaworldcup.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45660&t=45658
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Aspiring CCNA ( 640-507 ) [7:45654]

[Ole Drews Jensen]

FYI, they have a new 640-607 out.

Try these (watch for wordwrap):

http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_exam
s/640-607.html

http://studyguides.cramsession.com/cramsession/cisco/default.asp?ID=1#

For what I did, click here:

http://www.routerchief.com/My-CCNA2.htm

Hth,

Ole

~
 Ole Drews Jensen
 Systems Network Manager
 CCNP, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]
~
 http://www.RouterChief.com
~
 Need a Job?
 http://www.OleDrews.com/job
~




-Original Message-
From: Rahul Salve [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 03, 2002 3:58 AM
To: [EMAIL PROTECTED]
Subject: Aspiring CCNA ( 640-507 ) [7:45654]


Hello to all,

Can you help me, i am new I this field.
I want to give CCNA ( 640-507 ) exam

Can you just help me to locate the resources
for CCNA on the web, I search a lot but most of the
website are paid web site.

I will be very greatful to you.
Thanks you


Regards-
Rahul S. Salve



National Centre For Software Tech.,   Tel:  6201606 Ext 348 (O)
Gulmohar Cross Road No.9 6400957 (R)
Juhu , Mumbai -400050






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45659&t=45654
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX question [7:45658]

[Anil Kumar]

Hi All,

Does the PIX fw support secondary ip address option for the
interface, as which is carried out on router ethernet
interface?


Thanks in Advance.

Regards.. Anil


__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45658&t=45658
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

How to hook up modem with router [7:45657]

[Omer Ehsan Dar]

Hi all , 
Could any one guide me how to hook up a teltone line simulator with a
router. I have no experience in this. Do we use th AUX??
thanks.
Omer




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45657&t=45657
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OOB Testing [7:45556]

[Bülent Şahin]

If you have experience on Perl, you can write your script easily using
modules NET::Telnet::Cisco and Mail::Sender.
Bulent


-Original Message-
From: Mark Godfrey [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 31, 2002 10:46 PM
To: [EMAIL PROTECTED]
Subject: OOB Testing [7:45556]


Group,

I would like help with writting a script that dials out to all my
out-of-band 56k modems connected to my terminal servers and verify
connectivity. If connectivity is not working it would send out an email to
the Engineer telling the name of the device not working. Any help would be
appriciated.

Thanks,

MG




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45656&t=45556
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

How many committed access rate policies with access-lists can [7:45655]

[Cisco Breaker]

Hi all,

My questions are regarding to CAR aka rate-limit. I have use rate-limit with
access-list but I never wonder how many policies can I create with
access-lists.

How many committed access rate policies with access-lists can be applied to
an interface?

Documentations says 100 policies (can be either access-list or other type as
I understand) to subinterface not to an interface. Is it limited to standard
or extended access-list number limit 99? Can I use 99 standard access list
and 99 extended access lists and apply each one of them to a different (200)
CAR policy. Or am I limited to 100 policies only as stated.

Also if I can use 200 policies how much cpu utilization could I see on a
3600 or 7200? Documentations only states that it would be a significant
impact to use extended access-lists with car.

I would really appreciate if anyone  answers these questions.

Best regards,




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45655&t=45655
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Aspiring CCNA ( 640-507 ) [7:45654]

[Rahul Salve]

Hello to all,

Can you help me, i am new I this field.
I want to give CCNA ( 640-507 ) exam

Can you just help me to locate the resources
for CCNA on the web, I search a lot but most of the
website are paid web site.

I will be very greatful to you.
Thanks you


Regards-
Rahul S. Salve



National Centre For Software Tech.,   Tel:  6201606 Ext 348 (O)
Gulmohar Cross Road No.9 6400957 (R)
Juhu , Mumbai -400050






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45654&t=45654
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

help: what kind of interface? [7:45653]

[TP]

Group,

I have a LAN for data and voice traffic and a cisco 2621 as gateway 
voip/pstn
with FXO interfaces.
I have to realize the same configuration with the same data/voice gateway BUT
with 4 BRI (Italy as NT interface)
What kind of interface I need?

Any suggestion will be appreciate,
Teresa




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45653&t=45653
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco 770 to Nortel pp2430 [7:45652]

[pravin]

Hi
I am trying to connet from cisco 770 to nortel passport 2430 .Cisco dails
out and disconnet after 2 sec.i am using ppp with chap auth.
I don't have much knowledge about Nortel ..we r configuring it through
sitemanager.IF anyone has done this pls help me.

---
Nortel gives this log

-
#   11: 06/01/2002 01:24:40.241  INFO SLOT  1  SWSERV Code:
77
ISDN Connect Request for Call ID 168 on DSL 0.

#   12: 06/01/2002 01:24:40.330  INFO SLOT  1  SWSERV Code:
83
ISDN Connect Confirm Indication for Call ID 168 on DSL 0.

#   13: 06/01/2002 01:24:40.366  INFO SLOT  1  PPPCode:
200
Link layer for line 201301:0 initializing for circuit 65535.

#   14: 06/01/2002 01:24:41.289  INFO SLOT  1  PPPCode:
142
Link Establishment Phase complete on line 201301:0, circuit 65535.

#   15: 06/01/2002 01:24:41.293  INFO SLOT  1  PPPCode:
132
Type:  to page;  advance 1 line; Q to quit

 LCP up on line 201301:0, circuit 65535.

#   16: 06/01/2002 01:24:41.301  WARNING  SLOT  1  PPPCode:
98
Failed to locate `pp2430` in WHOAMI table.

#   17: 06/01/2002 01:24:41.331  INFO SLOT  1  PPPCode:
29
LCP down on circuit -1.

#   18: 06/01/2002 01:24:42.029  INFO SLOT  1  SWSERV Code:
71
ISDN Disconnect Indication for Call ID 168  with Cause 16 (NORMAL CLEARING)
on DSL 0.

#   19: 06/01/2002 01:24:42.030  INFO SLOT  1  SWSERV Code:
76
ISDN Clear Request for Call ID 168 on DSL 0.

#   20: 06/01/2002 01:24:42.033  INFO SLOT  1  SWSERV Code:
135
ISDN Connection Terminated for Call ID 168, Channel B1 on DSL 0.
Duration of call from NONE to NONE is 0 mins 2 secs

--
This is config of Cisco.
set systemname delhi
set switch net3
cd lan
set ip address 172.168.1.1
set ip netmask 255.255.0.0
set ip routing on
set bridging off
cd
set user pp2430
set ppp clientname pp2430
set ppp secret client
1234
1234
set ppp secret host
1234
1234
set bridging off
set ip address 195.0.0.2
set ip netmask 255.255.255.0
set ip routing on
set encapsulation ppp
set ppp authentication incoming chap
set timeout 300
set 1 number 916455267
set 2 number 916455267
SEt IP ROUTE DEstination 0.0.0.0/0 GAteway 195.0.0.1
set active




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45652&t=45652
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]