Re: 3524xl switch does not boot after frmware update... [7:48306]
chris wrote Those 2 switches are 2900s, not 3500s. C2900XL POST FAILURE: Testing Switch Core: Failed Chris you are wright, I mixed snippets, the error message is this: . C3500xl POST: Testing Switch Core: Passed Error with Switch Core BIST test Phase 0. Returns: Test Complete Low : 0x03FF, Test Complete High : 0x3372 Test Phase Low : 0x0100, Test Phase High : 0x Test Phase Third : 0x, Test Complete Third : 0x0060 C3500xl POST FAILURE: Testing Switch Core: Failed .. The first snippet came from an failed attempt to install an early version of firmware, where we took the wrong .bin-file. The error message looks a little bit simular. Sorry. best regards Alec Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48306t=48306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
3524xl switch does not boot after firmware update [7:48307]
update of 3524XL firmware results in boot problems In a network with twelve 3524xl switches and one 3508xl we updated to the recent firmware image c3500XL-c3h2s-mz.120-5.WC3b. This was successfull with 6 switches 3524 and the 3508; they are working fine, showing up the features of the new image, no known bugs of the former version etc.. But 2 switches do not boot up after transferring the new image, showing this error message --- C3500xl POST: System Board Test: Passed C3500xl POST: Daughter Card Test: Passed C3500xl POST: CPU Buffer Test: Passed C3500xl POST: CPU Notify RAM Test: Passed C3500xl POST: CPU Interface Test: Passed C3500xl POST: Testing Switch Core: Passed Error with Switch Core BIST test Phase 0. Returns: Test Complete Low : 0x03FF, Test Complete High : 0x3372 Test Phase Low : 0x0100, Test Phase High : 0x Test Phase Third : 0x, Test Complete Third : 0x0060 C3500xl POST FAILURE: Testing Switch Core: Failed C3500xl POST FAILURE: Testing Buffer Table: Failed --- All switches were purchased at the same time, they have nearly subsequent serial numbers. All were updated with the same procedure. All of them work fine till day of updating. Is there anybody to tell us,: - what is the reason for the failure and how to avoid this - how can we update dead switches any hint appreciated Alec von Fersen, Frankfurt, Germany Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48307t=48307 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN modules [7:48187]
Hi Len, You can use the following IOS for the IPSEC, there are two options; IOS with 3DES and FW options, another without FW option. With FW Option: File name: c1700-k9o3sy-mz.122-10a.bin Description: IP/FW/IDS PLUS IPSEC 3DES Minimum Recommended Memory to download image - 8 MB Flash and 32 MB RAM Without FW Option: File name: c1700-k9sy-mz.122-10a.bin Description: IP PLUS IPSEC 3DES Minimum Recommended Memory to download image - 8 MB Flash and 32 MB RAM If you have Memory problems than you can also select the older Versions of IOS with 12.1. Hope that it will help, regards, -- Arshad Mughal Steven A. Ridder wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... No, but I'm sure anything above 12.0 is OK. I'd check the IOS feature navigator on CCO and you can nail down exactly what you need. Len Campbell wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Thanks for your help steve, do you know what version of the IOS is supported? Steven A. Ridder wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The VPN module is used to take the encryption processing load off of the CPU. FOR IP SEC, you need a DES or 3DES designated IOS. -- RFC 1149 Compliant. Len Campbell wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... What is the VPN module used for on the Cisco 1720 if the router has the capability in the IOS? I want to do IP SEC VPN and I was told that it is supported without the VPN module. Just wondering the difference between the two. With and w/o the module. Thanks in Advance Len Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48308t=48187 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help [7:48085]
Hi Daniel, Thank you very much for your info. Our customer is using NAT on proxy server, not on the router. So as u said we can subnet further for two group, in that case do I need to create sub int on the eth for two set of group. So that one group will be have default gate-way of 192.168.1.1 and for other group will be 192.168.1.129. Here we will eliminate the proxy server, directly we put NAT on the router and moreover this customer is using 11.3ver IOS. So will this configuration work out for us, pls, give your suggestion , really I will be great full u to. interface Ethernet0.1 ip address 192.168.1.1 255.255.255.128 custom-queue-list 1 no ip directed-broadcast ip nat inside interface ethernet0.2 ip address 192.168.1.129 255.255.255.128 custom-queue-list 1 no ip directed-broadcast ip nat inside interface Serial0 ip address x.x.x.x 255.255.255.252 no ip directed-broadcast ip nat outside ! ! ip nat inside source list 1 interface Serial0 overload ip classless ip route 0.0.0.0 0.0.0.0 x.x.x.x access-list 1 permit 192.168.1.0 0.0.0.127 access-list 2 permit 192.168.1.128 0.0.0.127 queue-list 1 protocol ip 1 list 1 queue-list 1 protocol ip 2 list 2 queue-list 1 default 3 regads Prabu On Fri, 5 Jul 2002, Daniel Thiffeault wrote: Pradhu, Some more questions are raised from what you said: 1.. you said you gave 16 addresses, are they public or private addresses. What is the range of those addresses, 10.0.0.0/8, 192.168.0.0 etc ... 2.. you said you are not using PAT Port address translation. If you have just 16 addresses how do you want 45 people to access the internet at the same time. Still not clear. if you are using NAT you need a pool of 45 addresses if you want those users to access the net simultaneously. Now enough questions, i am just going to try to guess. Let's say that you have one ethernet segment. The users got their addresses from the 192.168.1.0/24 network. Let's say thay the first group needs access for browsing 192.168.1.1-192.168.1.127 the second group 192.168.1.128-192.168.1.254 needs access for whatever reason. 1.. Create an access list access-list 1 permit 192.168.1.0 0.0.0.127 access-list 2 permit 192.168.1.128 0.0.0.127 2. Create a custom queue list queue-list 1 protocol ip 1 list 1 queue-list 1 protocol ip 2 list 2 queue-list 1 default 3 3. Assign the queue to the interface custom-queue-list 1 This should give roughly equal access to both group of users. Queue 1 is serviced 1500 bytes - the default- are allowed to pass, then queue 2 is serviced. Again queue 2 is passing 1500 bytes. If the traffic does not conform to either queue1 or queue 2 it will be queued to the default queue. It is always a good thing to direct the non conforming traffic somewhere ! Hope it answers your question. Otherwise just repost and we'll find a way. Regards, DT cr Prabhu K. wrote in message news:[EMAIL PROTECTED]... Hai Daniel, 1.. You said that you have 45 users, but you have only 2 switches with 12 ports each for a total of 24 ports. On what are connected the rest of the users. Those 21. They may use HUB for to connecting remaining user's. 2.How do you assign the addresses on the workstation. Dhcp server or you assign them statically. They are using Proxy server. 3. What is the range of addresses on the Ethernet segment We have give 16 IP to that customer, he has to divide further for two segments. 4.. Are you using PAT. Port address translation no sir, 5.. Do you want to give the possibility to access the internet to 45 simultaneous users. Yes sir, what we will do is create a sub int on the router ethernet and that will act as a one more gateway for another proxy server. So we will put rate-limit for that sub int. 6.. if you give the first group of 25 users 128 kbps and 128 kbps to the second group of users 128 kbps. It means that on average both groups have roughly the same amount of bandwidth per users. The question is then, what's the point to do that. If you had 2 groups with VERY distinct needs i would understand. But the way you present the problem both groups have more or less the same needs. Consequently, i do not see any needs for differentiating the traffic. Because the 25 user's are Browsing user's and another user's are staff, so they want's limit the BW for browsing people(128K). On Thu, 4 Jul 2002, Daniel Thiffeault wrote: Pradhu, you've got : 1.. a 2500 router with a 256kbps link to the internet 2.. 2 switches from the 1900 series. Each switch has 12 ports 3.. 45 users divided in 2 groups. One group with 25 users. Another group with 20 users. Each group needs 128 kbps of bandwidth. Each group needs access to the internet. 4.. 16 public addresses. 5..
Remote Access 640-605 [7:48310]
Hi Group, Can anybody please tell me if the the new Remote Access 640-605 exam has simulation questions like in the new CCNA? Thanks _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48310t=48310 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Ciscoworks 2000 [7:48211]
If you have Device Fault Manager installed, it has a tab that you can set up an email address or messaging phone number that will send you an alert if a device goes down. The problem with it is that you can't change the message that you get from CiscoWorks, which is a really vague alert saying that there has been an Operational Exception. Hope this helps, Bill Mckenzie Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48311t=48211 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Remote Access 640-605 [7:48310]
Yes, According to Cisco, the Routing and Remote Access Exams are the two exams that have had simulations added to them. Good Luck! Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tunji Suleiman Sent: Monday, July 08, 2002 5:17 AM To: [EMAIL PROTECTED] Subject: Remote Access 640-605 [7:48310] Hi Group, Can anybody please tell me if the the new Remote Access 640-605 exam has simulation questions like in the new CCNA? Thanks _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48312t=48310 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP/CCIP BSCI Author Introduction [7:48313]
I wanted to introduce myself. My name is Carl Timm and I'm the primary author of the CCNP/CCIP BSCI Study Guide by Sybex. I'm also a CCIE in Routing and Switching. I would like to answer any questions there may be about the BSCI. If you would like to contact me, just put my name in the subject and I will try my best to answer your questions. Thanks, Carl Timm, CCIE# 7149 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48313t=48313 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 3524xl switch does not boot after firmware update [7:48307]
Can you get to the switch: prompt? Look at the password recovery procedure for the steps. Take a look at the content of flash:. Maybe there are too many files so your update didn't completely download. www.cisco.com/warp/public/474/pswdrec_2900xl.html Check out your boot variables. The image name is case sensitive. www.cisco.com/warp/public/473/36.shtml See Common Problems Switch Not Booting Automatically, Needs a Manual Boot at hte ROMMON (Switch: Prompt) See Setting BOOT Parameters at ROMMON (Switch: Prompt). Please post your solution to the list. -Original Message- From: Alec von Fersen [mailto:[EMAIL PROTECTED]] Sent: Monday, July 08, 2002 3:42 AM To: [EMAIL PROTECTED] Subject: 3524xl switch does not boot after firmware update [7:48307] update of 3524XL firmware results in boot problems In a network with twelve 3524xl switches and one 3508xl we updated to the recent firmware image c3500XL-c3h2s-mz.120-5.WC3b. This was successfull with 6 switches 3524 and the 3508; they are working fine, showing up the features of the new image, no known bugs of the former version etc.. But 2 switches do not boot up after transferring the new image, showing this error message --- C3500xl POST: System Board Test: Passed C3500xl POST: Daughter Card Test: Passed C3500xl POST: CPU Buffer Test: Passed C3500xl POST: CPU Notify RAM Test: Passed C3500xl POST: CPU Interface Test: Passed C3500xl POST: Testing Switch Core: Passed Error with Switch Core BIST test Phase 0. Returns: Test Complete Low : 0x03FF, Test Complete High : 0x3372 Test Phase Low : 0x0100, Test Phase High : 0x Test Phase Third : 0x, Test Complete Third : 0x0060 C3500xl POST FAILURE: Testing Switch Core: Failed C3500xl POST FAILURE: Testing Buffer Table: Failed --- All switches were purchased at the same time, they have nearly subsequent serial numbers. All were updated with the same procedure. All of them work fine till day of updating. Is there anybody to tell us,: - what is the reason for the failure and how to avoid this - how can we update dead switches any hint appreciated Alec von Fersen, Frankfurt, Germany Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48314t=48307 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Remote Access 640-605 [7:48310]
Most definitely Bill Creighton CCNP Senior System Engineer Motorola iDEN CNRC Packet Data -Original Message- From: Tunji Suleiman [mailto:[EMAIL PROTECTED]] Sent: Monday, July 08, 2002 5:17 AM To: [EMAIL PROTECTED] Subject: Remote Access 640-605 [7:48310] Hi Group, Can anybody please tell me if the the new Remote Access 640-605 exam has simulation questions like in the new CCNA? Thanks _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48315t=48310 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cut-through vs Store Forward [7:48316]
Hello, I understand the differences between Cut-through and Store Forward. My question is: How do you decide with method to use?, in whch situation have you change the switching method?. Thanks Alejandro Acosta Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48316t=48316 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic - speculating on Lab equipment [7:48268]
Chuck wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... not so long as Cisco is making a bundle selling CCIE study books and CCIE Lab slots. ;- I doubt that this is a serious concern. If this was Cisco's real motivation, then why not just go all the way? For example, have one-hour lab exams. Then they could sell many more lab slots per day than they do now. Or if selling training were the driving goal, then why doesn't Cisco open its own CCIE bootcamp schools? I swear if they did, all those other bootcamp schools would lose all the business - because if you were going to attend one, wouldn't you preferentially want to attend the one run by Cisco itself? I doubt that Cisco sees the CCIE program as a serious profit center. The profits made must be miniscule compared to the rest of its profit streams. I think it sees the program as a way to maintain its status as a premier IT solutions company. Besides, the driver here is the channel partner situation, not the end user situation. As you recall, it was at the time stated that the primary reason for moving to the one day lab was to help out their channel partners. The unforeseen consequence of the one day lab seems to have been that the lab backlog is as long as ever. The CISSP folks finally got wise to the certification phenomenon in their field as well. I seem to recall seeing some study materials in Borders last time I was there. It is interesting that their response was to require more verifiable experience, rather than more money for their test ;- John Kaberna wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... That is why the CCIE program should adopt a similar rule to the CISSP. You must have 3 years (as of this January it's 4 years) of verifiable experience in security to take the CISSP. Cisco should require that candidates have at least 4 or 5 years of Cisco experience prior to qualifying for the lab. If a person lies they are automatically forbidden from ever attempting the CCIE again. The lab rat problem would be for the most part solved. You might have a few liars, but when those people blow up someone's network they could be reported to Cisco so that they can investigate if the person lied about their experience. John Kaberna CCIE #7146 (R/S, Security) nrf wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Chuck wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... just did some looking around on CCO. checking the current state of the art for IOS images for the 25xx routers we all know and love so dearly. it's looking like the images are getting so bloated that pretty soon they will exceed the physical limits of the router flash and dram. this could be disastrous to all us lab rats ;- I know this is going to sound so bad when I say this. But maybe that's the point - to cut down on the number of lab-rats. Yeah yeah, I know a bunch of you are going to read that and immediately jump all over me. You're going to say things like People should be allowed to learn what they want and Information wants to be free and that kind of thing. All I have to say is this. Learning how to be, say, a doctor is not free - it's unbelievably expensive. Not everybody who wants to be a doctor is allowed to be one. You can't just decide that you want to learn surgery and then just expect somebody to give you a bunch of cadavers so you can start cutting them up. You can't just walk into a hospital and demand that somebody start teaching you medicine. And this is true of just about any profession - law, investment-banking, pharmacy, engineering, pro-athlete, you name it. The fact is, all professions operate on the principle of exclusion. Yes, I know that sounds rough, but that's life. Not everybody who wants to be a doctor gets to be a doctor. Not everybody who wants to play pro-football actually gets to play pro football. And, yes, not everybody who wants to be a network guy (especially the senior network guy) actually gets to be the network guy. Somewhere along the line, exclusion has to take place for that profession to remain attractive. If it's medicine we're talking about, then the exclusion takes place in getting admitted to med school, and then the grueling years of medical training which has the effect of excluding people who aren't mentally tough enough to make it. If it's pro sports, it's the harsh selectivity odds of being good enough to play professionally. And everybody accepts this. For example, you don't see any huge outcry for med schools to use open-admissions policies, where anybody who applies is automatically accepted. So the point is this. If network engineering is to remain a viable profession, then exclusion has to take place somewhere. You can
RE: Cisco 7010 router help [7:47893]
My guess is that you have a 7505 rather than a 7005 (no such animal). A 7505 has 7500 Series on the back (non-interface side) and 7505 on a sticker by the power cord. The good news is that it accepts newer RSP cards. I did compare a RSP2 to a RSP7000 and found that the connectors are different. As well, there are metal tabs on the back of the cards. They have a keyway that prevents them from being seated into the wrong slot. The RSP2 and RSP7000 have different keyways. So in answer to the original question - the way to upgrade a 7010 to run IOS greater than 11.2 is to acquire the RSP7000 RSP7000CI card set. -Original Message- From: Patrick Bass [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 03, 2002 7:00 PM To: [EMAIL PROTECTED] Subject: Re: Cisco 7010 router help [7:47893] I just checked I'm using an RSP2 in a 7005. Does that help? Daniel Cotts wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Let me start with what is documented and then ask if anyone is doing it differently. First off the 7010 is a five slot chassis. It originally shipped with a route processor (RP), and a switch processor (SP). Later versions had a silicon switch processor (SSP). The 7000 is from the same family as the 7010. It has seven slots. Again it used the RP and SP/SSP pair. As previously posted, the IOS updates for the RP ended at 11.2. When Cisco introduced the 7500 series it created an upgrade for the existing 7000/7010 boxes. That was the RSP7000 / RSP7000CI set of cards. Note that the routing function and the switching function moved to one card. See: http://www.cisco.com/univercd/cc/td/doc/product/core/cis7000/r outeswi/25617r sp.htm Some are available. Often the RSP7000CI board, which contains all of the environmental monitoring functions is missing. I doubt that is an issue for lab use. The RSP7000 runs current IOS. The 7500 series replaced the 7010 with the 7505. The 7000 became the 7507. IIRC The 7505 shipped with an RSP1 card, the 7507 had an RSP2. Patrick's post sent me to CCO. The 7505 does support the RSP1, RSP2, RSP4, and RSP8. See the following: http://www.cisco.com/univercd/cc/td/doc/product/core/cis7505/r te_swit/index. htm The 7000s had the CX buss, the 7500s the CY buss. Interface cards designed for the CX buss will work in the 7500s (with some exceptions. Usually resolved with a later version of the card.) I have not looked at the connectors on the rear of an RSP7000 vs an RSP2 or RSP4. My guess is that they are different because of the different busses. Anyone know? Anyone use an RSP2 in a 7000? If so, my prayers are answered. If not, anyone have a RSP7000 set at a reasonable price? -Original Message- From: Patrick Bass [mailto:[EMAIL PROTECTED]] Sent: Monday, July 01, 2002 11:43 PM To: [EMAIL PROTECTED] Subject: Re: Cisco 7010 router help [7:47893] I've got RSP7000/7500 version 12.1.15 ent/fw/ids/56 version, 16f/64r, the filename is rsp-jo3sv56i-mz.121-15.bin... you need a cco account to get it, and i suppose a cco account with the right privs. In any event, I'm guessing it will work on a 7010. i'm using a 7005 with an rsp2... Kazan, Naim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... This is off the topic but can you help me with what version of IOS is support by the 7010 router. I was told before end of sale of 7010 router, the highest ios version was 11.0. Is that correct or can I DL 12.0 version to 7010 router. The router is for home lab use only. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48317t=47893 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Off Topic - probes from unknown netowrks - reason to worry? [7:48318]
I'm currently doing something that requires a particular piece of equipment of mine be on the public internet. I have use of four public IP addresses from my ISP, but for the most part I have just my PC's connected via my firewall device, so that I am generally using only one of those IP's. Most of the time, the other three are not being used. In any case, over the past couple of days that I have had something connected, I have noticed something happening on the piece of equipment. IP: s=64.115.76.211 (Ethernet0), d=X.X.X.X, len 48, access denied IP: s=X.X.X.X (local), d=64.115.76.211 (Ethernet0), len 56, sending IP: s=64.115.76.211 (Ethernet0), d=X.X.X.X, len 48, access denied IP: s=X.X.X.X (local), d=64.115.76.211 (Ethernet0), len 56, sending IP: s=62.248.145.87 (Ethernet0), d=X.X.X.X, len 48, access denied IP: s=X.X.X.X (local), d=62.248.145.87 (Ethernet0), len 56, sending IP: s=62.248.145.87 (Ethernet0), d=X.X.X.X, len 48, access denied IP: s=X.X.X.X (local), d=62.248.145.87 (Ethernet0), len 56, sending IP: s=62.248.145.87 (Ethernet0), d=X.X.X.X, len 48, access denied IP: s=X.X.X.X (local), d=62.248.145.87 (Ethernet0), len 56, sending IP: s=168.154.165.13 (Ethernet0), d=X.X.X.X, len 44, access denied IP: s=X.X.X.X (local), d=168.154.165.13 (Ethernet0), len 56, sending IP: s=168.154.165.13 (Ethernet0), d=X.X.X.X, len 44, access denied IP: s=X.X.X.X (local), d=168.154.165.13 (Ethernet0), len 56, sending IP: s=168.154.165.13 (Ethernet0), d=X.X.X.X, len 40, access denied IP: s=X.X.X.X (local), d=168.154.165.13 (Ethernet0), len 56, sending IP: s=209.41.111.6 (Ethernet0), d=X.X.X.X, len 44, access denied IP: s=X.X.X.X (local), d=209.41.111.6 (Ethernet0), len 56, sending IP: s=209.41.111.6 (Ethernet0), d=X.X.X.X, len 44, access denied IP: s=X.X.X.X (local), d=209.41.111.6 (Ethernet0), len 56, sending IP: s=209.41.111.6 (Ethernet0), d=X.X.X.X, len 44, access denied IP: s=X.X.X.X (local), d=209.41.111.6 (Ethernet0), len 56, sending ! Access is denied because the source IP's are not meeting certain requirements, like maybe using forbidden ports, or maybe being from forbidden subnets or maybe because they are communists. Just wondering. Accident? Something to watch? Something to report? Chuck Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48318t=48318 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Lab Swap - Aug 15th for Early October [7:48320]
I have a date on Aug 15th in San Jose that I'd like to swap for October 8th or earlier in San Jose. Please contact me ASAP at [EMAIL PROTECTED] Michael Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48320t=48320 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Off Topic - probes from unknown netowrks - reason [7:48318]
Looks like normal Internet behavior to me. The hackers are probably pinging or port scanning. There's not enough info to tell. Also what is the time between the attempts? If it's continuous or continual, then maybe you should get worried. But, mostly I would just say, welcome to the Internet. You could look up the offending source addresses in the Whois database. If you can find the ISP, you could complain. Some firewalls (or firewall advisers like Who's There) will do the lookup for you and even compose an e-mail to the offender. Priscilla Oppenheimer http://www.priscilla.com Chuck wrote: I'm currently doing something that requires a particular piece of equipment of mine be on the public internet. I have use of four public IP addresses from my ISP, but for the most part I have just my PC's connected via my firewall device, so that I am generally using only one of those IP's. Most of the time, the other three are not being used. In any case, over the past couple of days that I have had something connected, I have noticed something happening on the piece of equipment. IP: s=64.115.76.211 (Ethernet0), d=X.X.X.X, len 48, access denied IP: s=X.X.X.X (local), d=64.115.76.211 (Ethernet0), len 56, sending IP: s=64.115.76.211 (Ethernet0), d=X.X.X.X, len 48, access denied IP: s=X.X.X.X (local), d=64.115.76.211 (Ethernet0), len 56, sending IP: s=62.248.145.87 (Ethernet0), d=X.X.X.X, len 48, access denied IP: s=X.X.X.X (local), d=62.248.145.87 (Ethernet0), len 56, sending IP: s=62.248.145.87 (Ethernet0), d=X.X.X.X, len 48, access denied IP: s=X.X.X.X (local), d=62.248.145.87 (Ethernet0), len 56, sending IP: s=62.248.145.87 (Ethernet0), d=X.X.X.X, len 48, access denied IP: s=X.X.X.X (local), d=62.248.145.87 (Ethernet0), len 56, sending IP: s=168.154.165.13 (Ethernet0), d=X.X.X.X, len 44, access denied IP: s=X.X.X.X (local), d=168.154.165.13 (Ethernet0), len 56, sending IP: s=168.154.165.13 (Ethernet0), d=X.X.X.X, len 44, access denied IP: s=X.X.X.X (local), d=168.154.165.13 (Ethernet0), len 56, sending IP: s=168.154.165.13 (Ethernet0), d=X.X.X.X, len 40, access denied IP: s=X.X.X.X (local), d=168.154.165.13 (Ethernet0), len 56, sending IP: s=209.41.111.6 (Ethernet0), d=X.X.X.X, len 44, access denied IP: s=X.X.X.X (local), d=209.41.111.6 (Ethernet0), len 56, sending IP: s=209.41.111.6 (Ethernet0), d=X.X.X.X, len 44, access denied IP: s=X.X.X.X (local), d=209.41.111.6 (Ethernet0), len 56, sending IP: s=209.41.111.6 (Ethernet0), d=X.X.X.X, len 44, access denied IP: s=X.X.X.X (local), d=209.41.111.6 (Ethernet0), len 56, sending ! Access is denied because the source IP's are not meeting certain requirements, like maybe using forbidden ports, or maybe being from forbidden subnets or maybe because they are communists. Just wondering. Accident? Something to watch? Something to report? Chuck Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48321t=48318 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cut-through vs Store Forward [7:48316]
Alejandro Acosta Alamo wrote: Hello, I understand the differences between Cut-through and Store Forward. My question is: How do you decide with method to use?, in whch situation have you change the switching method?. Thanks Alejandro Acosta A lot of switches support only one method, so you don't have a choice. If you do have a choice, the decision is based on the number of errors on your network. Cut-through doesn't do any error checking and in fact forwards frames that have a bad CRC or are too short. Ethernet says that frames must be at least 64 bytes. Anything less is considered a fragment and is illegal. Cut-through forwards fragments that have an entire destination address that can be looked up to get a port number. If your switch connects many shared networks, then CRC errors and fragments due to collisions are normal. But why waste bandwidth forwarding these to other ports on the LAN? In this case, you might want to go with store-and-forward which does not forward errored frames or fragments. If your switch connects single devices all using full-duplex, then it's unlikely that you are experiencing many CRC or fragments. So, cut-through makes the most sense. Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48322t=48316 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
is quot;ppp auth chap callinquot; configured on [7:48319]
Timur Mirza Principal Network Engineer Network Planning Engineering, West Region 15505-B Sand Canyon Avenue Irvine, California 92618 Verizon Wireless 949.286.6623 (o) 949.697.7964 (c) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48319t=48319 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX-535 Hanging [7:48323]
Anybody have experience with troubleshooting PIX-535 problems? I have one that, when I boot it up, says: Cisco Secure PIX Firewall BIOS (4.1) #0: Tue Dec 5 17:35:26 PST 2000 Platform PIX-535 hanging... And then it just stays there. Does anybody have any idea what this means or, more specifically, how to fix it? I have searched CCO unsuccessfully. Thanks, Kevin Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48323t=48323 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Mac Layer access list [7:48324]
I looked through the CCO, the groupstudy archive and my stack of cisco press books, but I can't find any information about setting up an ACL for MAC addresses. Has anybody done it before? Here's what I'm trying to do: I've got a wireless access point that lets just anybody join. I want to put a router upstream to block all but a limited number of pre-defined MAC addresses. Any thoughts? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48324t=48324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Mac Layer access list [7:48324]
Dennis Laganiere wrote: Here's what I'm trying to do: I've got a wireless access point that lets just anybody join. I want to put a router upstream to block all but a limited number of pre-defined MAC addresses. Any thoughts? http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/ibm_r/brprt1/brtb.htm#xtocid2 They work only when the box is *bridging* between the interfaces. Been there, done that. Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48327t=48324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX-535 Hanging [7:48323]
We had a PIX 506 with this problem. Field notice is at: http://www.cisco.com/warp/customer/770/fn15490.shtml But, the field notice only applies to 506 and 515's. We ended up sending ours in for replacement. Dale.. -Original Message- From: Kevin Love [mailto:[EMAIL PROTECTED]] Sent: Monday, July 08, 2002 12:19 PM To: [EMAIL PROTECTED] Subject: PIX-535 Hanging [7:48323] Anybody have experience with troubleshooting PIX-535 problems? I have one that, when I boot it up, says: Cisco Secure PIX Firewall BIOS (4.1) #0: Tue Dec 5 17:35:26 PST 2000 Platform PIX-535 hanging... And then it just stays there. Does anybody have any idea what this means or, more specifically, how to fix it? I have searched CCO unsuccessfully. Thanks, Kevin Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48328t=48323 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Mac Layer access list [7:48324]
I have tried this before, but no results. Tha MAC access lists can be used in two cases: -When you are bridging - When using CAR HTH, Hamid Dennis Laganiere wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I looked through the CCO, the groupstudy archive and my stack of cisco press books, but I can't find any information about setting up an ACL for MAC addresses. Has anybody done it before? Here's what I'm trying to do: I've got a wireless access point that lets just anybody join. I want to put a router upstream to block all but a limited number of pre-defined MAC addresses. Any thoughts? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48329t=48324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Mac Layer access list [7:48324]
I believe that this functionality can be implented in the access point itself. Probably depends on how feature-rich the AP is, however. I believe the Cisco units can do this. -- Jeff Harris - Cisco/Unix Engineer CCNP - Cisco Certified Network Professional On Mon, Jul 08, 2002 at 06:03:50PM +, Dennis Laganiere wrote: I looked through the CCO, the groupstudy archive and my stack of cisco press books, but I can't find any information about setting up an ACL for MAC addresses. Has anybody done it before? Here's what I'm trying to do: I've got a wireless access point that lets just anybody join. I want to put a router upstream to block all but a limited number of pre-defined MAC addresses. Any thoughts? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48330t=48324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN client autodial [7:48331]
Is there any way to disable the autodial for the VPN client? I've a client who is remotely connecting to the network via dial-up using Cisco VPN client. The problem is anytimes he connects to his ISP the VPN client dialsup to connect to the network. THanks SM Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48331t=48331 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: callmanager dial plan question [7:48300]
Trick is you will have to deal with the timeout problem with your current layout. Because all your Pleasanton extensions start with 6, and your RTP numbers start with 6, the CCM can't tell from the first button how many digits to expect. It would work better if you have an escape key for non-local internal sites, like an 8. As for users at RTP, you can set them up so they can dial their 4 digit extension locally. You'll need to set up an RTP partition and an RTP calling search space that specifies the RTP partition before everything else. Setup all extensions at RTP with 4 digits in the RTP partition with the RTP css. Also, create a translation pattern in a partition that all sites have access to, set it to translate 685 to and give it a css of RTP. You can copy this for all sites. And Chuck is right, dial plans are not shared between clusters within the software, so a Grand Dial Plan Scheme should be developed before starting and implemented within each cluster. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48332t=48300 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Mac Layer access list [7:48324]
As others have pointed out, having your upstream router act as a bridge is your best bet. Out of curiosity, what brand of access point is involved? If you haven't yet, you may want to see if the vendor has an updated firmware available for download that includes the option for the AP to filter by source mac. Hal -Original Message- From: Dennis Laganiere [mailto:[EMAIL PROTECTED]] Sent: Monday, July 08, 2002 2:04 PM To: [EMAIL PROTECTED] Subject: Mac Layer access list [7:48324] I looked through the CCO, the groupstudy archive and my stack of cisco press books, but I can't find any information about setting up an ACL for MAC addresses. Has anybody done it before? Here's what I'm trying to do: I've got a wireless access point that lets just anybody join. I want to put a router upstream to block all but a limited number of pre-defined MAC addresses. Any thoughts? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48333t=48324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX-535 Hanging [7:48323]
Does anyone know specifically what hardware Cisco replaced to correct this problem? CPU? Motherboard? RAM? NIC? Thanks, Mike --- Dale Wishop wrote: We had a PIX 506 with this problem. Field notice is at: http://www.cisco.com/warp/customer/770/fn15490.shtml But, the field notice only applies to 506 and 515's. We ended up sending ours in for replacement. Dale.. -Original Message- From: Kevin Love [mailto:[EMAIL PROTECTED]] Sent: Monday, July 08, 2002 12:19 PM To: [EMAIL PROTECTED] Subject: PIX-535 Hanging [7:48323] Anybody have experience with troubleshooting PIX-535 problems? I have one that, when I boot it up, says: Cisco Secure PIX Firewall BIOS (4.1) #0: Tue Dec 5 17:35:26 PST 2000 Platform PIX-535 hanging... And then it just stays there. Does anybody have any idea what this means or, more specifically, how to fix it? I have searched CCO unsuccessfully. Thanks, Kevin [EMAIL PROTECTED] __ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48335t=48323 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Mac Layer access list [7:48324]
I think you could do what you want by using the rate-limit command (CAR) with a mac acl. Just give the mac addresses you want blocked 0 bandwidth and they're finished! Enjoy! JR Dennis Laganiere wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I looked through the CCO, the groupstudy archive and my stack of cisco press books, but I can't find any information about setting up an ACL for MAC addresses. Has anybody done it before? Here's what I'm trying to do: I've got a wireless access point that lets just anybody join. I want to put a router upstream to block all but a limited number of pre-defined MAC addresses. Any thoughts? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48334t=48324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Mac Layer access list [7:48324]
On Mon, 8 Jul 2002, Jeff Harris wrote: I believe that this functionality can be implented in the access point itself. Probably depends on how feature-rich the AP is, however. I believe the Cisco units can do this. It most certainly can, but obviously not on the AP that Dennis is using. I recently setup MAC address filtering on a Belkin Wireless Access Point, and it works a treat. Although, seeing as Belkin wireless products are all that I have had exposure to, I cannot vouch for other vendors. Jeff Harris - Cisco/Unix Engineer CCNP - Cisco Certified Network Professional On Mon, Jul 08, 2002 at 06:03:50PM +, Dennis Laganiere wrote: I looked through the CCO, the groupstudy archive and my stack of cisco press books, but I can't find any information about setting up an ACL for MAC addresses. Has anybody done it before? Here's what I'm trying to do: I've got a wireless access point that lets just anybody join. I want to put a router upstream to block all but a limited number of pre-defined MAC addresses. Any thoughts? Ashley -- Ashley Reynolds [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48337t=48324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Opinions on Providers [7:48339]
I was wondering if anyone would be willing to share their experiences, good or bad, with Cable and Wireless or Genuity. I am thinking of getting some upstream connectivity from them. Thanks in advance. Guy H. Lupi CCIE No. 9275 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48339t=48339 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX-535 Hanging [7:48323]
From the quoted page: Workaround/Solution Workaround The only potential workaround is to reduce the traffic throughput level to the point where the hang does not occur. Levels under 15 mbit/second may be sufficiently low, however this varies from unit to unit and it may be impossible to avoid the hang on some units. You may be able to reduce the traffic levels by hard coding all interfaces to 10BaseT, or via means external to the PIX. Solution The solution is to replace the failed hardware. PIX 515 and 506 systems manufactured as of October 2nd, 2001 are free of this problem. A global purge of the service depot stock has been completed as of October 26th, 2001. All PIX systems replaced by the return materials authorization (RMA) process are free of this problem. Customers who wish to replace one or more of their systems which are failing due to the problem described in this field notice should contact the Technical Assistance Center by following the instructions at the end if this notice and request a standard RMA. Bri On Mon, 8 Jul 2002, Michael Gunnels wrote: Does anyone know specifically what hardware Cisco replaced to correct this problem? CPU? Motherboard? RAM? NIC? Thanks, Mike --- Dale Wishop wrote: We had a PIX 506 with this problem. Field notice is at: http://www.cisco.com/warp/customer/770/fn15490.shtml But, the field notice only applies to 506 and 515's. We ended up sending ours in for replacement. Dale.. -Original Message- From: Kevin Love [mailto:[EMAIL PROTECTED]] Sent: Monday, July 08, 2002 12:19 PM To: [EMAIL PROTECTED] Subject: PIX-535 Hanging [7:48323] Anybody have experience with troubleshooting PIX-535 problems? I have one that, when I boot it up, says: Cisco Secure PIX Firewall BIOS (4.1) #0: Tue Dec 5 17:35:26 PST 2000 Platform PIX-535 hanging... And then it just stays there. Does anybody have any idea what this means or, more specifically, how to fix it? I have searched CCO unsuccessfully. Thanks, Kevin [EMAIL PROTECTED] __ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48338t=48323 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX-535 Hanging [7:48323]
Thanks, but this doesn't answer my question. I read this too... Mike --- Brian wrote: From the quoted page: Workaround/Solution Workaround The only potential workaround is to reduce the traffic throughput level to the point where the hang does not occur. Levels under 15 mbit/second may be sufficiently low, however this varies from unit to unit and it may be impossible to avoid the hang on some units. You may be able to reduce the traffic levels by hard coding all interfaces to 10BaseT, or via means external to the PIX. Solution The solution is to replace the failed hardware. PIX 515 and 506 systems manufactured as of October 2nd, 2001 are free of this problem. A global purge of the service depot stock has been completed as of October 26th, 2001. All PIX systems replaced by the return materials authorization (RMA) process are free of this problem. Customers who wish to replace one or more of their systems which are failing due to the problem described in this field notice should contact the Technical Assistance Center by following the instructions at the end if this notice and request a standard RMA. Bri On Mon, 8 Jul 2002, Michael Gunnels wrote: Does anyone know specifically what hardware Cisco replaced to correct this problem? CPU? Motherboard? RAM? NIC? Thanks, Mike --- Dale Wishop wrote: We had a PIX 506 with this problem. Field notice is at: http://www.cisco.com/warp/customer/770/fn15490.shtml But, the field notice only applies to 506 and 515's. We ended up sending ours in for replacement. Dale.. -Original Message- From: Kevin Love [mailto:[EMAIL PROTECTED]] Sent: Monday, July 08, 2002 12:19 PM To: [EMAIL PROTECTED] Subject: PIX-535 Hanging [7:48323] Anybody have experience with troubleshooting PIX-535 problems? I have one that, when I boot it up, says: Cisco Secure PIX Firewall BIOS (4.1) #0: Tue Dec 5 17:35:26 PST 2000 Platform PIX-535 hanging... And then it just stays there. Does anybody have any idea what this means or, more specifically, how to fix it? I have searched CCO unsuccessfully. Thanks, Kevin [EMAIL PROTECTED] __ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com [EMAIL PROTECTED] __ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48341t=48323 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
flash not found [7:48340]
I Have a 1720 router and when I boot the router I get flash not found. I am new to these router and dont know where to start. How can I get the latest flash and what tool do I need. Thanks in advance Len Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48340t=48340 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic - probes from unknown netowrks - reason to worry? [7:48342]
I don't really see anything unusual. It's very common, and not unexpected, for public IP addresses to be regularly scanned. The scanning may be limited to simple icmp pings, or may be more sophisticated using tools like nmap. To be safe, you should always harden any host that's going to appear on the public Internet...especially if that host is also allowed access to your internal network. If you want more info on what's happening, deploy snort (www.snort.org) and see what it tells you. If you notice that someone is definitely trying to exploit your systems, then you may want to report the incident to the offender's ISP...otherwise, there's really nothing illegal about simple occasional pings, other than they may violate some ISP's TOS. HTH, Craig At 03:45 PM 7/8/2002 +, you wrote: I'm currently doing something that requires a particular piece of equipment of mine be on the public internet. I have use of four public IP addresses from my ISP, but for the most part I have just my PC's connected via my firewall device, so that I am generally using only one of those IP's. Most of the time, the other three are not being used. In any case, over the past couple of days that I have had something connected, I have noticed something happening on the piece of equipment. IP: s=64.115.76.211 (Ethernet0), d=X.X.X.X, len 48, access denied IP: s=X.X.X.X (local), d=64.115.76.211 (Ethernet0), len 56, sending IP: s=64.115.76.211 (Ethernet0), d=X.X.X.X, len 48, access denied IP: s=X.X.X.X (local), d=64.115.76.211 (Ethernet0), len 56, sending IP: s=62.248.145.87 (Ethernet0), d=X.X.X.X, len 48, access denied IP: s=X.X.X.X (local), d=62.248.145.87 (Ethernet0), len 56, sending IP: s=62.248.145.87 (Ethernet0), d=X.X.X.X, len 48, access denied IP: s=X.X.X.X (local), d=62.248.145.87 (Ethernet0), len 56, sending IP: s=62.248.145.87 (Ethernet0), d=X.X.X.X, len 48, access denied IP: s=X.X.X.X (local), d=62.248.145.87 (Ethernet0), len 56, sending IP: s=168.154.165.13 (Ethernet0), d=X.X.X.X, len 44, access denied IP: s=X.X.X.X (local), d=168.154.165.13 (Ethernet0), len 56, sending IP: s=168.154.165.13 (Ethernet0), d=X.X.X.X, len 44, access denied IP: s=X.X.X.X (local), d=168.154.165.13 (Ethernet0), len 56, sending IP: s=168.154.165.13 (Ethernet0), d=X.X.X.X, len 40, access denied IP: s=X.X.X.X (local), d=168.154.165.13 (Ethernet0), len 56, sending IP: s=209.41.111.6 (Ethernet0), d=X.X.X.X, len 44, access denied IP: s=X.X.X.X (local), d=209.41.111.6 (Ethernet0), len 56, sending IP: s=209.41.111.6 (Ethernet0), d=X.X.X.X, len 44, access denied IP: s=X.X.X.X (local), d=209.41.111.6 (Ethernet0), len 56, sending IP: s=209.41.111.6 (Ethernet0), d=X.X.X.X, len 44, access denied IP: s=X.X.X.X (local), d=209.41.111.6 (Ethernet0), len 56, sending ! Access is denied because the source IP's are not meeting certain requirements, like maybe using forbidden ports, or maybe being from forbidden subnets or maybe because they are communists. Just wondering. Accident? Something to watch? Something to report? Chuck Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48342t=48342 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco Aironet Bridge 500 [7:48344]
Hi guys, I have an Aironet Bridge 500 that I tried upgrading the firmware to. Cisco's website basically says that the 340 series and 500 series firmware is the same. So anyway, I tried upgrading it, and the radio crashed. Now I am unable to console into the Aironet, and I can't get in through the Ethernet Port either. Has anyone seen anything like this? Is there a way to do a forced reload on the Aironet that would help me get in? Thanks a million in advance, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48344t=48344 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Opinions on Providers [7:48339]
Lupi, Guy wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I was wondering if anyone would be willing to share their experiences, good or bad, with Cable and Wireless or Genuity. I am thinking of getting some upstream connectivity from them. Thanks in advance. Are you comparing them to each other or to somebody else? What are you considering buying besides just upstream? By upstream do you mean IP transit or also local loop connectivity for the IP transit? CW doesn't commonly provide local loop (that would be places like MCI/Worldcom, XO Communications, Electric Lightwave, Level-3, MFN, maybe Sprint or ATT), and Genuity for sure does not. What size of circuits or bandwidth? It is becoming more well-known that regular upstream connectivity (just IP transit services) can be bought cheaper at an neutral exchange point like Equinix, PAIX, Telehouse, et al than via a strange, unknown, remote carrier-specific POP. Connecting as a CLEC or via a CLEC that gets wholesale direct to carriers to these exchange points can be lucrative to avoid high local loop charges and also maintain a better, more available, transport network that scales with WDM and Layer 2 non-specific transport unlike regular TDM and SONET services. I guess it's really hard to say not knowing what you are trying to accomplish, but CW and Genuity are major Tier 1 ISP's that have excellent customer service. They are not quite as large as Sprint, but may offer advantages over, say, UUNet (who is owned by MCI/Worldcom) because of their financial problems (and dim outlook). If you currently employ use of Cisco routers and BGP-4, you may be able to enable NetFlow on your routers to gain a list of top ASN's (Autonomous System Numbers of all organizations that run BGP on the Internet) that you send traffic to and receive traffic from. I encourage you to attempt to look at these technical factors when making decisions of which provider to choose. This may also allow you to augment your traffic decisions in the future by peering at said exchange points above or entering programs where you pay sub-transit prices for connectivity to some ASes. The exchange points often can help if you have a contract with them, but you can also do a lot of this work yourself. -dre Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48343t=48339 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Opinions on Providers [7:48339]
I'm sure you can find horror stories from some people with any large provider even my favorite Qwest ;) I have worked with Genuity and the person I worked with on setting up the peer was competent and we got it working with no problems and reliability as far as I know has been good. I can site the same for Sprint, MCI, ATT, Onvoy, Qwest and others as well. I also have worked with people from the same providers that were, shall we say, less experinced, less customer focused and harder to work with. The point being most of the large providers are pretty stable and well connected and it often comes down to the customer experience which can vary with the same organization. Hmm, hows that for a non-answer!!! Dave Lupi, Guy wrote: I was wondering if anyone would be willing to share their experiences, good or bad, with Cable and Wireless or Genuity. I am thinking of getting some upstream connectivity from them. Thanks in advance. Guy H. Lupi CCIE No. 9275 -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48345t=48339 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cut-through vs Store Forward [7:48316]
MADMAN wrote: I seem to recall some Cisco switches that would perform cut-through switching until a configurable number of CRC's are detected and would switch to store-and-forward until errors cleared. Dave Oh, that's right! I meant to mention that in the message. Some switches automatically convert to store-and-forward when a configured threshold of errors is reached. This is sometimes called adaptive cut-through switching. I don't know which switches have this features. I just know that this always comes up in theoretical discussions of the switching mode. ;-) Also, some switches offer fragment-free cut-through switching. These switches do cut-through, but only after 64 bytes have been received. That way they avoid forwarding a frame that is illegally short. The Cat 5000 and 6000 family of switches only offer store-and-forward, by the way. I think this is an argument for considering cut-through and its varieties a marketing development, rather than a technical development. The reduced latency that cut-through offers is not a big advantages on real-world networks, especially since the latency on high-end store-and-forward switches is minimal anyway. Priscilla Priscilla Oppenheimer wrote: Alejandro Acosta Alamo wrote: Hello, I understand the differences between Cut-through and Store Forward. My question is: How do you decide with method to use?, in whch situation have you change the switching method?. Thanks Alejandro Acosta A lot of switches support only one method, so you don't have a choice. If you do have a choice, the decision is based on the number of errors on your network. Cut-through doesn't do any error checking and in fact forwards frames that have a bad CRC or are too short. Ethernet says that frames must be at least 64 bytes. Anything less is considered a fragment and is illegal. Cut-through forwards fragments that have an entire destination address that can be looked up to get a port number. If your switch connects many shared networks, then CRC errors and fragments due to collisions are normal. But why waste bandwidth forwarding these to other ports on the LAN? In this case, you might want to go with store-and-forward which does not forward errored frames or fragments. If your switch connects single devices all using full-duplex, then it's unlikely that you are experiencing many CRC or fragments. So, cut-through makes the most sense. Priscilla Oppenheimer http://www.priscilla.com -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48346t=48316 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cut-through vs Store Forward [7:48316]
I seem to recall some Cisco switches that would perform cut-through switching until a configurable number of CRC's are detected and would switch to store-and-forward until errors cleared. Dave Priscilla Oppenheimer wrote: Alejandro Acosta Alamo wrote: Hello, I understand the differences between Cut-through and Store Forward. My question is: How do you decide with method to use?, in whch situation have you change the switching method?. Thanks Alejandro Acosta A lot of switches support only one method, so you don't have a choice. If you do have a choice, the decision is based on the number of errors on your network. Cut-through doesn't do any error checking and in fact forwards frames that have a bad CRC or are too short. Ethernet says that frames must be at least 64 bytes. Anything less is considered a fragment and is illegal. Cut-through forwards fragments that have an entire destination address that can be looked up to get a port number. If your switch connects many shared networks, then CRC errors and fragments due to collisions are normal. But why waste bandwidth forwarding these to other ports on the LAN? In this case, you might want to go with store-and-forward which does not forward errored frames or fragments. If your switch connects single devices all using full-duplex, then it's unlikely that you are experiencing many CRC or fragments. So, cut-through makes the most sense. Priscilla Oppenheimer http://www.priscilla.com -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48336t=48316 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Off Topic - probes from unknown netowrks - rea [7:48318]
And another addendum. ;-) Just wanted to mention that at first glance it may seem odd that your local device is sending a reply, despite it also saying that access was denied for the incoming message. Based on a bit more testing we did offline, it appears that the reply is a Destination Unreachable Net Unreachable. If the device is a Cisco router, I think you could configure it not to send that. From a security viewpoint, it's considered better to not reply at all, so the hackers don't know they got to a real address, as I'm sure you know. Cheers, Priscilla Priscilla Oppenheimer wrote: Looks like normal Internet behavior to me. The hackers are probably pinging or port scanning. There's not enough info to tell. Also what is the time between the attempts? If it's continuous or continual, then maybe you should get worried. But, mostly I would just say, welcome to the Internet. You could look up the offending source addresses in the Whois database. If you can find the ISP, you could complain. Some firewalls (or firewall advisers like Who's There) will do the lookup for you and even compose an e-mail to the offender. Priscilla Oppenheimer http://www.priscilla.com Chuck wrote: I'm currently doing something that requires a particular piece of equipment of mine be on the public internet. I have use of four public IP addresses from my ISP, but for the most part I have just my PC's connected via my firewall device, so that I am generally using only one of those IP's. Most of the time, the other three are not being used. In any case, over the past couple of days that I have had something connected, I have noticed something happening on the piece of equipment. IP: s=64.115.76.211 (Ethernet0), d=X.X.X.X, len 48, access denied IP: s=X.X.X.X (local), d=64.115.76.211 (Ethernet0), len 56, sending IP: s=64.115.76.211 (Ethernet0), d=X.X.X.X, len 48, access denied IP: s=X.X.X.X (local), d=64.115.76.211 (Ethernet0), len 56, sending IP: s=62.248.145.87 (Ethernet0), d=X.X.X.X, len 48, access denied IP: s=X.X.X.X (local), d=62.248.145.87 (Ethernet0), len 56, sending IP: s=62.248.145.87 (Ethernet0), d=X.X.X.X, len 48, access denied IP: s=X.X.X.X (local), d=62.248.145.87 (Ethernet0), len 56, sending IP: s=62.248.145.87 (Ethernet0), d=X.X.X.X, len 48, access denied IP: s=X.X.X.X (local), d=62.248.145.87 (Ethernet0), len 56, sending IP: s=168.154.165.13 (Ethernet0), d=X.X.X.X, len 44, access denied IP: s=X.X.X.X (local), d=168.154.165.13 (Ethernet0), len 56, sending IP: s=168.154.165.13 (Ethernet0), d=X.X.X.X, len 44, access denied IP: s=X.X.X.X (local), d=168.154.165.13 (Ethernet0), len 56, sending IP: s=168.154.165.13 (Ethernet0), d=X.X.X.X, len 40, access denied IP: s=X.X.X.X (local), d=168.154.165.13 (Ethernet0), len 56, sending IP: s=209.41.111.6 (Ethernet0), d=X.X.X.X, len 44, access denied IP: s=X.X.X.X (local), d=209.41.111.6 (Ethernet0), len 56, sending IP: s=209.41.111.6 (Ethernet0), d=X.X.X.X, len 44, access denied IP: s=X.X.X.X (local), d=209.41.111.6 (Ethernet0), len 56, sending IP: s=209.41.111.6 (Ethernet0), d=X.X.X.X, len 44, access denied IP: s=X.X.X.X (local), d=209.41.111.6 (Ethernet0), len 56, sending ! Access is denied because the source IP's are not meeting certain requirements, like maybe using forbidden ports, or maybe being from forbidden subnets or maybe because they are communists. Just wondering. Accident? Something to watch? Something to report? Chuck Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48347t=48318 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX-535 Hanging [7:48323]
Since I do not see a bug, try the tac case option? Bri On Mon, 8 Jul 2002, Michael Gunnels wrote: Thanks, but this doesn't answer my question. I read this too... Mike --- Brian wrote: From the quoted page: Workaround/Solution Workaround The only potential workaround is to reduce the traffic throughput level to the point where the hang does not occur. Levels under 15 mbit/second may be sufficiently low, however this varies from unit to unit and it may be impossible to avoid the hang on some units. You may be able to reduce the traffic levels by hard coding all interfaces to 10BaseT, or via means external to the PIX. Solution The solution is to replace the failed hardware. PIX 515 and 506 systems manufactured as of October 2nd, 2001 are free of this problem. A global purge of the service depot stock has been completed as of October 26th, 2001. All PIX systems replaced by the return materials authorization (RMA) process are free of this problem. Customers who wish to replace one or more of their systems which are failing due to the problem described in this field notice should contact the Technical Assistance Center by following the instructions at the end if this notice and request a standard RMA. Bri On Mon, 8 Jul 2002, Michael Gunnels wrote: Does anyone know specifically what hardware Cisco replaced to correct this problem? CPU? Motherboard? RAM? NIC? Thanks, Mike --- Dale Wishop wrote: We had a PIX 506 with this problem. Field notice is at: http://www.cisco.com/warp/customer/770/fn15490.shtml But, the field notice only applies to 506 and 515's. We ended up sending ours in for replacement. Dale.. -Original Message- From: Kevin Love [mailto:[EMAIL PROTECTED]] Sent: Monday, July 08, 2002 12:19 PM To: [EMAIL PROTECTED] Subject: PIX-535 Hanging [7:48323] Anybody have experience with troubleshooting PIX-535 problems? I have one that, when I boot it up, says: Cisco Secure PIX Firewall BIOS (4.1) #0: Tue Dec 5 17:35:26 PST 2000 Platform PIX-535 hanging... And then it just stays there. Does anybody have any idea what this means or, more specifically, how to fix it? I have searched CCO unsuccessfully. Thanks, Kevin [EMAIL PROTECTED] __ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com [EMAIL PROTECTED] __ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48348t=48323 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Mac Layer access list [7:48324]
My intention is to buy an Aeronet 1200, which I believe will have much of this functionality built in. For the initial testing I'm using an old Lucent (Orinoco) access point that I had in my desk from the last time I played with 802.11b two years ago. Since I've long since lost the cable and documentation I haven't been very successful getting a console session to make any changes (if anybody knows the cable pinout and console settings, let me know). I can easily filter based on static IP addresses, but MAC addresses would be better because it would make it that much more difficult to hack. By the way, even once I get the Areonet AP, the principle security tool is 128-bit WEP. The problem here is that WEP only offers encryption, not authentication or other security features; and It's already known to have been hacked - so the access list would still be nice as an extra layer of security. --- Dennis -Original Message- From: Logan, Harold [mailto:[EMAIL PROTECTED]] Sent: Monday, July 08, 2002 12:32 PM To: Dennis Laganiere; [EMAIL PROTECTED] Subject: RE: Mac Layer access list [7:48324] As others have pointed out, having your upstream router act as a bridge is your best bet. Out of curiosity, what brand of access point is involved? If you haven't yet, you may want to see if the vendor has an updated firmware available for download that includes the option for the AP to filter by source mac. Hal -Original Message- From: Dennis Laganiere [mailto:[EMAIL PROTECTED]] Sent: Monday, July 08, 2002 2:04 PM To: [EMAIL PROTECTED] Subject: Mac Layer access list [7:48324] I looked through the CCO, the groupstudy archive and my stack of cisco press books, but I can't find any information about setting up an ACL for MAC addresses. Has anybody done it before? Here's what I'm trying to do: I've got a wireless access point that lets just anybody join. I want to put a router upstream to block all but a limited number of pre-defined MAC addresses. Any thoughts? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48349t=48324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Opinions on Providers [7:48339]
You bring up some very interesting points, I will definitely look into some of your suggestions. I am not comparing them to each other, just wanted to get a general idea of peoples experience with their networks and customer service. We will be providing the loops, we have some very good relationships with local circuit providers, and are looking into either OC3 or OC12 connectivity to one or both. We already use Sprint, UUnet and Internap, but as you stated the financial state of a couple of these providers has us looking for alternatives and I heard that both of these companies provide quality service. Thank you. *-Original Message- *From: dre [mailto:[EMAIL PROTECTED]] *Sent: Monday, July 08, 2002 4:42 PM *To: [EMAIL PROTECTED] *Subject: Re: Opinions on Providers [7:48339] * * *Lupi, Guy wrote in message *[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... * I was wondering if anyone would be willing to share their *experiences, *good * or bad, with Cable and Wireless or Genuity. I am thinking *of getting some * upstream connectivity from them. Thanks in advance. * *Are you comparing them to each other or to somebody else? * *What are you considering buying besides just upstream? By *upstream do you mean IP transit or also local loop connectivity *for the IP transit? CW doesn't commonly provide local loop *(that would be places like MCI/Worldcom, XO Communications, *Electric Lightwave, Level-3, MFN, maybe Sprint or ATT), and *Genuity for sure does not. What size of circuits or bandwidth? * *It is becoming more well-known that regular upstream connectivity *(just IP transit services) can be bought cheaper at an neutral exchange *point like Equinix, PAIX, Telehouse, et al than via a strange, unknown, *remote carrier-specific POP. Connecting as a CLEC or via a CLEC *that gets wholesale direct to carriers to these exchange points can be *lucrative to avoid high local loop charges and also maintain a better, *more available, transport network that scales with WDM and Layer 2 *non-specific transport unlike regular TDM and SONET services. * *I guess it's really hard to say not knowing what you are trying to *accomplish, *but CW and Genuity are major Tier 1 ISP's that have excellent customer *service. They are not quite as large as Sprint, but may offer *advantages *over, *say, UUNet (who is owned by MCI/Worldcom) because of their financial *problems (and dim outlook). * *If you currently employ use of Cisco routers and BGP-4, you may be able *to enable NetFlow on your routers to gain a list of top ASN's *(Autonomous *System Numbers of all organizations that run BGP on the *Internet) that you *send traffic to and receive traffic from. I encourage you to *attempt to *look *at these technical factors when making decisions of which provider to *choose. *This may also allow you to augment your traffic decisions in *the future by *peering at said exchange points above or entering programs *where you pay *sub-transit prices for connectivity to some ASes. The *exchange points often *can help if you have a contract with them, but you can also do *a lot of this *work *yourself. * *-dre * * * * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48350t=48339 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Off Topic - Cisco vis a vis World Com [7:47505]
This company is way too big. I am not particularly versed in exactly how everything went down when the acquisition went through, but I do know I worked for UUNET a while back and now I work for WorldCom. The part of WorldCom that used to be called UUNET is in fact a huge money maker and I believe one of our best assetts. I would love to go back to being UUNET and not have anything to do with everything else that makes up WorldCom! Brian From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: Off Topic - Cisco vis a vis World Com [7:47505] Date: Mon, 8 Jul 2002 05:07:09 GMT Over here in South Africa, UUNET is claiming that they were not reliant on Worldcom for any financing, and that they (UUNET South Africa) have been profitable for the last 9 years or so and are still in the process of expanding... WorldCom's problems don't affect them ... Or so they say. Plus all of UUNET's Advertising still claims Cisco Powered Network UUNET, a truly good company from my experience with them. Thanks Manish -Original Message- From: Brian Lodwick [mailto:[EMAIL PROTECTED]] Sent: 05 July 2002 18:47 To: [EMAIL PROTECTED] Subject: Re: Off Topic - Cisco vis a vis World Com [7:47505] Don't confuse UUNet with WCOMs data networking division? UUNet is WorldCom, WorldCom is UUNet. All one big happy family right? A while back WorldCom finally stiff armed all UUNet people to fully integrate. Even to the point where you were not allowed to have your signature say UUNet on it it had to say WorldCom (and basically I think that was the day we lost control of the rudder and started heading towards that iceburg). WorldCom is Compuserve, UUNet, MFS, ANS, Rythms, and alot of others. I think this string is pretty silly. As if a carrier as big as WorldCom would be an all this or an all that shop. WorldCom is so huge there is no way you could catagorize it as a ___ shop. What Cisco router are you going to use to run DDCMP? We've got an entire network that runs a modified version of X.25 and the line protocol is called DDCMP. We've got like a bazillion routers out there (almost 30 billion ;-) and we've acquired like a bazillion different companies over the years. I see Junipers, Nortels, Lucents, Bays, Fujitsus, 3Coms, and a whole lotta Ciscos. I don't think the first guy can start counting his chickens right yet. I don't have any unrealistic ideas on what will happen to WorldCom, but even if banruptcy occurs I don't think we will just shut our doors and go home especially our backbone and managed data services. (Don't get me wrong though I'm definitely worried and am studying like a madman for my lab in August, and getting my resume out) I think it's terrible that something like this has happening to UUNet. UUNet was such a great company. An awesome backbone. We are one of the only backbones big enough and have enough traffic management charachteristics to be able to offer awesome SLA's from site to site through the internet. So many cool research projects going on for instance we have a multicast backbone, and an IPV6 backbone. All kinds of neat stuff. I've never learned so much. I think we are seeing the furthering of this industry coming to a screeching halt. My catch phrase is we might not do everything right here and might be a little screwed up here and there, but we are definitely the least screwed up ISP out there. This industry in my opinion is just asking for a replay of the auto industry a few years back. Japan comes in, takes this place, clips off all the fat, adds in alot of quality assurance teams and completely dominates the market. Ok I'm done, I'm sorry, I'll get off my soapbox now since that security guard down the hall is saying I am tresspassing since this building is no longer owned by WorldCom -kidding ;-) Brian From: deltan Reply-To: deltan To: [EMAIL PROTECTED] Subject: Re: Off Topic - Cisco vis a vis World Com [7:47505] Date: Thu, 4 Jul 2002 03:48:57 GMT UUNet is a Cisco shop for sure (Canada and US). And don't confuse WCOM's data networking division with UUNet (WCOM's subsidiary in Internetworking). Those students might be talking about the data networking sidetrue or false, I don't know. _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48351t=47505 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
h225 IE data [7:48352]
We have been experiencing some toll fraud with our CallManager / Unity system. Thanks to CCM traces we were able to find out exactly how they were getting in. However, we still don't know who they are. The ANI on the incoming calls was blocked (suprise suprise). What I'm wondering if there is any information that we can get from the H225 data. I know we won't be able to get the calling number, but maybe we can pull out what city they are calling from, or what carrier they are using, or any information at all. It is possible that the FBI will get involved in this (the destination of these calls are countries that the FBI has an interest in) and, if they do, I'm sure they have ways and means to get far more information than I do. I'm just courious. If anyone knows what can be learned from H225 and how, I'd appreciate it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48352t=48352 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Opinions on Providers [7:48339]
Lupi, Guy wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You bring up some very interesting points, I will definitely look into some of your suggestions. I am not comparing them to each other, just wanted to get a general idea of peoples experience with their networks and customer service. We will be providing the loops, we have some very good relationships with local circuit providers, and are looking into either OC3 or OC12 connectivity to one or both. We already use Sprint, UUnet and Internap, but as you stated the financial state of a couple of these providers has us looking for alternatives and I heard that both of these companies provide quality service. Thank you. In that case, the answer is still fairly ambiguous. I don't really know what you would expect from your providers, but it is very likely that CW and Genuity provide similar services and functionality for their IP transit as do Sprint, UUnet, and Internap. Factors I would consider is how many peers they have, their financial stability, how global their network reaches, how many closer eyeballs and content their network can provide me as opposed to a different provider, how many outages they have in comparison to other providers, how their maintenances work, how their SLA's work, what approach they take to filtering address space, if they also offer transit services for IPv6 or IP Multicast, if they offer transport services or other services that work well along with their IP transit services, how their billing works (important) - and most important - how much it's going to cost. -dre Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48353t=48339 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: h225 IE data [7:48352]
first off, I don't know the answer to your question. Having just sold a couple of AVVID's, I am interested, though in toll fraud and how it is pulled off. I know that in the PBX world there are or were certain timeout settings that generally had to be adjusted down to zero so that a hacker couldn't to an effective DoS and get dial tone. ( IIRC, hackers would use a blue box and just keep pounding a PBX until it gave up and offered dial tone. There were specific timeout settings that had to be zero to prevent this, IIRC ) Chris, without revealing the specifics of your situation, were there / are there specific Call Manager configurations you were able to change to prevent this going forward? Did Cisco point you to any specific links to read up on? Chris Charlebois wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... We have been experiencing some toll fraud with our CallManager / Unity system. Thanks to CCM traces we were able to find out exactly how they were getting in. However, we still don't know who they are. The ANI on the incoming calls was blocked (suprise suprise). What I'm wondering if there is any information that we can get from the H225 data. I know we won't be able to get the calling number, but maybe we can pull out what city they are calling from, or what carrier they are using, or any information at all. It is possible that the FBI will get involved in this (the destination of these calls are countries that the FBI has an interest in) and, if they do, I'm sure they have ways and means to get far more information than I do. I'm just courious. If anyone knows what can be learned from H225 and how, I'd appreciate it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48354t=48352 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Opinions on Providers [7:48339]
My main objective is to get opinions from people who are customers of these providers, I am just going to use them for plain vanilla IP transit with BGP, no IPV6 or multicast or any value added services. To give you an idea of what I am looking for, Internap is extremely reliable and I haven't had any problems with their service, but they take 48 hours to update BGP filters. Sprint takes about 45 minutes to update filters but I feel that their customer service is lacking. I am interested in the idea of buying transit through an exchange though, where could I find more information on that, advantages/disadvantages? *-Original Message- *From: dre [mailto:[EMAIL PROTECTED]] *Sent: Monday, July 08, 2002 5:49 PM *To: [EMAIL PROTECTED] *Subject: Re: Opinions on Providers [7:48339] * * *Lupi, Guy wrote in message *[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... * You bring up some very interesting points, I will definitely *look into *some * of your suggestions. I am not comparing them to each other, *just wanted *to * get a general idea of peoples experience with their networks *and customer * service. We will be providing the loops, we have some very good * relationships with local circuit providers, and are looking *into either *OC3 * or OC12 connectivity to one or both. We already use Sprint, *UUnet and * Internap, but as you stated the financial state of a couple of these * providers has us looking for alternatives and I heard that *both of these * companies provide quality service. Thank you. * *In that case, the answer is still fairly ambiguous. I don't *really know *what *you would expect from your providers, but it is very likely *that CW and *Genuity provide similar services and functionality for their *IP transit as *do *Sprint, UUnet, and Internap. * *Factors I would consider is how many peers they have, their financial *stability, *how global their network reaches, how many closer eyeballs and *content their *network can provide me as opposed to a different provider, how *many outages *they have in comparison to other providers, how their *maintenances work, how *their SLA's work, what approach they take to filtering address *space, if *they *also offer transit services for IPv6 or IP Multicast, if they offer *transport services *or other services that work well along with their IP transit *services, how *their *billing works (important) - and most important - how much it's going to *cost. * *-dre * * * * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48355t=48339 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX-535 Hanging [7:48323]
What OS version are you running? There is a bug in some serial numbers which requires an eeprom command. I've the link at home computer and will mail it to you when i get there. That will take care of it. SM - Original Message - From: Dale Wishop To: Sent: Monday, July 08, 2002 11:40 AM Subject: RE: PIX-535 Hanging [7:48323] We had a PIX 506 with this problem. Field notice is at: http://www.cisco.com/warp/customer/770/fn15490.shtml But, the field notice only applies to 506 and 515's. We ended up sending ours in for replacement. Dale.. -Original Message- From: Kevin Love [mailto:[EMAIL PROTECTED]] Sent: Monday, July 08, 2002 12:19 PM To: [EMAIL PROTECTED] Subject: PIX-535 Hanging [7:48323] Anybody have experience with troubleshooting PIX-535 problems? I have one that, when I boot it up, says: Cisco Secure PIX Firewall BIOS (4.1) #0: Tue Dec 5 17:35:26 PST 2000 Platform PIX-535 hanging... And then it just stays there. Does anybody have any idea what this means or, more specifically, how to fix it? I have searched CCO unsuccessfully. Thanks, Kevin Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48356t=48323 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Passive FTP [7:48357]
The users are on the inside interface behind the PIX firewall and are trying to make an pftp connection to the outside world. They are being authenticated from the outside server but then the section hangs trying to do a list command. The fixup protocol port 21 is enable on PIX and there is no explicit outbound restriction from the inside interface. The outside server is using port range 4-40020 for passive FTP. I tried enabling this range on the fixup protocol too but it didn't work. Please advice Thanks much SM Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48357t=48357 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Passive FTP [7:48357]
did you also allow port 22 (ftp data) on your PIX??? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Simer Mayo Sent: Monday, July 08, 2002 4:18 PM To: [EMAIL PROTECTED] Subject: Passive FTP [7:48357] The users are on the inside interface behind the PIX firewall and are trying to make an pftp connection to the outside world. They are being authenticated from the outside server but then the section hangs trying to do a list command. The fixup protocol port 21 is enable on PIX and there is no explicit outbound restriction from the inside interface. The outside server is using port range 4-40020 for passive FTP. I tried enabling this range on the fixup protocol too but it didn't work. Please advice Thanks much SM Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48359t=48357 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic - speculating on Lab equipment [7:48268]
At 3:23 PM + 7/8/02, nrf wrote: Chuck wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... not so long as Cisco is making a bundle selling CCIE study books and CCIE Lab slots. ;- I doubt that this is a serious concern. If this was Cisco's real motivation, then why not just go all the way? For example, have one-hour lab exams. Then they could sell many more lab slots per day than they do now. Or if selling training were the driving goal, then why doesn't Cisco open its own CCIE bootcamp schools? I swear if they did, all those other bootcamp schools would lose all the business - because if you were going to attend one, wouldn't you preferentially want to attend the one run by Cisco itself? I doubt that Cisco sees the CCIE program as a serious profit center. The profits made must be miniscule compared to the rest of its profit streams. I think it sees the program as a way to maintain its status as a premier IT solutions company. Whenever I've talked to people in Cisco with some knowledge of their strategy, their fundamental motive for the whole certification program is the channels program. They want to be able to offload the TAC support costs to partners, but want also to have some confidence the partners have qualified people. The reality is that some people won't buy Smartnet and then look to the reseller for help. Under my corporate hat, it's sort of funny that way -- our biggest client, for whom we run the technical show, hasn't wanted Smartnet on all its gear -- but WE have Smartnet for every device in the place, even though we have substantial in-house support capability. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48326t=48268 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
call system routing [7:48358]
I know this isn't cisco stuff but thought someone here could help. Is there a way to have one 800 line and have it switched over to say any one of 10 or fifteen users? And if another call comes through routed to another person. Is this possible? Or would I need say 10-15 lines? The other dilemma is being able to change the extension so that if someone leaves we want to stop using that extension so that the person calling will get a message saying the user has left or it just hangs up. I am looking for something easy to change the extensions since we have a lot of turn-over. If there is another site/website/listserv that would help please direct me. Thank you John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48358t=48358 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
confusion on ppp auth chap callin/ppp auth pap cal [7:48325]
one cisco doc says that the callin keyword is used on incoming or received calls (which to me implies the CALLED router), while on another it lists a config where it is configured on the CALLING router actually, whatever side it's configured on, it works in my lab! still, i'm trying to get a grasp of what's conceptually happening is there a contradiction or am i misunderstanding authentication? Timur Mirza Principal Network Engineer Network Planning Engineering, West Region 15505-B Sand Canyon Avenue Irvine, California 92618 Verizon Wireless 949.286.6623 (o) 949.697.7964 (c) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48325t=48325 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Opinions on Providers [7:48339]
Lupi, Guy wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... My main objective is to get opinions from people who are customers of these providers, I am just going to use them for plain vanilla IP transit with BGP, no IPV6 or multicast or any value added services. To give you an idea of what I am looking for, Internap is extremely reliable and I haven't had any problems with their service, but they take 48 hours to update BGP filters. Sprint takes about 45 minutes to update filters but I feel that their customer service is lacking. I am interested in the idea of buying transit through an exchange though, where could I find more information on that, advantages/disadvantages? http://www.nanog.org/mtg-0206/transit.html http://www.ep.net/ You should contact your local exchange points for the finer details on what's supported as far as transit connectivity. CW uses prefix-lists for their filters and generally update them on reboots which isn't that often. Genuity uses distribute-lists with extended access-lists and they are updated very often (at least every hour afaik). You can always contact your provider with any filter-related issues, most providers are really good about this (including CW and Genuity). -dre Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48360t=48339 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Passive FTP [7:48357]
Looks like your returning traffic was blocked. Try active FTP. Yoshi -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Simer Mayo Sent: Monday, July 08, 2002 4:18 PM To: [EMAIL PROTECTED] Subject: Passive FTP [7:48357] The users are on the inside interface behind the PIX firewall and are trying to make an pftp connection to the outside world. They are being authenticated from the outside server but then the section hangs trying to do a list command. The fixup protocol port 21 is enable on PIX and there is no explicit outbound restriction from the inside interface. The outside server is using port range 4-40020 for passive FTP. I tried enabling this range on the fixup protocol too but it didn't work. Please advice Thanks much SM Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48361t=48357 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Passive FTP [7:48357]
*cough*port 20 is ftp-data*cough* I'm sure it was a quick typing mistake etc. I just wanted to make sure. :-) Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Charles D Hammonds Sent: Monday, July 08, 2002 6:06 PM To: [EMAIL PROTECTED] Subject: RE: Passive FTP [7:48357] did you also allow port 22 (ftp data) on your PIX??? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Simer Mayo Sent: Monday, July 08, 2002 4:18 PM To: [EMAIL PROTECTED] Subject: Passive FTP [7:48357] The users are on the inside interface behind the PIX firewall and are trying to make an pftp connection to the outside world. They are being authenticated from the outside server but then the section hangs trying to do a list command. The fixup protocol port 21 is enable on PIX and there is no explicit outbound restriction from the inside interface. The outside server is using port range 4-40020 for passive FTP. I tried enabling this range on the fixup protocol too but it didn't work. Please advice Thanks much SM Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48362t=48357 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Passive FTP [7:48357]
A great troubleshooting tool in this situation would be a packet grabber such as EtherPeek. Capture traffic at the client location and at the outside of the PIX. Compare what is happening to what is expected. Without that information we can just guess. Let's try to break the problem into smaller pieces. Can your inside users connect to any outside ftp site? For example (assuming that you have a Cisco Service Contract) can you download an IOS image? If so, the PIX is doing its job. Look to the client or server. Can your users ftp from another server? Does the problem occur with certain client software or certain users? For an understanding of FTP check the GroupStudy archives for posts by PriscillaO. Within the last several months she has posted very clear explanations several times. Other sources are http://war.jgaa.com/ftp The FTP Protocol Resource Center. Good links. http://cr.yp.to/ftp.html Your symptoms sound more like a client using active mode FTP. When the client goes to LIST the server tries to open a connection on port 20 which the firewall refuses. You might also want to look on CCO for two articles. Poor or Intermittent FTP/HTTP Performance Through a PIX and PIX Performance Issues Caused by IDENT Protocol. I don't have a URL for them. -Original Message- From: Simer Mayo [mailto:[EMAIL PROTECTED]] Sent: Monday, July 08, 2002 6:18 PM To: [EMAIL PROTECTED] Subject: Passive FTP [7:48357] The users are on the inside interface behind the PIX firewall and are trying to make an pftp connection to the outside world. They are being authenticated from the outside server but then the section hangs trying to do a list command. The fixup protocol port 21 is enable on PIX and there is no explicit outbound restriction from the inside interface. The outside server is using port range 4-40020 for passive FTP. I tried enabling this range on the fixup protocol too but it didn't work. Please advice Thanks much SM Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48364t=48357 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Passive FTP [7:48357]
Charles D Hammonds wrote: did you also allow port 22 (ftp data) on your PIX??? FTP data uses port 20. That was probably a typo. However, with passive FTP, that port number doesn't get used. Passive FTP tells the server to wait for a connection request from the client. The server replies with the port number the client should send the request to. Then the client opens a connection from a not-well-known ephemeral (short-lived) port number to the port number provided by the server. Needless to say, this wreaks havoc with firewalls. There are no well-known port numbers in the passive data conversation. Sorry, I don't know exactly how to get this to work with PIX. I'm sure there is a way though? You could also try active FTP instead?? But then the server opens the data connection, which can cause problems also. I have written up FTP many times in the past for Gropu Study. You may want to check the archives. It will be in my new book too! If I have time, I would like to write a white paper on it too to add to my troubleshooting site here. Stay tuned: http://www.troubleshootingnetworks.com/ Priscilla -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Simer Mayo Sent: Monday, July 08, 2002 4:18 PM To: [EMAIL PROTECTED] Subject: Passive FTP [7:48357] The users are on the inside interface behind the PIX firewall and are trying to make an pftp connection to the outside world. They are being authenticated from the outside server but then the section hangs trying to do a list command. The fixup protocol port 21 is enable on PIX and there is no explicit outbound restriction from the inside interface. The outside server is using port range 4-40020 for passive FTP. I tried enabling this range on the fixup protocol too but it didn't work. Please advice Thanks much SM Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48365t=48357 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: h225 IE data [7:48352]
I too would also be curious to see what Cisco pointed you to if anything. -Original Message- From: Chuck [mailto:[EMAIL PROTECTED]] Sent: Monday, July 08, 2002 6:18 PM To: [EMAIL PROTECTED] Subject: Re: h225 IE data [7:48352] first off, I don't know the answer to your question. Having just sold a couple of AVVID's, I am interested, though in toll fraud and how it is pulled off. I know that in the PBX world there are or were certain timeout settings that generally had to be adjusted down to zero so that a hacker couldn't to an effective DoS and get dial tone. ( IIRC, hackers would use a blue box and just keep pounding a PBX until it gave up and offered dial tone. There were specific timeout settings that had to be zero to prevent this, IIRC ) Chris, without revealing the specifics of your situation, were there / are there specific Call Manager configurations you were able to change to prevent this going forward? Did Cisco point you to any specific links to read up on? Chris Charlebois wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... We have been experiencing some toll fraud with our CallManager / Unity system. Thanks to CCM traces we were able to find out exactly how they were getting in. However, we still don't know who they are. The ANI on the incoming calls was blocked (suprise suprise). What I'm wondering if there is any information that we can get from the H225 data. I know we won't be able to get the calling number, but maybe we can pull out what city they are calling from, or what carrier they are using, or any information at all. It is possible that the FBI will get involved in this (the destination of these calls are countries that the FBI has an interest in) and, if they do, I'm sure they have ways and means to get far more information than I do. I'm just courious. If anyone knows what can be learned from H225 and how, I'd appreciate it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48366t=48352 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Class C summarization question [7:48367]
I'm confused about a practice question for BSCN that I came across: Your routing tables are getting very large and you need to configure route summarization. How many class C internet addresses can you summarize with a /20 CIDR block? Answer: 8 Would it not be 16? Where am I going wrong? -- Dain Deutschman CNA, MCP, CCNA Data Communications Manager New Star Sales and Service, Inc. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48367t=48367 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Class C summarization question [7:48367]
I would say 16 as well. Mike W. Dain Deutschman wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm confused about a practice question for BSCN that I came across: Your routing tables are getting very large and you need to configure route summarization. How many class C internet addresses can you summarize with a /20 CIDR block? Answer: 8 Would it not be 16? Where am I going wrong? -- Dain Deutschman CNA, MCP, CCNA Data Communications Manager New Star Sales and Service, Inc. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48368t=48367 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Class C summarization question [7:48367]
16 is the correct answer. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dain Deutschman Sent: Monday, July 08, 2002 7:51 PM To: [EMAIL PROTECTED] Subject: Class C summarization question [7:48367] I'm confused about a practice question for BSCN that I came across: Your routing tables are getting very large and you need to configure route summarization. How many class C internet addresses can you summarize with a /20 CIDR block? Answer: 8 Would it not be 16? Where am I going wrong? -- Dain Deutschman CNA, MCP, CCNA Data Communications Manager New Star Sales and Service, Inc. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48369t=48367 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Class C summarization question [7:48367]
Thanks...it's good to know I'm not completely losing my mind. : ) Dain Dain Deutschman wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm confused about a practice question for BSCN that I came across: Your routing tables are getting very large and you need to configure route summarization. How many class C internet addresses can you summarize with a /20 CIDR block? Answer: 8 Would it not be 16? Where am I going wrong? -- Dain Deutschman CNA, MCP, CCNA Data Communications Manager New Star Sales and Service, Inc. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48370t=48367 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Class C summarization question [7:48367]
I would say 8 is correct. 4 bits make 8 combinations. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael L. Williams Sent: Monday, July 08, 2002 8:15 PM To: [EMAIL PROTECTED] Subject: Re: Class C summarization question [7:48367] I would say 16 as well. Mike W. Dain Deutschman wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm confused about a practice question for BSCN that I came across: Your routing tables are getting very large and you need to configure route summarization. How many class C internet addresses can you summarize with a /20 CIDR block? Answer: 8 Would it not be 16? Where am I going wrong? -- Dain Deutschman CNA, MCP, CCNA Data Communications Manager New Star Sales and Service, Inc. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48371t=48367 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Class C summarization question [7:48367]
Actually...4 bits makes 16 combinations( 2 to the power of 4 = 16 ) ( 4 positions with 2 possibilities per bit position ) Dain Andy Hoang wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I would say 8 is correct. 4 bits make 8 combinations. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael L. Williams Sent: Monday, July 08, 2002 8:15 PM To: [EMAIL PROTECTED] Subject: Re: Class C summarization question [7:48367] I would say 16 as well. Mike W. Dain Deutschman wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm confused about a practice question for BSCN that I came across: Your routing tables are getting very large and you need to configure route summarization. How many class C internet addresses can you summarize with a /20 CIDR block? Answer: 8 Would it not be 16? Where am I going wrong? -- Dain Deutschman CNA, MCP, CCNA Data Communications Manager New Star Sales and Service, Inc. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48372t=48367 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Class C summarization question [7:48367]
Wow. According to my binary math, 4 bits = 16 combinations. 1 bit = 2 combinations (2^1 = 2) 2 bits = 4 combinations (2^2 = 4) 3 bits = 8 combinations (2^3 = 8) 4 bits = 16 combinations (2^4 = 16) Now. when converting from binary to decimal, the 4th bit (from the right) has a (decimal) value of 8 (2^[4-1]), but of course when you add the values of the bits from 4 down, you get 8+4+2+1 = 15 (thus giving 16 combinations, 0 through 15) (Too all that have read my posts in the past, now you know why I bitch up a storm when I hear someone encourage someone else to memorize subnetting charts and bitswapping charts instead of taking an hour and learning how binary actually works... geez) Mike W. - Original Message - From: Andy Hoang To: Michael L. Williams ; Sent: Monday, July 08, 2002 10:51 PM Subject: RE: Class C summarization question [7:48367] I would say 8 is correct. 4 bits make 8 combinations. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael L. Williams Sent: Monday, July 08, 2002 8:15 PM To: [EMAIL PROTECTED] Subject: Re: Class C summarization question [7:48367] I would say 16 as well. Mike W. Dain Deutschman wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm confused about a practice question for BSCN that I came across: Your routing tables are getting very large and you need to configure route summarization. How many class C internet addresses can you summarize with a /20 CIDR block? Answer: 8 Would it not be 16? Where am I going wrong? -- Dain Deutschman CNA, MCP, CCNA Data Communications Manager New Star Sales and Service, Inc. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48374t=48367 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
What is meant in the Cat5k by interface sc0 [7:48375]
** visit http://www.solution6.com visit http://www.eccountancy.com - everything for accountants. UK Customers - http://www.solution6.co.uk * This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48375t=48375 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Class C summarization question [7:48367]
FYI for who ever wants to knowA great website for learning subnetting ( actually learning the binary whys and hows instead of shortcuts ) is www.learntosubnet.com There are some great free resources...and very good explanations for those who are just starting to learn it. Dain Michael L. Williams wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Wow. According to my binary math, 4 bits = 16 combinations. 1 bit = 2 combinations (2^1 = 2) 2 bits = 4 combinations (2^2 = 4) 3 bits = 8 combinations (2^3 = 8) 4 bits = 16 combinations (2^4 = 16) Now. when converting from binary to decimal, the 4th bit (from the right) has a (decimal) value of 8 (2^[4-1]), but of course when you add the values of the bits from 4 down, you get 8+4+2+1 = 15 (thus giving 16 combinations, 0 through 15) (Too all that have read my posts in the past, now you know why I bitch up a storm when I hear someone encourage someone else to memorize subnetting charts and bitswapping charts instead of taking an hour and learning how binary actually works... geez) Mike W. - Original Message - From: Andy Hoang To: Michael L. Williams ; Sent: Monday, July 08, 2002 10:51 PM Subject: RE: Class C summarization question [7:48367] I would say 8 is correct. 4 bits make 8 combinations. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael L. Williams Sent: Monday, July 08, 2002 8:15 PM To: [EMAIL PROTECTED] Subject: Re: Class C summarization question [7:48367] I would say 16 as well. Mike W. Dain Deutschman wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm confused about a practice question for BSCN that I came across: Your routing tables are getting very large and you need to configure route summarization. How many class C internet addresses can you summarize with a /20 CIDR block? Answer: 8 Would it not be 16? Where am I going wrong? -- Dain Deutschman CNA, MCP, CCNA Data Communications Manager New Star Sales and Service, Inc. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48376t=48367 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MAC address in router ARP table [7:48377]
Is there any way to clear the MAC address from the Cisco router ARP table individually? I had removed the IP NAT statements and done CLEAR ARP on the routers, but I am still able to ping the invalid IP address. I need to re-employ the IP for other usage, but I encounters a clash of IP warning message was replied. How can I clear away the old inforamtion? Pls advice. Lim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48377t=48377 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
