Re: Sniffers [7:49712]
""Johnson, Richard (NY Int)"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > What is everyone using for monitoring their network? SnifferPro (from NAI) is popular, but limited in function IMO due to it's lack of stability. The Distributed SnifferPro is overpriced, but may fit what you need. However, it's more built for small, legacy Enterprise networks. It lacks scalability and stability for most of today's networks. I believe NAI is charging too much for their buggy products, but YMMV. Most people understand that NAI products run primarily on Microsoft Windows products, and therefore, are not as stable and high-performance as Unix alternatives. I would suggest at least trying to use Ethereal along with tcpdump or libpcap (Ethereal is very cool since it opens gzipped pcap-formatted files). A newish x86 machine running FreeBSD with libpcap and tcpdump installed can work really well. It's best combined with dual Intel EtherExpress Pro 10/100 NIC's in a full-duplex fast ethernet environment (Cisco or Foundry switches would be nice). Connect fxp0 to your management network and fxp1 to a mirrored port (e.g. using Cisco SPAN). Then run `tcpdump -n -X -s 65535 -i fxp1 -l | tee ' and scp the file to your computer. You can then run Ethereal or SnifferPro on the capture file. Niksun also makes a product called NetVCR which is very interesting, however I would like other suggestions of *BSD machines running web-interfaces to high-performance sniffers or anything similar. You might also be able to load-balance sniffers using products from companies like Radware or TopLayer. They have products that do "IDS Load-Balancing", I haven't seen this done with Cisco products lately, but you might be able to accomplish the same thing with similar products. There is also a very cool product made by Unispeed, the Netlogger, but it is overpriced more than any product I've ever seen in the whole networking world. There was also an interesting thread on building high-performance sniffers recently on nanog-l. -dre Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49733&t=49712 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Check this new command out [7:49717]
wonder where they got that idea? :) At 10:00 PM 7/25/2002 +, you wrote: >Thought this was pretty cool!! > >c7304(config)#do sh ver >Cisco Internetwork Operating System Software >IOS (tm) 7300 Software (C7300-JS-M), Version 12.1(1.23.020716.), CISCO >DEVELOPME >NT TEST VERSION >Copyright (c) 1986-2002 by cisco Systems, Inc. >Compiled Tue 16-Jul-02 03:26 by >Image text-base: 0x40008970, data-base: 0x41B32000... > > Dave > >-- >David Madland >Sr. Network Engineer >CCIE# 2016 >Qwest Communications Int. Inc. >[EMAIL PROTECTED] >612-664-3367 > >"Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49732&t=49717 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sniffers [7:49712]
For packet capture I use ethereal (www.ethereal.com) They keep about the most updated decodes on the market. At 09:43 PM 7/25/2002 +, Johnson, Richard (NY Int) wrote: >Hi all, > >What is everyone using for monitoring their network? > >Thanks, > >Rich Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49731&t=49712 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Eigrp Summarizing [7:49730]
I have a 3640 as hub and 20 1604s as spokes. Eigrp is the routing protocol in use. Internet access is through the 3640. How can summrize in Eigrp so all the spokes have a single route to the Hub router. Thanks, Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49730&t=49730 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Static NAT Problem [7:49714]
Thanks, Johnny, but I know the protocol around here and I note with irony that in your misguided attempt to keep me from being rude, you were more than a little rude yourself. I checked the website (as opposed to the email feed) and it hadn't shown up after about 45 minutes or so, and so I assumed that the first one just didn't make it for whatever reason. I apologize for making the mistake, detracting from the quality of your day, and forcing you to publicly admonish me when I'm sure you had better things to do. BTW, the "extendable" keyword adds itself to the configuration. How would you suggest I remove this, Mr. Routen? Don Claybrook CCNP, CCDP, CSS1 - Original Message - From: "Johnny Routin" To: Sent: Thursday, July 25, 2002 3:30 PM Subject: Re: Static NAT Problem [7:49714] > BTW, only post once... we'll see you and we'll get to it. If you post the > same thing multiple times you'll be ignored for being rude. > > > JR > -- > Johnny Routin > > > > > ""Don Claybrook"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I have a customer using a single address for port forwarding. The > > translation > > for 192.168.1.2 to > > 12.13.14.15 using port 5631 works fine. When I issue the command show ip > nat > > translations, I get > > the output as shown on the last line. The inside global and inside local > are > > both listed on > > port 5631. > > > > However, the translation for 192.168.1.3 to 12.13.14.15, both using port > > 5993, > > does not work. > > This shows up on the inside global as 12.13.14.15:1062 and on the inside > > local > > as 192.168.1.3:5993. > > > > Both translations are configured the same. Can anyone tell me what it is > I'm > > doing wrong? > > > > The nat configuration, along with the show ip nat translation, is listed > > below. > > > > Thanks for your help. > > > > > > > > ip nat translation timeout 300 > > ip nat inside source list 1 interface Serial0.1 overload > > ip nat inside source list 18 interface Serial0.1 overload > > ip nat inside source static tcp 192.168.1.3 5993 12.13.14.15 5993 > extendable > > ip nat inside source static tcp 192.168.1.2 22 12.13.14.15 22 extendable > > ip nat inside source static tcp 192.168.1.2 5631 12.13.14.15 5631 > extendable > > ip nat inside source static tcp 192.168.1.2 5632 12.13.14.15 5632 > extendable > > ip nat inside source static tcp 192.168.1.2 65301 12.13.14.15 65301 > > extendable > > ip nat inside source static udp 192.168.1.2 5632 12.13.14.15 5632 > extendable > > > > > > > > Router#sh ip nat trans > > Pro Inside global Inside local Outside local Outside > global > > > > tcp 12.13.14.15:5631 192.168.1.2:5631 ------ > > tcp 12.13.14.15:5632 192.168.1.2:5632 ------ > > udp 12.13.14.15:5632 192.168.1.2:5632 ------ > > tcp 12.13.14.15:1062 192.168.1.3:5993 21.22.23.24:2282 > 21.22.23.24:2282 > > tcp 12.13.14.15:65301 192.168.1.2:65301 ------ > > tcp 12.13.14.15:5993 192.168.1.3:5993 ------ > > tcp 12.13.14.15:22192.168.1.2:22 ------ > > tcp 12.13.14.15:5631 192.168.1.2:5631 21.22.23.24:2281 > 21.22.23.24:2281 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49729&t=49714 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IOS Upgrade ROMMON [7:49728]
Hi All Thanks for the reply on my DCE/DTE question. Resolved now. Have a new IOS image that I wish to apply to my 2503. However I dont have a spare AUI for it, thus no ethernet activity at the moment. I know you can upload new IOS via ROMMON, because I did it once before. Last time I did it, because my TFTP failed and I went straight to ROMMON. How does one, delete the current IOS and be able to get back into ROMMON ? Is it as simple as a ctrl-break upon boot ? Thanks all John ** visit http://www.solution6.com visit http://www.eccountancy.com - everything for accountants. UK Customers - http://www.solution6.co.uk * This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49728&t=49728 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Network size [7:49704]
The official Cisco answer is 200 for AppleTalk, 300 for IPX, and 500 for IP. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of MADMAN Sent: Thursday, July 25, 2002 2:52 PM To: [EMAIL PROTECTED] Subject: Re: Network size [7:49704] This has been bantered around before and the answer is.. It depends. When I worked at Cray Research we kept a segment at around 30 users. They were supercomputer software developers and compilers, heavy users. If you have 1000 people doing simple data entry you would probably be fine. Dave "[EMAIL PROTECTED]" wrote: > > Hi all, > > I can't for the life of me remember what the recommended maximum number of > clients on one segment is, I think it was either 300 or 500. > > Can anyone confirm ? > > Cheers, > > Graham. -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49726&t=49704 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Static NAT Problem [7:49714]
BTW, only post once... we'll see you and we'll get to it. If you post the same thing multiple times you'll be ignored for being rude. JR -- Johnny Routin ""Don Claybrook"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have a customer using a single address for port forwarding. The > translation > for 192.168.1.2 to > 12.13.14.15 using port 5631 works fine. When I issue the command show ip nat > translations, I get > the output as shown on the last line. The inside global and inside local are > both listed on > port 5631. > > However, the translation for 192.168.1.3 to 12.13.14.15, both using port > 5993, > does not work. > This shows up on the inside global as 12.13.14.15:1062 and on the inside > local > as 192.168.1.3:5993. > > Both translations are configured the same. Can anyone tell me what it is I'm > doing wrong? > > The nat configuration, along with the show ip nat translation, is listed > below. > > Thanks for your help. > > > > ip nat translation timeout 300 > ip nat inside source list 1 interface Serial0.1 overload > ip nat inside source list 18 interface Serial0.1 overload > ip nat inside source static tcp 192.168.1.3 5993 12.13.14.15 5993 extendable > ip nat inside source static tcp 192.168.1.2 22 12.13.14.15 22 extendable > ip nat inside source static tcp 192.168.1.2 5631 12.13.14.15 5631 extendable > ip nat inside source static tcp 192.168.1.2 5632 12.13.14.15 5632 extendable > ip nat inside source static tcp 192.168.1.2 65301 12.13.14.15 65301 > extendable > ip nat inside source static udp 192.168.1.2 5632 12.13.14.15 5632 extendable > > > > Router#sh ip nat trans > Pro Inside global Inside local Outside local Outside global > > tcp 12.13.14.15:5631 192.168.1.2:5631 ------ > tcp 12.13.14.15:5632 192.168.1.2:5632 ------ > udp 12.13.14.15:5632 192.168.1.2:5632 ------ > tcp 12.13.14.15:1062 192.168.1.3:5993 21.22.23.24:2282 21.22.23.24:2282 > tcp 12.13.14.15:65301 192.168.1.2:65301 ------ > tcp 12.13.14.15:5993 192.168.1.3:5993 ------ > tcp 12.13.14.15:22192.168.1.2:22 ------ > tcp 12.13.14.15:5631 192.168.1.2:5631 21.22.23.24:2281 21.22.23.24:2281 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49725&t=49714 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Static NAT Problem [7:49714]
I would take off the extendable keyword. JR -- Johnny Routin ""Don Claybrook"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have a customer using a single address for port forwarding. The > translation > for 192.168.1.2 to > 12.13.14.15 using port 5631 works fine. When I issue the command show ip nat > translations, I get > the output as shown on the last line. The inside global and inside local are > both listed on > port 5631. > > However, the translation for 192.168.1.3 to 12.13.14.15, both using port > 5993, > does not work. > This shows up on the inside global as 12.13.14.15:1062 and on the inside > local > as 192.168.1.3:5993. > > Both translations are configured the same. Can anyone tell me what it is I'm > doing wrong? > > The nat configuration, along with the show ip nat translation, is listed > below. > > Thanks for your help. > > > > ip nat translation timeout 300 > ip nat inside source list 1 interface Serial0.1 overload > ip nat inside source list 18 interface Serial0.1 overload > ip nat inside source static tcp 192.168.1.3 5993 12.13.14.15 5993 extendable > ip nat inside source static tcp 192.168.1.2 22 12.13.14.15 22 extendable > ip nat inside source static tcp 192.168.1.2 5631 12.13.14.15 5631 extendable > ip nat inside source static tcp 192.168.1.2 5632 12.13.14.15 5632 extendable > ip nat inside source static tcp 192.168.1.2 65301 12.13.14.15 65301 > extendable > ip nat inside source static udp 192.168.1.2 5632 12.13.14.15 5632 extendable > > > > Router#sh ip nat trans > Pro Inside global Inside local Outside local Outside global > > tcp 12.13.14.15:5631 192.168.1.2:5631 ------ > tcp 12.13.14.15:5632 192.168.1.2:5632 ------ > udp 12.13.14.15:5632 192.168.1.2:5632 ------ > tcp 12.13.14.15:1062 192.168.1.3:5993 21.22.23.24:2282 21.22.23.24:2282 > tcp 12.13.14.15:65301 192.168.1.2:65301 ------ > tcp 12.13.14.15:5993 192.168.1.3:5993 ------ > tcp 12.13.14.15:22192.168.1.2:22 ------ > tcp 12.13.14.15:5631 192.168.1.2:5631 21.22.23.24:2281 21.22.23.24:2281 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49723&t=49714 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DCE or DTE [7:49625]
The one you can add the clocking statement is the DCE end. You can use 'show controllers serial 0' to verify. JW -Original Message- From: Chuck [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 25, 2002 11:59 AM To: [EMAIL PROTECTED] Subject: Re: DCE or DTE [7:49625] ""Juan Blanco"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > The command is show controllers..or show controllers serial 0..or > show controllers serial 1 > It will tell you a the beging if your end is a DTE or a DCE FYI: Router_1#show controllers s 1 HD unit 1, idb = 0x1B3274, driver structure at 0x1B95E8 buffer size 1524 HD unit 1, V.35 DCE cable, clockrate 100 DCE end attached. > > JB > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > John Brandis > Sent: Thursday, July 25, 2002 2:52 AM > To: [EMAIL PROTECTED] > Subject: DCE or DTE [7:49625] > > > Been away from routers for a while > > whats the command to figure out which serial in in a back to abck config is > DCE/DTE ? > > Reason is I have 2 back to back 2503's. My serial cable is going to S0 in > each router. IN the configs, I have > > Bris Router# > int s0 > ip address 192.168.1.1 255.255.255.0 > encapsulation ppp > bandwidth 64 > clock rate 64000 > no shut > > Melb Router# > int s0 > ip address 192.168.1.2 255.255.255.0 > encapsulation ppp > bandwidth 64 > no shut > > What am I missing as I have the int face is up, line proto down. I really > should be able to figure this one out, however its late afternoon in > Australia and I want to sleep after a big night of watching Buffy repeats. > > John Brandis > > Desk: 02-9278-0629 > Mobile: 0414-495-320 > [EMAIL PROTECTED] > www.solution6.com > > > > > ** > > visit http://www.solution6.com > visit http://www.eccountancy.com - everything for accountants. > > UK Customers - http://www.solution6.co.uk > > * > This email message (and attachments) may contain information that is > confidential to Solution 6. If you are not the intended recipient you cannot > use, distribute or copy the message or attachments. In such a case, please > notify the sender by return email immediately and erase all copies of the > message and attachments. Opinions, conclusions and other information in > this message and attachments that do not relate to the official business of > Solution 6 are neither given nor endorsed by it. > * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49724&t=49625 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sniffers [7:49712]
What do you want to monitor? JR -- Johnny Routin ""Johnson, Richard (NY Int)"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all, > > What is everyone using for monitoring their network? > > Thanks, > > Rich Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49722&t=49712 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to allow outside user to browse the inside web [7:49720]
Looks fine. Clear xlate on the pix. Failing that - reboot the pix if you have that luxury. Troubleshoot your connectivity. Can you browse to the web server internally? Can you browse to internet from the web server? Allow icmp through the pix and check connectivity. Put some logging on while you try to connect: logging on logging console 4 (or 5) Let us know results. Gaz ""Magdy Ibrahim"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all, > I have PIX firewall with 6.0(1) and I am running my mail server behind it > and it works find till now... > these days I need to run a web server "apatche" behind it.. > I tried to configure it to allow the oursiders to access the inside web bage > by usning the following commands: > static (inside,outside) xx.xx.60.21 10.0.0.20 netmask 255.255.255.255 0 0 > conduit permit tcp host xx.xx.60.21 eq www any > > I failed to run this web sites installed on the apatche server... > Is there extra commands I have to add to my PIX to allaow outsider to access > that web server??? > Please help me to fix this issue ASAP > > Thanx in advance > > magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49720&t=49720 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Check this new command out [7:49717]
All I can say is KEWL.. I love that. I hate jumping in and out of config mode to look at my Runnning Config. Thanks for the insight. Erich -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 25, 2002 3:01 PM To: [EMAIL PROTECTED] Subject: Check this new command out [7:49717] Thought this was pretty cool!! c7304(config)#do sh ver Cisco Internetwork Operating System Software IOS (tm) 7300 Software (C7300-JS-M), Version 12.1(1.23.020716.), CISCO DEVELOPME NT TEST VERSION Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Tue 16-Jul-02 03:26 by Image text-base: 0x40008970, data-base: 0x41B32000... Dave -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49719&t=49717 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Check this new command out [7:49717]
Thought this was pretty cool!! c7304(config)#do sh ver Cisco Internetwork Operating System Software IOS (tm) 7300 Software (C7300-JS-M), Version 12.1(1.23.020716.), CISCO DEVELOPME NT TEST VERSION Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Tue 16-Jul-02 03:26 by Image text-base: 0x40008970, data-base: 0x41B32000... Dave -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49717&t=49717 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TCP sequence numbers question [7:49535]
Evans, TJ wrote: > > Is it also relevant/correct that in a case like this, just > under normal TCP > operation, HostB would assumes HostA did not receive the ACK, > which resulted > in HostA restransmitting the original packet ... and HostB > re-ACK'ing it ... > etc. etc. ? > I don't think Host B is that smart actually. It doesn't know or care if its ACK got there. It doesn't try to figure out why it's getting a duplicate. Instead, it just does its normal job of recognizing and dropping the duplicate. On the other hand, a troublehsooter (as in a human), should recognize the situation you describe. This comes up rather often. You'll be looking at a protocol analyzer, for example, and you'll see that data got ACKed but that the sending host is sending it again anway. What you have to realize is that just because you see the ACK on the analzyer doesn't mean that the host saw it. The ACK got dropped somwehere en route to the host or possibly at the host. Then you start your "troubleshooting outward" approach, as Cisco calls it, to determine why ACKs are getting dropped. Priscilla > > Thanks! > TJ > > > -Original Message- > From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] > Sent: Thursday, July 25, 2002 2:12 PM > To: [EMAIL PROTECTED] > Subject: Re: TCP sequence numbers question [7:49535] > > I already explained that, as does Stevens. (You have his book, > I think. It's > great.) The RFCs may not explain it. The creators or TCP don't > approve of > keeaplives. > > Anyway, the sender purposely keeps the sequence number the same > when > implementing the keepalive process. That causes the recipient > to trash the > garbage byte instead of giving it to the application. Remember > there's an > application running above all this (identified by the port > number). The > transport layer does not pass the garbage byte to the > application because it > appears to be a byte it already received. That's a basic TCP > task. > > Priscilla > > sam sneed wrote: > > > > > > So using the example below (host A 192.168.133.21, B > > > > 10.10.10.12), A sends 1 > > > > byte of data, last successful sent byte is 2653258021, > > > > > > No, the last successful byte is 2653258020. That's Host A's > > sequence > > number. > > > Host A sends only one byte, the byte numbered 2653258020. > > > The analyer you're using (is it TCPdump?) doesn't do a good > > job of making > > > this clear. I think it's trying to help you see what the > > expected ACK > > should > > > be. Don't read the second number as the sequence number of > > the last byte > > > sent. You'll be off by one if you do that. > > > > > > > A common mistake people make (and your analyzer may be > > making) is to add > > the > > > length of the data to the sequence number to get the > sequence > > number of > > the > > > final byte of data in the segment. That's doesn't work. > > You're mixing > > apples > > > and oranges. Actually, you're mixing cardinal numbers (how > > many, length) > > > with ordinnal numbers (order, rank, sequence). You'll be off > > by one. I > > > explain this in detail in my new book, Troubleshooting > Campus > > Networks, in > > > the TCP chapter. ;-) > > > > > > > shouldn't Host B ack > > > > (2653258021)+1 ? > > > > > > No, Host B's ACK should be 2653258021. Host B is saying I > got > > 2653258020 > > and > > > I'm expecting 2653258021 next. Once again, I think your > > analyzer's method > > of > > > display is confusing. > > > > > > > Yes, the analyzer is tcpdump and now I understand the error in > > my > > intrepretation. There is still one thing bothering me. > > Host A is a sending a keepalive with 1 garbage as in my > > previous post > > 2653258020, B acks 2653258021 the next SN its expects to see. > > But in my > > example host A sends 2653258020 with 1 byte of garbage again. > > Wouldn't this > > look a duplicate or at least an out of sequence frame since > > host B is > > expecting 2653258021 and has already ack'd 2653258020? There > > are no other ID > > fields in the TCP header so how would it not ignore it as a > > duplicate frame > > when its [src IP dest IP] [src port dest port] and sequence > #'s > > are > > identical? > > I imported the raw packets into Ethereal so I could see all > > fields, even the > > 1 byte of garbage data is the same (00 in hex) and the header > > checksum are > > equal. > > I hate to beat this to death, but this stuff is a science and > > based on > > RFC's, so it kills me not to be able to interpret this exactly > > and > > correctly. There should be no mysteries behind this stuff. > After > > troubleshooting my network problem for awhile, I've become > more > > interested > > in understanding the exact workings of TCP than solving the > > original > > problem. > > > > Thanks alot for your insight. > * > The information in this email is confidential and may be > legally privileged. > It is intended s
Re: New CCIE Written is here. He afraid, be very afraid... [7:49715]
I think a CCIE candidate should have some knowledge of the older stuff. The knowledge needed isn't too deep at all. It's always good to have at least a little knowledge of the more obscure subjects. We;re doing a large TR migration at the moment, and it's not the only one we've seen recently. Hopefully the exam is a little harder. I think it was only intended in the past to weed out the absolute no hopers before they block up lab slots, not to be added to the signature blocks of blaggers as a qualification in its self. Although even if it's no harder, as long as people realise that it's not a qualification, just a basic test to prove you might be worthy of starting the long path to CCIE. My two penneth. Gaz ""Scott"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > This is a good thing. Although, why add things like MPLS, wireless, SS7 > when you still have token ring and x.25? Seems kinda stupid. > > Scott > CCIE #9340 > > ""Dennis Laganiere"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > "The CCIE Program is proud to announce the upcoming release of the revised > > CCIE Routing and Switching Written Exam (350-001). The new version of the > > exam will go live, and replace the current exam, on August 7th, 2002. > Note: > > The revised exam will consist of 150 questions and be 180 minutes in > > duration. To prepare for this exam, candidates may wish to review the exam > > blueprint and study suggestions." > > http://www.cisco.com/warp/public/625/ccie/ccie_program/whatsnew.html#5 > > > > If this is anything like the beta, things just got quite a bit harder... > > --- Dennis Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49715&t=49715 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Static NAT Problem [7:49714]
I have a customer using a single address for port forwarding. The translation for 192.168.1.2 to 12.13.14.15 using port 5631 works fine. When I issue the command show ip nat translations, I get the output as shown on the last line. The inside global and inside local are both listed on port 5631. However, the translation for 192.168.1.3 to 12.13.14.15, both using port 5993, does not work. This shows up on the inside global as 12.13.14.15:1062 and on the inside local as 192.168.1.3:5993. Both translations are configured the same. Can anyone tell me what it is I'm doing wrong? The nat configuration, along with the show ip nat translation, is listed below. Thanks for your help. ip nat translation timeout 300 ip nat inside source list 1 interface Serial0.1 overload ip nat inside source list 18 interface Serial0.1 overload ip nat inside source static tcp 192.168.1.3 5993 12.13.14.15 5993 extendable ip nat inside source static tcp 192.168.1.2 22 12.13.14.15 22 extendable ip nat inside source static tcp 192.168.1.2 5631 12.13.14.15 5631 extendable ip nat inside source static tcp 192.168.1.2 5632 12.13.14.15 5632 extendable ip nat inside source static tcp 192.168.1.2 65301 12.13.14.15 65301 extendable ip nat inside source static udp 192.168.1.2 5632 12.13.14.15 5632 extendable Router#sh ip nat trans Pro Inside global Inside local Outside local Outside global tcp 12.13.14.15:5631 192.168.1.2:5631 ------ tcp 12.13.14.15:5632 192.168.1.2:5632 ------ udp 12.13.14.15:5632 192.168.1.2:5632 ------ tcp 12.13.14.15:1062 192.168.1.3:5993 21.22.23.24:2282 21.22.23.24:2282 tcp 12.13.14.15:65301 192.168.1.2:65301 ------ tcp 12.13.14.15:5993 192.168.1.3:5993 ------ tcp 12.13.14.15:22192.168.1.2:22 ------ tcp 12.13.14.15:5631 192.168.1.2:5631 21.22.23.24:2281 21.22.23.24:2281 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49714&t=49714 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Network size [7:49704]
""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > [EMAIL PROTECTED] wrote: > > > > Hi all, > > > > I can't for the life of me remember what the recommended > > maximum number of clients on one segment is, I think it was > > either 300 or 500. > > It depends. Cisco has some guidelines on this that are based mostly on a > concern for broadcast traffic. Although broadcast traffic doesn't tend to > eat a lot of bandwidth (they are often short packets), each broadcast packet > interrupts the CPU on all devices in the broadcast domain. So Cisco > recomendations are based on the protocols in use and how much broadcast > traffic they tend to use. (Cisco also icludes multicast traffic in the > equation because when they made the guidelines, a lot NICs were stupid about > multicasts and passed them to the host CPU, even if they weren't relevant, > and the driver had not registered to receive them.) > > IP is 500 > IPX is 300 > AppleTalk is 200 > NetBIOS is 200 > Mixed is 200 Every time this discussion comes up, I'm reminded of my interview at Major Well Known Bank a couple of years back. They told me they had shared segments of as many as 1200 stations. The engineering staff was EXPERT in sniffer analysis and broadcast suppression. They could track down a NIC that was sending out more than what they determined to be "acceptable" keepalives, and replace it within minutes All stations used only one app - an internal privately developed app for banking transactions. IP based, but client server in nature. I didn't know then, but I presume now that ARP traffic was at a minimum because of this situation. > > So memorize those numbers for the CCDA test ;-), but, of course also do some > real analysis of your actual network. > > I have seen real-world evidence of broadcast traffic causing older PCs to > slow down. But if your netework has GHz processor PCs, it may not matter one > bit that they get disturbed by a lot by broadcasts!? > > Also, those numbers from Cisco are pretty dated. These days switches with > full-duplex ports are so cheap, you can have most of your LAN "segments" > with just two nodes on them! (The PC and the switch port) > > In addition to considering broadcast traffic, you should also consider how > much load each device is going to generate and the devices' sending > patterns, as someone else mentioned. On shared Ethernet, it gets pretty ugly > if a lot of stations are sending very frequently. A significant portion of > the bandwidth gets wasted on frames that don't go anywhere. Instead they > collide with other frames. > > Priscilla > > > > > > > Can anyone confirm ? > > > > Cheers, > > > > Graham. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49713&t=49704 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Sniffers [7:49712]
Hi all, What is everyone using for monitoring their network? Thanks, Rich Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49712&t=49712 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Network size [7:49704]
[EMAIL PROTECTED] wrote: > > Hi all, > > I can't for the life of me remember what the recommended > maximum number of clients on one segment is, I think it was > either 300 or 500. It depends. Cisco has some guidelines on this that are based mostly on a concern for broadcast traffic. Although broadcast traffic doesn't tend to eat a lot of bandwidth (they are often short packets), each broadcast packet interrupts the CPU on all devices in the broadcast domain. So Cisco recomendations are based on the protocols in use and how much broadcast traffic they tend to use. (Cisco also icludes multicast traffic in the equation because when they made the guidelines, a lot NICs were stupid about multicasts and passed them to the host CPU, even if they weren't relevant, and the driver had not registered to receive them.) IP is 500 IPX is 300 AppleTalk is 200 NetBIOS is 200 Mixed is 200 So memorize those numbers for the CCDA test ;-), but, of course also do some real analysis of your actual network. I have seen real-world evidence of broadcast traffic causing older PCs to slow down. But if your netework has GHz processor PCs, it may not matter one bit that they get disturbed by a lot by broadcasts!? Also, those numbers from Cisco are pretty dated. These days switches with full-duplex ports are so cheap, you can have most of your LAN "segments" with just two nodes on them! (The PC and the switch port) In addition to considering broadcast traffic, you should also consider how much load each device is going to generate and the devices' sending patterns, as someone else mentioned. On shared Ethernet, it gets pretty ugly if a lot of stations are sending very frequently. A significant portion of the bandwidth gets wasted on frames that don't go anywhere. Instead they collide with other frames. Priscilla > > Can anyone confirm ? > > Cheers, > > Graham. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49711&t=49704 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Network size [7:49704]
Than answer has nothing to do with users, but to do with how much they will utilize the segment. No more than 30% utilization is the standard threshold on an ethernet segment. Utilization on a WAN link should be no higher than 70%. Rob Cluett, CCNA Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49710&t=49704 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Any beginners books about BGP. [7:49695]
Halabi's book provides a pretty basic overview. Pete At 06:36 PM 7/25/2002 +, sam sneed wrote: >I am mostly a LAN administrator and my network isn't large enough for me to >get any dynamic routing experience. I am interseted in learning BGP. I've >got the Cisco Press and Sybex CCNP routing books but I didn't like the BGP >coverage, it seemed inadequate. Could anyone recommend a BGP book that is >thorough but would let a beginner understand it initially? >Anyone think you need to learn OSPF or EIGRP before BGP? > >Thanks for the opinions in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49708&t=49695 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Network size [7:49704]
This has been bantered around before and the answer is.. It depends. When I worked at Cray Research we kept a segment at around 30 users. They were supercomputer software developers and compilers, heavy users. If you have 1000 people doing simple data entry you would probably be fine. Dave "[EMAIL PROTECTED]" wrote: > > Hi all, > > I can't for the life of me remember what the recommended maximum number of > clients on one segment is, I think it was either 300 or 500. > > Can anyone confirm ? > > Cheers, > > Graham. -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49707&t=49704 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX 501 and enabling DES [7:49705]
Yes, re-install the same version of the OS, and enter a new activiation key. That's all ya got to do. thanks, -Brad Ellis CCIE#5796 (R&S / Security) [EMAIL PROTECTED] Cisco home labs: www.optsys.net ""NetEng"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I received my PIX 501 this afternoon! Hoowever I can not access it via PDM. > I got the 56bit DES key from Cisco, but I can't figure out how to activate > the thing. The documentation just goes through upgrading the FW IOS and at > the end it will prompt you for the key. I don't want to upgrade the IOS, > just install the key. Any ideas? Please note my versions (no command > activate-key). Thanks > > show version: > Cisco PIX Firewall Version 6.1(3) > Cisco PIX Device Manager Version 1.1(2) > > Compiled on Fri 22-Feb-02 08:15 by morlee > > pixfirewall up 45 mins 40 secs > > Hardware: PIX-501, 16 MB RAM, CPU Am5x86 133 MHz > Flash E28F640J3 @ 0x300, 8MB > BIOS Flash E28F640J3 @ 0xfffd8000, 128KB > > 0: ethernet0: address is 000a.411e.f696, irq 9 > 1: ethernet1: address is 000a.411e.f697, irq 10 > > Licensed Features: > Failover: Disabled > VPN-DES:Disabled > VPN-3DES: Disabled > Maximum Interfaces: 2 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49706&t=49705 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: New CCIE Written is here. Be afraid, be very [7:49615]
I'm getting asked this question a lot from people at work: If someone registers for the CCIE Written before August 7th but plans to take the exam on August 8th, will they take the old exam or the new exam? The way Cisco makes it sound, they'll replace the old exam with the new exam on August 7th. However, in the past they've had a "grandfather" period where both the exams are active at the same time and they fade out the old exam eventually. If anyone has found out the answer to this, please post. Otherwise, I will contact Cisco to find out. Thanks! Shawn K. -Original Message- From: Brad Ellis [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 25, 2002 8:43 AM To: [EMAIL PROTECTED] Subject: Re: New CCIE Written is here. He afraid, be very [7:49615] What date are you taking your test? thanks, -Brad Ellis CCIE#5796 (R&S / Security) [EMAIL PROTECTED] Cisco home labs: www.optsys.net ""Jason Viera"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I just registered today what exam version will I be taking? Thanks in > advance, Jason ""Dennis Laganiere"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > "The CCIE Program is proud to announce the upcoming release of the revised > > CCIE Routing and Switching Written Exam (350-001). The new version > > of the > > exam will go live, and replace the current exam, on August 7th, > > 2002. > Note: > > The revised exam will consist of 150 questions and be 180 minutes in > > duration. To prepare for this exam, candidates may wish to review > > the exam > > blueprint and study suggestions." > > http://www.cisco.com/warp/public/625/ccie/ccie_program/whatsnew.html > > #5 > > > > If this is anything like the beta, things just got quite a bit > > harder... > > --- Dennis Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49703&t=49615 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: mpls-l2 vpn vs. vlan [7:49346]
Peter, > To me, its LANE all > over again, ie lets take a scalable, robust, intelligent technology and try > and bridge with it. As far as building MANs with Spanning Tree as your > control protocol, I might suggest that it will give you a real headache > from a scaling and provisioning standpoint. You might want to find someone > who worked at Yipes to give you some ideas. I agree that STP should not be beyond the campus, anything up from better be ip based. I think the original question was about how to separate vpns on lower end devices, either label or vlan tag, ie configuring l2vpn on many access level devices vs. configuring vlans, I guess vlans are easy to configure and manage in this case. For our discussion, IMHO, LANE is too complicated for the subscribers and l3vpn is not easy for the providers, l2vpn is, relatively speaking, simple for both . > > I will say that I am fully behind replacing legacy frame/atm vpn networks > with IP/MPLS networks in order to reduce the number of networks supported > by a single provider. There are definite efficiencies to be gained here. > I would like to know how people are using IP/MPLS network to integrate voice and data? Thanks Kent > > > > > > At 08:12 PM 7/21/2002 +, bbfaye wrote: > >we are handling a case of a MAN project now. > >We plan to use mpls-l2 vpn to connect the business subscribers.That means we > >have to place some mpls-enabled machines on the access nodes(expensive...). > >Another choice is using vlan.And the users' vlan are trunked to the > >aggressive > >nodes.I think it's not so good to do this,but not so sure about the > >disadvantage. > >Does anyone have experience or suggestion about using vlan and l2-mpls vpn > in > >the man? > >thanks a lot. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49676&t=49346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX 501 and enabling DES [7:49705]
I received my PIX 501 this afternoon! Hoowever I can not access it via PDM. I got the 56bit DES key from Cisco, but I can't figure out how to activate the thing. The documentation just goes through upgrading the FW IOS and at the end it will prompt you for the key. I don't want to upgrade the IOS, just install the key. Any ideas? Please note my versions (no command activate-key). Thanks show version: Cisco PIX Firewall Version 6.1(3) Cisco PIX Device Manager Version 1.1(2) Compiled on Fri 22-Feb-02 08:15 by morlee pixfirewall up 45 mins 40 secs Hardware: PIX-501, 16 MB RAM, CPU Am5x86 133 MHz Flash E28F640J3 @ 0x300, 8MB BIOS Flash E28F640J3 @ 0xfffd8000, 128KB 0: ethernet0: address is 000a.411e.f696, irq 9 1: ethernet1: address is 000a.411e.f697, irq 10 Licensed Features: Failover: Disabled VPN-DES:Disabled VPN-3DES: Disabled Maximum Interfaces: 2 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49705&t=49705 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Network size [7:49704]
Hi all, I can't for the life of me remember what the recommended maximum number of clients on one segment is, I think it was either 300 or 500. Can anyone confirm ? Cheers, Graham. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49704&t=49704 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can't console 4000 router [7:49692]
Hi, Have you try the Auxiliary port ? Best regards -- [EMAIL PROTECTED] Computing networks & internet specialist http://www.a01faure.com Certified Cisco(ccie #8935,ccnp+cvoice), Microsoft(mcse nt4) tel./fax. 33 (0)1 45 87 95 07 PARIS(FRANCE) ""McHugh Randy"" a icrit dans le message news: [EMAIL PROTECTED] > I did a write erase and reload on a 4000 router and now cant access it via > the console. Just get a blinking prompt. Any suggestions? All the terminal > settings are correct. > thx Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49702&t=49692 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Anyone tried Huawei Routers ? [7:49670]
Where does one go to buy these units?? I did a search on Google and Ingram Micro, but couldn't find a reseller or price list for anything. I even checked the company website (datacomm.huawei.com), and it looked like the company is set up in similar fashion to Cisco - No direct purchase. Just idle curiosity of their retail pricing structure. mark -Original Message- From: cebuano [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 25, 2002 1:20 PM To: [EMAIL PROTECTED] Subject: RE: Anyone tried Huawei Routers ? [7:49670] Yeah, this company even has its own stack of certs starting with HCNE, HCSE, and last but not least, HCIE!!! Yikes, some more paper Certs to hang on the wall :-> But on the serious note, if I can get this 3640 for $500 and load a Cisco IOS, who cares?? Heck, buy the 3680. Elmer -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ron Tan Sent: Thursday, July 25, 2002 12:16 PM To: [EMAIL PROTECTED] Subject: OT: Anyone tried Huawei Routers ? [7:49670] Hi group, A piece of Huawei 3640 router just came in the office for evaluation. The whole box seems like a complete duplicate of Cisco's routers, even the CLI looks and feels like home. Heard that the Huawei box has the ability to run EIGRP and HSRP together with Cisco. Anyone tried running the 2 boxes parallel together ? Comments welcome. Regards, Ron Tan [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49701&t=49670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Any beginners books about BGP. [7:49695]
I would highly recommend two books: BGP4: Interdomain Routing in the Internet, by John W. Stewart III Internet Routing Architectures, 2nd Edition by Basaam (Sam) Halabi The first book is deceptively short. It may be small but I found it to have excellent descriptions and examples. HTH, John >>> "sam sneed" 7/25/02 12:36:58 PM >>> I am mostly a LAN administrator and my network isn't large enough for me to get any dynamic routing experience. I am interseted in learning BGP. I've got the Cisco Press and Sybex CCNP routing books but I didn't like the BGP coverage, it seemed inadequate. Could anyone recommend a BGP book that is thorough but would let a beginner understand it initially? Anyone think you need to learn OSPF or EIGRP before BGP? Thanks for the opinions in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49700&t=49695 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ip default-network [7:49619]
Here is a helpfull link. http://www.cisco.com/warp/public/105/default.html Oleg Oz. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49699&t=49619 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Any beginners books about BGP. [7:49695]
as Howard likes to say, it's rocket science, not BGP meaning that BGP can be difficult at first. Along with the usual recommendations of the Cisco Press BGP book by Halabi, you might want to take a look through BGP4 by John W. Stewart III. And maybe the RFC. Only don't get bogged down in the programmers' details. Just the overview. basic BGP is very simple, really. where it gets difficult to understand and configure is when you want to do anything interesting and useful. :-> ""sam sneed"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I am mostly a LAN administrator and my network isn't large enough for me to > get any dynamic routing experience. I am interseted in learning BGP. I've > got the Cisco Press and Sybex CCNP routing books but I didn't like the BGP > coverage, it seemed inadequate. Could anyone recommend a BGP book that is > thorough but would let a beginner understand it initially? > Anyone think you need to learn OSPF or EIGRP before BGP? > > Thanks for the opinions in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49698&t=49695 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Any beginners books about BGP. [7:49695]
Routing TCP/IP Vol. II by Doyle is a good start. For more advanced info., check out Halabi's Internet Routing Architecture. Parkhurst also has a book called BGP4 Config. and Command Handbook that is good. HTH, Scott CCIE #9340 ""sam sneed"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I am mostly a LAN administrator and my network isn't large enough for me to > get any dynamic routing experience. I am interseted in learning BGP. I've > got the Cisco Press and Sybex CCNP routing books but I didn't like the BGP > coverage, it seemed inadequate. Could anyone recommend a BGP book that is > thorough but would let a beginner understand it initially? > Anyone think you need to learn OSPF or EIGRP before BGP? > > Thanks for the opinions in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49697&t=49695 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Anyone tried Huawei Routers ? [7:49670]
See what happens when American companies send their manufacturing to China? All those products sure look like their Cisco counterparts. Why pay Cisco's price when you can buy the Chinese knock off and save a ton of money? What was it Lenin said? When it comes time to hang the Capitalists, they will cut eachother's throats to sell us the rope? BTW, I find no mention of EIGRP on the website. http://datacomm.huawei.com/english/ Tom ""cebuano"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Yeah, this company even has its own stack of certs starting with > HCNE, HCSE, and last but not least, HCIE!!! Yikes, some more paper > Certs to hang on the wall :-> > But on the serious note, if I can get this 3640 for $500 and load a > Cisco IOS, who cares?? Heck, buy the 3680. > > Elmer > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > Ron Tan > Sent: Thursday, July 25, 2002 12:16 PM > To: [EMAIL PROTECTED] > Subject: OT: Anyone tried Huawei Routers ? [7:49670] > > Hi group, > > A piece of Huawei 3640 router just came in the office for evaluation. > The > whole box seems like a complete duplicate of Cisco's routers, even the > CLI > looks and feels like home. > > Heard that the Huawei box has the ability to run EIGRP and HSRP together > with Cisco. Anyone tried running the 2 boxes parallel together ? > > Comments welcome. > > Regards, > > Ron Tan > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49696&t=49670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Any beginners books about BGP. [7:49695]
I am mostly a LAN administrator and my network isn't large enough for me to get any dynamic routing experience. I am interseted in learning BGP. I've got the Cisco Press and Sybex CCNP routing books but I didn't like the BGP coverage, it seemed inadequate. Could anyone recommend a BGP book that is thorough but would let a beginner understand it initially? Anyone think you need to learn OSPF or EIGRP before BGP? Thanks for the opinions in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49695&t=49695 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TCP sequence numbers question [7:49535]
Is it also relevant/correct that in a case like this, just under normal TCP operation, HostB would assumes HostA did not receive the ACK, which resulted in HostA restransmitting the original packet ... and HostB re-ACK'ing it ... etc. etc. ? Thanks! TJ -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 25, 2002 2:12 PM To: [EMAIL PROTECTED] Subject: Re: TCP sequence numbers question [7:49535] I already explained that, as does Stevens. (You have his book, I think. It's great.) The RFCs may not explain it. The creators or TCP don't approve of keeaplives. Anyway, the sender purposely keeps the sequence number the same when implementing the keepalive process. That causes the recipient to trash the garbage byte instead of giving it to the application. Remember there's an application running above all this (identified by the port number). The transport layer does not pass the garbage byte to the application because it appears to be a byte it already received. That's a basic TCP task. Priscilla sam sneed wrote: > > > > So using the example below (host A 192.168.133.21, B > > > 10.10.10.12), A sends 1 > > > byte of data, last successful sent byte is 2653258021, > > > > No, the last successful byte is 2653258020. That's Host A's > sequence > number. > > Host A sends only one byte, the byte numbered 2653258020. > > The analyer you're using (is it TCPdump?) doesn't do a good > job of making > > this clear. I think it's trying to help you see what the > expected ACK > should > > be. Don't read the second number as the sequence number of > the last byte > > sent. You'll be off by one if you do that. > > > > A common mistake people make (and your analyzer may be > making) is to add > the > > length of the data to the sequence number to get the sequence > number of > the > > final byte of data in the segment. That's doesn't work. > You're mixing > apples > > and oranges. Actually, you're mixing cardinal numbers (how > many, length) > > with ordinnal numbers (order, rank, sequence). You'll be off > by one. I > > explain this in detail in my new book, Troubleshooting Campus > Networks, in > > the TCP chapter. ;-) > > > > > shouldn't Host B ack > > > (2653258021)+1 ? > > > > No, Host B's ACK should be 2653258021. Host B is saying I got > 2653258020 > and > > I'm expecting 2653258021 next. Once again, I think your > analyzer's method > of > > display is confusing. > > > > Yes, the analyzer is tcpdump and now I understand the error in > my > intrepretation. There is still one thing bothering me. > Host A is a sending a keepalive with 1 garbage as in my > previous post > 2653258020, B acks 2653258021 the next SN its expects to see. > But in my > example host A sends 2653258020 with 1 byte of garbage again. > Wouldn't this > look a duplicate or at least an out of sequence frame since > host B is > expecting 2653258021 and has already ack'd 2653258020? There > are no other ID > fields in the TCP header so how would it not ignore it as a > duplicate frame > when its [src IP dest IP] [src port dest port] and sequence #'s > are > identical? > I imported the raw packets into Ethereal so I could see all > fields, even the > 1 byte of garbage data is the same (00 in hex) and the header > checksum are > equal. > I hate to beat this to death, but this stuff is a science and > based on > RFC's, so it kills me not to be able to interpret this exactly > and > correctly. There should be no mysteries behind this stuff. After > troubleshooting my network problem for awhile, I've become more > interested > in understanding the exact workings of TCP than solving the > original > problem. > > Thanks alot for your insight. * The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49694&t=49535 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TCP sequence numbers question [7:49535]
Oops, sorry about that. I re-read your original post I missed that paragraph. Staring at those damned tcpdumps all day made me cross-eyed not to mention the headache. Thanks for your help. ""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I already explained that, as does Stevens. (You have his book, I think. It's > great.) The RFCs may not explain it. The creators or TCP don't approve of > keeaplives. > > Anyway, the sender purposely keeps the sequence number the same when > implementing the keepalive process. That causes the recipient to trash the > garbage byte instead of giving it to the application. Remember there's an > application running above all this (identified by the port number). The > transport layer does not pass the garbage byte to the application because it > appears to be a byte it already received. That's a basic TCP task. > > Priscilla > > sam sneed wrote: > > > > > > So using the example below (host A 192.168.133.21, B > > > > 10.10.10.12), A sends 1 > > > > byte of data, last successful sent byte is 2653258021, > > > > > > No, the last successful byte is 2653258020. That's Host A's > > sequence > > number. > > > Host A sends only one byte, the byte numbered 2653258020. > > > The analyer you're using (is it TCPdump?) doesn't do a good > > job of making > > > this clear. I think it's trying to help you see what the > > expected ACK > > should > > > be. Don't read the second number as the sequence number of > > the last byte > > > sent. You'll be off by one if you do that. > > > > > > > A common mistake people make (and your analyzer may be > > making) is to add > > the > > > length of the data to the sequence number to get the sequence > > number of > > the > > > final byte of data in the segment. That's doesn't work. > > You're mixing > > apples > > > and oranges. Actually, you're mixing cardinal numbers (how > > many, length) > > > with ordinnal numbers (order, rank, sequence). You'll be off > > by one. I > > > explain this in detail in my new book, Troubleshooting Campus > > Networks, in > > > the TCP chapter. ;-) > > > > > > > shouldn't Host B ack > > > > (2653258021)+1 ? > > > > > > No, Host B's ACK should be 2653258021. Host B is saying I got > > 2653258020 > > and > > > I'm expecting 2653258021 next. Once again, I think your > > analyzer's method > > of > > > display is confusing. > > > > > > > Yes, the analyzer is tcpdump and now I understand the error in > > my > > intrepretation. There is still one thing bothering me. > > Host A is a sending a keepalive with 1 garbage as in my > > previous post > > 2653258020, B acks 2653258021 the next SN its expects to see. > > But in my > > example host A sends 2653258020 with 1 byte of garbage again. > > Wouldn't this > > look a duplicate or at least an out of sequence frame since > > host B is > > expecting 2653258021 and has already ack'd 2653258020? There > > are no other ID > > fields in the TCP header so how would it not ignore it as a > > duplicate frame > > when its [src IP dest IP] [src port dest port] and sequence #'s > > are > > identical? > > I imported the raw packets into Ethereal so I could see all > > fields, even the > > 1 byte of garbage data is the same (00 in hex) and the header > > checksum are > > equal. > > I hate to beat this to death, but this stuff is a science and > > based on > > RFC's, so it kills me not to be able to interpret this exactly > > and > > correctly. There should be no mysteries behind this stuff. After > > troubleshooting my network problem for awhile, I've become more > > interested > > in understanding the exact workings of TCP than solving the > > original > > problem. > > > > Thanks alot for your insight. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49693&t=49535 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Can't console 4000 router [7:49692]
I did a write erase and reload on a 4000 router and now cant access it via the console. Just get a blinking prompt. Any suggestions? All the terminal settings are correct. thx Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49692&t=49692 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Anyone tried Huawei Routers ? [7:49670]
Yeah, this company even has its own stack of certs starting with HCNE, HCSE, and last but not least, HCIE!!! Yikes, some more paper Certs to hang on the wall :-> But on the serious note, if I can get this 3640 for $500 and load a Cisco IOS, who cares?? Heck, buy the 3680. Elmer -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ron Tan Sent: Thursday, July 25, 2002 12:16 PM To: [EMAIL PROTECTED] Subject: OT: Anyone tried Huawei Routers ? [7:49670] Hi group, A piece of Huawei 3640 router just came in the office for evaluation. The whole box seems like a complete duplicate of Cisco's routers, even the CLI looks and feels like home. Heard that the Huawei box has the ability to run EIGRP and HSRP together with Cisco. Anyone tried running the 2 boxes parallel together ? Comments welcome. Regards, Ron Tan [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49691&t=49670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF Advertisments [7:49659]
Why would you WANT to do it?? ;-) Seriously, I must be missing something. There's no need to advertise a default gateway in IP. It's configured on the end hosts. Can someone tell me what problem we're trying to solve? Thanks. Sorry if I'm being dense. Priscilla cebuano wrote: > > Okay... > For the CCIE Lab, since static routes are almost always > prohibited, what > other options do you have to accomplish this requirement? > > Elmer > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On > Behalf Of > Dagoski Sam > Sent: Thursday, July 25, 2002 11:43 AM > To: [EMAIL PROTECTED] > Subject: RE: OSPF Advertisments [7:49659] > > Gil Shulman wrote: > > > > Hi all, > > > > Does know how and if I can advertise via OSPF an HSRP IP > > address as a > > defualt gateway. > > > > Setup a static route with a /0 mask pointing to the HSRP > interface and > redistribute into OSPF. > > -Sam > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49690&t=49659 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TCP sequence numbers question [7:49535]
I already explained that, as does Stevens. (You have his book, I think. It's great.) The RFCs may not explain it. The creators or TCP don't approve of keeaplives. Anyway, the sender purposely keeps the sequence number the same when implementing the keepalive process. That causes the recipient to trash the garbage byte instead of giving it to the application. Remember there's an application running above all this (identified by the port number). The transport layer does not pass the garbage byte to the application because it appears to be a byte it already received. That's a basic TCP task. Priscilla sam sneed wrote: > > > > So using the example below (host A 192.168.133.21, B > > > 10.10.10.12), A sends 1 > > > byte of data, last successful sent byte is 2653258021, > > > > No, the last successful byte is 2653258020. That's Host A's > sequence > number. > > Host A sends only one byte, the byte numbered 2653258020. > > The analyer you're using (is it TCPdump?) doesn't do a good > job of making > > this clear. I think it's trying to help you see what the > expected ACK > should > > be. Don't read the second number as the sequence number of > the last byte > > sent. You'll be off by one if you do that. > > > > A common mistake people make (and your analyzer may be > making) is to add > the > > length of the data to the sequence number to get the sequence > number of > the > > final byte of data in the segment. That's doesn't work. > You're mixing > apples > > and oranges. Actually, you're mixing cardinal numbers (how > many, length) > > with ordinnal numbers (order, rank, sequence). You'll be off > by one. I > > explain this in detail in my new book, Troubleshooting Campus > Networks, in > > the TCP chapter. ;-) > > > > > shouldn't Host B ack > > > (2653258021)+1 ? > > > > No, Host B's ACK should be 2653258021. Host B is saying I got > 2653258020 > and > > I'm expecting 2653258021 next. Once again, I think your > analyzer's method > of > > display is confusing. > > > > Yes, the analyzer is tcpdump and now I understand the error in > my > intrepretation. There is still one thing bothering me. > Host A is a sending a keepalive with 1 garbage as in my > previous post > 2653258020, B acks 2653258021 the next SN its expects to see. > But in my > example host A sends 2653258020 with 1 byte of garbage again. > Wouldn't this > look a duplicate or at least an out of sequence frame since > host B is > expecting 2653258021 and has already ack'd 2653258020? There > are no other ID > fields in the TCP header so how would it not ignore it as a > duplicate frame > when its [src IP dest IP] [src port dest port] and sequence #'s > are > identical? > I imported the raw packets into Ethereal so I could see all > fields, even the > 1 byte of garbage data is the same (00 in hex) and the header > checksum are > equal. > I hate to beat this to death, but this stuff is a science and > based on > RFC's, so it kills me not to be able to interpret this exactly > and > correctly. There should be no mysteries behind this stuff. After > troubleshooting my network problem for awhile, I've become more > interested > in understanding the exact workings of TCP than solving the > original > problem. > > Thanks alot for your insight. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49689&t=49535 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EIGRP [7:49678]
I had a conversation with a cisco engineer about why there are so many undocumented commands. He basically told me that before a command is documented it needs to be documented (no pun intended) by the engineer, this as it turns out is not as easy as it would sounds. There is a process that needs to be completed on the engineers side that documents all possible output, provides debugs and command syntax in all possible compinations. The fact that this is so time consuming many engineers avoid doing it! Oleg Oz. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49688&t=49678 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF Advertisments [7:49659]
Okay... For the CCIE Lab, since static routes are almost always prohibited, what other options do you have to accomplish this requirement? Elmer -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dagoski Sam Sent: Thursday, July 25, 2002 11:43 AM To: [EMAIL PROTECTED] Subject: RE: OSPF Advertisments [7:49659] Gil Shulman wrote: > > Hi all, > > Does know how and if I can advertise via OSPF an HSRP IP > address as a > defualt gateway. > Setup a static route with a /0 mask pointing to the HSRP interface and redistribute into OSPF. -Sam Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49687&t=49659 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Who's out BC - Canada way? [7:49686]
I'm trying to remember who it is/was on this list that worked for a stock quote (or perhaps online stock trading) company in BC. For some reason I thought it was Kevin Wiggle but he's out Ontario-way. If you're out there, whoever you are, or if you know who I'm thinking about, could you let me know please? I seem to be having a memory lapse. There's just been too many great people I've conversed with on this list for me to keep you all straight in my head. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49686&t=49686 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Static NAT Problem [7:49685]
I have a customer using a single address for port forwarding. The translation for 192.168.1.2 to 12.13.14.15 using port 5631 works fine. When I issue the command show ip nat translations, I get the output as shown on the last line. The inside global and inside local are both listed on port 5631. However, the translation for 192.168.1.3 to 12.13.14.15, both using port 5993, does not work. This shows up on the inside global as 12.13.14.15:1062 and on the inside local as 192.168.1.3:5993. Both translations are configured the same. Can anyone tell me what it is I'm doing wrong? The nat configuration, along with the show ip nat translation, is listed below. Thanks for your help. ip nat translation timeout 300 ip nat inside source list 1 interface Serial0.1 overload ip nat inside source list 18 interface Serial0.1 overload ip nat inside source static tcp 192.168.1.3 5993 12.13.14.15 5993 extendable ip nat inside source static tcp 192.168.1.2 22 12.13.14.15 22 extendable ip nat inside source static tcp 192.168.1.2 5631 12.13.14.15 5631 extendable ip nat inside source static tcp 192.168.1.2 5632 12.13.14.15 5632 extendable ip nat inside source static tcp 192.168.1.2 65301 12.13.14.15 65301 extendable ip nat inside source static udp 192.168.1.2 5632 12.13.14.15 5632 extendable Router#sh ip nat trans Pro Inside global Inside local Outside local Outside global tcp 12.13.14.15:5631 192.168.1.2:5631 ------ tcp 12.13.14.15:5632 192.168.1.2:5632 ------ udp 12.13.14.15:5632 192.168.1.2:5632 ------ tcp 12.13.14.15:1062 192.168.1.3:5993 21.22.23.24:2282 21.22.23.24:2282 tcp 12.13.14.15:65301 192.168.1.2:65301 ------ tcp 12.13.14.15:5993 192.168.1.3:5993 ------ tcp 12.13.14.15:22192.168.1.2:22 ------ tcp 12.13.14.15:5631 192.168.1.2:5631 21.22.23.24:2281 21.22.23.24:2281 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49685&t=49685 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EIGRP [7:49678]
i know its the event command but why not document in the IOS? >>> "Richard Tufaro" 07/25 1:04 PM >>> Anyone tried the show ip eigrp e command on a router running (of course) eigrp and 12.2(10a)? Seems like its not in the command sequence. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49684&t=49678 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: EIGRP [7:49678]
I've had quite problems with that version in my 3620, it seems that atm interfaces aren't working with older releases, like c3620-is56i-mz.121-5.T10 or even c3620-ik8s-mz.122-8.T5.bin, so I won't be surprised if it has more mistakes Richard Tufaro wrote: > > Anyone tried the > > show ip eigrp e > > command on a router running (of course) eigrp and 12.2(10a)? > Seems like its not in the command sequence. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49683&t=49678 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TCP sequence numbers question [7:49535]
> > So using the example below (host A 192.168.133.21, B > > 10.10.10.12), A sends 1 > > byte of data, last successful sent byte is 2653258021, > > No, the last successful byte is 2653258020. That's Host A's sequence number. > Host A sends only one byte, the byte numbered 2653258020. > The analyer you're using (is it TCPdump?) doesn't do a good job of making > this clear. I think it's trying to help you see what the expected ACK should > be. Don't read the second number as the sequence number of the last byte > sent. You'll be off by one if you do that. > A common mistake people make (and your analyzer may be making) is to add the > length of the data to the sequence number to get the sequence number of the > final byte of data in the segment. That's doesn't work. You're mixing apples > and oranges. Actually, you're mixing cardinal numbers (how many, length) > with ordinnal numbers (order, rank, sequence). You'll be off by one. I > explain this in detail in my new book, Troubleshooting Campus Networks, in > the TCP chapter. ;-) > > > shouldn't Host B ack > > (2653258021)+1 ? > > No, Host B's ACK should be 2653258021. Host B is saying I got 2653258020 and > I'm expecting 2653258021 next. Once again, I think your analyzer's method of > display is confusing. > Yes, the analyzer is tcpdump and now I understand the error in my intrepretation. There is still one thing bothering me. Host A is a sending a keepalive with 1 garbage as in my previous post 2653258020, B acks 2653258021 the next SN its expects to see. But in my example host A sends 2653258020 with 1 byte of garbage again. Wouldn't this look a duplicate or at least an out of sequence frame since host B is expecting 2653258021 and has already ack'd 2653258020? There are no other ID fields in the TCP header so how would it not ignore it as a duplicate frame when its [src IP dest IP] [src port dest port] and sequence #'s are identical? I imported the raw packets into Ethereal so I could see all fields, even the 1 byte of garbage data is the same (00 in hex) and the header checksum are equal. I hate to beat this to death, but this stuff is a science and based on RFC's, so it kills me not to be able to interpret this exactly and correctly. There should be no mysteries behind this stuff. After troubleshooting my network problem for awhile, I've become more interested in understanding the exact workings of TCP than solving the original problem. Thanks alot for your insight. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49682&t=49535 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Here we go again ( Pix 515) [7:49492]
sorry, just couldn't resist - hahaha besides, if you're capable of doing all these multiple things with and on the networks, you're not just an NT guy even though your work title might say that :-) ""Kevin O'Gilvie"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hey, > > No flames aginst NT admins. > In these tuff times Network Admins need to know all > FW's, Servers, PC's, Mac's, Switches, Routers, even Cabling.. > In order to survive. > Like myself!! > > > >From: Juan Blanco > >Reply-To: [EMAIL PROTECTED] > >To: 'Kevin O'Gilvie' , [EMAIL PROTECTED] > >Subject: RE: Here we go again ( Pix 515) [7:49492] > >Date: Thu, 25 Jul 2002 11:14:08 -0400 > > > >Team, > >The way I see it, dhcp on the firewall is only for small number of users, > >when it comes to mid-size-up network you don't want to use a firewall for a > >DHCPCan you see an NT administrator making changes in your firewall > >because he/she is having problems with DHCP(This network will be > >available to hackers in the Theater near You) > > > >My two cents. > > > >-Original Message- > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > >Kevin O'Gilvie > >Sent: Thursday, July 25, 2002 10:27 AM > >To: [EMAIL PROTECTED] > >Subject: Re: Here we go again ( Pix 515) [7:49492] > > > > > >I wouldnt put dhcp on the firewall for 300 users. > >But for 10 or 15 I would. > > > >Thanks, > > > >-Kevin > > > > > > >From: "Gaz" > > >Reply-To: "Gaz" > > >To: [EMAIL PROTECTED] > > >Subject: Re: Here we go again ( Pix 515) [7:49492] > > >Date: Wed, 24 Jul 2002 22:37:12 GMT > > > > > >What's everybody's view on using the Pix as a DHCP server? > > > > > >I used it once, only because after arriving on site to install the Pix > >the > > >customer mentioned that his old Firewall was doing DHCP and he had no > >plans > > >to do it on anything else. > > >Seemed to go fine, but would like to know if people have come across > > >limitations/issues. > > > > > >I tend to agree with the view "Right box for the job", i.e. don't make > >the > > >Pix do things it's not made for, but if pushed into the situation, how > >does > > >it compare. > > > > > >Cheers, > > > > > >Gaz > > > > > >""Kevin O'Gilvie"" wrote in message > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Hi Kelly, > > > > > > > > You are absolutely right, and I love your strategy. > > > > That is the way I did it 2 years ago, but the only thing now is > >finding > > >a > > > > vpn solution for the Macs. I used Pix for the PC's last time round but > > >never > > > > had to do this for the Mac's. Any ideas? > > > > > > > > > > > > >From: "Kelly Cobean" > > > > >Reply-To: "Kelly Cobean" > > > > >To: [EMAIL PROTECTED] > > > > >Subject: RE: Here we go again ( Pix 515) [7:49492] > > > > >Date: Wed, 24 Jul 2002 02:18:38 GMT > > > > > > > > > >Man, you aren't asking much, are you? ;-) > > > > > > > > > >Ok, here's the order I'd do things in... > > > > > > > > > >First things first, get that firewall in place. You don't list what > > >their > > > > >internet connectivity is, but if they bought a PIX, it's safe to > >assume > > > > >that > > > > >they have a persistent connection, and that being true, they're > >really > > > > >hanging it out there for someone to cut off, so to speak. Network > > >security > > > > >is always a primary concern, and the firewall won't take alot of time > > >to > > > > >set > > > > >up. Not setting it up could be very costly. If they already have a > > > > >light(er)-weight firewall like a Linux host running IP chains or IP > > >tables, > > > > >replacing this first will save your users down-time later because you > > >can > > > > >pre-configure your internet rulebase/access in preparation for your > > >private > > > > >addressing. > > > > > > > > > >Next, I'd do the DHCP and Private Addressing. These go hand in hand, > > >and > > > > >since your firewall is now in place, you can do the NAT/PAT > > >translations > > >as > > > > >needed and not have to rethink these later. > > > > > > > > > >Third, get Exchange up and running. If it's going on a different > > >system > > > > >than Quick mail is running on, great! Now you can get them running > >in > > > > >parallel, and move users accounts over one at a time or in batches. > > >There > > > > >are probably tools out there to do the mailbox format conversion. > >Now > > >that > > > > >your network is secure at layer3/4, you can focus on the nitty-gritty > > >of > > > > >the > > > > >user data. (Oh yeah, don't forget that backup!!!) > > > > > > > > > >It's a 10,000 foot view, but that's how I'd do it. I'm not really a > > >MAC > > > > >guy, but I'd venture a guess that most or all of your MAC's run > >TCP/IP > > >and > > > > >support DHCP, so from an L3/4 standpoint, they're really no different > > >than > > > > >your PC's. > > > > > > > > > >When doing multiple projects like this, I tend to work along the OSI > > >model. > > > > >If the wiring is horrible, or the NIC's are al
RE: Here we go again ( Pix 515) [7:49492]
Team, The way I see it, dhcp on the firewall is only for small number of users, when it comes to mid-size-up network you don't want to use a firewall for a DHCPCan you see an NT administrator making changes in your firewall because he/she is having problems with DHCP(This network will be available to hackers in the Theater near You) My two cents. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kevin O'Gilvie Sent: Thursday, July 25, 2002 10:27 AM To: [EMAIL PROTECTED] Subject: Re: Here we go again ( Pix 515) [7:49492] I wouldnt put dhcp on the firewall for 300 users. But for 10 or 15 I would. Thanks, -Kevin >From: "Gaz" >Reply-To: "Gaz" >To: [EMAIL PROTECTED] >Subject: Re: Here we go again ( Pix 515) [7:49492] >Date: Wed, 24 Jul 2002 22:37:12 GMT > >What's everybody's view on using the Pix as a DHCP server? > >I used it once, only because after arriving on site to install the Pix the >customer mentioned that his old Firewall was doing DHCP and he had no plans >to do it on anything else. >Seemed to go fine, but would like to know if people have come across >limitations/issues. > >I tend to agree with the view "Right box for the job", i.e. don't make the >Pix do things it's not made for, but if pushed into the situation, how does >it compare. > >Cheers, > >Gaz > >""Kevin O'Gilvie"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi Kelly, > > > > You are absolutely right, and I love your strategy. > > That is the way I did it 2 years ago, but the only thing now is finding >a > > vpn solution for the Macs. I used Pix for the PC's last time round but >never > > had to do this for the Mac's. Any ideas? > > > > > > >From: "Kelly Cobean" > > >Reply-To: "Kelly Cobean" > > >To: [EMAIL PROTECTED] > > >Subject: RE: Here we go again ( Pix 515) [7:49492] > > >Date: Wed, 24 Jul 2002 02:18:38 GMT > > > > > >Man, you aren't asking much, are you? ;-) > > > > > >Ok, here's the order I'd do things in... > > > > > >First things first, get that firewall in place. You don't list what >their > > >internet connectivity is, but if they bought a PIX, it's safe to assume > > >that > > >they have a persistent connection, and that being true, they're really > > >hanging it out there for someone to cut off, so to speak. Network >security > > >is always a primary concern, and the firewall won't take alot of time >to > > >set > > >up. Not setting it up could be very costly. If they already have a > > >light(er)-weight firewall like a Linux host running IP chains or IP >tables, > > >replacing this first will save your users down-time later because you >can > > >pre-configure your internet rulebase/access in preparation for your >private > > >addressing. > > > > > >Next, I'd do the DHCP and Private Addressing. These go hand in hand, >and > > >since your firewall is now in place, you can do the NAT/PAT >translations >as > > >needed and not have to rethink these later. > > > > > >Third, get Exchange up and running. If it's going on a different >system > > >than Quick mail is running on, great! Now you can get them running in > > >parallel, and move users accounts over one at a time or in batches. >There > > >are probably tools out there to do the mailbox format conversion. Now >that > > >your network is secure at layer3/4, you can focus on the nitty-gritty >of > > >the > > >user data. (Oh yeah, don't forget that backup!!!) > > > > > >It's a 10,000 foot view, but that's how I'd do it. I'm not really a >MAC > > >guy, but I'd venture a guess that most or all of your MAC's run TCP/IP >and > > >support DHCP, so from an L3/4 standpoint, they're really no different >than > > >your PC's. > > > > > >When doing multiple projects like this, I tend to work along the OSI >model. > > >If the wiring is horrible, or the NIC's are all old 10Base2 nics and >have > > >transceivers to hook them to your BaseT network, take care of the layer >1 > > >stuff first. Next, if the network is all unmanaged hubs, and your >network > > >is one gigantic broadcast domain, start installing switches to quiet >down > > >the network. Next, get VLANs/routing/security in place for Layer3/4. > > >Next, > > >work on the "upper layers" where all of your apps and data live and >talk. > > >Just my $0.02 worth. > > > > > >HTH, > > >Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I > > >Network Engineer > > >AT&T Government Solutions, Inc. > > > > > >-Original Message- > > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > >Kevin O'Gilvie > > >Sent: Tuesday, July 23, 2002 9:07 PM > > >To: [EMAIL PROTECTED] > > >Subject: Here we go again ( Pix 515) [7:49492] > > > > > > > > >Dear All, > > > > > >I am jumping into a similar mess as when I started at my current >company, > > >but this time the Macs out number the PC's. Well here is the scoop: > > >180 Macs > > >50 PC's > > >Static Ip's > > >No DHCP > > >No FW > > >Quick Mail Server > > >and a whole bunch of other nasty thing
Modem dial-up speed problem? PLEASE [7:49679]
Hi All, I have a problem with a 3600 with a nm-8am (8port analog modem card v.34) for dial-up clients. The speed for the connection is never more than 21.6k TX and 19.2k RX. Connetction works fine, only slow. Belief me I read all documention on CCO and now answers for this one. I try all the modemcaps, and play with the mics init string, with no luck. Does anyone know what "Call Handle failed for Modem 2/1" means??? Where is my problem?? I exculded the Telco and dial in straight through the PABX(analog). Same problem... When I use "debug confmoden" and "debug modem" I get the following: *Mar 1 03:45:18.303: Modem 2/1 Mcom: in modem state 'Dialing/Answering' *Mar 1 03:45:18.959: Modem 2/1 Mcom: in modem state 'Incoming ring' *Mar 1 03:45:21.231: Modem 2/1 Mcom: in modem state 'Waiting for Carrier' *Mar 1 03:45:33.447: Modem 2/1 Mcom: in modem state 'Connected' *Mar 1 03:45:34.059: Call Handle failed for Modem 2/1 *Mar 1 03:45:34.059: Modem 2/1 Mcom: CONNECT at 21600/14400(Tx/Rx), V34, LAPM, V42bis, Answer *Mar 1 03:45:34.343: TTY66: DSR came up *Mar 1 03:45:34.343: tty66: Modem: IDLE->(unknown) *Mar 1 03:45:34.343: TTY66: EXEC creation *Mar 1 03:45:34.343: TTY66: set timer type 10, 30 seconds *Mar 1 03:45:36.435: TTY66: Autoselect(2) sample 7E *Mar 1 03:45:36.435: TTY66: Autoselect(2) sample 7EFF *Mar 1 03:45:36.435: TTY66: Autoselect(2) sample 7EFF7D *Mar 1 03:45:36.435: TTY66: Autoselect(2) sample 7EFF7D23 *Mar 1 03:45:36.435: TTY66 Autoselect cmd: ppp negotiate *Mar 1 03:45:36.435: TTY66: EXEC creation *Mar 1 03:45:36.435: TTY66: create timer type 1, 600 seconds *Mar 1 03:45:36.567: TTY66: destroy timer type 1 *Mar 1 03:45:36.567: TTY66: no timer type 0 to destroy *Mar 1 03:45:39.311: Modem 2/1 Mcom: switching to PPP mode *Mar 1 03:45:39.311: Modem 2/1 Mcom: PPP escape map: Tx map = , Rx map = 0 *Mar 1 03:45:39.311: Modem 2/1 Mcom: PPP escape map: Tx map = , Rx map = 0 03:45:39: %LINK-3-UPDOWN: Interface Async66, changed state to up *Mar 1 03:45:39.527: Modem 2/1 Mcom: PPP escape map: Tx map = 0, Rx map = 0 *Mar 1 03:46:14.675: Modem 2/1 Mcom: in modem state 'Disconnecting' *Mar 1 03:46:14.679: Modem 2/1 Mcom: DISCONNECT, duration = 00:00:42, reason (0 xE) Remote Link Disc *Mar 1 03:46:15.343: TTY66: DSR was dropped *Mar 1 03:46:15.343: tty66: Modem: READY->(unknown) *Mar 1 03:46:16.047: Modem 2/1 Mcom: in modem state 'Idle' *Mar 1 03:46:16.343: TTY66: dropping DTR, hanging up *Mar 1 03:46:16.343: TTY66: Async Int reset: Dropping DTR *Mar 1 03:46:16.343: tty66: Modem: HANGUP->(unknown) *Mar 1 03:46:16.487: Modem 2/1 Mcom: PPP escape map: Tx map = , Rx map = 0 *Mar 1 03:46:17.343: TTY66: cleanup pending. Delaying DTR *Mar 1 03:46:18.343: TTY66: cleanup pending. Delaying DTR *Mar 1 03:46:18.487: Modem 2/1 Mcom: PPP escape map: Tx map = , Rx map = 0 *Mar 1 03:46:19.343: TTY66: cleanup pending. Delaying DTR *Mar 1 03:46:20.343: TTY66: cleanup pending. Delaying DTR *Mar 1 03:46:21.343: Modem 2/1 Mcom: switching to character mode *Mar 1 03:46:21.343: TTY66: no timer type 0 to destroy *Mar 1 03:46:21.343: TTY66: no timer type 1 to destroy *Mar 1 03:46:21.343: TTY66: no timer type 3 to destroy *Mar 1 03:46:21.343: TTY66: no timer type 4 to destroy *Mar 1 03:46:21.343: TTY66: no timer type 2 to destroy *Mar 1 03:46:21.343: Async66: allowing modem_process to continue hangup *Mar 1 03:46:21.343: TTY66: restoring DTR *Mar 1 03:46:21.343: TTY66: autoconfigure probe started *Mar 1 03:46:21.343: TTY66: Modem ommand: --AT&F&FS0=1S0=1&C1&D3\Q3\J0\N3%M2% U2%G1$B38400%B33600-- *Mar 1 03:46:23.919: TTY66: Modem configuration succeeded *Mar 1 03:46:23.919: TTY66: Detected modem speed 9600 *Mar 1 03:46:23.919: TTY66: Done with modem configuration 03:47:06: %LINK-3-UPDOWN: Interface Async66, changed state to down Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49679&t=49679 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
EIGRP [7:49678]
Anyone tried the show ip eigrp e command on a router running (of course) eigrp and 12.2(10a)? Seems like its not in the command sequence. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49678&t=49678 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TCP sequence numbers question [7:49535]
sam sneed wrote: > > How does the other host know its a keepalive? I do not see any > keepalive > fields in the TCP packet, perhaps a TCP option? The recipient host doesn't know that it's a keepalive. There's really no such thing according to the official TCP RFC (793). The recipient just knows that it's a byte to be ACKed. The keepalive behavior (such as resending the same byte over and over again) is controlled by the sending application. > I think I was more confused by how the sequence #'s are > incremented and > ack'd. I read in Stevens book > " Since every byte that is exchanged is numbered, the > acknowledgement number > contains the next sequence number that the sender of the > acknowledgement > expects to receive. This is therefore the sequence number plus > 1 of the last > successfully received byte of data." Yes. That's right. When you get a chance, study TCP behavior with an analyzer when using a protocol such as FTP or HTTP. Studying it with keepalives won't help you learn because they send either zero or just one byte, which confuses matters. > So using the example below (host A 192.168.133.21, B > 10.10.10.12), A sends 1 > byte of data, last successful sent byte is 2653258021, No, the last successful byte is 2653258020. That's Host A's sequence number. Host A sends only one byte, the byte numbered 2653258020. The analyer you're using (is it TCPdump?) doesn't do a good job of making this clear. I think it's trying to help you see what the expected ACK should be. Don't read the second number as the sequence number of the last byte sent. You'll be off by one if you do that. A common mistake people make (and your analyzer may be making) is to add the length of the data to the sequence number to get the sequence number of the final byte of data in the segment. That's doesn't work. You're mixing apples and oranges. Actually, you're mixing cardinal numbers (how many, length) with ordinnal numbers (order, rank, sequence). You'll be off by one. I explain this in detail in my new book, Troubleshooting Campus Networks, in the TCP chapter. ;-) > shouldn't Host B ack > (2653258021)+1 ? No, Host B's ACK should be 2653258021. Host B is saying I got 2653258020 and I'm expecting 2653258021 next. Once again, I think your analyzer's method of display is confusing. > > The problem I'm trying to solve is a TCP connection that > unexpectedly > terminates. Supposedly the client can detect this and reconnect > to the > server but there are problems. Can you put an anzlyer on both sides? One where the client is and one where the server is? Maybe the server isn't seeing the keepalives or ACKs to the keepalives. I wish I could help more. It's sounds like your on the right track though. Priscilla > I started the keepalive thread > last week > related to the same issue. I thought our firewall may have > droppped the > connection from its state table after its timeout but this is > not the case > since it seems keepalives are sent every 30 seconds. > > 17:56:46.563514 O 192.168.133.21.5055 > 10.10.10.12.1617: P > 2653258020:2653258021(1) ack 808512610 win 8760 (DF) > > 17:56:46.604328 I 10.10.10.12.1617 > 192.168.133.21.5055: . ack > 2653258021 > win 17520 (DF) > > 17:58:20.327090 O 192.168.133.21.5055 > 10.10.10.12.1617: P > 2653258020:2653258021(1) ack 808512610 win 8760 (DF) > > 17:58:20.368296 I 10.10.10.12.1617 > 192.168.133.21.5055: . ack > 2653258021 > win 17520 (DF) > > 17:59:54.090651 O 192.168.133.21.5055 > 10.10.10.12.1617: P > 2653258020:2653258021(1) ack 808512610 win 8760 (DF) > > 17:59:54.132170 I 10.10.10.12.1617 > 192.168.133.21.5055: . ack > 2653258021 > win 17520 (DF) > > ""Priscilla Oppenheimer"" wrote in > message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > sam sneed wrote: > > > > > > I have been troubleshooting a problem and have seen > something I > > > don't > > > understand. If host A sends data to host B and host B acks > the > > > data, isn't > > > host A supposed to increment its seq #. Here is an actual > > > tcpdump. Host A is > > > 192.168.133.21 and B is 10.10.10.12. > > > You'll notice host A is pushing 1 byte of data and Host B is > > > acking it, yet > > > host A's seq never increments. Is this normal? > > > > It sounds like Host A has gone into a keepalive mode. It > doesn't have any > > actual data to send, so it just sits there sending one byte > at a time. > > > > We had a long discussion about TCP keepalives last week > sometime. You > might > > want to check the archives. The TCP RFC (793) doesn't > actually mention > > keepalives. With ordinary TCP, when there's no data to send, > both sides > are > > silent. But a lot of implementations send keepalives, and the > host > > requirements RFC does say that's OK. (RFC 1122) > > > > Theoretically a host should just be able to send an empty TCP > segment with > > no data to implement the keepalive function. In that case, > there's no > reason > > to increment the sequence number as sequence numbers coun
Re: OT: Anyone tried Huawei Routers ? [7:49670]
Ron Tan wrote: > A piece of Huawei 3640 router just came in the office for evaluation. The > whole box seems like a complete duplicate of Cisco's routers, even the CLI > looks and feels like home. How does the price compare to cisco? -- TT Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49674&t=49670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
anyone looking for a new RSP4 ? [7:49675]
7/25/2002 11:33am Thursday I have one I would like to trade for some other hardware. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49675&t=49675 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Proper network design? [7:49536]
I'm curious about why the Linux box couldn't be configured to do the same job as the Cisco router also. Let us know if your Linux colleagues tell you. Wouldn't that be great if they could put the Linux box back and give you the router for your home lab? ;-) Thanks for a great discussion. Priscilla Frank H wrote: > > Thanks for your explanation - I can understand my setup very > clearly now. I originally asked this question because I have > not been exposed to that situation before (I'm at the CCNA > level). You are correct in saying that the cellular box does > routing for the 192.168.2.0 network. I was also incorrect to > call my setup a "router on a stick" as another person pointed > out - it looks similar though. The network drawing was correct. > The Linux box that was acting as a router in the original setup > was replaced with the Cisco router in order to correct the > problem of only one 192.168.0.0 network host being able to talk > to cellular hosts on the 192.168.2.0 network. My setup is > exactly the same as the Chicago/San Francisco/New York > situation you described. I'm just curious as to why the Linux > box could not be configured to do the same job as the Cisco > router (with the added static route). I'll have to talk to our > network guy to see if he can make the Linux box do the same job > so I can take my Cisco router back home. > > Thanks to all for your help. > > Frank > > Priscilla Oppenheimer wrote: > > > > Frank H wrote: > > > > > > Proper network design? > > > > > > I have a few questions for the group that maybe someone can > > > answer. From my studies when I got CCNA certified, I > > understood > > > that different networks were ALWAYS separated by a router. > At > > > my company we have this equipment that was purchased several > > > months ago that acts as a digital cellular network. It was > set > > > up and was able to operate, but only in a limited way. > > > Basically, this is the setup - the digital cellular network > > was > > > on the 192.168.2.0 subnet (subnet mask 255.255.255.0). The > > > company development LAN was on the 192.168.0.0 subnet > (subnet > > > mask 255.255.255.0). The two small networks (less than 10 > > hosts > > > in each subnet) were all tied together at a 24 port hub. The > > > gateway to the Internet was through a Linux box. The digital > > > cellular network was basically a box (with IP address > > > 192.168.0.100) that passed packets to network 192.168.2.0 > > > through a low power transmitter to the cellular hosts in the > > > 192.168.2.0 subnet. With this setup, only one desktop host > on > > > the 192.168.0.0 network could communicate to the 192.168.2.0 > > > cellular network (desktop host 192.168.0.20). The problem of > > > only one desktop host in the 192.168.0.0 network being able > to > > > communicate with the 192.168.2.0 network was solved by > > > replacing the Linux box with a Cisco 2514 router (with two > > > ethernet interfaces). The configuration for the router was > > > exactly the same as the Linux box except for one small > > > addition. The following line was added as a static route: > > > > > > ip route 192.168.2.0 255.255.255.0 192.168.0.100 > > > > > > Now let me ask you, have you ever seen a router that gets a > > > packet on one interface pass it right back out the SAME > > > interface back to another host on that same network? > > > > Sure, it happens all the time. There's nothing non-standard > > about this. It's quite normal for a router to receive a packet > > on an interface, look into its routing table, and determine > > that the packet needs to go back out the same interface it > came > > in on. > > > > For example, let's say you have a LAN in Chicago that has two > > routers on it. One router has a WAN connection to San > Francisco > > and the other router has a WAN connection to New York. > > > > Clients on the LAN in Chicago can only be configured with one > > default gateway. So, let's say that you tell them their > default > > gateway is the router that goes to New York. > > > > When the clients send a pcket to San Francisco, the packet > goes > > to the router that connects to New York. That router sends the > > packet back out the LAN to the router that goes to San > > Francisco. The router can send an ICMP Redirect to the end > host > > saying essentially "don't use me, use this other router." The > > host may or may not follow that advice. > > > > This is sometimes called "the extra hop problem," although > it's > > not really a problem. > > > > In your case, since the cellular box is a bit weird (only > > supports one host talking through it I think you said), you > > would probably want to disable ICMP Redirects. > > > > > > >Our setup > > > basically ties two DIFFERENT class C subnets together > through > > a > > > hub and the Cisco router makes it all work perfectly. > > > > A hub? Now that part is confusing. Are you referring to the > > cellular box, which sounds like a router to m
RE: Wireless [7:49667]
Scott wrote: > > Anybody know a good source to learn about wireless? From > basics of the > technology all the way to advanced possibly w/Cisco product > lines. > > Thanks, > > Scott > > My new book, Troubleshooting Campus Networks, has a 50-page chapter on wireless. It was written by my coauthor, so I don't feel like I'm blowing my own horn my recommending it. ;-) It has a lot of detailed technology information as well as guidelines for designing and troubleshooting a wireless network, including doing a site survey to check signal strenght, etc. It mentions some Cisco products, but doens't have a lot of detail in that area. The Amazon page for the book is here: http://www.amazon.com/exec/obidos/ASIN/0471210137/qid%3D1027613889/sr%3D11-1/ref%3Dsr%5F11%5F1/102-8572510-9596157 I've also heard good things about this book: Wheat, J., R. Hiser, J. Tucker, A. Neely, and A. McCullough. Designing a Wireless Network. Berkeley, California: Publishers Group West, 2001. Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49672&t=49667 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Anyone tried Huawei Routers ? [7:49670]
Hi group, A piece of Huawei 3640 router just came in the office for evaluation. The whole box seems like a complete duplicate of Cisco's routers, even the CLI looks and feels like home. Heard that the Huawei box has the ability to run EIGRP and HSRP together with Cisco. Anyone tried running the 2 boxes parallel together ? Comments welcome. Regards, Ron Tan [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49670&t=49670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TCP sequence numbers question [7:49535]
How does the other host know its a keepalive? I do not see any keepalive fields in the TCP packet, perhaps a TCP option? I think I was more confused by how the sequence #'s are incremented and ack'd. I read in Stevens book " Since every byte that is exchanged is numbered, the acknowledgement number contains the next sequence number that the sender of the acknowledgement expects to receive. This is therefore the sequence number plus 1 of the last successfully received byte of data." So using the example below (host A 192.168.133.21, B 10.10.10.12), A sends 1 byte of data, last successful sent byte is 2653258021, shouldn't Host B ack (2653258021)+1 ? The problem I'm trying to solve is a TCP connection that unexpectedly terminates. Supposedly the client can detect this and reconnect to the server but there are problems. I started the keepalive thread last week related to the same issue. I thought our firewall may have droppped the connection from its state table after its timeout but this is not the case since it seems keepalives are sent every 30 seconds. 17:56:46.563514 O 192.168.133.21.5055 > 10.10.10.12.1617: P 2653258020:2653258021(1) ack 808512610 win 8760 (DF) 17:56:46.604328 I 10.10.10.12.1617 > 192.168.133.21.5055: . ack 2653258021 win 17520 (DF) 17:58:20.327090 O 192.168.133.21.5055 > 10.10.10.12.1617: P 2653258020:2653258021(1) ack 808512610 win 8760 (DF) 17:58:20.368296 I 10.10.10.12.1617 > 192.168.133.21.5055: . ack 2653258021 win 17520 (DF) 17:59:54.090651 O 192.168.133.21.5055 > 10.10.10.12.1617: P 2653258020:2653258021(1) ack 808512610 win 8760 (DF) 17:59:54.132170 I 10.10.10.12.1617 > 192.168.133.21.5055: . ack 2653258021 win 17520 (DF) ""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > sam sneed wrote: > > > > I have been troubleshooting a problem and have seen something I > > don't > > understand. If host A sends data to host B and host B acks the > > data, isn't > > host A supposed to increment its seq #. Here is an actual > > tcpdump. Host A is > > 192.168.133.21 and B is 10.10.10.12. > > You'll notice host A is pushing 1 byte of data and Host B is > > acking it, yet > > host A's seq never increments. Is this normal? > > It sounds like Host A has gone into a keepalive mode. It doesn't have any > actual data to send, so it just sits there sending one byte at a time. > > We had a long discussion about TCP keepalives last week sometime. You might > want to check the archives. The TCP RFC (793) doesn't actually mention > keepalives. With ordinary TCP, when there's no data to send, both sides are > silent. But a lot of implementations send keepalives, and the host > requirements RFC does say that's OK. (RFC 1122) > > Theoretically a host should just be able to send an empty TCP segment with > no data to implement the keepalive function. In that case, there's no reason > to increment the sequence number as sequence numbers count payload bytes. > However, some older implementations based on 4.2 BSD UNIX do not respond if > the keepalive contains no data, causing the sender to think its partner has > died. > > Some systems instead send one garbage byte of data to elicit an ACK. They > purposely keep the sequence number the same so that the garbage byte can't > cause any harm. It's not the expected sequence number. It's a sequence > number that the receiver already received and ACKed, so the byte is thrown > away before being given to an application (although it is ACKed by TCP.) > > Some implementations send a keepalive with no data and if no response is > received, switch over to the 4.2 BSD style and send a garbage byte. > > Anyway, I doubt this is related to the problem you are troubleshooting since > it's normal behavior. What is the problem? Can you tell us more about it? > Thanks. > > > Priscilla Oppenheimer > http://www.priscilla.com > > > > > > 17:56:46.563514 O 192.168.133.21.5055 > 10.10.10.12.1617: P > > 2653258020:2653258021(1) ack 808512610 win 8760 (DF) > > 17:56:46.604328 I 10.10.10.12.1617 > 192.168.133.21.5055: . ack > > 2653258021 > > win 17520 (DF) > > 17:58:20.327090 O 192.168.133.21.5055 > 10.10.10.12.1617: P > > 2653258020:2653258021(1) ack 808512610 win 8760 (DF) > > 17:58:20.368296 I 10.10.10.12.1617 > 192.168.133.21.5055: . ack > > 2653258021 > > win 17520 (DF) > > 17:59:54.090651 O 192.168.133.21.5055 > 10.10.10.12.1617: P > > 2653258020:2653258021(1) ack 808512610 win 8760 (DF) > > 17:59:54.132170 I 10.10.10.12.1617 > 192.168.133.21.5055: . ack > > 2653258021 > > win 17520 (DF) > > 18:01:27.854289 O 192.168.133.21.5055 > 10.10.10.12.1617: P > > 2653258020:2653258021(1) ack 808512610 win 8760 (DF) > > 18:01:27.895254 I 10.10.10.12.1617 > 192.168.133.21.5055: . ack > > 2653258021 > > win 17520 (DF) > > 18:03:01.618100 O 192.168.133.21.5055 > 10.10.10.12.1617: P > > 2653258020:2653258021(1) ack 808512610 win 8760 (DF) > > 18:03:01.658892 I 10.10.10.12.1617 > 192.168.133.21.5055: . ack > > 2653258021
Re: DCE or DTE [7:49625]
""Juan Blanco"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > The command is show controllers..or show controllers serial 0..or > show controllers serial 1 > It will tell you a the beging if your end is a DTE or a DCE FYI: Router_1#show controllers s 1 HD unit 1, idb = 0x1B3274, driver structure at 0x1B95E8 buffer size 1524 HD unit 1, V.35 DCE cable, clockrate 100 DCE end attached. > > JB > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > John Brandis > Sent: Thursday, July 25, 2002 2:52 AM > To: [EMAIL PROTECTED] > Subject: DCE or DTE [7:49625] > > > Been away from routers for a while > > whats the command to figure out which serial in in a back to abck config is > DCE/DTE ? > > Reason is I have 2 back to back 2503's. My serial cable is going to S0 in > each router. IN the configs, I have > > Bris Router# > int s0 > ip address 192.168.1.1 255.255.255.0 > encapsulation ppp > bandwidth 64 > clock rate 64000 > no shut > > Melb Router# > int s0 > ip address 192.168.1.2 255.255.255.0 > encapsulation ppp > bandwidth 64 > no shut > > What am I missing as I have the int face is up, line proto down. I really > should be able to figure this one out, however its late afternoon in > Australia and I want to sleep after a big night of watching Buffy repeats. > > John Brandis > > Desk: 02-9278-0629 > Mobile: 0414-495-320 > [EMAIL PROTECTED] > www.solution6.com > > > > > ** > > visit http://www.solution6.com > visit http://www.eccountancy.com - everything for accountants. > > UK Customers - http://www.solution6.co.uk > > * > This email message (and attachments) may contain information that is > confidential to Solution 6. If you are not the intended recipient you cannot > use, distribute or copy the message or attachments. In such a case, please > notify the sender by return email immediately and erase all copies of the > message and attachments. Opinions, conclusions and other information in > this message and attachments that do not relate to the official business of > Solution 6 are neither given nor endorsed by it. > * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49669&t=49625 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Testing and Validation [7:49668]
Sorry for the off topic question. I know there are a lot of people on this list that either understand, have a hand in doing, or can point me to resources concerning Validation and Testing of Network systems. If you are none of the above my apologies and please delete this email. If you are one of the above maybe you will have an answer. Part of my position is to work with our Validation department in the documentation, testing and validating of our corporate network. We are under the strict regulations of the Canadian and US FDA, as well as several other regulatory sytems. My question concerns pointers to resources where we can find (semi-)standard testing practices and or procedures. We currently have some in place but would like to ensure we are doing all we can, the best, safest, cost efficient way to work within the system. I have found some resources in Pricillia's "Top Down Network Designs", thank you Pricillia. Are there any others? Any assistance would be greatly appreciated. Kim Graham Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49668&t=49668 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Wireless [7:49667]
Anybody know a good source to learn about wireless? From basics of the technology all the way to advanced possibly w/Cisco product lines. Thanks, Scott Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49667&t=49667 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DCE or DTE [7:49625]
The command is show controllers..or show controllers serial 0..or show controllers serial 1 It will tell you a the beging if your end is a DTE or a DCE JB -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Brandis Sent: Thursday, July 25, 2002 2:52 AM To: [EMAIL PROTECTED] Subject: DCE or DTE [7:49625] Been away from routers for a while whats the command to figure out which serial in in a back to abck config is DCE/DTE ? Reason is I have 2 back to back 2503's. My serial cable is going to S0 in each router. IN the configs, I have Bris Router# int s0 ip address 192.168.1.1 255.255.255.0 encapsulation ppp bandwidth 64 clock rate 64000 no shut Melb Router# int s0 ip address 192.168.1.2 255.255.255.0 encapsulation ppp bandwidth 64 no shut What am I missing as I have the int face is up, line proto down. I really should be able to figure this one out, however its late afternoon in Australia and I want to sleep after a big night of watching Buffy repeats. John Brandis Desk: 02-9278-0629 Mobile: 0414-495-320 [EMAIL PROTECTED] www.solution6.com ** visit http://www.solution6.com visit http://www.eccountancy.com - everything for accountants. UK Customers - http://www.solution6.co.uk * This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49666&t=49625 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF Advertisments [7:49659]
Gil Shulman wrote: > > Hi all, > > Does know how and if I can advertise via OSPF an HSRP IP > address as a > defualt gateway. > Setup a static route with a /0 mask pointing to the HSRP interface and redistribute into OSPF. -Sam Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49665&t=49659 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to use tftp server?? [7:49651]
""Hunt Lee"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi Group, > > Can anyone please explain to me what command syntax to boot up a router > using TFTP stftp c2500-jk8os-l.122-1d 172.16.0.1erver? > > I can do a copy tftp flash, but when I tried to set up a boot system, it > keeps on failing to boot... > > Is this correct?? > > boot system c2500-jk8os-l.122-1d 172.16.0.1 > > Any help will be greatly appreciated. Not meant to be a put down, but one thing you might do is make use of the "?" when you are working on these things: Router_1(config)#boot ? bootstrap Bootstrap image file host Router-specific config file networkNetwork-wide config file system System image file Router_1(config)#boot network ? WORD TFTP filename or URL mop Boot from a Decnet MOP server tftp Boot from a tftp server Router_1(config)#boot network tftp ? WORD Network-wide configuration filename Router_1(config)#boot network tftp FILE ? Hostname or A.B.C.D Address from which to download the file Router_1(config)#boot network tftp FILE 1.1.1.1 Another thing you might do is check the command reference on CCO http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/inde x.htm watch the wrap HTH > > Best Regards, > H. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49664&t=49651 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Here we go again ( Pix 515) [7:49492]
Hey, No flames aginst NT admins. In these tuff times Network Admins need to know all FW's, Servers, PC's, Mac's, Switches, Routers, even Cabling.. In order to survive. Like myself!! >From: Juan Blanco >Reply-To: [EMAIL PROTECTED] >To: 'Kevin O'Gilvie' , [EMAIL PROTECTED] >Subject: RE: Here we go again ( Pix 515) [7:49492] >Date: Thu, 25 Jul 2002 11:14:08 -0400 > >Team, >The way I see it, dhcp on the firewall is only for small number of users, >when it comes to mid-size-up network you don't want to use a firewall for a >DHCPCan you see an NT administrator making changes in your firewall >because he/she is having problems with DHCP(This network will be >available to hackers in the Theater near You) > >My two cents. > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >Kevin O'Gilvie >Sent: Thursday, July 25, 2002 10:27 AM >To: [EMAIL PROTECTED] >Subject: Re: Here we go again ( Pix 515) [7:49492] > > >I wouldnt put dhcp on the firewall for 300 users. >But for 10 or 15 I would. > >Thanks, > >-Kevin > > > >From: "Gaz" > >Reply-To: "Gaz" > >To: [EMAIL PROTECTED] > >Subject: Re: Here we go again ( Pix 515) [7:49492] > >Date: Wed, 24 Jul 2002 22:37:12 GMT > > > >What's everybody's view on using the Pix as a DHCP server? > > > >I used it once, only because after arriving on site to install the Pix >the > >customer mentioned that his old Firewall was doing DHCP and he had no >plans > >to do it on anything else. > >Seemed to go fine, but would like to know if people have come across > >limitations/issues. > > > >I tend to agree with the view "Right box for the job", i.e. don't make >the > >Pix do things it's not made for, but if pushed into the situation, how >does > >it compare. > > > >Cheers, > > > >Gaz > > > >""Kevin O'Gilvie"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Hi Kelly, > > > > > > You are absolutely right, and I love your strategy. > > > That is the way I did it 2 years ago, but the only thing now is >finding > >a > > > vpn solution for the Macs. I used Pix for the PC's last time round but > >never > > > had to do this for the Mac's. Any ideas? > > > > > > > > > >From: "Kelly Cobean" > > > >Reply-To: "Kelly Cobean" > > > >To: [EMAIL PROTECTED] > > > >Subject: RE: Here we go again ( Pix 515) [7:49492] > > > >Date: Wed, 24 Jul 2002 02:18:38 GMT > > > > > > > >Man, you aren't asking much, are you? ;-) > > > > > > > >Ok, here's the order I'd do things in... > > > > > > > >First things first, get that firewall in place. You don't list what > >their > > > >internet connectivity is, but if they bought a PIX, it's safe to >assume > > > >that > > > >they have a persistent connection, and that being true, they're >really > > > >hanging it out there for someone to cut off, so to speak. Network > >security > > > >is always a primary concern, and the firewall won't take alot of time > >to > > > >set > > > >up. Not setting it up could be very costly. If they already have a > > > >light(er)-weight firewall like a Linux host running IP chains or IP > >tables, > > > >replacing this first will save your users down-time later because you > >can > > > >pre-configure your internet rulebase/access in preparation for your > >private > > > >addressing. > > > > > > > >Next, I'd do the DHCP and Private Addressing. These go hand in hand, > >and > > > >since your firewall is now in place, you can do the NAT/PAT > >translations > >as > > > >needed and not have to rethink these later. > > > > > > > >Third, get Exchange up and running. If it's going on a different > >system > > > >than Quick mail is running on, great! Now you can get them running >in > > > >parallel, and move users accounts over one at a time or in batches. > >There > > > >are probably tools out there to do the mailbox format conversion. >Now > >that > > > >your network is secure at layer3/4, you can focus on the nitty-gritty > >of > > > >the > > > >user data. (Oh yeah, don't forget that backup!!!) > > > > > > > >It's a 10,000 foot view, but that's how I'd do it. I'm not really a > >MAC > > > >guy, but I'd venture a guess that most or all of your MAC's run >TCP/IP > >and > > > >support DHCP, so from an L3/4 standpoint, they're really no different > >than > > > >your PC's. > > > > > > > >When doing multiple projects like this, I tend to work along the OSI > >model. > > > >If the wiring is horrible, or the NIC's are all old 10Base2 nics and > >have > > > >transceivers to hook them to your BaseT network, take care of the >layer > >1 > > > >stuff first. Next, if the network is all unmanaged hubs, and your > >network > > > >is one gigantic broadcast domain, start installing switches to quiet > >down > > > >the network. Next, get VLANs/routing/security in place for Layer3/4. > > > >Next, > > > >work on the "upper layers" where all of your apps and data live and > >talk. > > > >Just my $0.02 worth. > > > > > > > >HTH, > > > >Kelly Cobean, CCNP, CCSA, ACSA, MCSE,
Re: OSPF Advertisments [7:49659]
Hi, you can first configure the static route on your border router pointing to the next hop as HSRP ip address and then use default information originate command under the ospf process. Kind Regards /Thangavel 186K Reading,Brkshire Direct No -0118 9064259 Mobile No -07796292416 Post code: RG16LH www.186k.co.uk -- The greatest glory in living lies not in never falling, but in rising every time we fall ." -- Nelson Mandela "Gil Shulman" cc: Sent by: Fax to: nobody@groupsSubject: OSPF Advertisments [7:49659] tudy.com 25/07/2002 15:43 Please respond to "Gil Shulman" Hi all, Does know how and if I can advertise via OSPF an HSRP IP address as a defualt gateway. Thank you in advance, Gil ** The contents of this email and any attachments are confidential. It is intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately and do not disclose the contents to any one or make copies. ** eSafe scanned this email for viruses, vandals and malicious content ** ** ** This e-mail is from 186k Ltd and is intended only for the addressee named above. As this e-mail may contain confidential or priveleged information, if you are not the named addressee or the person responsible for delivering the message to the named addressee, please advise the sender by return e-mail. The contents should not be disclosed to any other person nor copies taken. 186k Ltd is a Lattice Group company, registered in England & Wales No. 3751494 Registered Office 130 Jermyn Street London SW1Y 4UR ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49661&t=49659 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to use tftp server?? [7:49651]
boot system tftp > >Hi Group, > >Can anyone please explain to me what command syntax to boot up a router >using TFTP stftp c2500-jk8os-l.122-1d 172.16.0.1erver? > >I can do a copy tftp flash, but when I tried to set up a boot system, it >keeps on failing to boot... > >Is this correct?? > >boot system c2500-jk8os-l.122-1d 172.16.0.1 > >Any help will be greatly appreciated. misconduct and Nondisclosure violations to [EMAIL PROTECTED] MSN Photos is the easiest way to share and print your photos: Click Here Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49660&t=49651 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF Advertisments [7:49659]
Hi all, Does know how and if I can advertise via OSPF an HSRP IP address as a defualt gateway. Thank you in advance, Gil ** The contents of this email and any attachments are confidential. It is intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately and do not disclose the contents to any one or make copies. ** eSafe scanned this email for viruses, vandals and malicious content ** ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49659&t=49659 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Here we go again ( Pix 515) [7:49492]
I wouldnt put dhcp on the firewall for 300 users. But for 10 or 15 I would. Thanks, -Kevin >From: "Gaz" >Reply-To: "Gaz" >To: [EMAIL PROTECTED] >Subject: Re: Here we go again ( Pix 515) [7:49492] >Date: Wed, 24 Jul 2002 22:37:12 GMT > >What's everybody's view on using the Pix as a DHCP server? > >I used it once, only because after arriving on site to install the Pix the >customer mentioned that his old Firewall was doing DHCP and he had no plans >to do it on anything else. >Seemed to go fine, but would like to know if people have come across >limitations/issues. > >I tend to agree with the view "Right box for the job", i.e. don't make the >Pix do things it's not made for, but if pushed into the situation, how does >it compare. > >Cheers, > >Gaz > >""Kevin O'Gilvie"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi Kelly, > > > > You are absolutely right, and I love your strategy. > > That is the way I did it 2 years ago, but the only thing now is finding >a > > vpn solution for the Macs. I used Pix for the PC's last time round but >never > > had to do this for the Mac's. Any ideas? > > > > > > >From: "Kelly Cobean" > > >Reply-To: "Kelly Cobean" > > >To: [EMAIL PROTECTED] > > >Subject: RE: Here we go again ( Pix 515) [7:49492] > > >Date: Wed, 24 Jul 2002 02:18:38 GMT > > > > > >Man, you aren't asking much, are you? ;-) > > > > > >Ok, here's the order I'd do things in... > > > > > >First things first, get that firewall in place. You don't list what >their > > >internet connectivity is, but if they bought a PIX, it's safe to assume > > >that > > >they have a persistent connection, and that being true, they're really > > >hanging it out there for someone to cut off, so to speak. Network >security > > >is always a primary concern, and the firewall won't take alot of time >to > > >set > > >up. Not setting it up could be very costly. If they already have a > > >light(er)-weight firewall like a Linux host running IP chains or IP >tables, > > >replacing this first will save your users down-time later because you >can > > >pre-configure your internet rulebase/access in preparation for your >private > > >addressing. > > > > > >Next, I'd do the DHCP and Private Addressing. These go hand in hand, >and > > >since your firewall is now in place, you can do the NAT/PAT >translations >as > > >needed and not have to rethink these later. > > > > > >Third, get Exchange up and running. If it's going on a different >system > > >than Quick mail is running on, great! Now you can get them running in > > >parallel, and move users accounts over one at a time or in batches. >There > > >are probably tools out there to do the mailbox format conversion. Now >that > > >your network is secure at layer3/4, you can focus on the nitty-gritty >of > > >the > > >user data. (Oh yeah, don't forget that backup!!!) > > > > > >It's a 10,000 foot view, but that's how I'd do it. I'm not really a >MAC > > >guy, but I'd venture a guess that most or all of your MAC's run TCP/IP >and > > >support DHCP, so from an L3/4 standpoint, they're really no different >than > > >your PC's. > > > > > >When doing multiple projects like this, I tend to work along the OSI >model. > > >If the wiring is horrible, or the NIC's are all old 10Base2 nics and >have > > >transceivers to hook them to your BaseT network, take care of the layer >1 > > >stuff first. Next, if the network is all unmanaged hubs, and your >network > > >is one gigantic broadcast domain, start installing switches to quiet >down > > >the network. Next, get VLANs/routing/security in place for Layer3/4. > > >Next, > > >work on the "upper layers" where all of your apps and data live and >talk. > > >Just my $0.02 worth. > > > > > >HTH, > > >Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I > > >Network Engineer > > >AT&T Government Solutions, Inc. > > > > > >-Original Message- > > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > >Kevin O'Gilvie > > >Sent: Tuesday, July 23, 2002 9:07 PM > > >To: [EMAIL PROTECTED] > > >Subject: Here we go again ( Pix 515) [7:49492] > > > > > > > > >Dear All, > > > > > >I am jumping into a similar mess as when I started at my current >company, > > >but this time the Macs out number the PC's. Well here is the scoop: > > >180 Macs > > >50 PC's > > >Static Ip's > > >No DHCP > > >No FW > > >Quick Mail Server > > >and a whole bunch of other nasty things.. > > >- They just purchases a Pix 515 > > >- They just bought Exchange 5.5 > > > > > >My projects are: > > >Set up DHCP > > >Set up Pix > > >Set up Private Addressing > > >Set up Exchange > > >Migrate them from Quick Mail > > >etc etc > > >I have done this before but maybe you guys can help as to how I should >go > > >about this the quickest. > > > > > >Thanks, > > > > > >Kevin > > > > > > > > >_ > > >Send and receive Hotmail on your mobile device: http://mobile.msn.com > >
RE: VLAN Trunk Protocol [7:49647]
VTP - is only used to disseminate information among switches in the same VTP domain - or manage VLAN configurations. Setting a switch as a server allows you to add/delete/modify VLAN's from that switch for the entire VTP domain. If the VTP domain server dies :( no problem, your domain will be fine, however you will not be able to perform your add/deletes/modifys on that domain. This can be remedied by making another switch a SERVER. Hope that answers you question. Oleg Oz. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49657&t=49647 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IS-IS on CCNP routing exam ??? [7:49621]
I took the BSCN 640-603 exam two weeks ago for a client commitment and there was a simulation question included. Shawn K. > -Original Message- > From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]] > Sent: Thursday, July 25, 2002 6:14 AM > To: [EMAIL PROTECTED] > Subject: Re: IS-IS on CCNP routing exam ??? [7:49621] > > You can find the sample IS-IS chapter from the sybex web site..complete > chapter on is-is is available.Its pretty good.No the BSCN does not have > any > simulation questions. > > ftp://ftp.sybex.com/4095/4095ch06.pdf > > Kind Regards /Thangavel > > 186K > Reading,Brkshire > Direct No -0118 9064259 > Mobile No -07796292416 > Post code: RG16LH > www.186k.co.uk > > -- > The greatest glory in living lies not in never falling, > but in rising every time we fall ." > -- Nelson Mandela > > > > > > > > "hinwoto" > > cc: > Sent by: Fax > to: > nobody@groupsSubject: Re: IS-IS on CCNP > routing exam ??? [7:49621] > > tudy.com > > > > > > 25/07/2002 > > 09:22 > > Please > respond > to > > "hinwoto" > > > > > > > > > Can anyone let me know whether there will be simulation question on BSCN > exam. > Could it be sufficient to have IS-IS preparation by cramming Jeff Doyle > chapter.Luckily I have it > It is hard for me to get the chance of having hands on IS-IS with real > router ? > > I got several unix box to simulate rip,ospf and bgp and running > routers > for real connection. > For igrp and eigrp, I think I had hands-on when I attended the > training. > Can you guys and guru give advise how to prepare IS-IS. > any books, link (beside CCO of course ), .. > > thanks u all, > > [EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi, > > > > You are correct the CCNP track has BSCN which does not cover IS-IS and > the > > CCIP track has BSCI which includes the IS-IS prorocol. > > Also it is true that In future the BSCI is going to replace the BSCN. > > I have taken the BSCI exam and I have posted my experience few days > back. > > The preparation required for BSCI is almost same as BSCN with additional > > chapter of IS-IS.you can refer Jeff Doyle book for the IS-IS. > > The exam pattern for BSCI is different than BSCN.The BSCI exam has > > simulation question which carries more weight. > > > > Kind Regards /Thangavel > > > > 186K > > Reading,Brkshire > > Direct No -0118 9064259 > > Mobile No -07796292416 > > Post code: RG16LH > > www.186k.co.uk > ** > This e-mail is from 186k Ltd and is intended only for the > addressee named above. As this e-mail may contain confidential > or priveleged information, if you are not the named addressee or > the person responsible for delivering the message to the named > addressee, please advise the sender by return e-mail. The > contents should not be disclosed to any other person nor copies > taken. > 186k Ltd is a Lattice Group company, registered in England > & Wales No. 3751494 Registered Office 130 Jermyn Street > London SW1Y 4UR > ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49656&t=49621 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cat 5000 ram [7:49643]
Steal it out of a 2500 you're not using :-) Its the same stuff. Symon Thurlow wrote: > > Hey guys, > > Anyone have a good source for CAT5K SUP1 Ram? > > Thanks, > > Symon -- Neal Rauhauser CCNP, CCDP voice: 402-301-9555 mailto:[EMAIL PROTECTED] fcc : k0bsd "This is my private email devoted to various mailing lists. If you're a twerp with an attorney and someone else's money, don't bother my employer about the things I say, just come see me personally and we'll discuss the situation. No names, you twerps should know who you are". Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49655&t=49643 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: WAKE UP CALL! [7:49649]
Nahhh...it's that Priscilla is an alias for Dagny. >Simple, the joke is that if you could run off all the candidates, then >the author of this email below will have a better chance at making the >kind of money that he's telling everyone else they won't make. > >You have to give him credit for creative thinking. If you can't >increase the demand, then try to decrease the supply. > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of >[EMAIL PROTECTED] >Sent: Wednesday, July 24, 2002 1:34 PM >To: bgrafals >Cc: [EMAIL PROTECTED] >Subject: RE: WAKE UP CALL! You "only have a CCIE" and you want more than >50-60k - Better Read... Re: OT. Any guarantee that the CCIE > >Someone with time on their hands, please let me in on >the joke. > >-Bob >> Don't you mean "Miracle Metal" :-) >> >> On Wed, 24 Jul 2002 10:04:13 -0700, "Joseph Ezerski" >> wrote : >> >> > All they all said Reardon Metal would never work. >> > >> > -Original Message- >> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf >Of >> > Darby Weaver >> > Sent: Wednesday, July 24, 2002 8:57 AM >> > To: [EMAIL PROTECTED] >> > Subject: WAKE UP CALL! You "only have a CCIE" and you want more than >> > 50-60k - Better Read... Re: OT. Any guarantee that the CCIE >> > >> > >> > Well said... >> > >> > The fact of the matter is with many larger corporate ISPs going down >or >> > taking large hits and the sheer number of consolidations, it is >merely a >> > numbers game... >> > >> > Another fact is the sheer number of career-certified and Cisco >Academy >> > Graduates. >> > >> > The Cisco Academy had over 297,000 students enrolled a few months >ago and >> > more by now. >> > >> > Now when I was in high school and $3.25 was the minimum wage, things > >> weren't >> > quite so obvious. >> > >> > But with that many potential job hires - a simple fact comes to >mind: You >> > do not need a CCIE to get your 1600/1700/2500/2600 connected to the >> > Internet. Period. >> > >> > Now of there are 7-8,000+ Active CCIE's; 297,000 Cisco Academy >Graduates, >> X >> > thousand CCNA's, and X thousand CCNP's, then you will quickly >understand >> > that the demand has diminished. >> > >> > A lot of the old Microsoft, Novell, Unix Admins are moving over in >herds. >> > Yep, faster than you can wink your eyes. >> > >> > Remember, the education facilities told them they could make >70,000.00+ >> and >> > 500,000 - 1,000,000 moved over in just a couple of years or so it >seems. >> Oh >> > yes, and they had to pass 3-7 exams or so... >> > >> > Now they are being told they can earn a 6-digit salary if they can >spell >> > Cisco. And it seems they think it can be done with a few months >study >> and a >> > passing one test and one puny lab. >> > >> > Well - Wake up call - They can pass this test much like any other. >May >> take >> > them 7-10 tries or more, but guess what some spent 10k+ to earn half >of >> the >> > salary of a CCIE. So you better believe they are coming. In herds. >> > >> > Some of them will stay, but even if only 10% stay you are sill going >to >> have >> > 50,000-100,000+ new Cisco Certified Professionals. >> > >> > Good for Cisco, they sell product. Bad for Consultant or Partner - >We >> sell >> > time, and that value will be diminished with the sheer onslaught of >new >> > people who are "qualified" to work with Cisco Products. I mean they >did >> > just complete a 5-10 Day Bootcamp and have taken the Lab several >times. >> > >> > By our own admission, they are now "qualified" to work with the >product. >> > After all the same lab they paid for is the same one we've been >training >> > for, and some of for years. >> > >> > Now you may argue, that these wannabees may not be as qualified as >you >> are. >> > I mean you have years and years of experience. > > > >> > Yep. But you are a CCIE. >> > >> > Yep. So are they. >> > >> > And guess what to a simple employer, you are one and the same. Some >may >> > know the difference and may be willing to pay, but you better >believe it >> > will be at a lower rate than in the boom years. >> > >> > You want to differentiate yourself from the imposter. The fact is >you may >> > well be that imposter. >> > >> > Remember, this is a study group with 10,000+ members. Guess what - >You >> are >> > that guy. How can you fault him/her for having the same gleam in >his/her >> > eye that you once had. >> > >> > Even more shocking, the beauty of Cisco is that we can do just about >> > everything remotely. So our counterparts in any country can now >assume >> our >> > roles in our country. They no longer even need an H1-B. >> > >> > And you better believe they can do it cheaper. >> > >> > Now evaluate your credentials and remember that your competition is >as >> well >> > versed in English as you, has an american sales counterpart, and >even >> holds >> > a M
Re: How to allow outside user to browse the inside web [7:49654]
Hi, Your configuration should work,looks everything fine.If you have an mix of access-list and conduit then problem might arise.Cisco recommends access-list. You can try with access-list, sample given below static (inside,outside) xx.xx.60.21 10.0.0.20 netmask 255.255.255.255 route outside 0.0.0.0 0.0.0.0 next hop address access-list acl-out permit tcp any host xx.xx.60.21 eq www access-group acl-out in interface outside Kind Regards /Thangavel 186K Reading,Brkshire Direct No -0118 9064259 Mobile No -07796292416 Post code: RG16LH www.186k.co.uk -- The greatest glory in living lies not in never falling, but in rising every time we fall ." -- Nelson Mandela "Magdy Ibrahim" cc: Sent by:Fax to: nobody@groupstudSubject: How to allow outside user to browse the inside web [7:49648] y.com 25/07/2002 13:53 Please respond to "Magdy Ibrahim" Hi all, I have PIX firewall with 6.0(1) and I am running my mail server behind it and it works find till now... these days I need to run a web server "apatche" behind it.. I tried to configure it to allow the oursiders to access the inside web bage by usning the following commands: static (inside,outside) xx.xx.60.21 10.0.0.20 netmask 255.255.255.255 0 0 conduit permit tcp host xx.xx.60.21 eq www any I failed to run this web sites installed on the apatche server... Is there extra commands I have to add to my PIX to allaow outsider to access that web server??? Please help me to fix this issue ASAP Thanx in advance magdy ** This e-mail is from 186k Ltd and is intended only for the addressee named above. As this e-mail may contain confidential or priveleged information, if you are not the named addressee or the person responsible for delivering the message to the named addressee, please advise the sender by return e-mail. The contents should not be disclosed to any other person nor copies taken. 186k Ltd is a Lattice Group company, registered in England & Wales No. 3751494 Registered Office 130 Jermyn Street London SW1Y 4UR ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49654&t=49654 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Proper network design? [7:49536]
Thanks for your explanation - I can understand my setup very clearly now. I originally asked this question because I have not been exposed to that situation before (I'm at the CCNA level). You are correct in saying that the cellular box does routing for the 192.168.2.0 network. I was also incorrect to call my setup a "router on a stick" as another person pointed out - it looks similar though. The network drawing was correct. The Linux box that was acting as a router in the original setup was replaced with the Cisco router in order to correct the problem of only one 192.168.0.0 network host being able to talk to cellular hosts on the 192.168.2.0 network. My setup is exactly the same as the Chicago/San Francisco/New York situation you described. I'm just curious as to why the Linux box could not be configured to do the same job as the Cisco router (with the added static route). I'll have to talk to our network guy to see if he can make the Linux box do the same job so I can take my Cisco router back home. Thanks to all for your help. Frank Priscilla Oppenheimer wrote: > > Frank H wrote: > > > > Proper network design? > > > > I have a few questions for the group that maybe someone can > > answer. From my studies when I got CCNA certified, I > understood > > that different networks were ALWAYS separated by a router. At > > my company we have this equipment that was purchased several > > months ago that acts as a digital cellular network. It was set > > up and was able to operate, but only in a limited way. > > Basically, this is the setup - the digital cellular network > was > > on the 192.168.2.0 subnet (subnet mask 255.255.255.0). The > > company development LAN was on the 192.168.0.0 subnet (subnet > > mask 255.255.255.0). The two small networks (less than 10 > hosts > > in each subnet) were all tied together at a 24 port hub. The > > gateway to the Internet was through a Linux box. The digital > > cellular network was basically a box (with IP address > > 192.168.0.100) that passed packets to network 192.168.2.0 > > through a low power transmitter to the cellular hosts in the > > 192.168.2.0 subnet. With this setup, only one desktop host on > > the 192.168.0.0 network could communicate to the 192.168.2.0 > > cellular network (desktop host 192.168.0.20). The problem of > > only one desktop host in the 192.168.0.0 network being able to > > communicate with the 192.168.2.0 network was solved by > > replacing the Linux box with a Cisco 2514 router (with two > > ethernet interfaces). The configuration for the router was > > exactly the same as the Linux box except for one small > > addition. The following line was added as a static route: > > > > ip route 192.168.2.0 255.255.255.0 192.168.0.100 > > > > Now let me ask you, have you ever seen a router that gets a > > packet on one interface pass it right back out the SAME > > interface back to another host on that same network? > > Sure, it happens all the time. There's nothing non-standard > about this. It's quite normal for a router to receive a packet > on an interface, look into its routing table, and determine > that the packet needs to go back out the same interface it came > in on. > > For example, let's say you have a LAN in Chicago that has two > routers on it. One router has a WAN connection to San Francisco > and the other router has a WAN connection to New York. > > Clients on the LAN in Chicago can only be configured with one > default gateway. So, let's say that you tell them their default > gateway is the router that goes to New York. > > When the clients send a pcket to San Francisco, the packet goes > to the router that connects to New York. That router sends the > packet back out the LAN to the router that goes to San > Francisco. The router can send an ICMP Redirect to the end host > saying essentially "don't use me, use this other router." The > host may or may not follow that advice. > > This is sometimes called "the extra hop problem," although it's > not really a problem. > > In your case, since the cellular box is a bit weird (only > supports one host talking through it I think you said), you > would probably want to disable ICMP Redirects. > > > >Our setup > > basically ties two DIFFERENT class C subnets together through > a > > hub and the Cisco router makes it all work perfectly. > > A hub? Now that part is confusing. Are you referring to the > cellular box, which sounds like a router to me. It's on two > networks, 192.168.0.0 and 192.168.2.0. It's at least a device > that can do forwarding based on Layer 3. > > > This > > doesn't sound like standard network design as I've seen it > > described in any text so far. I'll describe it a little more > > for clarity. If i'm on a desktop PC (IP address 192.168.0.20) > > and ping IP address 192.168.2.2, windows will send that packet > > to the default gateway (configured as 192.168.0.1 in windows > > network applet - which is the Cisco router) since it lies in a > > different
RE: Content Switch [7:49633]
is a good place to start Frank Jimenez, CCIE #5738 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, July 25, 2002 2:40 AM To: [EMAIL PROTECTED] Subject: Content Switch [7:49633] Hi, Am once again posting this.I am looking for some PPT's on Content Switching.If any one knows any links,Pls let me know. Kind Regards /Thangavel 186K Reading,Brkshire Direct No -0118 9064259 Mobile No -07796292416 Post code: RG16LH www.186k.co.uk -- The greatest glory in living lies not in never falling, but in rising every time we fall ." -- Nelson Mandela ** This e-mail is from 186k Ltd and is intended only for the addressee named above. As this e-mail may contain confidential or priveleged information, if you are not the named addressee or the person responsible for delivering the message to the named addressee, please advise the sender by return e-mail. The contents should not be disclosed to any other person nor copies taken. 186k Ltd is a Lattice Group company, registered in England & Wales No. 3751494 Registered Office 130 Jermyn Street London SW1Y 4UR ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49652&t=49633 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
How to use tftp server?? [7:49651]
Hi Group, Can anyone please explain to me what command syntax to boot up a router using TFTP stftp c2500-jk8os-l.122-1d 172.16.0.1erver? I can do a copy tftp flash, but when I tried to set up a boot system, it keeps on failing to boot... Is this correct?? boot system c2500-jk8os-l.122-1d 172.16.0.1 Any help will be greatly appreciated. Best Regards, H. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49651&t=49651 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cat 5000 ram [7:49643]
www.superpc.com -Original Message- From: Symon Thurlow [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 25, 2002 6:14 AM To: [EMAIL PROTECTED] Subject: Cat 5000 ram [7:49643] Hey guys, Anyone have a good source for CAT5K SUP1 Ram? Thanks, Symon Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49650&t=49643 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
How to allow outside user to browse the inside web [7:49648]
Hi all, I have PIX firewall with 6.0(1) and I am running my mail server behind it and it works find till now... these days I need to run a web server "apatche" behind it.. I tried to configure it to allow the oursiders to access the inside web bage by usning the following commands: static (inside,outside) xx.xx.60.21 10.0.0.20 netmask 255.255.255.255 0 0 conduit permit tcp host xx.xx.60.21 eq www any I failed to run this web sites installed on the apatche server... Is there extra commands I have to add to my PIX to allaow outsider to access that web server??? Please help me to fix this issue ASAP Thanx in advance magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49648&t=49648 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VLAN Trunk Protocol [7:49647]
Hi, When I have VLAN configured in my network and I have only one switch in VTP mode Server. What happens when it goes down? Does another switch take over or dows my network crumble? If I have to have more than one switch configured as VTP Server switch, how does the switch elect themselves to be the primary server switch and how does the back up server switch upgrade itself to primary position, is it automatic or is it manually configured. Regards, Cisco_Maniac Not: Forgive me for asking such simple technical doubt (as I can see a lot of CCIE's and people like Priscilla). I have not hands-on on Cisco's. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49647&t=49647 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: New CCIE Written is here. He afraid, be very [7:49615]
What date are you taking your test? thanks, -Brad Ellis CCIE#5796 (R&S / Security) [EMAIL PROTECTED] Cisco home labs: www.optsys.net ""Jason Viera"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I just registered today what exam version will I be taking? > Thanks in advance, Jason > ""Dennis Laganiere"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > "The CCIE Program is proud to announce the upcoming release of the revised > > CCIE Routing and Switching Written Exam (350-001). The new version of the > > exam will go live, and replace the current exam, on August 7th, 2002. > Note: > > The revised exam will consist of 150 questions and be 180 minutes in > > duration. To prepare for this exam, candidates may wish to review the exam > > blueprint and study suggestions." > > http://www.cisco.com/warp/public/625/ccie/ccie_program/whatsnew.html#5 > > > > If this is anything like the beta, things just got quite a bit harder... > > --- Dennis Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49615&t=49615 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DCE or DTE [7:49625]
the side which gives you the clockrate is DCE side *usually, serial cable with Female connector*, in your case that is the serial interface on "Bris" router. btw: The command is: show controllers serial 0 -- Milan Jovancic From: John Brandis To: [EMAIL PROTECTED] Date: Thursday, July 25, 2002, 8:52:13 AM Subject: DCE or DTE [7:49625] ===8 Been away from routers for a while JB> whats the command to figure out which serial in in a back to abck config is JB> DCE/DTE ? JB> Reason is I have 2 back to back 2503's. My serial cable is going to S0 in JB> each router. IN the configs, I have JB> Bris Router# JB> int s0 JB> ip address 192.168.1.1 255.255.255.0 JB> encapsulation ppp JB> bandwidth 64 JB> clock rate 64000 JB> no shut JB> Melb Router# JB> int s0 JB> ip address 192.168.1.2 255.255.255.0 JB> encapsulation ppp JB> bandwidth 64 JB> no shut JB> What am I missing as I have the int face is up, line proto down. I really JB> should be able to figure this one out, however its late afternoon in JB> Australia and I want to sleep after a big night of watching Buffy repeats. JB> John Brandis JB> Desk: 02-9278-0629 JB> Mobile: 0414-495-320 JB> [EMAIL PROTECTED] JB> www.solution6.com JB> ** JB> visit http://www.solution6.com JB> visit http://www.eccountancy.com - everything for accountants. JB> UK Customers - http://www.solution6.co.uk JB> * JB> This email message (and attachments) may contain information that is JB> confidential to Solution 6. If you are not the intended recipient you cannot JB> use, distribute or copy the message or attachments. In such a case, please JB> notify the sender by return email immediately and erase all copies of the JB> message and attachments. Opinions, conclusions and other information in JB> this message and attachments that do not relate to the official business of JB> Solution 6 are neither given nor endorsed by it. JB> * ===8<===End of original message text=== Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49646&t=49625 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
port rate limit at catalyst6509 GE [7:49645]
hi everybody here, Our customer has one catalyst4006 connected to a catalyst6509 by GE,and they require to limit the maximum traffic rate at GE to a predetermined number. I researched it through cco and thought it should be realized via port qos. And following is the catalys6509 configuration : set qos enable set qos policer aggregate policy1 rate 256 policed-dscp erate 256 drop burst 128 set qos acl ip test trust-ipprec aggregate policy1 ip any any set qos acl map test 4/6;(GE PORT) After this,i tested the download speed via a laptop connected to the ethernet port of catalyst4006. I found that the maximum input traffic rate at cat6509 GE port was restricted,but the output rate restriction didn't work. Can anyone tell me whether my configuration is wrong or the the port qos is so, thanks in advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49645&t=49645 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IRC server down [7:49616]
It's up... same dns. It was offline for a day a week or so ago. -- Johnny Routin ""Timothy Ouellette"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hey Geoff/All, > > is the irc.tacorp.net:6667 server down or has it changed? If anyone > knows, please inform me as I like the real-time interaction with others > studying for the lab. > > Thanks... > > Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49644&t=49616 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Proper network design? [7:49536]
Is this what is happening? Would it not be looking at it's routing table, seeing that another host on the same subnet is the next hop, and then sending an ICMP re-direct message to the originating host, telling it to go directly to the 192.168.0.100 host? Symon -Original Message- From: sam sneed [mailto:[EMAIL PROTECTED]] Sent: 24 July 2002 22:54 To: [EMAIL PROTECTED] Subject: Re: Proper network design? [7:49536] This is not the classcial router on a stick model. That model is for routing between VLANs on a router with 1 interface using trunking. All this router is doing is taking packets from its eth1 interface, comparing them to its routing table and forwarding out the same eth1 interface for the gateway which is designated for the 192.168.2.0 network. This is totally legitmate and no secondary or subinterfaces are needed. ""Frank H"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > The "router on a stick" effect comes from this: > > ip route 192.168.2.0 255.255.255.0 192.168.0.100 > > All traffic destined to any network not on 192.168.0.0 goes to the > gateway > (192.168.0.1) on interface ethernet 1. The router then re-routes 192.168.2.0 > traffic back on the 192.168.0.0 network to 192.168.0.100 (the "router > on a stick" effect). Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49642&t=49536 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cat 5000 ram [7:49643]
Hey guys, Anyone have a good source for CAT5K SUP1 Ram? Thanks, Symon Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49643&t=49643 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IS-IS on CCNP routing exam ??? [7:49621]
You can find the sample IS-IS chapter from the sybex web site..complete chapter on is-is is available.Its pretty good.No the BSCN does not have any simulation questions. ftp://ftp.sybex.com/4095/4095ch06.pdf Kind Regards /Thangavel 186K Reading,Brkshire Direct No -0118 9064259 Mobile No -07796292416 Post code: RG16LH www.186k.co.uk -- The greatest glory in living lies not in never falling, but in rising every time we fall ." -- Nelson Mandela "hinwoto" cc: Sent by: Fax to: nobody@groupsSubject: Re: IS-IS on CCNP routing exam ??? [7:49621] tudy.com 25/07/2002 09:22 Please respond to "hinwoto" Can anyone let me know whether there will be simulation question on BSCN exam. Could it be sufficient to have IS-IS preparation by cramming Jeff Doyle chapter.Luckily I have it It is hard for me to get the chance of having hands on IS-IS with real router ? I got several unix box to simulate rip,ospf and bgp and running routers for real connection. For igrp and eigrp, I think I had hands-on when I attended the training. Can you guys and guru give advise how to prepare IS-IS. any books, link (beside CCO of course ), .. thanks u all, [EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, > > You are correct the CCNP track has BSCN which does not cover IS-IS and the > CCIP track has BSCI which includes the IS-IS prorocol. > Also it is true that In future the BSCI is going to replace the BSCN. > I have taken the BSCI exam and I have posted my experience few days back. > The preparation required for BSCI is almost same as BSCN with additional > chapter of IS-IS.you can refer Jeff Doyle book for the IS-IS. > The exam pattern for BSCI is different than BSCN.The BSCI exam has > simulation question which carries more weight. > > Kind Regards /Thangavel > > 186K > Reading,Brkshire > Direct No -0118 9064259 > Mobile No -07796292416 > Post code: RG16LH > www.186k.co.uk ** This e-mail is from 186k Ltd and is intended only for the addressee named above. As this e-mail may contain confidential or priveleged information, if you are not the named addressee or the person responsible for delivering the message to the named addressee, please advise the sender by return e-mail. The contents should not be disclosed to any other person nor copies taken. 186k Ltd is a Lattice Group company, registered in England & Wales No. 3751494 Registered Office 130 Jermyn Street London SW1Y 4UR ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49641&t=49621 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 12000 - PPP Bridged Encap [7:49620]
I hope the mentioned below answer your Q Does the Gigabit Switch Router (GSR) support bridging? A. No. The GSR runs Cisco IOS. Software Releases 12.0S and 11.2GS, which are designed to provide robust IP routing and enhanced IP services for the Internet Service Provider (ISP) community. They do not provide support for full bridging protocols such as transparent bridging or source route bridging, nor do they support integrated routing and bridging (IRB). However, you can use bridged-style permanent virtual circuits (BPVCs) to allow ATM line cards to connect to a Catalyst switch or to another remote device that supports bridged-format request for comments - Original Message - From: "MACSL" To: Sent: Thursday, July 25, 2002 8:29 AM Subject: Cisco 12000 - PPP Bridged Encap [7:49620] > Hi, I was wondering if someone could help me out with > this. I send the below e-mail to the Cisco TAC. Any > pointers would be great. > > Thank you! > > macsl > > TAC: > > I'm currently on-site trying to bring up a POS OC-3 > connection. > > Here is the topology: > > GSR 12000 POS OC-3 L2 Gigabit Ethernet Cloud > Gig Cisco > 6509 > > I currently have the GSR set up with a peer address of > the 6509. The same is > true for the 6509, the peer is the GSR. > > I would like to set up the GSR to send bridged PPP > packets into the L2 > cloud, so that the cloud would know how to switch the > packets to the 6509. > > I was looking into doing this with BVI's but I wasn't > able to anything for > the 12000 under the CCO web page. > > Is this possible with a 12000? If so can you refer me > to some configs? > > The current version of code is 12.0(14). > > > > __ > Do You Yahoo!? > Yahoo! Health - Feel better, live better > http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49640&t=49620 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can we save the pdf file from CCO web site? [7:49623]
no u dont need any thing else. try before you post a query next time. - monty ""Nuurul Basar Mohd Baki"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hai, > > Can I download and save pdf file from CCO web site or do I need either to > have a diffrent ID and password for that?. > > > Thanks > > Basar Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49639&t=49623 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Security Lab [7:17848]
You can argue about the technical merits of Windows vs. UNIX all you want, but you must admit that perception is a powerful force. Whether something happens to be reliable or unreliable or whatever, and for whatever reason, if people in the industry think that something is unreliable and hear from others that it is unreliable, then for all practical purposes, it is effectively unreliable. Perception can often trump reality, particularly on the sell-side of things. So the point is, when Cisco says that it has based its soft-PBX on Windows, that just provides yet another reason for a customer not to buy it (along with the well-known other reasons not to buy VoIP like poor-quality calls, expensive phones, etc.) ""Mark W. Odette II"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > May I ad this little edict that "Buggy/Unreliable OS's" is just a bad > wrap that the community has labeled to MS "WINDOWS"... without much > explanation of WHAT was the "unreliability". > > Indeed, Security is a different story, and there is plenty of "reliable" > argument to that topic... but to constantly perpetuate this argument > that "Windows" is unreliable and buggy makes me ill. > > What makes the story of it being buggy/unreliable has always been > related to device drivers that sloppy-a$$ programmers whip out for > sub-standard chipsets on the Intel platform running "Windows". Not to > mention, the OS's that have been the most unreliable/buggy have been the > desktop OS's- NOT the Server platform Windows NT. If you think that you > should use that Windows 98 box as your company's Server- it's your own > stupid fault for all the headaches that are derived from therein. > > I've worked predominantly in the NT environment for over 8 years, going > through the NT 3.51, 4.0, and now Windows 2000 version of the server > platform, and I ONLY have had servers crash when a vendor-specific > device driver was updated (ahem, Intel ironically was the culprit, and > they were supposed to be the other half of the "Win-tel" agreement). > I've also maintained a fair share of different-flavored *nix boxes that > performed similar functions, for which they suffered the same ailments- > bad drivers for add-on hardware, whether it be NIC's, RAID Controllers, > Telephony boards, or power failure. One thing for sure, the NT box > didn't spend 30 minutes spewing INODE errors all over the place once > power was restored... unlike the AT&T Unix brothers did... And yes, I > know, NT uses a journaling file system as opposed to the file system > Unix uses. But for heaven's sake! The DB application on the *nix box > should have the corruption issues to worry about, NOT the OS! > > Most of these Windows NT Servers under my command were Computer > Telephony systems, a.k.a., IVR's. They ran like a champ for several > years without a reboot... the ones that ran for shorter periods were > maintenance reboots for Service Packs or because of Power Failure to the > location the box was residing. These servers were both DEC Alpha's and > Intel-based OEM and Clone machines. > > As I said before, just as much as it is a problem for the *nix platform, > the "things" that make the OS unreliable is the cheap hardware and > sloppy device drivers that are applied to the system. Proper > installation, and hardening of the OS for the specific purpose it is > supporting (read don't use the same machine you've set up as your server > as your desktop too, installing all kinds of non-server related programs > on it like "free-ware" and demos of programs found in the center or back > of some periodical you got in the mail), and the Windows NT / 2000 > Server will be just as stable as the next implementation of Solaris on a > Sparc station. > > And again, as Chuck pointed out, if the Applications developed to run on > the Windows NT / 2000 platform were developed properly, than the servers > would be reliable in that respect too. I'm not a programmer by any > means, but from what I've observed, you can have just as many crashes > for building crappy DLL's as you can from improper handling/use of C > library modules on a *nix box. Not to mention, both types of > programmers need to know how to program for Memory Address handling. > > > But who am I to argue... the whole slamming of "Windblows" is probably > just because some bull-headed *nix lackey is just pi$$ed off he can't go > rebuild the kernel half a dozen times to "tweak" the system on > "Windows". > > And as a final note, I do maintain the argument that ALL of the OS's out > there have their own place in the industry; there isn't just ONE O.S. > that addresses all the use/needs of any particular business (keeping > Support in mind). > > Now- Back to our regularly scheduled commentary on Cisco Studies. > > -Mark > > -Original Message- > From: nrf [mailto:[EMAIL PROTECTED]] > Sent: Thursday, July 25, 2002 12:07 AM > To: [EMAIL PROTECTED] > Subject: Re: CCIE Security Lab [7:17848]
RE: Content Switch [7:49633]
Hi check on this site. http://www.teledirect.com.sg/cisco/techbytes-content_switch.pdf CheerS!!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 25, 2002 3:40 PM To: [EMAIL PROTECTED] Subject: Content Switch [7:49633] Hi, Am once again posting this.I am looking for some PPT's on Content Switching.If any one knows any links,Pls let me know. Kind Regards /Thangavel 186K Reading,Brkshire Direct No -0118 9064259 Mobile No -07796292416 Post code: RG16LH www.186k.co.uk -- The greatest glory in living lies not in never falling, but in rising every time we fall ." -- Nelson Mandela ** This e-mail is from 186k Ltd and is intended only for the addressee named above. As this e-mail may contain confidential or priveleged information, if you are not the named addressee or the person responsible for delivering the message to the named addressee, please advise the sender by return e-mail. The contents should not be disclosed to any other person nor copies taken. 186k Ltd is a Lattice Group company, registered in England & Wales No. 3751494 Registered Office 130 Jermyn Street London SW1Y 4UR ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49637&t=49633 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IS-IS on CCNP routing exam ??? [7:49621]
Can anyone let me know whether there will be simulation question on BSCN exam. Could it be sufficient to have IS-IS preparation by cramming Jeff Doyle chapter.Luckily I have it It is hard for me to get the chance of having hands on IS-IS with real router ? I got several unix box to simulate rip,ospf and bgp and running routers for real connection. For igrp and eigrp, I think I had hands-on when I attended the training. Can you guys and guru give advise how to prepare IS-IS. any books, link (beside CCO of course ), .. thanks u all, [EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, > > You are correct the CCNP track has BSCN which does not cover IS-IS and the > CCIP track has BSCI which includes the IS-IS prorocol. > Also it is true that In future the BSCI is going to replace the BSCN. > I have taken the BSCI exam and I have posted my experience few days back. > The preparation required for BSCI is almost same as BSCN with additional > chapter of IS-IS.you can refer Jeff Doyle book for the IS-IS. > The exam pattern for BSCI is different than BSCN.The BSCI exam has > simulation question which carries more weight. > > Kind Regards /Thangavel > > 186K > Reading,Brkshire > Direct No -0118 9064259 > Mobile No -07796292416 > Post code: RG16LH > www.186k.co.uk Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49636&t=49621 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IS-IS on CCNP routing exam ??? [7:49621]
Hi, You are correct the CCNP track has BSCN which does not cover IS-IS and the CCIP track has BSCI which includes the IS-IS prorocol. Also it is true that In future the BSCI is going to replace the BSCN. I have taken the BSCI exam and I have posted my experience few days back. The preparation required for BSCI is almost same as BSCN with additional chapter of IS-IS.you can refer Jeff Doyle book for the IS-IS. The exam pattern for BSCI is different than BSCN.The BSCI exam has simulation question which carries more weight. Kind Regards /Thangavel 186K Reading,Brkshire Direct No -0118 9064259 Mobile No -07796292416 Post code: RG16LH www.186k.co.uk -- The greatest glory in living lies not in never falling, but in rising every time we fall ." -- Nelson Mandela "hinwoto" cc: Sent by: Fax to: nobody@groupsSubject: IS-IS on CCNP routing exam ??? [7:49621] tudy.com 25/07/2002 07:05 Please respond to "hinwoto" Hello guys, According to CCO, Routing Exam 640-603 does not include IS-IS as exam material and BSCI exam 640-901 includes it. Please correct me if I'm wrong that we only need to take just one of them either 640-603 or 640-901 ). Can you guys taken BSCI exam share information about this exam ? Is BSCI going to replace the Routing exam in the future ?? It is good that Cisco include the IS-IS on the routing exam which will become tougher for CCNP candidate. cheers Hinwoto ** This e-mail is from 186k Ltd and is intended only for the addressee named above. As this e-mail may contain confidential or priveleged information, if you are not the named addressee or the person responsible for delivering the message to the named addressee, please advise the sender by return e-mail. The contents should not be disclosed to any other person nor copies taken. 186k Ltd is a Lattice Group company, registered in England & Wales No. 3751494 Registered Office 130 Jermyn Street London SW1Y 4UR ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49635&t=49621 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Anyone using Cisco ACS? [7:49602]
Well, you can use ACS or a Radius Server, ACS is great, it give you a lot of options of how to control access to your equipment, you can use it's own database for users, or you can integrate it with Windows NT... That is what most ISP use, you can have it in Solaris or NT...I think Cisco can do a better job with the documentation.You can download a 90 days evaluation copy which has all the functionalities. my two cents. JB -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 24, 2002 8:14 PM To: [EMAIL PROTECTED] Subject: Anyone using Cisco ACS? [7:49602] Is anyone using Cisco Secure Access Control Server and if so, how do you like it? I am looking for something to work with PIX VPN, RSA SecurID key fobs, and possibly Cisco Aironet. My Cisco rep recommended ACS but I want to make sure I'm not rush into something that isn't going to work well. The main thing I need for VPN is the ability to setup users and give them access to only certain IP's/Servers. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49634&t=49602 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Content Switch [7:49633]
Hi, Am once again posting this.I am looking for some PPT's on Content Switching.If any one knows any links,Pls let me know. Kind Regards /Thangavel 186K Reading,Brkshire Direct No -0118 9064259 Mobile No -07796292416 Post code: RG16LH www.186k.co.uk -- The greatest glory in living lies not in never falling, but in rising every time we fall ." -- Nelson Mandela ** This e-mail is from 186k Ltd and is intended only for the addressee named above. As this e-mail may contain confidential or priveleged information, if you are not the named addressee or the person responsible for delivering the message to the named addressee, please advise the sender by return e-mail. The contents should not be disclosed to any other person nor copies taken. 186k Ltd is a Lattice Group company, registered in England & Wales No. 3751494 Registered Office 130 Jermyn Street London SW1Y 4UR ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49633&t=49633 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ip default-network [7:49619]
Hi, One can configure a router as a host by executing "no ip routing" and this point if you want to set a default gateway to your router (acting as a host) you can do with the command "ip default gateway".Hope this makes it more clear. Kind Regards /Thangavel 186K Reading,Brkshire Direct No -0118 9064259 Mobile No -07796292416 Post code: RG16LH www.186k.co.uk -- The greatest glory in living lies not in never falling, but in rising every time we fall ." -- Nelson Mandela "Larry Letterman" To: [EMAIL PROTECTED] Fax to: Sent by: Subject: RE: ip default-network [7:49619] nobody@groups tudy.com 25/07/2002 08:19 Please respond to "Larry Letterman" the gateway instruction is for a device that is acting as a host only The default network command is for a router device... Larry Letterman Cisco Systems [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 24, 2002 10:10 PM To: [EMAIL PROTECTED] Subject: ip default-network [7:49619] Can anyone tell me what is the difference between IP default-network and IP default-gateway Regards kws ** This e-mail is from 186k Ltd and is intended only for the addressee named above. As this e-mail may contain confidential or priveleged information, if you are not the named addressee or the person responsible for delivering the message to the named addressee, please advise the sender by return e-mail. The contents should not be disclosed to any other person nor copies taken. 186k Ltd is a Lattice Group company, registered in England & Wales No. 3751494 Registered Office 130 Jermyn Street London SW1Y 4UR ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49632&t=49619 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Lab Swap... [7:49631]
Hey all, Still looking for a August 29th or 30th date in RTP. If you have one, and San Jose is actually better/closer for you, I would be willing to trade my August 29th in SJ. Please let me know ASAP, and reply directly to me, if interested. Thanks! Eddie [GroupStudy.com removed an attachment of type image/jpeg which had a name of Notebook.jpg] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49631&t=49631 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ip default-network [7:49619]
the gateway instruction is for a device that is acting as a host only The default network command is for a router device... Larry Letterman Cisco Systems [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 24, 2002 10:10 PM To: [EMAIL PROTECTED] Subject: ip default-network [7:49619] Can anyone tell me what is the difference between IP default-network and IP default-gateway Regards kws Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49630&t=49619 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
