RE: Time-Base ISDN connection [7:48991]
Yes, Yes, Here is THE link http://www.cisco.com/warp/public/793/access_dial/10.html; Later, M Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48993t=48991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE LAB Date 8-15-02 [7:48964]
Would anyone like to switch dates with me , I am looking for Mid September to early October, 2002. Terry Stout Design Engineer 504-846-7697 Office 504-723-5375 Cell [EMAIL PROTECTED] ** The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48964t=48964 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ATM fore CCIE [7:48892]
You will not have to configure an ATM switch nor LANE. You WILL however be responsible for connecting to an ATM switch from your router. I would know how to do PVC/SVC's on the LAB, especially PVC autodiscovery I haven't sat the lab so this is not an NDA violation. If you follow the link that you provided and click on the section titled ATM content under the FAQ's sweeps you away to : http://www.cisco.com/warp/public/625/ccie/certifications/ATM_FAQs.html Thanks Larry -Original Message- From: Calorifer Gogu [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 4:43 PM To: [EMAIL PROTECTED] Subject: RE: ATM fore CCIE [7:48892] According to the info on the CISCO's own web site ATM is not required any more to pass, that is no testing on ATM. Just do a search on CISCO WEB for CCIE requirements there is a list with stuff: http://www.cisco.com/warp/public/625/ccie/certifications/routing.html#42 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48978t=48892 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Time-Base ISDN connection [7:48991]
you need normal ISDN dialup config. The only difference is that on the access lists for interesting traffic, you add a time range. I have attached the time range and sample access list below: access-list 145 remark Interesting traffic access-list 145 deny eigrp any any access-list 145 deny ip any host 224.0.0.10 access-list 145 deny udp any any eq snmp access-list 145 permit ip any any time-range Office_Hours time-range Office_Hours periodic weekdays 6:00 to 18:00 -Original Message- From: Jimmy [mailto:[EMAIL PROTECTED]] Sent: 17 July 2002 06:34 To: [EMAIL PROTECTED] Subject: Time-Base ISDN connection [7:48991] Does anyone have the sample configuration for Time-Base ISDN connection. What I want to do is the only specific time , like from 9am to 6pm , ISDN link bettwen 2 router will be up. Thanks in advance. regards Jimmy __ Do You Yahoo!? Yahoo! Autos - Get free new car price quotes http://autos.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48995t=48991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: New Lab Format [7:48731]
If there weren't any bugs, it wouldn't be Cisco. Ken Diliberto wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I interpret the question to inquire if one should take Lab version 1.0 or wait for Lab version 1.01. There are bound to be bugs. The_Jester 07/14/02 04:40PM The point I was trying to make is that the subject matter is not so hard that one needs to cheat to pass. Howard C. Berkowitz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... At 7:48 AM + 7/14/02, The_Jester wrote: Take the exam on the 5th. If you need to rely on others to break the NDA before you can pass (as Chuck suggests), then you don't deserve the certification anyway. None of this stuff is Rocket Science. Years ago, I was teaching a networking seminar at Kennedy Space Center. On a break, I wandered to the door of one of the other classrooms and listened in on the course in progress, which dealt with the Shuttle propulsion system. I'd swear I heard the instructor, frustrated with his class, say Hey, this is rocket science, not BGP! In the many mergers that led up to Global Knowledge, PSC was acquired by MacDonald Detweiler, which, in turn, was acquired by Orbital Sciences--which does actually do satellites and rockets. At our first get-together, we inquired if it was now politically incorrect for us to refer to something as rocket science, and they went into hysterical giggles. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48997t=48731 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Broadcasting and the all ones subnet [7:48996]
Hello Group, Three things to confirm about broadcasts. a) the all ones broadcast i.e 255.255.255.255 by default will only be propagated to the local network and is not forwarded by routers b) network and subnet directed broadcasts. If I were to broadcast to 192.168.1.255, and I have subnets 192.168.1.32/27, 192.168.1.64/27 and 192.168.1.96/27, would all the subnets receive it as well? c) referring to scenario b), I believe that broadcasts with destination 192.168.1.255 is forwarded. Is this true? I was going thru this article about the effect of using the all ones subnet. There are somethings that I'm still confused about. The link is http://www.cisco.com/warp/public/105/40.html 1. In the first example, when host 195.1.1.24 sends a local broadcast to 195.1.1.255, will hosts attached to router 2's async lines receive the broadcast? 2. OK, its a directed broadcast and router 2 looks up its routing table and forwards it out using the default route. Router 1 receives the packet. I believe the packet is forwarded out to all 192.1.1.x/26 subnets, right? Will Router 1 forward the packet back to Router 2? I hope not 2a. Another way of looking at it is router 1 thinks that it is a broadcast only for subnet 195.1.1.192 and forwards it out only to router 5. Hmmm I'm definitely confused 3. Router 5 receives the packet from router 1. How will it interpret the packet? I'm guessing that the router sees it as a directed broadcast and send it out via the default route. Is it normal that routers forward a packet out from an interface that it received on? As in its received on e0 and forwarded out e0 as well 4. Once router 1 receives the packet from router 5, will it forward the packet out to all 192.1.1.x/26 subnets again or just to router 5. The article did not detail this part and just specified that it will bounce between routers 1 and 5. It also says that routers 2 thru 4 see the 'broadcast' only once. The way I see it , if all subnets receive the broadcast then routers 2 thru 4 should receive the packets as many times as router 5. I would appreciate all the help I can get. I know you gurus can help me out. Thanks!! Wes Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48996t=48996 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
running Realserver behind PIX to server realplayer [7:48998]
Hi all, I have internal LAN behind my PIX firewall with 6.0(1)... My realserver8.0 installed in the internal LAN . I need to allow the outside users using real player to access and run videos and movies... My PIX conf.as the following: fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 no fixup protocol skinny 2000 fixup protocol rtsp 554 fixup protocol rtsp 8554 ! static (inside,outside) 62.32.20.15 10.0.10.1 netmask 255.255.255.255 0 0 conduit permit tcp host 62.32.20.15 eq 554 any conduit permit tcp host 62.32.20.15 eq www any conduit permit tcp host 62.32.20.15 eq 7070 any conduit permit tcp host 62.32.20.15 eq 4040 any conduit permit udp host 62.32.20.15 eq 554 any conduit permit udp host 62.32.20.15 eq www any conduit permit udp host 62.32.20.15 eq 7070 any conduit permit udp host 62.32.20.15 eq 4040 any are there any extra commands I need to add to allow the outside users to access and run the movies and clips which running on the Internal real server 8.0 Please help Best regards,, Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48998t=48998 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TCP timeout question [7:48934]
Let me tell you about this experience I have with this and if someone could please explain it. I usually telnet into my mini-lab and open a session for each router and switch. I also have the exec-timeout 0 0 command for the vty interfaces. So at night when I go to bed ... I put my W2K machine into hibernate mode while leaving all the telnet sessions open. So technically, the ethernet interface goes down for the, and the routers/switch still have an open session. The next day I will power up the computer and carry on as if nothing has happened. The connection is still live, the router doesn't force me to login again, etc. I understand the exec-timeout 0 0 means the the connection should not timeout, but if the 'session' is lost when my computer is powered of, shouldn't the router be clever enough to realise that that session is not active, since this is through the network? I understand there is no CD facility since it is vty and not tty. That's a good way I guess to teach people about 'uncleared sessions for BCRAN and how to use the clear line vty x command! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48999t=48934 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Broadcasting and the all ones subnet [7:48996]
Hi Wesley, a) correct b) no, as 192.168.1.32/27, 192.168.1.64/27 and 192.168.1.96/27 are on a different subnet to the broadcast 192.168.1.255 (this is for the 192.168.1.224/27 subnet). c) from the answer to b), no. Only hosts on the 192.168.1.224/27 subnet will see the broadcast packet of 192.168.1.225. HTH, Mark. -Original Message- From: Wesley [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 17 July 2002 16:49 To: [EMAIL PROTECTED] Subject: Broadcasting and the all ones subnet [7:48996] Hello Group, Three things to confirm about broadcasts. a) the all ones broadcast i.e 255.255.255.255 by default will only be propagated to the local network and is not forwarded by routers b) network and subnet directed broadcasts. If I were to broadcast to 192.168.1.255, and I have subnets 192.168.1.32/27, 192.168.1.64/27 and 192.168.1.96/27, would all the subnets receive it as well? c) referring to scenario b), I believe that broadcasts with destination 192.168.1.255 is forwarded. Is this true? I was going thru this article about the effect of using the all ones subnet. There are somethings that I'm still confused about. The link is http://www.cisco.com/warp/public/105/40.html 1. In the first example, when host 195.1.1.24 sends a local broadcast to 195.1.1.255, will hosts attached to router 2's async lines receive the broadcast? 2. OK, its a directed broadcast and router 2 looks up its routing table and forwards it out using the default route. Router 1 receives the packet. I believe the packet is forwarded out to all 192.1.1.x/26 subnets, right? Will Router 1 forward the packet back to Router 2? I hope not 2a. Another way of looking at it is router 1 thinks that it is a broadcast only for subnet 195.1.1.192 and forwards it out only to router 5. Hmmm I'm definitely confused 3. Router 5 receives the packet from router 1. How will it interpret the packet? I'm guessing that the router sees it as a directed broadcast and send it out via the default route. Is it normal that routers forward a packet out from an interface that it received on? As in its received on e0 and forwarded out e0 as well 4. Once router 1 receives the packet from router 5, will it forward the packet out to all 192.1.1.x/26 subnets again or just to router 5. The article did not detail this part and just specified that it will bounce between routers 1 and 5. It also says that routers 2 thru 4 see the 'broadcast' only once. The way I see it , if all subnets receive the broadcast then routers 2 thru 4 should receive the packets as many times as router 5. I would appreciate all the help I can get. I know you gurus can help me out. Thanks!! Wes Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49000t=48996 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Broadcasting and the all ones subnet [7:48996]
Then how would you define an all /27 subnets broadcast i.e. not just 192.168.1.224 subnet getting the broadcast but all subnets? Thank you for the reply BTW. Vicuna, Mark wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Wesley, a) correct b) no, as 192.168.1.32/27, 192.168.1.64/27 and 192.168.1.96/27 are on a different subnet to the broadcast 192.168.1.255 (this is for the 192.168.1.224/27 subnet). c) from the answer to b), no. Only hosts on the 192.168.1.224/27 subnet will see the broadcast packet of 192.168.1.225. HTH, Mark. -Original Message- From: Wesley [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 17 July 2002 16:49 To: [EMAIL PROTECTED] Subject: Broadcasting and the all ones subnet [7:48996] Hello Group, Three things to confirm about broadcasts. a) the all ones broadcast i.e 255.255.255.255 by default will only be propagated to the local network and is not forwarded by routers b) network and subnet directed broadcasts. If I were to broadcast to 192.168.1.255, and I have subnets 192.168.1.32/27, 192.168.1.64/27 and 192.168.1.96/27, would all the subnets receive it as well? c) referring to scenario b), I believe that broadcasts with destination 192.168.1.255 is forwarded. Is this true? I was going thru this article about the effect of using the all ones subnet. There are somethings that I'm still confused about. The link is http://www.cisco.com/warp/public/105/40.html 1. In the first example, when host 195.1.1.24 sends a local broadcast to 195.1.1.255, will hosts attached to router 2's async lines receive the broadcast? 2. OK, its a directed broadcast and router 2 looks up its routing table and forwards it out using the default route. Router 1 receives the packet. I believe the packet is forwarded out to all 192.1.1.x/26 subnets, right? Will Router 1 forward the packet back to Router 2? I hope not 2a. Another way of looking at it is router 1 thinks that it is a broadcast only for subnet 195.1.1.192 and forwards it out only to router 5. Hmmm I'm definitely confused 3. Router 5 receives the packet from router 1. How will it interpret the packet? I'm guessing that the router sees it as a directed broadcast and send it out via the default route. Is it normal that routers forward a packet out from an interface that it received on? As in its received on e0 and forwarded out e0 as well 4. Once router 1 receives the packet from router 5, will it forward the packet out to all 192.1.1.x/26 subnets again or just to router 5. The article did not detail this part and just specified that it will bounce between routers 1 and 5. It also says that routers 2 thru 4 see the 'broadcast' only once. The way I see it , if all subnets receive the broadcast then routers 2 thru 4 should receive the packets as many times as router 5. I would appreciate all the help I can get. I know you gurus can help me out. Thanks!! Wes Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49001t=48996 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
bandwidth question [7:49002]
Can anyone tell me why I have 2 Mbps WAN connection that reached 95 % utilisation during peak time. When I try to ping to my provider serial interface(next hop),it register 10% packet loss My router serial interface is showing 1.9Mbps (incoming traffic). Since the router is receiving 1.9 Mbps out of the 2M pipe,which means that there is still a balance of 0.1 Mbps (100 k) and so therotically speaking, there should not be any packet loss. I think is time for me to upgrade my bandwidth Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49002t=49002 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Passed MPLS exam [7:48825]
Congrats! Have you taken the mcast+qos paper? If you already have, what books do you recommend? Thanks. Regards, cheekin wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello Group, Last,Saturday I passed the cisco MPLS exam. Kind Regards /Thangavel 186K Reading,Brkshire Direct No -0118 9064259 Mobile No -07796292416 Post code: RG16LH www.186k.co.uk -- The greatest glory in living lies not in never falling, but in rising every time we fall . -- Nelson Mandela ** This e-mail is from 186k Ltd and is intended only for the addressee named above. As this e-mail may contain confidential or priveleged information, if you are not the named addressee or the person responsible for delivering the message to the named addressee, please advise the sender by return e-mail. The contents should not be disclosed to any other person nor copies taken. 186k Ltd is a Lattice Group company, registered in England Wales No. 3751494 Registered Office 130 Jermyn Street London SW1Y 4UR ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49005t=48825 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: bandwidth question [7:49002]
Birdy, What about the interface buffer that has to cope with buffering the packets. Just because you've got 100k left to deal with it doesn't necessarily mean that the router can HTH Richard Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49003t=49002 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ATM Question [7:49007]
Hello Can some tell me the requirments for atm for the lab I have the following 3640 ATM Support (NM-4T1-IMA) and the 3640 routers. Are those cards any good to me, Do I need an ATM switch or can I put this stuff back to back. Any help appreciated. Kind regards. Paul This E-mail is from O2. The E-mail and any files transmitted with it are confidential and may also be privileged and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised direct or indirect dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received the E-mail in error please notify [EMAIL PROTECTED] or telephone ++ 353 1 6095000. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49007t=49007 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Broadcasting and the all ones subnet [7:48996]
It will be the all 1's bit for that subnet eg. for 192.168.1.224/27 it would be 192.168.1.255 and for 192.168.1.32/27 it would be 192.168.1.63. HTH, Mark. -Original Message- From: Wesley [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 17 July 2002 6:21 PM To: [EMAIL PROTECTED] Subject: Re: Broadcasting and the all ones subnet [7:48996] Then how would you define an all /27 subnets broadcast i.e. not just 192.168.1.224 subnet getting the broadcast but all subnets? Thank you for the reply BTW. Vicuna, Mark wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Wesley, a) correct b) no, as 192.168.1.32/27, 192.168.1.64/27 and 192.168.1.96/27 are on a different subnet to the broadcast 192.168.1.255 (this is for the 192.168.1.224/27 subnet). c) from the answer to b), no. Only hosts on the 192.168.1.224/27 subnet will see the broadcast packet of 192.168.1.225. HTH, Mark. -Original Message- From: Wesley [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 17 July 2002 16:49 To: [EMAIL PROTECTED] Subject: Broadcasting and the all ones subnet [7:48996] Hello Group, Three things to confirm about broadcasts. a) the all ones broadcast i.e 255.255.255.255 by default will only be propagated to the local network and is not forwarded by routers b) network and subnet directed broadcasts. If I were to broadcast to 192.168.1.255, and I have subnets 192.168.1.32/27, 192.168.1.64/27 and 192.168.1.96/27, would all the subnets receive it as well? c) referring to scenario b), I believe that broadcasts with destination 192.168.1.255 is forwarded. Is this true? I was going thru this article about the effect of using the all ones subnet. There are somethings that I'm still confused about. The link is http://www.cisco.com/warp/public/105/40.html 1. In the first example, when host 195.1.1.24 sends a local broadcast to 195.1.1.255, will hosts attached to router 2's async lines receive the broadcast? 2. OK, its a directed broadcast and router 2 looks up its routing table and forwards it out using the default route. Router 1 receives the packet. I believe the packet is forwarded out to all 192.1.1.x/26 subnets, right? Will Router 1 forward the packet back to Router 2? I hope not 2a. Another way of looking at it is router 1 thinks that it is a broadcast only for subnet 195.1.1.192 and forwards it out only to router 5. Hmmm I'm definitely confused 3. Router 5 receives the packet from router 1. How will it interpret the packet? I'm guessing that the router sees it as a directed broadcast and send it out via the default route. Is it normal that routers forward a packet out from an interface that it received on? As in its received on e0 and forwarded out e0 as well 4. Once router 1 receives the packet from router 5, will it forward the packet out to all 192.1.1.x/26 subnets again or just to router 5. The article did not detail this part and just specified that it will bounce between routers 1 and 5. It also says that routers 2 thru 4 see the 'broadcast' only once. The way I see it , if all subnets receive the broadcast then routers 2 thru 4 should receive the packets as many times as router 5. I would appreciate all the help I can get. I know you gurus can help me out. Thanks!! Wes Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49006t=48996 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Voice of IP / Frame-Relay and remote labs [7:48947]
I am not a VOIP expert but this is just an idea based on my other job and one at which I have lots of unplanned experience with. From my experience with running data over analog lines, I would say an analog modem is probably the best option. Modems are extremely sensitive to noise / etc on a analog link. They pick up things that our humans ears cannot. If there is noise you can hear the modem(s) renegotiating to a lower level which means you could use the speed at which the modems connect to judge the quality of the call. If the modem connect speed is say 28K, then you already know there is noise on the line. If the call completes with a 48K connect speed, then you have good voice quality. I say this because our PABX got hit by lightning once, and although the main boards got replaced ... I told the PABX techie, that I could hear a slight noise in the background when I was making calls. The noise was not there before. Of course, he listened and told me it was normal. Then the proof came. Every modem in the company which was connected to PABX extension could not make calls. You could hear the modem renegotiating at least three times before an acceptable transfer rate was set, which was 21Kbps instead of the 48Kbps we were used to. So I use that as a standard to judge line quality. Of course you use the debug commands to see at what speeds the modems are connecting at Just an idea. Manish -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: 17 July 2002 01:16 To: [EMAIL PROTECTED] Subject: RE: Voice of IP / Frame-Relay and remote labs [7:48947] Tangled Up in Blue wrote: Maybe this is not what you're asking, but when I test my voip stuff i just call my cell phone. When he's first getting it working with basic FXS ports on a Cisco router, he probably won't have a gateway to the public switched network. So calling a cell phone won't work! ;-) I know there are some debug commands, just can't remember what they are. They tell you if the call works and maybe some quality too Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49008t=48947 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: bandwidth question [7:49002]
Possibly, but is anyone actually complaining about the speed ? Check the serial interface at your end also for dropped packets, load, reliability etc over a period of about a week. If that average is over 90% then you may well do with an upgrade. Phil. --- birdy wrote: Can anyone tell me why I have 2 Mbps WAN connection that reached 95 % utilisation during peak time. When I try to ping to my provider serial interface(next hop),it register 10% packet loss My router serial interface is showing 1.9Mbps (incoming traffic). Since the router is receiving 1.9 Mbps out of the 2M pipe,which means that there is still a balance of 0.1 Mbps (100 k) and so therotically speaking, there should not be any packet loss. I think is time for me to upgrade my bandwidth [EMAIL PROTECTED] __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49009t=49002 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
AS5300 Mica modems [7:49010]
Hi Group I'm setting up a new Cisco As5300 NAS . it has one 4 E1 Module and two mica 60 digital modem modules. every thing is OK but when I dial-up to it , there is not any beep from the modems . I debuged the CAS , CSM on it , but I can't find the Problem 00:53:07: from Trunk(0): (0/8): Rx SEIZURE (ABCD=0001) 00:53:08: VDEV_ALLOCATE: 2/1 is allocated 00:53:08: 3.dsx0 call reset dnis_collected fap_notify 00:53:08: CSM_RX_CAS_EVENT_FROM_NEAT:(cid0008): EVENT_CALL_DIAL_IN at slot 2 and port 1 00:53:08: CSM_PROC_IDLE: CSM_EVENT_DSX0_CALL at slot 2, port 1 00:53:08: Mica Modem(2/1): Configure(0x1 = 0x0) 00:53:08: Mica Modem(2/1): Configure(0x23 = 0x2) 00:53:08: Mica Modem(2/1): Call Setup 00:53:08: csm_connect_pri_vdev: TS allocated at bp_stream 0, bp_Ch 7, vdev_common 0x61B93DC8 2/1 00:53:08: to NEAT:(cid0008) EVENT_CHANNEL_LOCK for slot0 ctlr0 chan8 00:53:08: Mica Modem(2/1): State Transition to Call Setup RM-NAS# 00:53:08: Mica Modem(2/1): Went offhook 00:53:08: CSM_PROC_IC2_RING: CSM_EVENT_MODEM_OFFHOOK at slot 2, port 1 00:53:08: cas_group=1, service=2 00:53:08: csm_res_response: service_type=0, fax_call=0, fap_notify=0 00:53:08: CSM_PROC_IC3_WAIT_FOR_RES_RESP: CSM_EVENT_RESOURCE_OK at slot 2, port 1 00:53:08: CSM_RX_CAS_EVENT_FROM_NEAT:(0008): EVENT_START_RX_TONE at slot 2 and port 1 00:53:08: from Trunk(0): (0/8): Tx SEIZURE_ACK (ABCD=1101) 00:53:08: CSM_RX_CAS_EVENT_FROM_NEAT:(0008): EVENT_CHANNEL_CONNECTED at slot 2 and port 1 00:53:08: CSM_PROC_IC6_WAIT_FOR_CONNECT: CSM_EVENT_DSX0_CONNECTED at slot 2, port 1 00:53:08: Mica Modem(2/1): Link Initiate 00:53:08: from Trunk(0): (0/8): Tx ANSWERED (ABCD=0101) 00:53:09: Mica Modem(2/1): State Transition to Connect 00:53:13: from Trunk(0): (0/8): Rx IDLE (ABCD=1001) 00:53:14: Mica Modem(2/1): State Transition to Link RM-NAS# RM-NAS# RM-NAS# RM-NAS# 00:53:15: from Trunk(0): (0/8): Tx IDLE (ABCD=1001) 00:53:15: CSM_RX_CAS_EVENT_FROM_NEAT:(0008): EVENT_CALL_IDLE at slot 2 port 1 cause 200 00:53:15: CSM_PROC_IC7_OC6_CONNECTED: CSM_EVENT_DSX0_DISCONNECTED at slot 2, port 1 00:53:15: Mica Modem(2/1): Link Terminate(0x6) 00:53:15: CSM(2/1): Enter csm_enter_disconnecting_state 00:53:15: VDEV_DEALLOCATE: slot 2 and port 1 is deallocated 00:53:15: Mica Modem(2/1): State Transition to Terminating 00:53:15: Mica Modem(2/1): State Transition to Idle 00:53:15: Mica Modem(2/1): Went onhook 00:53:15: CSM_PROC_IC8_OC8_DISCONNECTING: CSM_EVENT_MODEM_ONHOOK at slot 2, port 1 00:53:15: CSM(2/1): Enter csm_enter_idle_state 00:53:15: from Trunk(0): (0/9): Rx SEIZURE (ABCD=0001) 00:53:15: VDEV_ALLOCATE: 2/2 is allocated 00:53:15: 3.dsx0 call reset dnis_collected fap_notify 00:53:15: CSM_RX_CAS_EVENT_FROM_NEAT:(cid0009): EVENT_CALL_DIAL_IN at slot 2 and port 2 00:53:15: CSM_PROC_IDLE: CSM_EVENT_DSX0_CALL at slot 2, port 2 00:53:15: Mica Modem(2/2): Configure(0x1 = 0x0) 00:53:15: Mica Modem(2/2): Configure(0x23 = 0x2) 00:53:15: Mica Modem(2/2): Call Setup 00:53:15: csm_connect_pri_vdev: TS allocated at bp_stream 0, bp_Ch 8, vdev_common 0x61B95A30 2/2 00:53:15: to NEAT:(cid0009) EVENT_CHANNEL_LOCK for slot0 ctlr0 chan9 00:53:16: Mica Modem(2/2): State Transition to Call Setup 00:53:16: Mica Modem(2/2): Went offhook 00:53:16: CSM_PROC_IC2_RING: CSM_EVENT_MODEM_OFFHOOK at slot 2, port 2 00:53:16: cas_group=1, service=2 00:53:16: csm_res_response: service_type=0, fax_call=0, fap_notify=0 00:53:16: CSM_PROC_IC3_WAIT_FOR_RES_RESP: CSM_EVENT_RESOURCE_OK at slot 2, port 2 00:53:16: CSM_RX_CAS_EVENT_FROM_NEAT:(0009): EVENT_START_RX_TONE at slot 2 and port 2 00:53:16: from Trunk(0): (0/9): Tx SEIZURE_ACK (ABCD=1101) 00:53:16: CSM_RX_CAS_EVENT_FROM_NEAT:(0009): EVENT_CHANNEL_CONNECTED at slot 2 and port 2 00:53:16: CSM_PROC_IC6_WAIT_FOR_CONNECT: CSM_EVENT_DSX0_CONNECTED at slot 2, port 2 00:53:16: Mica Modem(2/2): Link Initiate 00:53:16: from Trunk(0): (0/9): Tx ANSWERED (ABCD=0101) 00:53:17: Mica Modem(2/2): State Transition to Connect 00:53:22: Mica Modem(2/2): State Transition to Link 00:53:26: Mica Modem(2/2): State Transition to Trainup 00:53:34: Mica Modem(2/2): State Transition to Terminating 00:53:34: Mica Modem(2/2): State Transition to Idle 00:53:34: Mica Modem(2/2): Went onhook 00:53:34: CSM_PROC_IC7_OC6_CONNECTED: CSM_EVENT_MODEM_ONHOOK at slot 2, port 2 00:53:34: CSM(2/2): Enter csm_enter_idle_state 00:53:34: VDEV_DEALLOCATE: slot 2 and port 2 is deallocated 00:53:34: from Trunk(0): (0/9): Tx BWD_CLEAR (ABCD=1101) 00:53:41: from Trunk(0): (0/9): Rx IDLE (ABCD=1001) 00:53:43: from Trunk(0): (0/9): Tx IDLE (ABCD=1001) here is my running config : spe 1/0 2/9 firmware location flash:mica-modem-pw.2.9.2.0.bin ! controller E1 0 framing NO-CRC4 clock source line secondary 1 ds0-group 1 timeslots 1-15,17-31 type r2-digital cas-custom 1 description E1 Demodulator 1 ! controller E1 1 framing NO-CRC4 ds0-group 1 timeslots 1-15,17-31 type r2-digital cas-custom 1 ! controller E1 2 framing NO-CRC4 ds0-group 1 timeslots 1-15,17-31 type r2-digital cas-custom 1 !
RE: Need Cheap ATM Switch [7:48945]
Thanks for the info, My objective would be to get a feel for end to end ATM then migrate to xdsl. My current Environment has several 25xx devices 2 2620's and 2 3620's. When I buy a switch I will need to interface it to these devices. -Original Message- From: Bernard [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 3:21 PM To: [EMAIL PROTECTED] Cc: 'Terry Hines' Subject: RE: Need Cheap ATM Switch [7:48945] Terry, You should buy an ATM switch based on your objectives. If you want to do SVC and PVC auto-discovery, you need a LS-1010 If you want to do PVC, SVC, but no auto-discovery, you can go for LS100. If you want to confine yourself to PVC only with no auto-discovery and no SVC, you might as well go for a back to back cable and no switch at all. Please note that you are NOT required to configure the ATM switch in the CCIE lab. HTH. Bernard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Terry Hines Sent: Tuesday, July 16, 2002 12:28 PM To: [EMAIL PROTECTED] Subject: Need Cheap ATM Switch [7:48945] I am in need of suggestions on which device to purchase for atm in my home lab. I have read ls 100 is a good choice. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49011t=48945 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
A BGP questiion. [7:49013]
Can anyone help me with this. How do you configure a router, so that when its neighbours make a BGP change, the BGP change will take effect without resetting the BGP TCP session. Kind regards, Paul. This E-mail is from O2. The E-mail and any files transmitted with it are confidential and may also be privileged and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised direct or indirect dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received the E-mail in error please notify [EMAIL PROTECTED] or telephone ++ 353 1 6095000. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49013t=49013 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: PIX 520 Motherboard repair replace [7:48959]
Mike, If this has been asked before, I apologize for missing it. Is there a specific Intel NIC model required for this to work? Is there a way to tell if it's a 2Mb or 8 or 16 Flash card? Do you have some info on types of errors you see if the Flash is DOA? Last, what flash file are you running on your featured frankenpix? TIA, Elmer -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 6:29 PM To: [EMAIL PROTECTED] Subject: RE: PIX 520 Motherboard repair replace [7:48959] Special drivers? bunk- http://www.packetattack.com/frankenpix.html It can be replaced with a normal, garden varity Intel SE440BX motherboard. I happen to use a recycled PII 300Mhz slot1 processor which had been used as a paperweight for the last year ;) MikeS Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49012t=48959 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX Design Considerations [7:48979]
Why don't people get the notion that a Firewall is essentially a router. PIX = Firewall = Router... Firewall = Router. It ROUTES Jeffrey Reed 07/16 8:19 PM I?m still pretty green with PIX in general and was talking today about introducing a PIX into an existing network. The customer has a router (not controlled by them) that has three public class C subnets defined. They are not using VLANs, so the router has an interface and two sub-interfaces going into a switches network. We want to put the PIX in between the outside router and the LAN. I know this group has said several times the PIX is not a router. Do I need to have another router between the PIX and the LAN to perform routing between subnets? I assume the PIX will not facilitate routing between the internal subnets. Can you define multiple interfaces on the internal interface of the PIX if we didn?t need to route between the internal VLANs? Any suggestions would be appreciated! Jeffrey Reed Classic Networking, Inc. Cell 717-805-5536 Office 717-737-8586 FAX 717-737-0290 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49014t=48979 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Design Considerations [7:48979]
Richard, I used Nokia appliances running CheckPoint in a previous life and it truly was a real router with a firewall application running on it. Very capable of many different configuration options. I purchased a 501 PIX to start playing with in the lab and a damn customer borrowed it and is now asking me questions. I thought I heard on this board that the PIX is not a router, hence my design question. I'm hoping I can get a better understanding... Thanks!! Jeffrey Reed Classic Networking, Inc. Cell 717-805-5536 Office 717-737-8586 FAX 717-737-0290 -Original Message- From: Richard Tufaro [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 7:47 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: PIX Design Considerations [7:48979] Why don't people get the notion that a Firewall is essentially a router. PIX = Firewall = Router... Firewall = Router. It ROUTES Jeffrey Reed 07/16 8:19 PM I?m still pretty green with PIX in general and was talking today about introducing a PIX into an existing network. The customer has a router (not controlled by them) that has three public class C subnets defined. They are not using VLANs, so the router has an interface and two sub-interfaces going into a switches network. We want to put the PIX in between the outside router and the LAN. I know this group has said several times the PIX is not a router. Do I need to have another router between the PIX and the LAN to perform routing between subnets? I assume the PIX will not facilitate routing between the internal subnets. Can you define multiple interfaces on the internal interface of the PIX if we didn?t need to route between the internal VLANs? Any suggestions would be appreciated! Jeffrey Reed Classic Networking, Inc. Cell 717-805-5536 Office 717-737-8586 FAX 717-737-0290 Confidential e-mail for addressee only. Access to this e-mail by anyone else is unauthorized. If you have received this message in error, please notify the sender immediately by reply e-mail and destroy the original communication. 1 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49015t=48979 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: A BGP questiion. [7:49013]
Hi Paul, What you mean by change? Assuming that an UPDATE is sent, and everything going smoothly - will keep the TCP session alive. Receipt of a Notification as a result of what may happen during and after the neighbor's 'change' will disconnect the tcp session with the peer. HTH, Mark. -Original Message- From: Casey, Paul (6822) [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 17 July 2002 9:21 PM To: [EMAIL PROTECTED] Subject: A BGP questiion. [7:49013] Can anyone help me with this. How do you configure a router, so that when its neighbours make a BGP change, the BGP change will take effect without resetting the BGP TCP session. Kind regards, Paul. This E-mail is from O2. The E-mail and any files transmitted with it are confidential and may also be privileged and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised direct or indirect dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received the E-mail in error please notify [EMAIL PROTECTED] or telephone ++ 353 1 6095000. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49016t=49013 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: A BGP questiion. [7:49013]
Router config# neighbor {ip-address | peer-group-name} soft-reconfiguration inbound JR Casey, Paul (6822) wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Can anyone help me with this. How do you configure a router, so that when its neighbours make a BGP change, the BGP change will take effect without resetting the BGP TCP session. Kind regards, Paul. This E-mail is from O2. The E-mail and any files transmitted with it are confidential and may also be privileged and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised direct or indirect dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received the E-mail in error please notify [EMAIL PROTECTED] or telephone ++ 353 1 6095000. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49017t=49013 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: blocking spam with cisco routers [7:48971]
GEORGE wrote: Hi all I have a question ,I configured my e-mail server to only accept local e-mail, and deny other relay , however im still vulnerable to spam. My question is how do the ips block other e-mail going to their smtp Do they do it by access-list? Allowing only the local network with port 25? Or just the e-mail server? If cisco routers have to be involved does anyone have some links. Im behind a pix and would like to allow only my network to use smtp. Network layer filtering can't really do much to prevent relaying; it has to be done in the SMTP application. The techniques that I'm familiar with include: 1) Disallow mail sent to non-local (different domain) addresses unless the SMTP source is within the local domain, as resolved in a reverse DNS. This is simple but prevents one from sourcing mail while traveling, using a different ISP, at work, etc. 2) Same as #1 but require U/P authentication for outgoing mail. 3) Same as #1 but indirectly authenticate by correlating an outgoing mail connection with a recent successful POP3 fetch, which naturally requires a U/P. My DSL ISP, Speakeasy, does this and it works quite well. If you attempt outbound mail without having done a POP fetch in the last several minutes, an error message tells you that you must do that first. And BTW, none of these reduce spam, only the relaying of it! Marty Adkins Email: [EMAIL PROTECTED] Chesapeake NetCraftsmen, LLC o:410.757.3050, p:[EMAIL PROTECTED] 1290 Bay Dale Drive, Suite 312 http://www.netcraftsmen.NET Arnold, MD 21012-2325 Cisco CCIE #1289 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49018t=48971 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT Q. SSL Accelerators [7:49020]
Hey all, kinda off topic but wanted to throw it out there and see what info I could gleen. My company is looking into a SSL Accelerator for use with a Lotus web client. Anyone have any recommendations, horror stories, etc? Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49020t=49020 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AS5300 Mica modems [7:49010]
The Micas don't beep. Dave Reza wrote: Hi Group I'm setting up a new Cisco As5300 NAS . it has one 4 E1 Module and two mica 60 digital modem modules. every thing is OK but when I dial-up to it , there is not any beep from the modems . I debuged the CAS , CSM on it , but I can't find the Problem 00:53:07: from Trunk(0): (0/8): Rx SEIZURE (ABCD=0001) 00:53:08: VDEV_ALLOCATE: 2/1 is allocated 00:53:08: 3.dsx0 call reset dnis_collected fap_notify 00:53:08: CSM_RX_CAS_EVENT_FROM_NEAT:(cid0008): EVENT_CALL_DIAL_IN at slot 2 and port 1 00:53:08: CSM_PROC_IDLE: CSM_EVENT_DSX0_CALL at slot 2, port 1 00:53:08: Mica Modem(2/1): Configure(0x1 = 0x0) 00:53:08: Mica Modem(2/1): Configure(0x23 = 0x2) 00:53:08: Mica Modem(2/1): Call Setup 00:53:08: csm_connect_pri_vdev: TS allocated at bp_stream 0, bp_Ch 7, vdev_common 0x61B93DC8 2/1 00:53:08: to NEAT:(cid0008) EVENT_CHANNEL_LOCK for slot0 ctlr0 chan8 00:53:08: Mica Modem(2/1): State Transition to Call Setup RM-NAS# 00:53:08: Mica Modem(2/1): Went offhook 00:53:08: CSM_PROC_IC2_RING: CSM_EVENT_MODEM_OFFHOOK at slot 2, port 1 00:53:08: cas_group=1, service=2 00:53:08: csm_res_response: service_type=0, fax_call=0, fap_notify=0 00:53:08: CSM_PROC_IC3_WAIT_FOR_RES_RESP: CSM_EVENT_RESOURCE_OK at slot 2, port 1 00:53:08: CSM_RX_CAS_EVENT_FROM_NEAT:(0008): EVENT_START_RX_TONE at slot 2 and port 1 00:53:08: from Trunk(0): (0/8): Tx SEIZURE_ACK (ABCD=1101) 00:53:08: CSM_RX_CAS_EVENT_FROM_NEAT:(0008): EVENT_CHANNEL_CONNECTED at slot 2 and port 1 00:53:08: CSM_PROC_IC6_WAIT_FOR_CONNECT: CSM_EVENT_DSX0_CONNECTED at slot 2, port 1 00:53:08: Mica Modem(2/1): Link Initiate 00:53:08: from Trunk(0): (0/8): Tx ANSWERED (ABCD=0101) 00:53:09: Mica Modem(2/1): State Transition to Connect 00:53:13: from Trunk(0): (0/8): Rx IDLE (ABCD=1001) 00:53:14: Mica Modem(2/1): State Transition to Link RM-NAS# RM-NAS# RM-NAS# RM-NAS# 00:53:15: from Trunk(0): (0/8): Tx IDLE (ABCD=1001) 00:53:15: CSM_RX_CAS_EVENT_FROM_NEAT:(0008): EVENT_CALL_IDLE at slot 2 port 1 cause 200 00:53:15: CSM_PROC_IC7_OC6_CONNECTED: CSM_EVENT_DSX0_DISCONNECTED at slot 2, port 1 00:53:15: Mica Modem(2/1): Link Terminate(0x6) 00:53:15: CSM(2/1): Enter csm_enter_disconnecting_state 00:53:15: VDEV_DEALLOCATE: slot 2 and port 1 is deallocated 00:53:15: Mica Modem(2/1): State Transition to Terminating 00:53:15: Mica Modem(2/1): State Transition to Idle 00:53:15: Mica Modem(2/1): Went onhook 00:53:15: CSM_PROC_IC8_OC8_DISCONNECTING: CSM_EVENT_MODEM_ONHOOK at slot 2, port 1 00:53:15: CSM(2/1): Enter csm_enter_idle_state 00:53:15: from Trunk(0): (0/9): Rx SEIZURE (ABCD=0001) 00:53:15: VDEV_ALLOCATE: 2/2 is allocated 00:53:15: 3.dsx0 call reset dnis_collected fap_notify 00:53:15: CSM_RX_CAS_EVENT_FROM_NEAT:(cid0009): EVENT_CALL_DIAL_IN at slot 2 and port 2 00:53:15: CSM_PROC_IDLE: CSM_EVENT_DSX0_CALL at slot 2, port 2 00:53:15: Mica Modem(2/2): Configure(0x1 = 0x0) 00:53:15: Mica Modem(2/2): Configure(0x23 = 0x2) 00:53:15: Mica Modem(2/2): Call Setup 00:53:15: csm_connect_pri_vdev: TS allocated at bp_stream 0, bp_Ch 8, vdev_common 0x61B95A30 2/2 00:53:15: to NEAT:(cid0009) EVENT_CHANNEL_LOCK for slot0 ctlr0 chan9 00:53:16: Mica Modem(2/2): State Transition to Call Setup 00:53:16: Mica Modem(2/2): Went offhook 00:53:16: CSM_PROC_IC2_RING: CSM_EVENT_MODEM_OFFHOOK at slot 2, port 2 00:53:16: cas_group=1, service=2 00:53:16: csm_res_response: service_type=0, fax_call=0, fap_notify=0 00:53:16: CSM_PROC_IC3_WAIT_FOR_RES_RESP: CSM_EVENT_RESOURCE_OK at slot 2, port 2 00:53:16: CSM_RX_CAS_EVENT_FROM_NEAT:(0009): EVENT_START_RX_TONE at slot 2 and port 2 00:53:16: from Trunk(0): (0/9): Tx SEIZURE_ACK (ABCD=1101) 00:53:16: CSM_RX_CAS_EVENT_FROM_NEAT:(0009): EVENT_CHANNEL_CONNECTED at slot 2 and port 2 00:53:16: CSM_PROC_IC6_WAIT_FOR_CONNECT: CSM_EVENT_DSX0_CONNECTED at slot 2, port 2 00:53:16: Mica Modem(2/2): Link Initiate 00:53:16: from Trunk(0): (0/9): Tx ANSWERED (ABCD=0101) 00:53:17: Mica Modem(2/2): State Transition to Connect 00:53:22: Mica Modem(2/2): State Transition to Link 00:53:26: Mica Modem(2/2): State Transition to Trainup 00:53:34: Mica Modem(2/2): State Transition to Terminating 00:53:34: Mica Modem(2/2): State Transition to Idle 00:53:34: Mica Modem(2/2): Went onhook 00:53:34: CSM_PROC_IC7_OC6_CONNECTED: CSM_EVENT_MODEM_ONHOOK at slot 2, port 2 00:53:34: CSM(2/2): Enter csm_enter_idle_state 00:53:34: VDEV_DEALLOCATE: slot 2 and port 2 is deallocated 00:53:34: from Trunk(0): (0/9): Tx BWD_CLEAR (ABCD=1101) 00:53:41: from Trunk(0): (0/9): Rx IDLE (ABCD=1001) 00:53:43: from Trunk(0): (0/9): Tx IDLE (ABCD=1001) here is my running config : spe 1/0 2/9 firmware location flash:mica-modem-pw.2.9.2.0.bin ! controller E1 0 framing NO-CRC4 clock source line secondary 1 ds0-group 1 timeslots 1-15,17-31 type r2-digital cas-custom 1 description E1 Demodulator 1 ! controller E1 1 framing NO-CRC4
FW: PIX Design Considerations [7:48979]
I would say place an internal router behind the pix so I can route Your internal network, or vlans's that's the way we design it here -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jeffrey Reed Sent: Tuesday, July 16, 2002 7:19 PM To: [EMAIL PROTECTED] Subject: PIX Design Considerations [7:48979] Im still pretty green with PIX in general and was talking today about introducing a PIX into an existing network. The customer has a router (not controlled by them) that has three public class C subnets defined. They are not using VLANs, so the router has an interface and two sub-interfaces going into a switches network. We want to put the PIX in between the outside router and the LAN. I know this group has said several times the PIX is not a router. Do I need to have another router between the PIX and the LAN to perform routing between subnets? I assume the PIX will not facilitate routing between the internal subnets. Can you define multiple interfaces on the internal interface of the PIX if we didnt need to route between the internal VLANs? Any suggestions would be appreciated! Jeffrey Reed Classic Networking, Inc. Cell 717-805-5536 Office 717-737-8586 FAX 717-737-0290 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49022t=48979 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Design Considerations [7:48979]
I am not sure I would class a PIX as a router in the true sense of the word, yes it does route traffic from interface to interface but would I use it as a router, NO, it only supports ONE routing protocol RIP, that does not constitute a good router in my eyes. Now to the question, just reading the description (I may be mis-understanding the topology a bit) but it sounds like you have one router ethernet interface with subinterfaces with separate subnets going to a switch. I do not see how the switches are not running VLAN's and the interface must have ISL or 802.1q. Or you don't have subinterfaces but secondary addresses. The PIX does not support subinterfaces or secondary addressing on any interfaces, so in this case you would require a router. Doug -Original Message- From: Richard Tufaro [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 7:47 AM To: [EMAIL PROTECTED] Subject: Re: PIX Design Considerations [7:48979] Why don't people get the notion that a Firewall is essentially a router. PIX = Firewall = Router... Firewall = Router. It ROUTES Jeffrey Reed 07/16 8:19 PM I?m still pretty green with PIX in general and was talking today about introducing a PIX into an existing network. The customer has a router (not controlled by them) that has three public class C subnets defined. They are not using VLANs, so the router has an interface and two sub-interfaces going into a switches network. We want to put the PIX in between the outside router and the LAN. I know this group has said several times the PIX is not a router. Do I need to have another router between the PIX and the LAN to perform routing between subnets? I assume the PIX will not facilitate routing between the internal subnets. Can you define multiple interfaces on the internal interface of the PIX if we didn?t need to route between the internal VLANs? Any suggestions would be appreciated! Jeffrey Reed Classic Networking, Inc. Cell 717-805-5536 Office 717-737-8586 FAX 717-737-0290 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49023t=48979 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: blocking spam with cisco routers [7:48971]
George, Priscilla brings up a good point in that this will not be easy. The most important issue here is as Priscilla pointed out, is going to revolve around the architecture of your networks or the network you use for connectivity(to the rest of the world). Some other questions that may apply are very specific to your email services. If you have your own domain and don't relay any mail for specific purposes, then this will help, however mail directly address to your domain's users will be delivered. The problem here is how do you determine who is allowed to send you email. This is somewhat of an impossible task because there's no real way of identifying your SMTP-specific Community of Interest (COI). The reason being that smtp(tcp) connections are made from any server-to-server(your server) for the delivery of mail. I'm sure your smtp requirements are much like the typical domain, in which filtering inbound mail falls outside the area of the routed network. It's one thing to filter a specific hosts or number of host to prevent the spread of a new virus. This would still only be accomplished through monitoring of existing smtp traffic flows, in which you could address the issue by resolving the source of the infected mail traffic. Again, the traffic is only identified based on a criteria which can now be tracked or filtered. Where I'm going with this is that the only effective way of containing spam is by identifying who is sending it and most importantly what subject lines are being used in the SPAM email received. This is important because you might not want to block or filter all mail inbound from hotmail.com so finding another way to identify the spam is very important. I'm not sure of the flexibility of Micro$oft's exchange to filter mail based on subject lines but, I know that sendmail(the best mail server) through the use of the cf file can aide in this process. There is assistance in the form of various programs that does do this type of filtering, however the need to providing the rules for the filter still falls within the area of monitoring and prevention Currently, we use Solaris on all of our mail servers(16 of them). We do relay mail for all or most of our users and with some scripting and MySql was able compile a database of the domains and subject lines of typical spam specific emails. All inbound email is processed through this script which will tag the spam email and forwards it into a separate mail server queue for profiling(to check the validity), before being forwarded to the user. We have just begun to use a program called SPAM Assassin which uses our daily updated list of spammers and subject lines. HTH Nigel P.S. Please note the use of Howard-isms in this email..:- - Original Message - From: Priscilla Oppenheimer To: Sent: Tuesday, July 16, 2002 10:50 PM Subject: Re: blocking spam with cisco routers [7:48971] Brad Ellis wrote: Yup, use an access list filtering IPs on port 25 (only allow yours through) Yes, but, other SMTP servers for legitimate reasons are also going to be opening TCP sessions to port 25 because they have e-mail to send to your users. It's not as easy as it sounds. I guess it depends on the ISP's network architecture too. We have a challenge where I work in that our users are on cable modems that connect to the cable provider (which isn't technically us). Their e-mail requests come into our network on the same interface that all Internet traffic comes in on. Priscilla thanks, -Brad Ellis CCIE#5796 (RS / Security) [EMAIL PROTECTED] Cisco home labs: www.optsys.net GEORGE wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all I have a question ,I configured my e-mail server to only accept local e-mail, and deny other relay , however im still vulnerable to spam. My question is how do the ips block other e-mail going to their smtp Do they do it by access-list? Allowing only the local network with port 25? Or just the e-mail server? If cisco routers have to be involved does anyone have some links. Im behind a pix and would like to allow only my network to use smtp. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48994t=48971 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Please help me with my new baby(Pix 501) [7:48760]
conduit permit icmp any any -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Juan Blanco Sent: Sunday, July 14, 2002 9:24 AM To: [EMAIL PROTECTED] Subject: Please help me with my new baby(Pix 501) [7:48760] Team, I just got my new baby Pix 501 (wow...how small it is, it looks like a toy)Below is my configuration, my problem is that Pat does not seems to be able to work, I have cable-modem and they only provided one ip, I am able to ping from the firewall to any pc on my LAN, I am able to ping from the firewall to any ip on the Internet but I am not able to ping from any PC on my LAN to any ip on the Internet, Be aware that this id the first time I am using a Cisco Firewall, This morning I got the book Cisco Secure PIX Firewall. Your help is very appreciated as always...Another question, The ios on this baby is the same on the high end firewalls, If I am able to learn as much as my brain can take will I be able to configure a high-end pix and feel comfortable. Thanks, (What I am doing wrong..) JB pixfirewall# show config : Saved : PIX Version 6.1(1) nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password MTz0ptrM4U8gsjGv encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names pager lines 24 interface ethernet0 10baset interface ethernet1 10full mtu outside 1500 mtu inside 1500 ip address outside dhcp setroute ip address inside 192.168.74.11 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 0 0 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius http server enable http 192.168.74.11 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable no sysopt route dnat telnet timeout 5 ssh timeout 5 dhcpd auto_config outside terminal width 80 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49024t=48760 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
boson Router Simulator ..Verdict [7:49004]
Ladies Gents, I am considering buying Boson's Router Simulator! I would be grateful if anyone out there that has used it can give a feedback on what they think about the software! I am CCNP, I just need something on my laptop I can used to try thing out. Thanks for your anticipated help Kerry Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49004t=49004 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Design Considerations [7:48979]
Hi Richard, The simple answer to your question is yes you need a seperate router outside the pix. Leave your internal router alone and just add a default route pointing at the pix interface . He doesn't necessarily have to be using VLANS as long as all the subnets is routing for are on the same lan segment than the router just routes between ip networks on the same wire. The router you add to the scenario would be on the outside of the pix, and would usually be connected to the internet via a serial line, or possibly another untrusted network. This router than becomes the default route for the pix itself. You need to add a route inside command on the pix to route to the other subnets hanging off your internal router. You are correct, the pix performs some routing funtions but is not a fully functional router - so you can't have things like secondary ip's on a pix interface, therefor you need a device behind the pix that can route between your internal networks. outside router--pix--internalrouterip-segment |-second-ip segment |third-ip segment hope this helps, C -Original Message- From: Robertson, Douglas [mailto:[EMAIL PROTECTED]] Sent: 17 July 2002 15:50 To: [EMAIL PROTECTED] Subject: RE: PIX Design Considerations [7:48979] I am not sure I would class a PIX as a router in the true sense of the word, yes it does route traffic from interface to interface but would I use it as a router, NO, it only supports ONE routing protocol RIP, that does not constitute a good router in my eyes. Now to the question, just reading the description (I may be mis-understanding the topology a bit) but it sounds like you have one router ethernet interface with subinterfaces with separate subnets going to a switch. I do not see how the switches are not running VLAN's and the interface must have ISL or 802.1q. Or you don't have subinterfaces but secondary addresses. The PIX does not support subinterfaces or secondary addressing on any interfaces, so in this case you would require a router. Doug -Original Message- From: Richard Tufaro [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 7:47 AM To: [EMAIL PROTECTED] Subject: Re: PIX Design Considerations [7:48979] Why don't people get the notion that a Firewall is essentially a router. PIX = Firewall = Router... Firewall = Router. It ROUTES Jeffrey Reed 07/16 8:19 PM I?m still pretty green with PIX in general and was talking today about introducing a PIX into an existing network. The customer has a router (not controlled by them) that has three public class C subnets defined. They are not using VLANs, so the router has an interface and two sub-interfaces going into a switches network. We want to put the PIX in between the outside router and the LAN. I know this group has said several times the PIX is not a router. Do I need to have another router between the PIX and the LAN to perform routing between subnets? I assume the PIX will not facilitate routing between the internal subnets. Can you define multiple interfaces on the internal interface of the PIX if we didn?t need to route between the internal VLANs? Any suggestions would be appreciated! Jeffrey Reed Classic Networking, Inc. Cell 717-805-5536 Office 717-737-8586 FAX 717-737-0290 ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. For more information contact [EMAIL PROTECTED] phone + 353 1 4093000 fax + 353 1 4093001 ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49025t=48979 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Design Considerations [7:48979]
This is actually a little of topic now but it raised a question for me, how do you add subinterfaces to a ethernet interface without enabling ISL/802.1q from my experience the router does not permit this and requires that you first enable ISL/802.1q. If you have ISL/802.1q you must have VLANs. Unless you are using secondary addresses and not subinterfaces. Doug -Original Message- From: Ciaron Gogarty [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 11:18 AM To: Robertson, Douglas; [EMAIL PROTECTED] Subject: RE: PIX Design Considerations [7:48979] Hi Richard, The simple answer to your question is yes you need a seperate router outside the pix. Leave your internal router alone and just add a default route pointing at the pix interface . He doesn't necessarily have to be using VLANS as long as all the subnets is routing for are on the same lan segment than the router just routes between ip networks on the same wire. The router you add to the scenario would be on the outside of the pix, and would usually be connected to the internet via a serial line, or possibly another untrusted network. This router than becomes the default route for the pix itself. You need to add a route inside command on the pix to route to the other subnets hanging off your internal router. You are correct, the pix performs some routing funtions but is not a fully functional router - so you can't have things like secondary ip's on a pix interface, therefor you need a device behind the pix that can route between your internal networks. outside router--pix--internalrouterip-segment |-second-ip segment |third-ip segment hope this helps, C -Original Message- From: Robertson, Douglas [mailto:[EMAIL PROTECTED]] Sent: 17 July 2002 15:50 To: [EMAIL PROTECTED] Subject: RE: PIX Design Considerations [7:48979] I am not sure I would class a PIX as a router in the true sense of the word, yes it does route traffic from interface to interface but would I use it as a router, NO, it only supports ONE routing protocol RIP, that does not constitute a good router in my eyes. Now to the question, just reading the description (I may be mis-understanding the topology a bit) but it sounds like you have one router ethernet interface with subinterfaces with separate subnets going to a switch. I do not see how the switches are not running VLAN's and the interface must have ISL or 802.1q. Or you don't have subinterfaces but secondary addresses. The PIX does not support subinterfaces or secondary addressing on any interfaces, so in this case you would require a router. Doug -Original Message- From: Richard Tufaro [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 7:47 AM To: [EMAIL PROTECTED] Subject: Re: PIX Design Considerations [7:48979] Why don't people get the notion that a Firewall is essentially a router. PIX = Firewall = Router... Firewall = Router. It ROUTES Jeffrey Reed 07/16 8:19 PM I?m still pretty green with PIX in general and was talking today about introducing a PIX into an existing network. The customer has a router (not controlled by them) that has three public class C subnets defined. They are not using VLANs, so the router has an interface and two sub-interfaces going into a switches network. We want to put the PIX in between the outside router and the LAN. I know this group has said several times the PIX is not a router. Do I need to have another router between the PIX and the LAN to perform routing between subnets? I assume the PIX will not facilitate routing between the internal subnets. Can you define multiple interfaces on the internal interface of the PIX if we didn?t need to route between the internal VLANs? Any suggestions would be appreciated! Jeffrey Reed Classic Networking, Inc. Cell 717-805-5536 Office 717-737-8586 FAX 717-737-0290 ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. For more information contact [EMAIL PROTECTED] phone + 353 1 4093000 fax + 353 1 4093001 ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49027t=48979 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Design Considerations [7:48979]
Can you do a dot1q trunk into a PIX? Jeffrey Reed Classic Networking, Inc. Cell 717-805-5536 Office 717-737-8586 FAX 717-737-0290 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 10:43 AM To: [EMAIL PROTECTED] Subject: FW: PIX Design Considerations [7:48979] I would say place an internal router behind the pix so I can route Your internal network, or vlans's that's the way we design it here -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jeffrey Reed Sent: Tuesday, July 16, 2002 7:19 PM To: [EMAIL PROTECTED] Subject: PIX Design Considerations [7:48979] Im still pretty green with PIX in general and was talking today about introducing a PIX into an existing network. The customer has a router (not controlled by them) that has three public class C subnets defined. They are not using VLANs, so the router has an interface and two sub-interfaces going into a switches network. We want to put the PIX in between the outside router and the LAN. I know this group has said several times the PIX is not a router. Do I need to have another router between the PIX and the LAN to perform routing between subnets? I assume the PIX will not facilitate routing between the internal subnets. Can you define multiple interfaces on the internal interface of the PIX if we didnt need to route between the internal VLANs? Any suggestions would be appreciated! Jeffrey Reed Classic Networking, Inc. Cell 717-805-5536 Office 717-737-8586 FAX 717-737-0290 Confidential e-mail for addressee only. Access to this e-mail by anyone else is unauthorized. If you have received this message in error, please notify the sender immediately by reply e-mail and destroy the original communication. 1 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49026t=48979 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BSCI [7:49028]
Hello, Anyone taken the latest BSCI exam ?Heard that it has simulations,Any idea about that ? Does anyone knows the passing score of this ? Kind Regards /Thangavel 186K Reading,Brkshire Direct No -0118 9064259 Mobile No -07796292416 Post code: RG16LH www.186k.co.uk -- The greatest glory in living lies not in never falling, but in rising every time we fall . -- Nelson Mandela ** This e-mail is from 186k Ltd and is intended only for the addressee named above. As this e-mail may contain confidential or priveleged information, if you are not the named addressee or the person responsible for delivering the message to the named addressee, please advise the sender by return e-mail. The contents should not be disclosed to any other person nor copies taken. 186k Ltd is a Lattice Group company, registered in England Wales No. 3751494 Registered Office 130 Jermyn Street London SW1Y 4UR ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49028t=49028 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Design Considerations [7:48979]
Sorry, I meant secondary interfaces... but you answered the question. Thanks!! Jeffrey Reed Classic Networking, Inc. Cell 717-805-5536 Office 717-737-8586 FAX 717-737-0290 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Robertson, Douglas Sent: Wednesday, July 17, 2002 10:50 AM To: [EMAIL PROTECTED] Subject: RE: PIX Design Considerations [7:48979] I am not sure I would class a PIX as a router in the true sense of the word, yes it does route traffic from interface to interface but would I use it as a router, NO, it only supports ONE routing protocol RIP, that does not constitute a good router in my eyes. Now to the question, just reading the description (I may be mis-understanding the topology a bit) but it sounds like you have one router ethernet interface with subinterfaces with separate subnets going to a switch. I do not see how the switches are not running VLAN's and the interface must have ISL or 802.1q. Or you don't have subinterfaces but secondary addresses. The PIX does not support subinterfaces or secondary addressing on any interfaces, so in this case you would require a router. Doug -Original Message- From: Richard Tufaro [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 7:47 AM To: [EMAIL PROTECTED] Subject: Re: PIX Design Considerations [7:48979] Why don't people get the notion that a Firewall is essentially a router. PIX = Firewall = Router... Firewall = Router. It ROUTES Jeffrey Reed 07/16 8:19 PM I?m still pretty green with PIX in general and was talking today about introducing a PIX into an existing network. The customer has a router (not controlled by them) that has three public class C subnets defined. They are not using VLANs, so the router has an interface and two sub-interfaces going into a switches network. We want to put the PIX in between the outside router and the LAN. I know this group has said several times the PIX is not a router. Do I need to have another router between the PIX and the LAN to perform routing between subnets? I assume the PIX will not facilitate routing between the internal subnets. Can you define multiple interfaces on the internal interface of the PIX if we didn?t need to route between the internal VLANs? Any suggestions would be appreciated! Jeffrey Reed Classic Networking, Inc. Cell 717-805-5536 Office 717-737-8586 FAX 717-737-0290 Confidential e-mail for addressee only. Access to this e-mail by anyone else is unauthorized. If you have received this message in error, please notify the sender immediately by reply e-mail and destroy the original communication. 1 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49029t=48979 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
nbar [7:49030]
Is nbar supported on layer 3 switches? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49030t=49030 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TCP timeout question [7:48934]
By default, most OS's will keep the sockets open. When you created a socket, you can include the SO_KEEPALIVE option. This will keep the socket open for tcp_keepalive_interval value of the OS, the defult is 2 hours on microsoft and Solaris sysems. If you do not use this socket options they will stay open forever theoretically unless the OS does some type of housekeeping that closes old/stale file descriptors or something similiar since a socket is simply a file descriptor. This keepalive in the OS is configurable through ndd command in solaris or through the registry in Windows. Thanks everyone for the info. sam sneed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Lets say we have host A 22.12.12.12 and host B 99.99.99.99. Host B is a server listening on port 3055. Host A connects to the server B and sends data. Now neither host A or B send anything to each other for 1 hour. Is the connection still there? Is there a timeout for the connection? I do not see anything in the RFC's about keepalives for TCP connections, so how would Host B know the difference between host A not sneding data for a long time or host A crashes? If I unplug the power on host A while the TCP connection is up and leave it unplugged for a week and will the server still have the the connection in its tables when I do a netstat -an? I doubt it, so I figure the server must have its own timeout on idle connections? Anyone known any real values for these timeouts for various OS's? Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49032t=48934 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Voice of IP / Frame-Relay and remote labs [7:48947]
Manish, I think you have solved my problem ...Thanks also to Steven, Priscilla, Tangled up in Blue, Brad and Bernard; I will try your suggestions to. Pierre-Alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49031t=48947 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Design Considerations [7:48979]
Not yet, hopefully soon. The only Firewall hardware platform that I'm aware of that supports it is the Nokia with Checkpoint. -Original Message- From: Jeffrey Reed [mailto:[EMAIL PROTECTED]] Sent: 17 July 2002 16:33 To: [EMAIL PROTECTED] Subject: RE: PIX Design Considerations [7:48979] Can you do a dot1q trunk into a PIX? Jeffrey Reed Classic Networking, Inc. Cell 717-805-5536 Office 717-737-8586 FAX 717-737-0290 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 10:43 AM To: [EMAIL PROTECTED] Subject: FW: PIX Design Considerations [7:48979] I would say place an internal router behind the pix so I can route Your internal network, or vlans's that's the way we design it here -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jeffrey Reed Sent: Tuesday, July 16, 2002 7:19 PM To: [EMAIL PROTECTED] Subject: PIX Design Considerations [7:48979] Im still pretty green with PIX in general and was talking today about introducing a PIX into an existing network. The customer has a router (not controlled by them) that has three public class C subnets defined. They are not using VLANs, so the router has an interface and two sub-interfaces going into a switches network. We want to put the PIX in between the outside router and the LAN. I know this group has said several times the PIX is not a router. Do I need to have another router between the PIX and the LAN to perform routing between subnets? I assume the PIX will not facilitate routing between the internal subnets. Can you define multiple interfaces on the internal interface of the PIX if we didnt need to route between the internal VLANs? Any suggestions would be appreciated! Jeffrey Reed Classic Networking, Inc. Cell 717-805-5536 Office 717-737-8586 FAX 717-737-0290 Confidential e-mail for addressee only. Access to this e-mail by anyone else is unauthorized. If you have received this message in error, please notify the sender immediately by reply e-mail and destroy the original communication. 1 ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. For more information contact [EMAIL PROTECTED] phone + 353 1 4093000 fax + 353 1 4093001 ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49033t=48979 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN with Cisco 806 [7:49034]
Hi Everyone, VPN Question: I have a client with 16 small locations ( 2-8 nodes per location ) that may want to access a Windows Terminal Server at a central site in the future to run thier database app. Not all the locations have broadband internet access...although they will within a year or two. The speed of the broadband is on average around 400-500Kbps ( with the exception of the dial-up ). Will a Cisco 806 at the central site and a mix of software VPN clients and 806 routers at the remote sites work? Or would an 806 not be able to keep up on the performance side? Any suggestions? -- Dain Deutschman CNA, MCP, CCNA Data Communications Manager Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49034t=49034 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Bridging LANs over VPN [7:49035]
Hi All, Does anybody know of a way to setup VPN to bridge traffic between two LANs using a Cisco router and either a VPN client or something else? I only have one Cisco router and the other end can be anything. I tried setting up IPSEC over VPN under Cisco IOS and it works but it doesn't bridge traffic. Any ideas or advice? Thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49035t=49035 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco VPN client and dial-up [7:49036]
Hi guy's ... If I dial-up to an ISP .. get a connection .. then activate the Cisco VPN client 3.1 .. I get a secure VPN connection ... However, if I set the VPN client to dial the ISP automatically then create a secure VPN connection .. I fail to get connected nad get a connection to ISP error !!! I am waiting for a newer Cisco VPN client Has anyone experienced this connectivity issue Regards Paul ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49036t=49036 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AS5300 Mica modems [7:49010]
That's what I was thinking (and about to reply with) but I wasn't for sure if there wasn't some option to turn on some sound capability. But now that I'm thinking about it, you can look at those MICA SIMMS and there is clearly no speaker on them =) Mike W. MADMAN wrote: The Micas don't beep. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49037t=49010 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: bandwidth question [7:49002]
birdy wrote: Can anyone tell me why I have 2 Mbps WAN connection that reached 95 % utilisation during peak time. For how long was it at 95%? That would definitely worry me, unless it turned out that the peak was just a few seconds or something. When I try to ping to my provider serial interface(next hop),it register 10% packet loss My router serial interface is showing 1.9Mbps (incoming traffic). Since the router is receiving 1.9 Mbps out of the 2M pipe,which means that there is still a balance of 0.1 Mbps (100 k) and so therotically speaking, there should not be any packet loss. Pings may not be a good way to measure packet loss because the provider may rate limit its responses to pings. But even if that's not the case, there could be packet loss when the average utilization was 95%. Over how much time was the average calculated? There could have been times when the utilization was 50% and there could have been times (like right when you were sending the pings) when the utilization was 100% and packets had to get dropped. That could still work out to an average of 95%. I think is time for me to upgrade my bandwidth That could be true, but you may want to do a more detailed study over a longer timeframe, (unless users are already making a stink). Good luck. Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49038t=49002 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2 T1's to our provider [7:49039]
We are upgrading to 2 T1's to our provider, Fractional DS3 is prohibitively expensive in our rural area. Has anyone done any speed comparisons on using round robin style static routes (i.e. 2 default routes w/ same cost) versus EIGRP's load balanceing versus running MLPPP on the Serial interfaces? We're currently using a 2621 but are open to bigger routers. Kevin Hunt CCNP, MCSE, MCT, Linux+ SME Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49039t=49039 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: blocking spam with cisco routers [7:48971]
I wouldn't even think of using a router for this purpose unless you are only using smtp mail between your own sites and don't want outside email f/ anywhere. We run spamassasin (www.spamassasin.org) on our mail server and it cuts out 80-90% of our SPAM. Kevin Hunt CCNP, MCSE, MCT, Linux+ SME - Original Message - From: Marty Adkins To: Sent: Wednesday, July 17, 2002 8:01 AM Subject: Re: blocking spam with cisco routers [7:48971] GEORGE wrote: Hi all I have a question ,I configured my e-mail server to only accept local e-mail, and deny other relay , however im still vulnerable to spam. My question is how do the ips block other e-mail going to their smtp Do they do it by access-list? Allowing only the local network with port 25? Or just the e-mail server? If cisco routers have to be involved does anyone have some links. Im behind a pix and would like to allow only my network to use smtp. Network layer filtering can't really do much to prevent relaying; it has to be done in the SMTP application. The techniques that I'm familiar with include: 1) Disallow mail sent to non-local (different domain) addresses unless the SMTP source is within the local domain, as resolved in a reverse DNS. This is simple but prevents one from sourcing mail while traveling, using a different ISP, at work, etc. 2) Same as #1 but require U/P authentication for outgoing mail. 3) Same as #1 but indirectly authenticate by correlating an outgoing mail connection with a recent successful POP3 fetch, which naturally requires a U/P. My DSL ISP, Speakeasy, does this and it works quite well. If you attempt outbound mail without having done a POP fetch in the last several minutes, an error message tells you that you must do that first. And BTW, none of these reduce spam, only the relaying of it! Marty Adkins Email: [EMAIL PROTECTED] Chesapeake NetCraftsmen, LLC o:410.757.3050, p:[EMAIL PROTECTED] 1290 Bay Dale Drive, Suite 312 http://www.netcraftsmen.NET Arnold, MD 21012-2325 Cisco CCIE #1289 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49040t=48971 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VOIP with 2600 Router [7:48709]
I'm not sure. I think I found the answer. I didn't understand the two stage dialling which I think I do now. The voip dial peer sends all digits whereas the pots dial peer strips the matched digits. The destination pattern for an operator (dial 0) on a remote site would be something like: dial-peer voice 1 voip destination-pattern 70 session target ipv4:1.1.1.1 Then at the remote site the corresponding pattern would be: dial-peer voice 1 pots destination-pattern 7. port 2/1 Is this correct? i.e. would this allow users to dial 70 for the remote operator as well as dialled numbers such as 7201 as long as there is also a dial-peer like this on the remote site: dial-peer voice 2 pots destination-pattern 7... port 2/1 I'm just trying to confirm whether the first dial peer would intercept the longer string and throw the other two digits away. Thanks, Gaz Steven A. Ridder wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm not sure I understand the question. If the question is, if there's a number 335, and I tell the router 355 is over on a different router, is that a valid dial-peer (355). If that's the question, yes it is. Did I understand the question correctly? Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... On a similar subject - Is it possible to use a destination-pattern of for instance 70 (no wild cards or anything) and still get it to work. The reason for this is to allow users to phone the operator of another site using just the trunk code and a 0. As it is the router comes back with something like 'no number to dial' even when used with prefix 70, because there is nothing except the destination-pattern. Basically the destination-pattern needs to be the full number. Hope I've explained myself well enough. Please excuse the VoIP newbie. Gaz Steven A. Ridder wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'd do some dubugs like debug voice ccapi inout to see what numbers are being sent to the PBX and across the IP call leg (on both sides). I'd also try to validate your dialing plan by doing a show dialplan number (DN you wish to test) to see whci dial-peer the router thinks it should be using. Finally check for codec mismatches, missing routes in the routing table etc.. Firesox wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Site A voice-card 1 ! ip subnet-zero no ip source-route no ip finger ! lane client flush ! ! controller T1 1/0 framing esf linecode b8zs ds0-group 1 timeslots 1-24 type em-wink-start cas-custom 1 ! ! voice-port 1/0:1 operation 4-wire ! ! dial-peer voice 1 pots destination-pattern 370.. port 1/0:1 prefix 370 ! dial-peer voice 10 voip destination-pattern 79.. session target ipv4:1.1.1.2 ! dial-peer voice 2 pots destination-pattern 374.. port 1/0:1 prefix 374 ! ! interface FastEthernet0/0 bandwidth 1 ip address x.x.x.x x.x.x.x speed 10 full-duplex ! interface Serial0/0 bandwidth 1536 ip address 2.2.2.2 255.255.255.252 no fair-queue down-when-looped ! ip classless ip route 0.0.0.0 0.0.0.0 Serial0/0 Site B voice-card 1 ! ip subnet-zero no ip source-route ! lane client flush ! ! controller T1 1/0 framing esf linecode b8zs ds0-group 1 timeslots 1-24 type em-wink-start cas-custom 1 ! ! voice-port 1/0:1 operation 4-wire ! ! dial-peer voice 1 pots destination-pattern 79.. port 1/0:1 prefix 79 ! dial-peer voice 10 voip destination-pattern 370.. session target ipv4:2.2.2.2 ! dial-peer voice 11 voip destination-pattern 374.. session target ipv4:2.2.2.2 ! ! interface FastEthernet0/0 ip address x.x.x.x x.x.x.x duplex auto speed auto ! interface Serial0/0 bandwidth 1544 ip address 1.1.1.2 255.255.255.252 no ip mroute-cache no fair-queue ! ip classless ip route 0.0.0.0 0.0.0.0 1.1.1.1 no ip http server Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49041t=48709 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: management platforms [7:49042]
Guys, I'm trying to justify why I don't want a single management platform for all our servers, as well as our routers and switches. We are 2 distinct group with no cross-functionality between the Wan group and the Server group. Our Server guys are trying to purchase OpenView to manage it all, but we already have a fully functional CW2K installation And don't see the advantages of using OpenView. I'm looking for all of your experiences and recommendations for and against a single platform. We use CW2K,Solarwinds and What's Up currently to manage and report on up/down and utilization.. Thanks Larry Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49042t=49042 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
mpls vis a vis the routing switching track [7:49048]
based on the url above, can i understand that after token, igrp token over dlsw will no longer be on the routing switching exam after october, that mpls will NOT become part of the routing switching track, since it has already been classified as part of the communications services track? Timur Mirza Principal Network Engineer Network Planning Engineering, West Region 15505-B Sand Canyon Avenue Irvine, California 92618 Verizon Wireless 949.286.6623 (o) 949.697.7964 (c) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49048t=49048 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: New Lab Format [7:48731]
I personally had a Nov 4th lab date and was able to swap to a Oct 24th date a couple of weeks ago. My thinking was that if they are getting rid of IPX and token switch stuff(fairly easy), that content will be replaced by other areas, not neccesarily the 3550 switch. I was totally geared up to take a test that had token ring and IPX in it and have been preparing for that since Jan. To throw out all of the study effort was painful and I didn't want to conquer new ground right now. I still need some more work on ATM, VOIP and BGP but everything else is pretty good. One good thing is that I am taking Caslow's class in Sept and he will be covering both the pre Nov 4th material and post Nov 4th material. This way if I am one of the 85% taking it over I will know what else to cover. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49049t=48731 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Broadcasting and the all ones subnet [7:48996]
Wesley wrote: So there isn't a broadcast address for all /27 subnets? I don't think sending to all subnets of a network is something that IP ever defined. I basically understand that the last address of each subnet is reserved for subnet broadcast. I was just wondering if the broadcasting architecture allowed for all subnets to be broadcasted at once. And Mark, since you are the only one replying mind if you check out the CCO link in the original I hope Mark will answer too, but since we're the only ones talking now, I'll jump in. ;-) post and tell me your views on the issues that I have highlighted. I'll provide the link again http://www.cisco.com/warp/public/105/40.html I think the main thing to realize about the article is that it's a very strange case. Notice that the Asynch routers have a bunch of host-specific routes (/32). And then their E0's are configured with a /24 subnet mask, even though they probably should really be /26 to fit the network design. And then to make the problem happen they had to have a host misconfigured for /24 also and have it send a NetBIOS (or other) broadcast to x.x.x.255. I suggest that you set up a more normal situation in your lab and see if you can get the problem to happen. Perhaps TAC ran into a problem matching the scenario they describe. But is the problem reproducible under more normal condistions? (Perhaps TAC just made up the scenario too!? There are parts of it that aren't too believable. ;-) Please see a few more comments below. snip I was going thru this article about the effect of using the all ones subnet. There are somethings that I'm still confused about. The link is http://www.cisco.com/warp/public/105/40.html 1. In the first example, when host 195.1.1.24 sends a local broadcast to 195.1.1.255, will hosts attached to router 2's async lines receive the broadcast? No, the asynch lines are using /32. 2. OK, its a directed broadcast and router 2 looks up its I don't think Router 2 thinks it's a directed broadcast. The destination address doesn't match any of the /32 host routes, so Router 2 sends the packet out the default route. routing table and forwards it out using the default route. Router 1 receives the packet. I believe the packet is forwarded out to all 192.1.1.x/26 subnets, right? No, not all subnets. Router 1 has a specific route for subnet 192.1.1.192. (1100 in the last octet). If a packet comes into that subnet, it's supposed to go to Router 5. See the static route that points to Router 5 (195.1.2.5). Now, Router 1 should recognize that the incoming packet is a directed broadcast for subnet 192 and not forward it if no ip directed-broadcast is configured, which is the default these days. Will Router 1 forward the packet back to Router 2? I hope not No. 2a. Another way of looking at it is router 1 thinks that it is a broadcast only for subnet 195.1.1.192 and forwards it out only to router 5. That's my interpretation too. Hmmm I'm definitely confused 3. Router 5 receives the packet from router 1. How will it interpret the packet? I'm guessing that the router sees it as a directed broadcast Router 5, like Router 2, has a bunch of /32 host routes. The incoming packet doesn't match any of those, so Router 5 sends it out the default route. and send it out via the default route. Is it normal that routers forward a packet out from an interface that it received on? Well, not too common, but it does happen sometimes. As in its received on e0 and forwarded out e0 as well 4. Once router 1 receives the packet from router 5, will it forward the packet out to all 192.1.1.x/26 subnets again or just to router 5. Just to Router 5 The article did not detail this part and just specified that it will bounce between routers 1 and 5. It also says that routers 2 thru 4 see the 'broadcast' only once. The way I see it , if all subnets receive the broadcast then routers 2 thru 4 should receive the packets as many times as router 5. I would appreciate all the help I can get. I know you gurus can help me out. Thanks!! Wes Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49050t=48996 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN with Cisco 806 [7:49034]
Why don't you elimated the software vpn clients and terminate a single vpn tunnel on the 806, perfromance will be alot better. The 806 should be fine in this scenario. Chris Dain Deutschman wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Everyone, VPN Question: I have a client with 16 small locations ( 2-8 nodes per location ) that may want to access a Windows Terminal Server at a central site in the future to run thier database app. Not all the locations have broadband internet access...although they will within a year or two. The speed of the broadband is on average around 400-500Kbps ( with the exception of the dial-up ). Will a Cisco 806 at the central site and a mix of software VPN clients and 806 routers at the remote sites work? Or would an 806 not be able to keep up on the performance side? Any suggestions? -- Dain Deutschman CNA, MCP, CCNA Data Communications Manager Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49051t=49034 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: boson Router Simulator ..Verdict [7:49004]
Don't waste your time. Get a couple of 2500 routers and serial crossover on EBAY. I got mine for around $450. The Boson won't do debugs and a lot of other things you need. You will want the equipment anyway when you go for the lab. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49047t=49004 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: blocking spam with cisco routers [7:48971]
You'll need a mail relay program like Worldsecure(now Tumbleweed) that searches the content of the message before relaying it to the internal e-mail server. As others have stated, other e-mail servers will open smtp connections to your mail server in order to send mail. Most spammers change IP addresses constantly to avoid being blocked by devices such as routers. - Original Message - From: Nigel Taylor To: Sent: Wednesday, July 17, 2002 10:22 AM Subject: Re: blocking spam with cisco routers [7:48971] George, Priscilla brings up a good point in that this will not be easy. The most important issue here is as Priscilla pointed out, is going to revolve around the architecture of your networks or the network you use for connectivity(to the rest of the world). Some other questions that may apply are very specific to your email services. If you have your own domain and don't relay any mail for specific purposes, then this will help, however mail directly address to your domain's users will be delivered. The problem here is how do you determine who is allowed to send you email. This is somewhat of an impossible task because there's no real way of identifying your SMTP-specific Community of Interest (COI). The reason being that smtp(tcp) connections are made from any server-to-server(your server) for the delivery of mail. I'm sure your smtp requirements are much like the typical domain, in which filtering inbound mail falls outside the area of the routed network. It's one thing to filter a specific hosts or number of host to prevent the spread of a new virus. This would still only be accomplished through monitoring of existing smtp traffic flows, in which you could address the issue by resolving the source of the infected mail traffic. Again, the traffic is only identified based on a criteria which can now be tracked or filtered. Where I'm going with this is that the only effective way of containing spam is by identifying who is sending it and most importantly what subject lines are being used in the SPAM email received. This is important because you might not want to block or filter all mail inbound from hotmail.com so finding another way to identify the spam is very important. I'm not sure of the flexibility of Micro$oft's exchange to filter mail based on subject lines but, I know that sendmail(the best mail server) through the use of the cf file can aide in this process. There is assistance in the form of various programs that does do this type of filtering, however the need to providing the rules for the filter still falls within the area of monitoring and prevention Currently, we use Solaris on all of our mail servers(16 of them). We do relay mail for all or most of our users and with some scripting and MySql was able compile a database of the domains and subject lines of typical spam specific emails. All inbound email is processed through this script which will tag the spam email and forwards it into a separate mail server queue for profiling(to check the validity), before being forwarded to the user. We have just begun to use a program called SPAM Assassin which uses our daily updated list of spammers and subject lines. HTH Nigel P.S. Please note the use of Howard-isms in this email..:- - Original Message - From: Priscilla Oppenheimer To: Sent: Tuesday, July 16, 2002 10:50 PM Subject: Re: blocking spam with cisco routers [7:48971] Brad Ellis wrote: Yup, use an access list filtering IPs on port 25 (only allow yours through) Yes, but, other SMTP servers for legitimate reasons are also going to be opening TCP sessions to port 25 because they have e-mail to send to your users. It's not as easy as it sounds. I guess it depends on the ISP's network architecture too. We have a challenge where I work in that our users are on cable modems that connect to the cable provider (which isn't technically us). Their e-mail requests come into our network on the same interface that all Internet traffic comes in on. Priscilla thanks, -Brad Ellis CCIE#5796 (RS / Security) [EMAIL PROTECTED] Cisco home labs: www.optsys.net GEORGE wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all I have a question ,I configured my e-mail server to only accept local e-mail, and deny other relay , however im still vulnerable to spam. My question is how do the ips block other e-mail going to their smtp Do they do it by access-list? Allowing only the local network with port 25? Or just the e-mail server? If cisco routers have to be involved does anyone have some links. Im behind a pix and would like to allow only my network to use smtp. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49044t=48971 -- FAQ, list archives, and
Re: 2 T1's to our provider [7:49039]
Just had something come up with a customer along these lines. Your provider may or may not do MPPP with customers. I believe SBCIS, for example, will not do it no way no how. So first thing, check with your provider as to what they are willing to do. Per packet load share on the 26xx platform may not perform very well. The customer I referred to complained to me that their network performance was LOTS faster with a single T1 than with per packet load share across 2 T-1s ( this is a frame network, and I don't recall the CIR's or other factors. No I did not design it. Someone else did. Now I have to fix it :- wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... We are upgrading to 2 T1's to our provider, Fractional DS3 is prohibitively expensive in our rural area. Has anyone done any speed comparisons on using round robin style static routes (i.e. 2 default routes w/ same cost) versus EIGRP's load balanceing versus running MLPPP on the Serial interfaces? We're currently using a 2621 but are open to bigger routers. Kevin Hunt CCNP, MCSE, MCT, Linux+ SME Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49056t=49039 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Off Topic - Whither IS-IS - Cisco's vision going forward [7:49057]
I have now seen and heard this from several sources within Cisco - IS-IS is not being considered in the L3 switches other than those we would call core I.e. the 4cxxx and the 3550-xx L3 switches do not support IS-IS, nor are there plans to do so on those boxes. Recognizing that things can always change, I'm wondering what might be the reason? Lack of customer interest? Recognition of IS-IS as a specialized protocol less suitable for normal enterprise type stuff? Chuck Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49057t=49057 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Control Break Sequence [7:4988]
Original question was to jobs list. DanC moved it to Groupstudy. Can you get into any other router with the same laptop running the same terminal emulation software? i.e. Is the problem the router or the terminal emulation software? If software you can go to Hilgraeve.com and download a version of Hyperterminal that works. Also teraterm has been favorably mentioned. Check the GroupStudy archives for where to find it. -Original Message- From: McHugh Randy [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 3:02 PM To: [EMAIL PROTECTED] Subject: Control Break Sequence [3:4988] I am trying to break into a 4000 router and cant seem to get into ROMMON mode with all fo the standards break key combinations. I have a dell lap top and have tried control-break sequence . Does any one have any suggestions that I may have not tried? thx Randy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49059t=4988 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN with Cisco 806 [7:49034]
Hi Chris, I would suggest going with one of the bigger VPN optimized routers such as the 1700 series. I'm pretty sure the 800 would not be able to support 15 tunnels using 3des (assuming your going to use 3des). Normally the 800 would be used in one of the remote sites, with a 1700 or so in the central site. hope this helps, C -Original Message- From: chris To: [EMAIL PROTECTED] Sent: 17/07/02 20:05 Subject: Re: VPN with Cisco 806 [7:49034] Why don't you elimated the software vpn clients and terminate a single vpn tunnel on the 806, perfromance will be alot better. The 806 should be fine in this scenario. Chris Dain Deutschman wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Everyone, VPN Question: I have a client with 16 small locations ( 2-8 nodes per location ) that may want to access a Windows Terminal Server at a central site in the future to run thier database app. Not all the locations have broadband internet access...although they will within a year or two. The speed of the broadband is on average around 400-500Kbps ( with the exception of the dial-up ). Will a Cisco 806 at the central site and a mix of software VPN clients and 806 routers at the remote sites work? Or would an 806 not be able to keep up on the performance side? Any suggestions? -- Dain Deutschman CNA, MCP, CCNA Data Communications Manager ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. For more information contact [EMAIL PROTECTED] phone + 353 1 4093000 fax + 353 1 4093001 ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49058t=49034 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Opinions on Cisco Interactive Mentor [7:49060]
All, Has anyone tried the CIM products? I was considering purchasing the BGP CIM and wanted to get some feedback before making the investment. Chris Christopher Supino CCDP, CCNP, MCSE, Compaq ASE, CNA Senior Network Design Engineer TransNet Corp. 45 Columbia Road Somerville, New Jersey 08876 Ph 908 947 0198 Cell 908 296 0446 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49060t=49060 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Off Topic - Whither IS-IS - Cisco's vision going forward [7:49061]
I attended Networkers 2002 in San Diego and got the impression to look out for more IS-IS in the future. Specifically, Cisco is working to achieve feature parity between OSPF and IS-IS, plus comments were made in the Router Architecture Power Session that IS-IS is getting a stronger Enterprise following, especially in Europe. -Original Message- From: Chuck [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 4:48 PM To: [EMAIL PROTECTED] Subject: Off Topic - Whither IS-IS - Cisco's vision going forward [7:49057] I have now seen and heard this from several sources within Cisco - IS-IS is not being considered in the L3 switches other than those we would call core I.e. the 4cxxx and the 3550-xx L3 switches do not support IS-IS, nor are there plans to do so on those boxes. Recognizing that things can always change, I'm wondering what might be the reason? Lack of customer interest? Recognition of IS-IS as a specialized protocol less suitable for normal enterprise type stuff? Chuck Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49061t=49061 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2 T1's to our provider [7:49039]
Hi Kevin, We were in the same scenario in which you have described. The way I choose to do is keep it simple and efficient and cost effective. We have dual PTP connections on a Cisco 2650 with CEF, default routes, and per packet load sharing. I can max out the t1's and it barely taxes the router resources and on top of this I have about a 20 line access control list filtering traffic. =) This router is a workhorse and I'm in love it. The 2650 uses a faster memory and cpu than the 2621 but I think the 2621 would work. Hope this helps you in some way, Scott -Original Message- From: W. Kevin Hunt [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 10:22 AM To: [EMAIL PROTECTED] Subject: 2 T1's to our provider [7:49039] We are upgrading to 2 T1's to our provider, Fractional DS3 is prohibitively expensive in our rural area. Has anyone done any speed comparisons on using round robin style static routes (i.e. 2 default routes w/ same cost) versus EIGRP's load balanceing versus running MLPPP on the Serial interfaces? We're currently using a 2621 but are open to bigger routers. Kevin Hunt CCNP, MCSE, MCT, Linux+ SME Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49065t=49039 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Control Break Sequence [7:4988]
Once upon a time I have been told that doing the following will let you to the ROMMON even if you don't know the proper break key combinations 1- Open your software that you use to access the router through the console. 2- Adjust the Baud Rate to be 2400 bps 3- Power on your router. 4- Keep pressing on the space bar for like a min. 5- Re-adjust the Baud Rate to the normal speed. 6- Reconnecting to the router you will find it in the ROMMON. The concept behind this procedure is playing with the 1's and 0's signal level that a router should expect to go to ROMMON. Sounds wierd but I tried it and it works. HTH I am trying to break into a 4000 router and cant seem to get into ROMMON mode with all fo the standards break key combinations. I have a dell lap top and have tried control-break sequence . Does any one have any suggestions that I may have not misconduct and Nondisclosure violations to [EMAIL PROTECTED] Join the worlds largest e-mail service with MSN Hotmail. Click Here Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49066t=4988 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: blocking spam with cisco routers [7:48971]
Thanks for your replies -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Don Queen Sent: Wednesday, July 17, 2002 2:47 PM To: [EMAIL PROTECTED] Subject: Re: blocking spam with cisco routers [7:48971] You'll need a mail relay program like Worldsecure(now Tumbleweed) that searches the content of the message before relaying it to the internal e-mail server. As others have stated, other e-mail servers will open smtp connections to your mail server in order to send mail. Most spammers change IP addresses constantly to avoid being blocked by devices such as routers. - Original Message - From: Nigel Taylor To: Sent: Wednesday, July 17, 2002 10:22 AM Subject: Re: blocking spam with cisco routers [7:48971] George, Priscilla brings up a good point in that this will not be easy. The most important issue here is as Priscilla pointed out, is going to revolve around the architecture of your networks or the network you use for connectivity(to the rest of the world). Some other questions that may apply are very specific to your email services. If you have your own domain and don't relay any mail for specific purposes, then this will help, however mail directly address to your domain's users will be delivered. The problem here is how do you determine who is allowed to send you email. This is somewhat of an impossible task because there's no real way of identifying your SMTP-specific Community of Interest (COI). The reason being that smtp(tcp) connections are made from any server-to-server(your server) for the delivery of mail. I'm sure your smtp requirements are much like the typical domain, in which filtering inbound mail falls outside the area of the routed network. It's one thing to filter a specific hosts or number of host to prevent the spread of a new virus. This would still only be accomplished through monitoring of existing smtp traffic flows, in which you could address the issue by resolving the source of the infected mail traffic. Again, the traffic is only identified based on a criteria which can now be tracked or filtered. Where I'm going with this is that the only effective way of containing spam is by identifying who is sending it and most importantly what subject lines are being used in the SPAM email received. This is important because you might not want to block or filter all mail inbound from hotmail.com so finding another way to identify the spam is very important. I'm not sure of the flexibility of Micro$oft's exchange to filter mail based on subject lines but, I know that sendmail(the best mail server) through the use of the cf file can aide in this process. There is assistance in the form of various programs that does do this type of filtering, however the need to providing the rules for the filter still falls within the area of monitoring and prevention Currently, we use Solaris on all of our mail servers(16 of them). We do relay mail for all or most of our users and with some scripting and MySql was able compile a database of the domains and subject lines of typical spam specific emails. All inbound email is processed through this script which will tag the spam email and forwards it into a separate mail server queue for profiling(to check the validity), before being forwarded to the user. We have just begun to use a program called SPAM Assassin which uses our daily updated list of spammers and subject lines. HTH Nigel P.S. Please note the use of Howard-isms in this email..:- - Original Message - From: Priscilla Oppenheimer To: Sent: Tuesday, July 16, 2002 10:50 PM Subject: Re: blocking spam with cisco routers [7:48971] Brad Ellis wrote: Yup, use an access list filtering IPs on port 25 (only allow yours through) Yes, but, other SMTP servers for legitimate reasons are also going to be opening TCP sessions to port 25 because they have e-mail to send to your users. It's not as easy as it sounds. I guess it depends on the ISP's network architecture too. We have a challenge where I work in that our users are on cable modems that connect to the cable provider (which isn't technically us). Their e-mail requests come into our network on the same interface that all Internet traffic comes in on. Priscilla thanks, -Brad Ellis CCIE#5796 (RS / Security) [EMAIL PROTECTED] Cisco home labs: www.optsys.net GEORGE wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all I have a question ,I configured my e-mail server to only accept local e-mail, and deny other relay , however im still vulnerable to spam. My question is how do the ips block other e-mail going to their smtp Do they do it by access-list? Allowing only the local network with port 25? Or just the e-mail server? If cisco routers have to be involved does anyone have some
gk_process Error decoding RAS Message...discarding [7:49067]
Hi Group I have a problem on my gatekeeper , I turned ras, h225 , gatekeeper debugs on and then I get this error message when my gateway sends a call to my gatekeeper gk_process Error decoding RAS Message...discarding I searched for the meaning of the message and I found : When a router is configured and used as a gatekeeper, the gatekeeper process does not return the held memory. This behavior causes subsequent calls to be refused and the following error message to be displayed: but I can't understand it... plz help me Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49067t=49067 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: mpls vis a vis the routing switching track [7:49048]
i forgot to include the url, here it is: http://www.cisco.com/warp/public/625/ccie/certifications/cert.html -Original Message- From: Mirza, Timur [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 11:53 AM To: [EMAIL PROTECTED] Subject: mpls vis a vis the routing switching track [7:49048] based on the url above, can i understand that after token, igrp token over dlsw will no longer be on the routing switching exam after october, that mpls will NOT become part of the routing switching track, since it has already been classified as part of the communications services track? Timur Mirza Principal Network Engineer Network Planning Engineering, West Region 15505-B Sand Canyon Avenue Irvine, California 92618 Verizon Wireless 949.286.6623 (o) 949.697.7964 (c) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49054t=49048 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Voice jargon [7:49068]
Hi all, I'm currenty preparing for CIPTSS certification, and as I'm coming from data background, I find myself swimming in a foreign pool and start getting drowned with different voice codecs, standards, signalling etc. I should say the learning curve is really steep. Having said that, it's the voice-related-jargon which I can't make sense out of it. Hairpining? Tromboning? (can't find satisfactory definition from CCO) Is hairpining=tromboning? Any help/pointers is appreciated. Regards, Blitz Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49068t=49068 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MCP Magazine's 7th Annual Salary Survey [7:49063]
FYI, http://mcpmag.com/salarysurveys/ Ole ~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~ http://www.RouterChief.com ~ Need a Job? http://www.OleDrews.com/job ~ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49063t=49063 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: FW: PIX 520 Motherboard repair replace [7:48959]
Intel Etherexpress 10/100B which has a S82557 chipset. Others may work but these I've tested and have been very reliable. I have a close up shot of the NIC here(along with other parts) www.packetattack.com/frankenpix.html I dont know of a way to tell the 16Meg flash apart from the 2 meg flash only because I do not have the 16 to take a look at. I would suspect you could look at the PN on the flash chips. One error that seems to be very common is that the video card screws up the IRQ that that PIX bios wants to use. Since you need to config the motherboard BIOS for things like CPU speed and so on, you need a video card. Once the PIX bios takes over, the video card is useless. But.. when testing, the IRQ conflict happens pretty often. My FP is running 5.1(4) which is the last 2meg flash image I'm aware of.. there might be one slightly newer but this one does everything I need it to do for now. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49053t=48959 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
I need a help from you guys. (NAT, IPSEC and Extended [7:49069]
Hello ALL I am having a very interesting problem here. Please any help will be very appreciate because I have tried to find out documents and so on and I did not find nothing yet... SCENARIO: I have a cisco 2600 router doing NAT and VPN. - My ethernet has 192.168.25.0/255.255.255.0 as primary and ip address 200.2x.y.z / 255.255.255.192 as secondary (doing nat inside - allow my users access the internet) - My S0/0 is doing nat outside and establishing tunnel between my other countries. ip address - 200.18x.y.z / 255.255.255.252 This serial has an access-list 120 out which is denying some ports and blocking user access from some p2p applications and etc. PROBLEM: I have an Exchange Server wich does synchronization between other servers around the world through the VPN. It has an external ip configured and an internal ip configured in the same interface. (its working until now). It has sync through the VPN not over the Internet. My job is apply an access-list in S0/0 to permit just smtp, pop3, www and 443 traffic from the internet to that exchange server, but still synchronize through the VPN my exchange server connections around the world. Now is the problem: I have configured an (access-list 121 in) in s0/0 and I cannot sync my Exchange Organization anymore and my users does not receive messages coming from my internal Exchange Server organization. But users from the internet can send messages to my exchange server ( in fact the access-list 121 in is correct to traffic from internet, but not from the VPN). Does anybody know how to solve that weird problem Which ports do I have to open to allow VPN and Internet access using together an access-list? My best regards to everybody! Leonardo Borda Systems Engineer Brazil Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49069t=49069 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
dhcp and subinterfaces [7:49070]
If I have subinterfaces configured for my vlans' and I wanted a dhcp server for one vlan can I create the dhcp server and assign it to that subinterfaces pertaining the vlan in question. I don't have a server on that vlan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49070t=49070 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
500CS Comm Server [7:49071]
By any chance would anyone have a sample config for the 500-CS box that they wouldn't mind posting. Trying to get reverse telnet working and most configs are for the 2509-2511. I'm either not looking in the right place or I'm not configuring it right for this older box. Thanks in advance. Cheers. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49071t=49071 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Back to back serial connection [7:49046]
Hi, When configuring a back to back serial connection on cisco 2600 router,When configuring the clock rate(DCE ROUTER) I can see the max clock rate speed of 800 bits per sec (8 mbps).I have two questions regarding this 1.When I try to configure this I get an error message Invalid input detected at the marker pointing at 8 (in 800).But when I try for 400 (4 Mbps) it accepts this.Does it really supports 8Mbps ? 2The interface speed supported by serial interface is 1.55 Mbps(Bandwidth) as seen from the show interface command but when I configure the DCE clock rate of 4 mbps .In this case what is the actual speed ? 4mbps or 1.55 mbps ? Kind Regards /Thangavel 186K Reading,Brkshire Direct No -0118 9064259 Mobile No -07796292416 Post code: RG16LH www.186k.co.uk -- The greatest glory in living lies not in never falling, but in rising every time we fall . -- Nelson Mandela ** This e-mail is from 186k Ltd and is intended only for the addressee named above. As this e-mail may contain confidential or priveleged information, if you are not the named addressee or the person responsible for delivering the message to the named addressee, please advise the sender by return e-mail. The contents should not be disclosed to any other person nor copies taken. 186k Ltd is a Lattice Group company, registered in England Wales No. 3751494 Registered Office 130 Jermyn Street London SW1Y 4UR ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49046t=49046 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Voice jargon [7:49068]
Yes, it's the same thing. Everything I learned was from Cisco press, there's a couple of great books out there. blitzlight wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, I'm currenty preparing for CIPTSS certification, and as I'm coming from data background, I find myself swimming in a foreign pool and start getting drowned with different voice codecs, standards, signalling etc. I should say the learning curve is really steep. Having said that, it's the voice-related-jargon which I can't make sense out of it. Hairpining? Tromboning? (can't find satisfactory definition from CCO) Is hairpining=tromboning? Any help/pointers is appreciated. Regards, Blitz Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49072t=49068 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN with Cisco 806 [7:49034]
Ah I read the post wrong, I was thinking deploying the 806s at the remote sites, and using a larger rotuer at the headend. I would use a 2651 there, the vpn bundles are reasonable and have the aim card for encrytion. Re-readng id software clients are what he want to deploy then I would suggest looking at a concentrator 3005 or 3015. They are much better suited for remote access (SW client) environments. You are correct the 806 will not handle that many tunnels. Chris Ciaron Gogarty wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Chris, I would suggest going with one of the bigger VPN optimized routers such as the 1700 series. I'm pretty sure the 800 would not be able to support 15 tunnels using 3des (assuming your going to use 3des). Normally the 800 would be used in one of the remote sites, with a 1700 or so in the central site. hope this helps, C -Original Message- From: chris To: [EMAIL PROTECTED] Sent: 17/07/02 20:05 Subject: Re: VPN with Cisco 806 [7:49034] Why don't you elimated the software vpn clients and terminate a single vpn tunnel on the 806, perfromance will be alot better. The 806 should be fine in this scenario. Chris Dain Deutschman wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Everyone, VPN Question: I have a client with 16 small locations ( 2-8 nodes per location ) that may want to access a Windows Terminal Server at a central site in the future to run thier database app. Not all the locations have broadband internet access...although they will within a year or two. The speed of the broadband is on average around 400-500Kbps ( with the exception of the dial-up ). Will a Cisco 806 at the central site and a mix of software VPN clients and 806 routers at the remote sites work? Or would an 806 not be able to keep up on the performance side? Any suggestions? -- Dain Deutschman CNA, MCP, CCNA Data Communications Manager ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. For more information contact [EMAIL PROTECTED] phone + 353 1 4093000 fax + 353 1 4093001 ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49062t=49034 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Broadcasting and the all ones subnet [7:48996]
Vicuna, Mark wrote: It will be the all 1's bit for that subnet eg. for 192.168.1.224/27 it would be 192.168.1.255 and for 192.168.1.32/27 it would be 192.168.1.63. I think he was asking how would you send to all the subnets. And the answer is, you wouldn't. Why would you want to do such a thing? I can't think of any legitimate application that needs to do that. It's alwasy been a fuzzy area. I know there have been rumors for years that if you use the all ones subnet it will confuse routers into thinking that they should send to all the subnets, but I've never seen that actually happen. Priscilla HTH, Mark. -Original Message- From: Wesley [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 17 July 2002 6:21 PM To: [EMAIL PROTECTED] Subject: Re: Broadcasting and the all ones subnet [7:48996] Then how would you define an all /27 subnets broadcast i.e. not just 192.168.1.224 subnet getting the broadcast but all subnets? Thank you for the reply BTW. Vicuna, Mark wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Wesley, a) correct b) no, as 192.168.1.32/27, 192.168.1.64/27 and 192.168.1.96/27 are on a different subnet to the broadcast 192.168.1.255 (this is for the 192.168.1.224/27 subnet). c) from the answer to b), no. Only hosts on the 192.168.1.224/27 subnet will see the broadcast packet of 192.168.1.225. HTH, Mark. -Original Message- From: Wesley [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 17 July 2002 16:49 To: [EMAIL PROTECTED] Subject: Broadcasting and the all ones subnet [7:48996] Hello Group, Three things to confirm about broadcasts. a) the all ones broadcast i.e 255.255.255.255 by default will only be propagated to the local network and is not forwarded by routers b) network and subnet directed broadcasts. If I were to broadcast to 192.168.1.255, and I have subnets 192.168.1.32/27, 192.168.1.64/27 and 192.168.1.96/27, would all the subnets receive it as well? c) referring to scenario b), I believe that broadcasts with destination 192.168.1.255 is forwarded. Is this true? I was going thru this article about the effect of using the all ones subnet. There are somethings that I'm still confused about. The link is http://www.cisco.com/warp/public/105/40.html 1. In the first example, when host 195.1.1.24 sends a local broadcast to 195.1.1.255, will hosts attached to router 2's async lines receive the broadcast? 2. OK, its a directed broadcast and router 2 looks up its routing table and forwards it out using the default route. Router 1 receives the packet. I believe the packet is forwarded out to all 192.1.1.x/26 subnets, right? Will Router 1 forward the packet back to Router 2? I hope not 2a. Another way of looking at it is router 1 thinks that it is a broadcast only for subnet 195.1.1.192 and forwards it out only to router 5. Hmmm I'm definitely confused 3. Router 5 receives the packet from router 1. How will it interpret the packet? I'm guessing that the router sees it as a directed broadcast and send it out via the default route. Is it normal that routers forward a packet out from an interface that it received on? As in its received on e0 and forwarded out e0 as well 4. Once router 1 receives the packet from router 5, will it forward the packet out to all 192.1.1.x/26 subnets again or just to router 5. The article did not detail this part and just specified that it will bounce between routers 1 and 5. It also says that routers 2 thru 4 see the 'broadcast' only once. The way I see it , if all subnets receive the broadcast then routers 2 thru 4 should receive the packets as many times as router 5. I would appreciate all the help I can get. I know you gurus can help me out. Thanks!! Wes Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49045t=48996 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: dhcp and subinterfaces [7:49070]
You can. Just need to put the ip helper-address statement on those sub-ints. As long as the router can reach the DHCP server, so will the DHCP requests/replies. Hope this helps. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49073t=49070 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: management platforms [7:49042]
You would be going against conventional wisdom, Cisco's Kool-ade and every other help-desk manager. I think one platform SHOULD manage all the stuf. Roberts, Larry wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Guys, I'm trying to justify why I don't want a single management platform for all our servers, as well as our routers and switches. We are 2 distinct group with no cross-functionality between the Wan group and the Server group. Our Server guys are trying to purchase OpenView to manage it all, but we already have a fully functional CW2K installation And don't see the advantages of using OpenView. I'm looking for all of your experiences and recommendations for and against a single platform. We use CW2K,Solarwinds and What's Up currently to manage and report on up/down and utilization.. Thanks Larry Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49074t=49042 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Broadcasting and the all ones subnet [7:48996]
So there isn't a broadcast address for all /27 subnets? I basically understand that the last address of each subnet is reserved for subnet broadcast. I was just wondering if the broadcasting architecture allowed for all subnets to be broadcasted at once. And Mark, since you are the only one replying mind if you check out the CCO link in the original post and tell me your views on the issues that I have highlighted. I'll provide the link again http://www.cisco.com/warp/public/105/40.html In that example, I have a feeling that routers do forward subnet directed broadcasts. Can anyone else explain the behaviour of the routers in the example i.e. broadcast packets bouncing between Routers 1 and 5. Any comments is greatly appreciated. Thank you. Vicuna, Mark wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... It will be the all 1's bit for that subnet eg. for 192.168.1.224/27 it would be 192.168.1.255 and for 192.168.1.32/27 it would be 192.168.1.63. HTH, Mark. -Original Message- From: Wesley [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 17 July 2002 6:21 PM To: [EMAIL PROTECTED] Subject: Re: Broadcasting and the all ones subnet [7:48996] Then how would you define an all /27 subnets broadcast i.e. not just 192.168.1.224 subnet getting the broadcast but all subnets? Thank you for the reply BTW. Vicuna, Mark wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Wesley, a) correct b) no, as 192.168.1.32/27, 192.168.1.64/27 and 192.168.1.96/27 are on a different subnet to the broadcast 192.168.1.255 (this is for the 192.168.1.224/27 subnet). c) from the answer to b), no. Only hosts on the 192.168.1.224/27 subnet will see the broadcast packet of 192.168.1.225. HTH, Mark. -Original Message- From: Wesley [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 17 July 2002 16:49 To: [EMAIL PROTECTED] Subject: Broadcasting and the all ones subnet [7:48996] Hello Group, Three things to confirm about broadcasts. a) the all ones broadcast i.e 255.255.255.255 by default will only be propagated to the local network and is not forwarded by routers b) network and subnet directed broadcasts. If I were to broadcast to 192.168.1.255, and I have subnets 192.168.1.32/27, 192.168.1.64/27 and 192.168.1.96/27, would all the subnets receive it as well? c) referring to scenario b), I believe that broadcasts with destination 192.168.1.255 is forwarded. Is this true? I was going thru this article about the effect of using the all ones subnet. There are somethings that I'm still confused about. The link is http://www.cisco.com/warp/public/105/40.html 1. In the first example, when host 195.1.1.24 sends a local broadcast to 195.1.1.255, will hosts attached to router 2's async lines receive the broadcast? 2. OK, its a directed broadcast and router 2 looks up its routing table and forwards it out using the default route. Router 1 receives the packet. I believe the packet is forwarded out to all 192.1.1.x/26 subnets, right? Will Router 1 forward the packet back to Router 2? I hope not 2a. Another way of looking at it is router 1 thinks that it is a broadcast only for subnet 195.1.1.192 and forwards it out only to router 5. Hmmm I'm definitely confused 3. Router 5 receives the packet from router 1. How will it interpret the packet? I'm guessing that the router sees it as a directed broadcast and send it out via the default route. Is it normal that routers forward a packet out from an interface that it received on? As in its received on e0 and forwarded out e0 as well 4. Once router 1 receives the packet from router 5, will it forward the packet out to all 192.1.1.x/26 subnets again or just to router 5. The article did not detail this part and just specified that it will bounce between routers 1 and 5. It also says that routers 2 thru 4 see the 'broadcast' only once. The way I see it , if all subnets receive the broadcast then routers 2 thru 4 should receive the packets as many times as router 5. I would appreciate all the help I can get. I know you gurus can help me out. Thanks!! Wes Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49043t=48996 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 500CS Comm Server [7:49071]
Cheers. V-- ANM-508CS#wr t Current configuration: ! hostname ANM-508CS ! enable-password ! ! ! ! ! ! interface Ethernet 0 ip address 192.168.0.253 255.255.255.0 ! ip default-gateway 192.168.0.1 ! ! ! ip name-server 255.255.255.255 snmp-server community ! ! line vty 0 4 login line con 0 stopbits 1.5 line 1 no exec exec-timeout 0 0 stopbits 1 line 2 no exec exec-timeout 0 0 stopbits 1 line 3 no exec exec-timeout 0 0 stopbits 1 line 4 no exec exec-timeout 0 0 stopbits 1 line 5 no exec exec-timeout 0 0 stopbits 1 line 6 no exec exec-timeout 0 0 stopbits 1 line 7 no exec exec-timeout 0 0 stopbits 1 line 8 no exec exec-timeout 0 0 stopbits 1 line vty 0 password line vty 1 password line vty 2 password line vty 3 password line vty 4 password ! end trammer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... By any chance would anyone have a sample config for the 500-CS box that they wouldn't mind posting. Trying to get reverse telnet working and most configs are for the 2509-2511. I'm either not looking in the right place or I'm not configuring it right for this older box. Thanks in advance. Cheers. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49075t=49071 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VOIP with 2600 Router [7:48709]
You are correct. the default behavior is to just send the matched digits to the pots dial-peer unless you use forward digits all command Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm not sure. I think I found the answer. I didn't understand the two stage dialling which I think I do now. The voip dial peer sends all digits whereas the pots dial peer strips the matched digits. The destination pattern for an operator (dial 0) on a remote site would be something like: dial-peer voice 1 voip destination-pattern 70 session target ipv4:1.1.1.1 Then at the remote site the corresponding pattern would be: dial-peer voice 1 pots destination-pattern 7. port 2/1 Is this correct? i.e. would this allow users to dial 70 for the remote operator as well as dialled numbers such as 7201 as long as there is also a dial-peer like this on the remote site: dial-peer voice 2 pots destination-pattern 7... port 2/1 I'm just trying to confirm whether the first dial peer would intercept the longer string and throw the other two digits away. Thanks, Gaz Steven A. Ridder wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm not sure I understand the question. If the question is, if there's a number 335, and I tell the router 355 is over on a different router, is that a valid dial-peer (355). If that's the question, yes it is. Did I understand the question correctly? Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... On a similar subject - Is it possible to use a destination-pattern of for instance 70 (no wild cards or anything) and still get it to work. The reason for this is to allow users to phone the operator of another site using just the trunk code and a 0. As it is the router comes back with something like 'no number to dial' even when used with prefix 70, because there is nothing except the destination-pattern. Basically the destination-pattern needs to be the full number. Hope I've explained myself well enough. Please excuse the VoIP newbie. Gaz Steven A. Ridder wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'd do some dubugs like debug voice ccapi inout to see what numbers are being sent to the PBX and across the IP call leg (on both sides). I'd also try to validate your dialing plan by doing a show dialplan number (DN you wish to test) to see whci dial-peer the router thinks it should be using. Finally check for codec mismatches, missing routes in the routing table etc.. Firesox wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Site A voice-card 1 ! ip subnet-zero no ip source-route no ip finger ! lane client flush ! ! controller T1 1/0 framing esf linecode b8zs ds0-group 1 timeslots 1-24 type em-wink-start cas-custom 1 ! ! voice-port 1/0:1 operation 4-wire ! ! dial-peer voice 1 pots destination-pattern 370.. port 1/0:1 prefix 370 ! dial-peer voice 10 voip destination-pattern 79.. session target ipv4:1.1.1.2 ! dial-peer voice 2 pots destination-pattern 374.. port 1/0:1 prefix 374 ! ! interface FastEthernet0/0 bandwidth 1 ip address x.x.x.x x.x.x.x speed 10 full-duplex ! interface Serial0/0 bandwidth 1536 ip address 2.2.2.2 255.255.255.252 no fair-queue down-when-looped ! ip classless ip route 0.0.0.0 0.0.0.0 Serial0/0 Site B voice-card 1 ! ip subnet-zero no ip source-route ! lane client flush ! ! controller T1 1/0 framing esf linecode b8zs ds0-group 1 timeslots 1-24 type em-wink-start cas-custom 1 ! ! voice-port 1/0:1 operation 4-wire ! ! dial-peer voice 1 pots destination-pattern 79.. port 1/0:1 prefix 79 ! dial-peer voice 10 voip destination-pattern 370.. session target ipv4:2.2.2.2 ! dial-peer voice 11 voip destination-pattern 374.. session target ipv4:2.2.2.2 ! ! interface FastEthernet0/0 ip address x.x.x.x x.x.x.x duplex auto speed auto ! interface Serial0/0 bandwidth 1544 ip address 1.1.1.2 255.255.255.252 no ip mroute-cache no fair-queue ! ip classless ip route 0.0.0.0 0.0.0.0 1.1.1.1 no ip http server Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49052t=48709 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure
mac address [7:49076]
Does anyone know if/how you can change to mac addresses of VLAN interfaces on a MSFC2? I tried using the mac-address x.x.x command but it changed the mac address on all the interfaces. I want to have a unique mac on each VLAN interface. Thanks in advance Dave -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications Inc. 612-664-3367 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49076t=49076 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Modem on Aux [7:49077]
I've got a US Robatics modem on 2621 Aux port. When I dialed up to the router, I got connected to the modem but not router. I know the configuration is good. Do I have to do anything on the modem? I can reverse telnet to the modem. I heard that if I connect to 2621 Console port, I won't get disconnected if I reboot the router. Do I have to do anything special on the modem? Thanks. Yoshi Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49077t=49077 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: bandwidth question [7:49002]
Dear priscilla Thanks for your reply :) Wellthe 10% packet loss happen at the peak time...and that can happen for a period of 3-4 hours No packet loss was observed during off peak hours. I rememeber reading something on a cisco article which states that WAN performance will worsen when it gets over 70 % utilised. As for my link it is around 96-98% utilised so i guess the cisco guideline is right ... Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... birdy wrote: Can anyone tell me why I have 2 Mbps WAN connection that reached 95 % utilisation during peak time. For how long was it at 95%? That would definitely worry me, unless it turned out that the peak was just a few seconds or something. When I try to ping to my provider serial interface(next hop),it register 10% packet loss My router serial interface is showing 1.9Mbps (incoming traffic). Since the router is receiving 1.9 Mbps out of the 2M pipe,which means that there is still a balance of 0.1 Mbps (100 k) and so therotically speaking, there should not be any packet loss. Pings may not be a good way to measure packet loss because the provider may rate limit its responses to pings. But even if that's not the case, there could be packet loss when the average utilization was 95%. Over how much time was the average calculated? There could have been times when the utilization was 50% and there could have been times (like right when you were sending the pings) when the utilization was 100% and packets had to get dropped. That could still work out to an average of 95%. I think is time for me to upgrade my bandwidth That could be true, but you may want to do a more detailed study over a longer timeframe, (unless users are already making a stink). Good luck. Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49078t=49002 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Voice jargon [7:49068]
blitzlight wrote: Hi all, I'm currenty preparing for CIPTSS certification, and as I'm coming from data background, I find myself swimming in a foreign pool and start getting drowned with different voice codecs, standards, signalling etc. I should say the learning curve is really steep. Having said that, it's the voice-related-jargon which I can't make sense out of it. Hairpining? I think you have to be a girl to get this one at first. ;-) It just means going in and out the same way, in the shape of a hairpin. A hairpin looks sort of like a tall V character on its side. Tromboning? (can't find satisfactory definition from CCO) Think of what the horn part of a trombone looks like, kind of loopy. Is hairpining=tromboning? Could be. I couldn't find a decent definition of tromboning either. I found this use of the word, but it may have a more generic meaning too: Connecting a service node to a legacy class 4 switch leads to cost-intensive tromboning, as each call is routed in a loop from the switch to the service node and back, using four switch interfaces for one call instead of just two. Priscilla Any help/pointers is appreciated. Regards, Blitz Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49079t=49068 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
gk_process Error decoding RAS Message...discarding [7:49080]
Hi Group I have a problem on my gatekeeper , I turned ras, h225 , gatekeeper debugs on and then I get this error message when my gateway sends a call to my gatekeeper gk_process Error decoding RAS Message...discarding I searched for the meaning of the message and I found : When a router is configured and used as a gatekeeper, the gatekeeper process does not return the held memory. This behavior causes subsequent calls to be refused and the following error message to be displayed: but I can't understand it... plz help me Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49080t=49080 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: bandwidth question [7:49002]
Dear Phil Thanks for the reply...:) The below is from my router and it seems that both the tx and rx load is not over 90% utilised. reliability 255/255, txload 81/255, rxload 162/255 This reading is taken when my bandwidth usage is around 1.96Mbps. My pipe is only 2Mbps. At this point in time, packet loss is still happening... Phil Barker wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Possibly, but is anyone actually complaining about the speed ? Check the serial interface at your end also for dropped packets, load, reliability etc over a period of about a week. If that average is over 90% then you may well do with an upgrade. Phil. --- birdy wrote: Can anyone tell me why I have 2 Mbps WAN connection that reached 95 % utilisation during peak time. When I try to ping to my provider serial interface(next hop),it register 10% packet loss My router serial interface is showing 1.9Mbps (incoming traffic). Since the router is receiving 1.9 Mbps out of the 2M pipe,which means that there is still a balance of 0.1 Mbps (100 k) and so therotically speaking, there should not be any packet loss. I think is time for me to upgrade my bandwidth [EMAIL PROTECTED] __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49081t=49002 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
private addressing [7:49083]
Can anyone tell me. 172.16.0.0 - 172.31.0.0 is used for class B private addressing.. That means that it can use 16 class B network address Now, let say I wan to use 172.35.0.0 block, so is this consider a private address or a public address ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49083t=49083 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF Route Summary [7:49085]
G'Day All, A client has sent me a list of IP's that are to be used in a new global network. Our Global network will IP is 10.64.x.x . Now, for for each office, we will have two networks, for example, Paris is 10.64.4.0 through to 10.64.6.0 . The only exception is Sydney, where the client will have 4 networks, 10.64.0.0-10.64.4.0 . Now I wish to use at each site, subnet mask 255.255.255.0 (24bit), however to summarise my routes in OSPF, my superior has handed me this Sydney 10.64.0.0./22 Paris 10.64.0.4./23 LA 10.64.0.6./23 NYC 10.64.0.8./23 This looks wrong to me. What am I missing. John Brandis ** visit http://www.solution6.com visit http://www.eccountancy.com - everything for accountants. UK Customers - http://www.solution6.co.uk * This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49085t=49085 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: private addressing [7:49083]
Public though it apparently hasn't been doled out: dmadlan horton:/aces/home/dmadlan $ whois 172.35.0.0 No match for 172.35.0.0. Dave birdy wrote: Can anyone tell me. 172.16.0.0 - 172.31.0.0 is used for class B private addressing.. That means that it can use 16 class B network address Now, let say I wan to use 172.35.0.0 block, so is this consider a private address or a public address ? -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications Inc. 612-664-3367 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49084t=49083 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Opinions on Cisco Interactive Mentor [7:49060]
Which one is the BGP CIM? Is that the expert routing CIM? Depends on what you are trying to do. They are few labs and once you do it once or twice, that is it. It is ok for someone that does not have real routers. Or trying BGP labs for the first time and want someone to walk you through it. - Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49086t=49060 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: mpls vis a vis the routing switching tra [7:49048]
For a week or so, the CCIE proctors from Cisco are answering ccie lab related questions at @!#$. You can double check your questions there. http://www.@!#$.com - Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49087t=49048 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: private addressing [7:49083]
Actually, it's 172.16.0.0 to 172.31.255.255. So the answer is yes, 172.35.0.0 is from the public block. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of birdy Sent: Wednesday, July 17, 2002 8:14 PM To: [EMAIL PROTECTED] Subject: private addressing [7:49083] Can anyone tell me. 172.16.0.0 - 172.31.0.0 is used for class B private addressing.. That means that it can use 16 class B network address Now, let say I wan to use 172.35.0.0 block, so is this consider a private address or a public address ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49088t=49083 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN with Cisco 806 [7:49034]
Thanks for the advice guys...very helpful. Dain. Dain Deutschman wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Everyone, VPN Question: I have a client with 16 small locations ( 2-8 nodes per location ) that may want to access a Windows Terminal Server at a central site in the future to run thier database app. Not all the locations have broadband internet access...although they will within a year or two. The speed of the broadband is on average around 400-500Kbps ( with the exception of the dial-up ). Will a Cisco 806 at the central site and a mix of software VPN clients and 806 routers at the remote sites work? Or would an 806 not be able to keep up on the performance side? Any suggestions? -- Dain Deutschman CNA, MCP, CCNA Data Communications Manager Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49089t=49034 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Exchange 5.5 Problem [7:49090]
I have Exchange 5.5 running on Windows 2000 server. All clients are using Outlook 2000. For some reason users get this message when certain message comes in to their mailbox. The Microsoft Exchange Server received an Internet message that could not be processed. To view the original message content, open the attached message. Most messages come in just fine. I am no sure why this is happening. I have an Exchange 2000 running at home and the same email comes in just fine. I appreciate any help. Thanks in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49090t=49090 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Broadcasting and the all ones subnet [7:48996]
Heya Priscilla, Thanks for the explaination. Is it safe to assume that Cisco routers do not perform an all subnets broadcast? I found something off Google that I would like to share with you guys. This is an excerpt from TCP/IP Tutorial by IBM. All-Subnets-Directed Broadcast Address If the network number is a valid network number, the network is subnetted and the local part is all ones (for example, 128.2.255.255), then the address refers to all hosts on all subnets in the specified network. In principle routers may propagate broadcasts for all subnets but are not required to do so. In practice, they do not; there are few circumstances where such a broadcast would be desirable, and it can lead to problems, particularly if a host has been incorrectly configured with no subnet mask. Consider the wasted resource involved if a host 9.180.214.114 in the subnetted Class A network 9 thought that it was not subnetted and used 9.255.255.255 as a local broadcast address instead of 9.180.214.255 and all of the routers in the network respected the request to forward the request to all clients. If routers do respect all-subnets-directed broadcast address, they use an algorithm called reverse path forwarding to prevent the broadcast messages from multiplying out of control. See RFC 922 for more details on this algorithm. I guess an important point here is whether routers respect the all-subnets directed broadcast. A question on the /32 entries in the routing table. I can understand that each async line can only have one host at the remote end and therefore would have a host route in the routing table. So how do the hosts on async lines receive broadcasts? What would be their broadcast address? It would only make sense that the broadcast packet was not delivered to the hosts connected to Router 5. That is why the packets kept bouncing back and forth. Otherwise it would have been delivered to the hosts and this problem would not have surfaced. Why is it that the all ones subnet was initially excluded as a valid subnet? It would seem perfectly OK to me to use the all zeros and all ones subnet numbers. I mean with prefix routing, these things can be distinguished. Like you said, the problem discussed in the article was pretty 'artsy'. As always, thank you so very much. Wesley Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Wesley wrote: So there isn't a broadcast address for all /27 subnets? I don't think sending to all subnets of a network is something that IP ever defined. I basically understand that the last address of each subnet is reserved for subnet broadcast. I was just wondering if the broadcasting architecture allowed for all subnets to be broadcasted at once. And Mark, since you are the only one replying mind if you check out the CCO link in the original I hope Mark will answer too, but since we're the only ones talking now, I'll jump in. ;-) post and tell me your views on the issues that I have highlighted. I'll provide the link again http://www.cisco.com/warp/public/105/40.html I think the main thing to realize about the article is that it's a very strange case. Notice that the Asynch routers have a bunch of host-specific routes (/32). And then their E0's are configured with a /24 subnet mask, even though they probably should really be /26 to fit the network design. And then to make the problem happen they had to have a host misconfigured for /24 also and have it send a NetBIOS (or other) broadcast to x.x.x.255. I suggest that you set up a more normal situation in your lab and see if you can get the problem to happen. Perhaps TAC ran into a problem matching the scenario they describe. But is the problem reproducible under more normal condistions? (Perhaps TAC just made up the scenario too!? There are parts of it that aren't too believable. ;-) Please see a few more comments below. snip I was going thru this article about the effect of using the all ones subnet. There are somethings that I'm still confused about. The link is http://www.cisco.com/warp/public/105/40.html 1. In the first example, when host 195.1.1.24 sends a local broadcast to 195.1.1.255, will hosts attached to router 2's async lines receive the broadcast? No, the asynch lines are using /32. 2. OK, its a directed broadcast and router 2 looks up its I don't think Router 2 thinks it's a directed broadcast. The destination address doesn't match any of the /32 host routes, so Router 2 sends the packet out the default route. routing table and forwards it out using the default route. Router 1 receives the packet. I believe the packet is forwarded out to all 192.1.1.x/26 subnets, right? No, not all subnets. Router 1 has a specific route for subnet 192.1.1.192. (1100 in the last octet). If a packet comes into that subnet, it's supposed to go to
Re: OSPF Route Summary [7:49085]
I assume that Sydney is the backbone area 0? 10.64.0.0/22 would summarize all subnets in the OSPF network in the backbone Sydney 10.64.0.0./22 Paris 10.64.0.4./23 -Do you mean 10.64.4.0/23? LA 10.64.0.6./23 ---Do you mean 10.64.6.0/23? NYC 10.64.0.8./23 -Do you mean 10.64.8.0/23? If this is the case 10.64.4.0/23 would summarize for 10.64.4.0/24 and 10.64.5.0/24 Paris 10.64.6.0/23 would summarize for 10.64.6.0/24 and 10.64.7.0/24 LA etcetc... Am I helping or hindering??? Dain John Brandis wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... G'Day All, A client has sent me a list of IP's that are to be used in a new global network. Our Global network will IP is 10.64.x.x . Now, for for each office, we will have two networks, for example, Paris is 10.64.4.0 through to 10.64.6.0 . The only exception is Sydney, where the client will have 4 networks, 10.64.0.0-10.64.4.0 . Now I wish to use at each site, subnet mask 255.255.255.0 (24bit), however to summarise my routes in OSPF, my superior has handed me this Sydney 10.64.0.0./22 Paris 10.64.0.4./23 LA 10.64.0.6./23 NYC 10.64.0.8./23 This looks wrong to me. What am I missing. John Brandis ** visit http://www.solution6.com visit http://www.eccountancy.com - everything for accountants. UK Customers - http://www.solution6.co.uk * This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49092t=49085 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF Route Summary [7:49085]
Your superior looks right to me. If you use a /24 against the .4,.6 and .8, you would only have the .4,.6 and .8 available. With a /23 you would get .4.0(network)-.5.255(broadcast) at Paris. LA gets .6.0(network)-.7.255(broadcast) And NY would get .8.0(network)-.9.255(broadcast) You could use a /24 at each site, but you would have to do this: ( ex: Paris ) Int f0/0 Ip address 10.64.4.1 255.255.255.0 Ip address 10.64.5.1 255.255.255.0 secondary That would also give you both networks at the locations. Or for the really cruel you could do subinterfaces and trunking to a switch if you wanted separate VLAN's at the locations.. Does this help? Thanks Larry -Original Message- From: John Brandis [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 9:56 PM To: [EMAIL PROTECTED] Subject: OSPF Route Summary [7:49085] G'Day All, A client has sent me a list of IP's that are to be used in a new global network. Our Global network will IP is 10.64.x.x . Now, for for each office, we will have two networks, for example, Paris is 10.64.4.0 through to 10.64.6.0 . The only exception is Sydney, where the client will have 4 networks, 10.64.0.0-10.64.4.0 . Now I wish to use at each site, subnet mask 255.255.255.0 (24bit), however to summarise my routes in OSPF, my superior has handed me this Sydney 10.64.0.0./22 Paris 10.64.0.4./23 LA 10.64.0.6./23 NYC 10.64.0.8./23 This looks wrong to me. What am I missing. John Brandis ** visit http://www.solution6.com visit http://www.eccountancy.com - everything for accountants. UK Customers - http://www.solution6.co.uk * This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49093t=49085 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]