RE: 2501 IOS Flash! [7:50512]
Argh! Still can't get the IOS to copy from tftp to flash! In addition, here's what i got from #sh flash all command: System flash directory: No files in System flash [0 bytes used, 16777216 available, 16777216 total] 16384K bytes of System flash (Device not programmable) ChipBankCode Size Name 1 1 89A0 4096KBINTEL 28F016SA 2 1 89A0 4096KBINTEL 28F016SA 3 1 4096KBUnknown Chip 4 1 89A0 4096KBINTEL 28F016SA Are the chips still good? Whats the "unknown chip" and does it have any effect on the transfer?! Says "READ-ONLY" for the flash when copying, any idea/s on how to change that? Been through loads of documentation but still can't find the answer! Do hope someone can help...thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50517&t=50512 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cheap IP Serial Console Switch? [7:50432]
Cisco made a cheaper one, model 500CS. Specifically 508CS and 516CS with 8 and 16 rj45 serial ports and a 10Mb AUI interface. I've bought two of them on ebay for around $300, and $400. They work great. I don't see any on Ebay right now, but they show up from time to time. Good Luck, Vance ""McAllister Paul"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > What's a *cheap* source or brand for a 6+ port serial console switch (db9 or > rj45) with a 10bT telnet interface? > > I don't have 1000 bucks to spend. I could get a 486 with some serial cards > if there really isnt anything out there. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50513&t=50432 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2501 IOS Flash! [7:50512]
This URL may be useful to you http://www.cisco.com/warp/public/471/13.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50516&t=50512 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cat 4000 Series Power Supply Question [7:50510]
Yes The power supplies are hot-swappable. ""Firesox"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Could please someon confirm the additional power supply the existing cat > 4000 serires switches are hot-swappable? > For example for 4006, I can plug in the third power supply without > disrupting the operation. > for 4003, 2nd power supply can be added without disrupting the service > > Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50515&t=50510 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Pix static mappings to the inside [7:50500]
If you have only one public ip address and it is used on the outside interface: static (inside,outside) tcp interface 25 inside_ip 25 netmask 255.255.255.255 conduit permit tcp host outside_ip eq 25 any -- Lidiya White -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Elijah Savage III Sent: Thursday, August 01, 2002 10:23 PM To: [EMAIL PROTECTED] Subject: Pix static mappings to the inside [7:50500] I have my pix 501 firewall working but I have yet to be able to get static mapping working. I try this Static "outside ip address" "inside ip address" Conduit permit tcp outside ip inside ip eq 25 any When I issue these commands I can get mail into my mail server behind the pix but it breaks my nat. I have read that it is not good to use your outside global ip address for static mapping but if you only have 1 static ip address how else can you do it. With me only having one static ip will this work? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50514&t=50500 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2501 IOS Flash! [7:50512]
Hey all, Could someone be kind enough to explain to me why I can't copy IOS by tftp to my flash, my flash currently reads: System flash directory: No files in System flash [0 bytes used, 16777216 available, 16777216 total] 16384K bytes of System flash (Device not programmable) I think (Device not programmable) may be the problem(could be wrong), any ideas how to rectify this? Please help. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50512&t=50512 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: router vs packet forwarding [7:50471]
Well to tell you the truth a NT box with IP forwarding enabled and dual NIC cards is truely a router with L3 functinality. But Cisco or Juniper or Nortel add a lot of extra features in to the boxes to enhance the routing performance features like latency, QoS and stuff like that. These boxes are made to do only L3 functionailty not a NT box with 2 E or FE ports. A router can have virtually any kind of interface that can be thought off. A router has a much faster RAM called the Flash (expensive too). Now I would anyday use a NT box for computing only anad a specialist router to do L3 routing between networks. I am sure the amount of traffic that can pass through the L3 devices in todays networks (20/80 rule) will toast the NT box. Chaoo, Cisco_Maniac ""John Green"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > what is the difference between router and a device > that does packet forwarding between its interfaces. > > example: > can a plain NT box with two network cards (with IP > forwarding enabled) be called as a router ? or it is > just doing packet forwarding. > in my understanding even routers like say cisco router > does such packet forwarding though it can make a > decision on such packet forwarding based on a routing > protocol. would that be correct to say ? > > __ > Do You Yahoo!? > Yahoo! Health - Feel better, live better > http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50511&t=50471 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cat 4000 Series Power Supply Question [7:50510]
Could please someon confirm the additional power supply the existing cat 4000 serires switches are hot-swappable? For example for 4006, I can plug in the third power supply without disrupting the operation. for 4003, 2nd power supply can be added without disrupting the service Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50510&t=50510 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Pix 501 connected to dsl [7:50449]
Hi To get a reply from outside users PIX must include conduit permit icmp echo conduit permit icmp echo-reply regards jagan CCNP,CCNA,CCDA,MCNS,MCSE+I,CLP Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50509&t=50449 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 3620 RAS [7:50397]
Try this: http://www.cisco.com/warp/public/471/upgrading_modem_firmware.shtml Regards, HATO >From: "Mel Chandler PMI" >Reply-To: "Mel Chandler PMI" >To: [EMAIL PROTECTED] >Subject: 3620 RAS [7:50397] >Date: Thu, 1 Aug 2002 16:30:17 GMT > >I have a 3620 that's functioning as a RAS server. We have issues with >connection speed for dial up users. They're getting below 28k. We're >currently running 2720 for the MICA firmware. I found and download 2740 >firmware and would like to update, but according to the documentation on >the >TAC spe is only available to AS5X00's. How do I update the 3620? If you >point me to an article or give me something step by step I'd be most >grateful. Thanks. > >Mel L. Chandler, A+, Network+, MCNE, MCDBA, MCSE+I, CCNA >[EMAIL PROTECTED] >Network Analyst >Information Services >PMI Delta Dental >(562) 467-6627 > >"Life's a reach and then you jibe." > >[GroupStudy.com removed an attachment of type image/gif which had a name of >Image1.gif] _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50508&t=50397 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Pix static mappings to the inside [7:50500]
I have my pix 501 firewall working but I have yet to be able to get static mapping working. I try this Static "outside ip address" "inside ip address" Conduit permit tcp outside ip inside ip eq 25 any When I issue these commands I can get mail into my mail server behind the pix but it breaks my nat. I have read that it is not good to use your outside global ip address for static mapping but if you only have 1 static ip address how else can you do it. With me only having one static ip will this work? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50500&t=50500 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN Simulator.... [7:50405]
Hi, I just bidded one from NLI in ebay. If you are no hurry I will let you know if it is worth or not in next week. As I expect I will get it on this weekend or next monday. I hope so... Regards, Fanglo On Thu, 1 Aug 2002, Juan Blanco wrote: > Team, > I am in the process of purchasing an ISDN simulator for my lab. There are to > many I could choose from. My questions is for those who may have already > purchased the B-Link2, How reliable and efficient the B-Link2 is, Do you > think that it is worth the cost compare to others simulators like one > offered byTeltone, Atlas. Will this simulator will be sufficient for all my > labs simulations > Arca(emutel). > > > Thanks, > > Juan Blanco > > The greatest glory in living lies not in never falling, > but in rising every time we fall ." > -- Nelson Mandela > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50498&t=50405 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Route Summary syntax [7:50507]
Hi All, are the 2 following statements the same ? Route Summary for my global empire Sydney 10.64.0.0/21 Melb10.64.0.8/23 Bris10.64.0.10/23 Is whats below the same ? 10.64.0.0/21 10.64.8.0/23 10.64.10.0/23 Thanks for your time everyone. JB ** visit http://www.solution6.com visit http://www.eccountancy.com - everything for accountants. UK Customers - http://www.solution6.co.uk * This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50507&t=50507 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cheap IP Serial Console Switch? [7:50432]
in fact its a 2511 and has 16 console ports and 1 10bt port... Larry Letterman Cisco Systems [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael L. Williams Sent: Thursday, August 01, 2002 4:08 PM To: [EMAIL PROTECTED] Subject: Re: Cheap IP Serial Console Switch? [7:50432] There a 2500 series router (2511 I believe, but hopefully someone else will pipe up and correct me) that has 8 serial ports and a 10baseT interface that you should be able to pick up for alot cheaper than $1000. I've even seen it referred to as "the poor man's term server". Mike W. "McAllister Paul" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > What's a *cheap* source or brand for a 6+ port serial console switch (db9 or > rj45) with a 10bT telnet interface? > > I don't have 1000 bucks to spend. I could get a 486 with some serial cards > if there really isnt anything out there. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50506&t=50432 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: router vs packet forwarding [7:50471]
Partially marketing, partially an ability to scale (general purpose os' generally tend to get burdened with tasks that deprive the routing threads of vital system resources). As a device that passes data between two L3 networks, and makes decisions based upon L3 header information, you can call it a router. As a device that is dedicated to, and designed for, routing, you probably wouldn't want to. They both forward packets. - Original Message - From: "John Green" To: Sent: 01 August 2002 6:03 pm Subject: router vs packet forwarding [7:50471] > what is the difference between router and a device > that does packet forwarding between its interfaces. > > example: > can a plain NT box with two network cards (with IP > forwarding enabled) be called as a router ? or it is > just doing packet forwarding. > in my understanding even routers like say cisco router > does such packet forwarding though it can make a > decision on such packet forwarding based on a routing > protocol. would that be correct to say ? > > __ > Do You Yahoo!? > Yahoo! Health - Feel better, live better > http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50505&t=50471 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 3620 RAS [7:50397]
The 3rd one is for 3600: http://www.cisco.com/public/sw-center/sw-access.shtml HTH. Yoshi -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mel Chandler PMI Sent: Thursday, August 01, 2002 9:30 AM To: [EMAIL PROTECTED] Subject: 3620 RAS [7:50397] I have a 3620 that's functioning as a RAS server. We have issues with connection speed for dial up users. They're getting below 28k. We're currently running 2720 for the MICA firmware. I found and download 2740 firmware and would like to update, but according to the documentation on the TAC spe is only available to AS5X00's. How do I update the 3620? If you point me to an article or give me something step by step I'd be most grateful. Thanks. Mel L. Chandler, A+, Network+, MCNE, MCDBA, MCSE+I, CCNA [EMAIL PROTECTED] Network Analyst Information Services PMI Delta Dental (562) 467-6627 "Life's a reach and then you jibe." [GroupStudy.com removed an attachment of type image/gif which had a name of Image1.gif] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50504&t=50397 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN Leaking [7:50404]
I have no leakage issues with mgmt vlans being on vlans other than vlan 1 in most switches here... Larry Letterman Cisco Systems [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ken Diliberto Sent: Thursday, August 01, 2002 10:10 AM To: [EMAIL PROTECTED] Subject: RE: VLAN Leaking [7:50404] That would explain why I see traffic on my VLAN that should be on a different VLAN. >>> "Turpin, Mark" 08/01/02 08:55AM >>> Lore has it that changing the default vlan can result in leaking. Real life experiences? -Mark -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 10:30 AM To: [EMAIL PROTECTED] Subject: Re: Cat2950 VLAN 1 ip address...can't connect [7:50331] What do they mean by management? for inband managment you could use any VLAN, large switched networks will often choose a VLAN that is used for inband management only. VLAN 1 also is used by the switches for management via VTP, spanning, DISL, PAGP etc. Dave "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50503&t=50404 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: LANE Information [7:50420]
Cisco LAN Switching by Clark and Hamilton has an interesting chapter on LANE. > -Original Message- > From: Neil Borne [mailto:[EMAIL PROTECTED]] > Sent: Thursday, August 01, 2002 1:26 PM > To: [EMAIL PROTECTED] > Subject: LANE Information [7:50420] > > > Does anyone know where I get can get some "straight forward" LANE > information? > > Thanks, > > > P. Neil Borne, CCDA,CCNP,C-voice and CWNA > Systems Integrator III > > > _ > Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50502&t=50420 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco 1000TX GBICs [7:50316]
I have several hundred sx and lx gbics in operation on the 6509 base here at cisco, with very few failures or issues. Larry Letterman Cisco Systems [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of eo Sent: Thursday, August 01, 2002 10:01 AM To: [EMAIL PROTECTED] Subject: Re: Cisco 1000TX GBICs [7:50316] On Wednesday 31 July 2002 06:09 pm, Brian Zeitz wrote: > I have two them on (2) 3550-24s, the fiber ones, and they work fine. CDW > tried to say I needed just one. Don't ask! Ha ha. I think you can do 1 > GBIC if you chose copper. They seem to be working flawlessly so far. > They could have just embedded this 180$ GBICs in the switch. Lets see, > 180x2 for the Fiber GBIC, 2x 1500 for the EMI upgrade Hello :) 3500$ > later, I can use the switches ;) > > -Original Message- > From: Ken Diliberto [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, July 31, 2002 5:55 PM > To: [EMAIL PROTECTED] > Subject: Cisco 1000TX GBICs [7:50316] > > Anyone have experience with the 1000TX GBICs from Cisco? We have used > the stacking GBICs and have nothing good to say about them. The TX > GBICs are over $100 less (retail). > > Ken > Nondisclosure violations to [EMAIL PROTECTED] We use quite a few Gigastacks, LX SX and and copper and have used them for quite some time on a cat 6509 and cat 3524xl's they have worked very well for us. They certainly aren't the choke point in our network. D -- David Cooper [EMAIL PROTECTED]/http://www.eosin.org Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50501&t=50316 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN not connecting [7:50144]
I've seen VPN problems between PIXs, Cisco routers and VPN-1s. Sometimes everything seems to be right but it doesn't work. Remove "crypto map" and add them back may help. At least, it helped me twice. HTH. Yoshi -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, August 01, 2002 2:40 PM To: [EMAIL PROTECTED] Subject: RE: VPN not connecting [7:50144] I've been working on trying to eliminate the variables on each side of the VPN The unfortunate thing is, the other side is home, so I usually wait until the late evening/night to work on the remote side That's also the reason for the "frustrating" comment earlier. I know I could SSH into it, but, this isn't the only project I've been working on (as I'm sure a lot of you can relate)... So I'm going to hopefully wrap it up by this weekend. One of the main issues I was running into was the remote network was subnetted from the main network so the ACLs got a little confusing. So I've changed the IP scheme on the remote side... This also brings me to another question; a rather newbie one, what other ports should be open(beside 500)? I received an email from someone saying 50 & 51, does that sound right? If you have the, "allow any out and return in", settings for firewall rules... Do the ports still need to be opened (I would think not since there is the nat0 command?)? The other issue I'm looking into is the MTU size Once I establish the tunnel and maintain connectivity I'll let y'all know what I find Thanx for the help, mkj -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 2:54 PM To: [EMAIL PROTECTED] Subject: RE: VPN not connecting [7:50144] Lidiya White wrote: > > Capture debugs on both ends at the same time. Should be more > helpful. > Make sure both ends have "isakmp identify address"... > > -- Lidiya White Sounds like a good idea. So Mike, what was the problem? It sure would help those of learning IPSec to hear how you resolved the issue. Thanks. Priscilla > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On > Behalf Of > [EMAIL PROTECTED] > Sent: Tuesday, July 30, 2002 4:05 PM > To: [EMAIL PROTECTED] > Subject: RE: VPN not connecting [7:50144] > > The ACLs are mirrors of each other and the transform sets > match > Very > frustrating > > -Original Message- > From: Silju Pillai [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, July 30, 2002 2:29 PM > To: [EMAIL PROTECTED] > Subject: RE: VPN not connecting [7:50144] > > > Hi, > > Pls check the interesting traffic configured > (access list) configured at both ends. Your transform set > parameters > too. It > should be same. > > As you are receiving IKMP_no_error your isakmp policies are > working > fine. > > regards Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50499&t=50144 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Very odd problem [7:50459]
First question is - Did it ever work? If so, what changed? Can anyone from your network connect to the server? If so, what is different between the successful PC and yours? Does the network look like this: you...FW...6500...Servers If there is lack of connectivity we want to determine where the packets are dropped when you attempt a ping. Outbound from you to the server or inbound from the server to you. Can you capture packets? If so, trying pinging from your PC and capture at different locations. I might start at the server location. If you can see your outbound pings there then look for the replies from the server. If you can't see your pings then capture between the FW and the 6500. If successful the FW looks good. Check the 6500. If the server does see your pings and replies again capture between the 6500 and FW. See where the traffic fails then look for the cause. > -Original Message- > From: Drew [mailto:[EMAIL PROTECTED]] > Sent: Thursday, August 01, 2002 4:13 PM > To: [EMAIL PROTECTED] > Subject: Very odd problem [7:50459] > > > Hello all, > I have a problem that I can barely describe, let alone quantify. > I seek the assistance of the masters, and suspect this might be > an interesting thing for those of us in the student role. > > Here goes: > > I have an internal network seperated from a partner network > via a 6500 switch/router which is also running NAT. There is > also a Raptor firewall between my network and the border switch. > There are some servers in the partner network that are accessed > from my network. The 6500 has static NAT entries for those > servers. The firwall rulebase is set to allow the connections. > > The problem is, I can not connect to a specific server in the > partner network.. that is, until that server pings my workstation. > After that, I can connect to them. > > What could be the cause of this? Could it be a NAT issue? > Where might I start troubleshooting? > > -Ds Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50497&t=50459 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CSPFA Exam [7:50496]
CSPFA Exam what is the passing grade ? Thanks Pierrek Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50496&t=50496 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Kind suggestion is Needed! [7:50317]
a. ahmad wrote: > > Dear All, > > Thanks for some valueable suggestions. One more thingif one > is willing to be a great networker, young, energatic but unable > to get hands on experience then what are some guidelines for > him/her.. Could you get some experience in a volunteer job? A lot of schools and non-profit organizations need networking help, whether they know it or not. Or how about convincing a company to let you be a part-time apprentice or intern at little or no pay. And of course, you can get a lot of experience in a home lab. Priscilla > > Thanks, > AA Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50495&t=50317 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Does IOS 11.1(2) support "show tech" command [7:50494]
Hi all : Does anyone know whether IOS 11.1(2) support "show tech" command ? I have a 2501 router running on 11.1(2) and it does not has "show tech ". However another 2501 router running on 11.0(22) and it has "show tech" command. Thanks in advance. cheers Jimmy __ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50494&t=50494 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Anyone took EVODD (9E0-411)? [7:50340]
Yep taken both and yep the proctored one is a real - insert expletive of choice - and its certainly not open book, not that there are any books to help you. The online one certainly was not worth the #40 I took the 5 day course #1,800 and it was well worth it, BUT only if you had done CVOICE & CIPT before hand since the course made many assumptions about student knowledge and experience. Those that were on the EVODD course who had little or no experience or who had not done CIPT were left floundering. Those who simply missed CVOICE had a little evening studying to do, generally in the bar with those of us who had passed that exam. That said the course is relatively easy and there are no hands-on labs. This may have changed since the course notes I have still have 'Cisco For Internal Use Only' stamped all over them. I might if I can ever get the IRS to give me an ITIN write an exam for Boson for this one, but don't hold your breath. MFC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of blitzlight Sent: 01 August 2002 15:40 To: [EMAIL PROTECTED] Subject: Anyone took EVODD (9E0-411)? [7:50340] Hi all, I've completed DQoS (a badly written exam) and would like to move on to IPT Design Specialist. I've been searching high and low for the study guide or other self-study material, but couldn't find it. CCO doesn't help either. Whenever I do keyword search based on exam topics, CCO search results only points me back to the Exam Description/Topics Page. I wrote to Boson asking whether or not they have it, they replied that they have no author for this exam. Anyone took EVODD 9e0-411 exam yet? What did you use for study & preparation? PEC? I can't afford to go for the full-blown training. Some suggest that this exam is an easy one ... a walk in the park ... is this true? Regards Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50455&t=50340 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Pix 501 connected to dsl [7:50449]
All, I have just got my pix 501 and I have it connected to my dsl provider I have a static ip address. I have it configured as best as I could from the docs but can't get traffic through it. Also I can ping my default gateway of my isp but when I try to ping anything outside of my isp default gateway like www.cisco.com by name or ip address I get no response. And my clients on the inside can't get out. Any help would be greatly appreciated. pixfirewall# sh conf : Saved : PIX Version 6.1(3) nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password xzodKzXOwh/IjrTt encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names pager lines 24 interface ethernet0 10baset interface ethernet1 10full mtu outside 1500 mtu inside 1500 ip address outside 66.93.21.X 255.255.255.0 ip address inside 192.168.X.X 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm location 66.93.21.0 255.255.255.0 outside pdm location 0.0.0.0 255.255.255.0 outside pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 0 0 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si p 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius http server enable http 192.168.X.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable no sysopt route dnat telnet timeout 5 ssh timeout 5 dhcpd dns 192.168.X.X dhcpd wins 192.168.X.X dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd domain digitalrage.org terminal width 80 Cryptochecksum:b8fe98213b66bb850c58ba5ad7831262 pixfirewall# sh ver Cisco PIX Firewall Version 6.1(3) Cisco PIX Device Manager Version 1.1(2) Compiled on Fri 22-Feb-02 08:15 by morlee pixfirewall up 17 mins 46 secs Hardware: PIX-501, 16 MB RAM, CPU Am5x86 133 MHz Flash E28F640J3 @ 0x300, 8MB BIOS Flash E28F640J3 @ 0xfffd8000, 128KB 0: ethernet0: address is 000a.411e.f554, irq 9 1: ethernet1: address is 000a.411e.f555, irq 10 Licensed Features: Failover: Disabled VPN-DES:Enabled VPN-3DES: Disabled Maximum Interfaces: 2 Cut-through Proxy: Enabled Guards: Enabled Websense: Enabled Inside Hosts: 10 Throughput: Limited ISAKMP peers: 5 pixfirewall# Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50449&t=50449 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cheap IP Serial Console Switch? [7:50432]
I got a Digiboard 16 port RJ45 terminal server for #150 I think from Ebay. Found the pin outs, made some cables up and it works well. I would keep an eye on there. Symon -Original Message- From: McAllister Paul [mailto:[EMAIL PROTECTED]] Sent: 01 August 2002 20:18 To: [EMAIL PROTECTED] Subject: OT: Cheap IP Serial Console Switch? [7:50432] What's a *cheap* source or brand for a 6+ port serial console switch (db9 or rj45) with a 10bT telnet interface? I don't have 1000 bucks to spend. I could get a 486 with some serial cards if there really isnt anything out there. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50461&t=50432 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RFC 3345 on Border Gateway Protocol (BGP) Persistent Route [7:50492]
This has relevance to setting up multiple levels of route reflectors, IGP metric redistribution into BGP, and certain confederation configurations. The problem tends to occur when connecting POPs to a core. > >A new Request for Comments is now available in online RFC libraries. > > > RFC 3345 > > Title:Border Gateway Protocol (BGP) Persistent Route > Oscillation Condition > Author(s): D. McPherson, V. Gill, D. Walton, A. Retana > Status: Informational > Date: August 2002 > Mailbox:[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], > [EMAIL PROTECTED] > Pages: 19 > Characters: 38137 > Updates/Obsoletes/SeeAlso:None > > I-D Tag:draft-ietf-idr-route-oscillation-01.txt > > URL:ftp://ftp.rfc-editor.org/in-notes/rfc3345.txt > > >In particular configurations, the BGP scaling mechanisms defined in >"BGP Route Reflection - An Alternative to Full Mesh IBGP" and >"Autonomous System Confederations for BGP" will introduce persistent >BGP route oscillation. This document discusses the two types of >persistent route oscillation that have been identified, describes >when these conditions will occur, and provides some network design >guidelines to avoid introducing such occurrences. > >This document is a product of the Inter-Domain Routing Working Group >of the IETF. > >This memo provides information for the Internet community. It does >not specify an Internet standard of any kind. Distribution of this >memo is unlimited. > >This announcement is sent to the IETF list and the RFC-DIST list. >Requests to be added to or deleted from the IETF distribution list >should be sent to [EMAIL PROTECTED] Requests to be >added to or deleted from the RFC-DIST distribution list should >be sent to [EMAIL PROTECTED] > >Details on obtaining RFCs via FTP or EMAIL may be obtained by sending >an EMAIL message to [EMAIL PROTECTED] with the message body >help: ways_to_get_rfcs. For example: > > To: [EMAIL PROTECTED] > Subject: getting rfcs > > help: ways_to_get_rfcs > >Requests for special distribution should be addressed to either the >author of the RFC in question, or to [EMAIL PROTECTED] Unless >specifically noted otherwise on the RFC itself, all RFCs are for >unlimited distribution.echo >Submissions for Requests for Comments should be sent to >[EMAIL PROTECTED] Please consult RFC 2223, Instructions to RFC >Authors, for further information. > > >Joyce K. Reynolds and Sandy Ginoza >USC/Information Sciences Institute > >... > >Below is the data which will enable a MIME compliant Mail Reader >implementation to automatically retrieve the ASCII version >of the RFCs. > > >[The following attachment must be fetched by mail. Command-click the >URL below and send the resulting message to get the attachment.] > >[The following attachment must be fetched by ftp. Command-click the >URL below to ask your ftp client to fetch it.] > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50492&t=50492 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Very odd problem [7:50459]
"Lupi, Guy" wrote: > > Can the server initiate a tcp connection to you? After it pings me, I can connect using TCP as well as pinging. They have not tried to initiate a connection to me, so I can't say. > Have you checked the NAT > mapping to ensure you are allowed to initiate connections to that server? > It sounds like when the server pings you, it opens a "hole" through NAT > allowing you to then initiate a connection to it through that "hole". This > doesn't sound like it is in keeping with the proper function of stateful > NAT, which should just allow ICMP back throught the translation it created, > unless the NAT implementation isn't using stateful inspection. If you can > contact all the servers except that one, I would look for the difference > between the configuration for the other servers and that one. > I'm leaning that way as well... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50491&t=50459 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Very odd problem [7:50459]
"[EMAIL PROTECTED]" wrote: > > can you clarify a few things? > > 1. are you able to connect to any other servers on the partner network? I believe so, but I am not 100%. > 2. is your workstation address being NATed as well? ie is the real address > used when that specific server pings your workstation? Yes. The workstations are NATed from a pool of addresses. The servers on the partner net are static NATs > 3. any chance you have a traceroute/tracert result from your workstation to > the server? > Alas, I cannot. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50490&t=50459 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN not connecting [7:50144]
An interesting fact is also that you must use one of the following transform sets (or so I seem to remember reading): "The transform must be one of the following combinations. If it is not, modify the transform to match one of the following and try again. a.. Esp-3des esp-sha-hmac b.. Esp-3des esp-md5-hmac c.. Esp-des esp-sha-hmac d.. Esp-des esp-md5-hmac" may be helpful. rgds, Ciaron - Original Message - From: "Priscilla Oppenheimer" To: Sent: Thursday, August 01, 2002 11:59 PM Subject: RE: VPN not connecting [7:50144] > [EMAIL PROTECTED] wrote: > > > > I've been working on trying to eliminate the variables on each > > side of the > > VPN The unfortunate thing is, the other side is home, so I > > usually wait > > until the late evening/night to work on the remote side > > That's also the > > reason for the "frustrating" comment earlier. I know I could > > SSH into it, > > but, this isn't the only project I've been working on (as I'm > > sure a lot of > > you can relate)... So I'm going to hopefully wrap it up by > > this weekend. > > No problem, but do let us know what you learn! :-) Thanks. A few more > comments below... > > > > One of the main issues I was running into was the remote > > network was > > subnetted from the main network so the ACLs got a little > > confusing. > > I was thinking that ACLs might be related to the problem. On the crypto ACL > that defines interesting packets that must be protected by IPSec, you have > to get addresses and any protocols, ports, etc., just right. It doesn't help > that PIX doesn't do the mask the same as IOS. While troubleshooting, you > might want to make this access list pretty general purpose using big blocks > of addresses and not worrying about ports. > > Now, don't confuse this with general-purpose access lists. This crypto > access list is just for defining traffic that must be protected. > > > So I've > > changed the IP scheme on the remote side... This also brings > > me to another > > question; a rather newbie one, what other ports should be > > open(beside 500)? > > I received an email from someone saying 50 & 51, does that > > sound right? If > > That's a different issue from the crypto access list, but also very > important, (although from what you were saying about your symptoms earlier, > I don't think that's the problem.) But it's possible for IPSec to fail > because general-purpose access lists are denying the UDP port used by > ISAKMP, which is 500. > > In addition, you should make sure that IP protocol types 50 and 51 are > allowed. These are used by IPSec's Encapsulating Security Payload and > Authentication Header, respectively. They aren't UDP or TCP port numbers; > they are IP protocol numbers. > > I also read this confusing warning in the VPN book I'm reading. It could be > relevant: > > By default, all IPSec traffic is disallowed through the PIX Firewall. A NAT > and conduit/access list must exist for IPSec traffic to flow through the > firewall, as in any other traffic flow. However, if a crypto map is assigned > to an interface, IPSec traffic for that map is allowed to bypass the > adaptive security algorithm. > > So, you're probably OK, there, but maybe not. Why DO they make these things > so complicated? :-) Keep us posted. Thank-you! > > Priscilla > > > you have the, "allow any out and return in", settings for > > firewall rules... > > Do the ports still need to be opened (I would think not since > > there is the > > nat0 command?)? The other issue I'm looking into is the MTU > > size > > > > Once I establish the tunnel and maintain connectivity I'll let > > y'all know > > what I find > > > > Thanx for the help, > > mkj > > > > -Original Message- > > From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, August 01, 2002 2:54 PM > > To: [EMAIL PROTECTED] > > Subject: RE: VPN not connecting [7:50144] > > > > > > Lidiya White wrote: > > > > > > Capture debugs on both ends at the same time. Should be more > > > helpful. > > > Make sure both ends have "isakmp identify address"... > > > > > > -- Lidiya White > > > > Sounds like a good idea. So Mike, what was the problem? It sure > > would help > > those of learning IPSec to hear how you resolved the issue. > > Thanks. > > > > Priscilla > > > > > > > > > > > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On > > > Behalf Of > > > [EMAIL PROTECTED] > > > Sent: Tuesday, July 30, 2002 4:05 PM > > > To: [EMAIL PROTECTED] > > > Subject: RE: VPN not connecting [7:50144] > > > > > > The ACLs are mirrors of each other and the transform sets > > > match > > > Very > > > frustrating > > > > > > -Original Message- > > > From: Silju Pillai [mailto:[EMAIL PROTECTED]] > > > Sent: Tuesday, July 30, 2002 2:29 PM > > > To: [EMAIL PROTECTED] > > > Subject: RE: VPN not connecting [7:50144] > > > > > > > > > Hi, > > > > > > Pls check the interesting traffic configured > > >
Re: VPN not connecting [7:50144]
Priscilla, you may have a good point. Perhaps Mike your missing the command "sysopt connection permit-ipsec" this is what allows IPSEC to bypass the ASA via crypto maps. without it you must explicitly allow IPSEC and Isakmp in on your access-lists. It may explain why your phase one negotiation seems to succeed but gets no farther... and then re-transmits. Just a guess. C - Original Message - From: "Priscilla Oppenheimer" To: Sent: Thursday, August 01, 2002 11:59 PM Subject: RE: VPN not connecting [7:50144] > [EMAIL PROTECTED] wrote: > > > > I've been working on trying to eliminate the variables on each > > side of the > > VPN The unfortunate thing is, the other side is home, so I > > usually wait > > until the late evening/night to work on the remote side > > That's also the > > reason for the "frustrating" comment earlier. I know I could > > SSH into it, > > but, this isn't the only project I've been working on (as I'm > > sure a lot of > > you can relate)... So I'm going to hopefully wrap it up by > > this weekend. > > No problem, but do let us know what you learn! :-) Thanks. A few more > comments below... > > > > One of the main issues I was running into was the remote > > network was > > subnetted from the main network so the ACLs got a little > > confusing. > > I was thinking that ACLs might be related to the problem. On the crypto ACL > that defines interesting packets that must be protected by IPSec, you have > to get addresses and any protocols, ports, etc., just right. It doesn't help > that PIX doesn't do the mask the same as IOS. While troubleshooting, you > might want to make this access list pretty general purpose using big blocks > of addresses and not worrying about ports. > > Now, don't confuse this with general-purpose access lists. This crypto > access list is just for defining traffic that must be protected. > > > So I've > > changed the IP scheme on the remote side... This also brings > > me to another > > question; a rather newbie one, what other ports should be > > open(beside 500)? > > I received an email from someone saying 50 & 51, does that > > sound right? If > > That's a different issue from the crypto access list, but also very > important, (although from what you were saying about your symptoms earlier, > I don't think that's the problem.) But it's possible for IPSec to fail > because general-purpose access lists are denying the UDP port used by > ISAKMP, which is 500. > > In addition, you should make sure that IP protocol types 50 and 51 are > allowed. These are used by IPSec's Encapsulating Security Payload and > Authentication Header, respectively. They aren't UDP or TCP port numbers; > they are IP protocol numbers. > > I also read this confusing warning in the VPN book I'm reading. It could be > relevant: > > By default, all IPSec traffic is disallowed through the PIX Firewall. A NAT > and conduit/access list must exist for IPSec traffic to flow through the > firewall, as in any other traffic flow. However, if a crypto map is assigned > to an interface, IPSec traffic for that map is allowed to bypass the > adaptive security algorithm. > > So, you're probably OK, there, but maybe not. Why DO they make these things > so complicated? :-) Keep us posted. Thank-you! > > Priscilla > > > you have the, "allow any out and return in", settings for > > firewall rules... > > Do the ports still need to be opened (I would think not since > > there is the > > nat0 command?)? The other issue I'm looking into is the MTU > > size > > > > Once I establish the tunnel and maintain connectivity I'll let > > y'all know > > what I find > > > > Thanx for the help, > > mkj > > > > -Original Message- > > From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, August 01, 2002 2:54 PM > > To: [EMAIL PROTECTED] > > Subject: RE: VPN not connecting [7:50144] > > > > > > Lidiya White wrote: > > > > > > Capture debugs on both ends at the same time. Should be more > > > helpful. > > > Make sure both ends have "isakmp identify address"... > > > > > > -- Lidiya White > > > > Sounds like a good idea. So Mike, what was the problem? It sure > > would help > > those of learning IPSec to hear how you resolved the issue. > > Thanks. > > > > Priscilla > > > > > > > > > > > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On > > > Behalf Of > > > [EMAIL PROTECTED] > > > Sent: Tuesday, July 30, 2002 4:05 PM > > > To: [EMAIL PROTECTED] > > > Subject: RE: VPN not connecting [7:50144] > > > > > > The ACLs are mirrors of each other and the transform sets > > > match > > > Very > > > frustrating > > > > > > -Original Message- > > > From: Silju Pillai [mailto:[EMAIL PROTECTED]] > > > Sent: Tuesday, July 30, 2002 2:29 PM > > > To: [EMAIL PROTECTED] > > > Subject: RE: VPN not connecting [7:50144] > > > > > > > > > Hi, > > > > > > Pls check the interesting traffic configured > > > (access list) configur
Re: switch command [7:50413]
You would need to find the router that is acting as the default gateway for the clients connected to said switch, then do a show arp there and match it with the mac addresses you see attached to you switch. The couple of arp entries you are seeing on the switch are the entries being used by the switch as a L3 device (i.e. although it is L2 switching traffic for other devices, it in itself is a Layer 3 device that has an IP address, etc) Mike W. "GEORGE" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Is their a command to view all the ip addresses connected to my switch. > I do a show arp shows a couple > Or how often does ip addresses get added to the switch? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50487&t=50413 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: Cat2950 VLAN 1 ip address...can't connect [7:50331]
Ciaron Gogarty wrote: > > It was only particular to Dot1q trunks as well... as far as I > can remember > it wasn't an issue on isl trunked ports. The testing that revealed the problem was done on Dot1q VLANs. It's possible it could have been a problem on ISL too and that just wasn't tested. It's probably not a problem anymore, either way. Priscilla > > is that correct?? > > rgds, > > Ciaron > - Original Message - > From: "Priscilla Oppenheimer" > To: > Sent: Thursday, August 01, 2002 11:34 PM > Subject: Re: RE: Cat2950 VLAN 1 ip address...can't connect > [7:50331] > > > > [EMAIL PROTECTED] wrote: > > > > > > AT Cisco Networkers i went to the layer 2 security breakout > > > session and they talked about this. 1st they said the > article > > > is out dated. When the article was written Cisco already > had a > > > fix for this. > > > > That was what I figured, Mr. Bond. (nice address! ;-) > > > > A fix would be pretty easy. The vulnerability required a host > on an access > > port to send a frame with a VLAN tag already in it. That > could easily be > > disallowed. (The switch itself should add any tags when > sending across a > > trunk link. Or, a server on a trunk link could include a tag, > but a host > on > > an ordinary access port shouldn't include a tag in its frame.) > > > > I don't know if this is what the original poster had in mind, > but I bet it > > is. The story got blown out of proportion and will probably > never die. > > > > Priscilla > > > > > 2nd they said with the current switch IOS and > > > additional features they could not hop any VLANS. They tried > > > everything and where not successful. the whole purpose of > the > > > breakout was to defuse the myths out there about how > unsecure > > > VLANs are. With all that said they did say they do not > > > recommend using one switch with VLANS for web, dmz, and > > > internal traffic > > > > > > > > From: "Priscilla Oppenheimer" > > > > Date: 2002/08/01 Thu PM 03:40:39 EDT > > > > To: [EMAIL PROTECTED] > > > > Subject: RE: Cat2950 VLAN 1 ip address...can't connect > > > [7:50331] > > > > > > > > Turpin, Mark wrote: > > > > > > > > > > I'm referring to trunks, sorry. > > > > > > > > There were some vulnerabilities related to this, but > actually > > > the fix was to > > > > make sure the native VLAN wasn't trunked, if I understand > it > > > correctly > > > > Although the vulnerabilities caused a big stir, they were > > > hard to exploit. > > > > They required physical access to the switch, a Sniffer, > and > > > traffic > > > > generation capabilities. Also, Cisco may have made some > > > changes to avoid the > > > > problem after it got reported. But here's the info from > SANS: > > > > > > > > http://www.sans.org/newlook/resources/IDFAQ/vlan.htm > > > > > > > > Priscilla > > > > > > > > > > > > > > > > > > -Original Message- > > > > > From: MADMAN [mailto:[EMAIL PROTECTED]] > > > > > Sent: Thursday, August 01, 2002 12:14 PM > > > > > To: Turpin, Mark > > > > > Cc: [EMAIL PROTECTED] > > > > > Subject: Re: Cat2950 VLAN 1 ip address...can't connect > > > [7:50331] > > > > > > > > > > > > > > > > > > > > Not sure what you mean. Your not changing the default > > > VLAN, > > > > > VLAN 1 > > > > > will remain, can't delete it, (not talking about > trunks). I > > > > > know of no > > > > > problems arising when using a VLAN other than 1 for > inband > > > > > connectivity. > > > > > > > > > > Dave > > > > > > > > > > > > > > > "The information transmitted is intended only for the > > > person > > > > > or entity to > > > > > which it is addressed and may contain confidential > and/or > > > > > privileged > > > > > material. Any review, retransmission, dissemination or > other > > > > > use of, or > > > > > taking of any action in reliance upon, this information > by > > > > > persons or > > > > > entities other than the intended recipient is > prohibited. If > > > > > you received > > > > > this in error, please contact the sender and delete the > > > > > material from all > > > > > computers." > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50486&t=50331 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cheap IP Serial Console Switch? [7:50432]
There a 2500 series router (2511 I believe, but hopefully someone else will pipe up and correct me) that has 8 serial ports and a 10baseT interface that you should be able to pick up for alot cheaper than $1000. I've even seen it referred to as "the poor man's term server". Mike W. "McAllister Paul" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > What's a *cheap* source or brand for a 6+ port serial console switch (db9 or > rj45) with a 10bT telnet interface? > > I don't have 1000 bucks to spend. I could get a 486 with some serial cards > if there really isnt anything out there. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50485&t=50432 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: router vs packet forwarding [7:50471]
In a sense the NT box is acting as a router... I think by default it would only know the two networks that are attached (like a router would) but you can add your own routes to an NT/2000/XP box, effectively you could use it as a router that only understands static routes (although I think you could use RIP with them I'm not sure if I'm confusing NT/2000 with another OS)... Mike W. "John Green" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > what is the difference between router and a device > that does packet forwarding between its interfaces. > > example: > can a plain NT box with two network cards (with IP > forwarding enabled) be called as a router ? or it is > just doing packet forwarding. > in my understanding even routers like say cisco router > does such packet forwarding though it can make a > decision on such packet forwarding based on a routing > protocol. would that be correct to say ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50484&t=50471 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN not connecting [7:50144]
[EMAIL PROTECTED] wrote: > > I've been working on trying to eliminate the variables on each > side of the > VPN The unfortunate thing is, the other side is home, so I > usually wait > until the late evening/night to work on the remote side > That's also the > reason for the "frustrating" comment earlier. I know I could > SSH into it, > but, this isn't the only project I've been working on (as I'm > sure a lot of > you can relate)... So I'm going to hopefully wrap it up by > this weekend. No problem, but do let us know what you learn! :-) Thanks. A few more comments below... > > One of the main issues I was running into was the remote > network was > subnetted from the main network so the ACLs got a little > confusing. I was thinking that ACLs might be related to the problem. On the crypto ACL that defines interesting packets that must be protected by IPSec, you have to get addresses and any protocols, ports, etc., just right. It doesn't help that PIX doesn't do the mask the same as IOS. While troubleshooting, you might want to make this access list pretty general purpose using big blocks of addresses and not worrying about ports. Now, don't confuse this with general-purpose access lists. This crypto access list is just for defining traffic that must be protected. > So I've > changed the IP scheme on the remote side... This also brings > me to another > question; a rather newbie one, what other ports should be > open(beside 500)? > I received an email from someone saying 50 & 51, does that > sound right? If That's a different issue from the crypto access list, but also very important, (although from what you were saying about your symptoms earlier, I don't think that's the problem.) But it's possible for IPSec to fail because general-purpose access lists are denying the UDP port used by ISAKMP, which is 500. In addition, you should make sure that IP protocol types 50 and 51 are allowed. These are used by IPSec's Encapsulating Security Payload and Authentication Header, respectively. They aren't UDP or TCP port numbers; they are IP protocol numbers. I also read this confusing warning in the VPN book I'm reading. It could be relevant: By default, all IPSec traffic is disallowed through the PIX Firewall. A NAT and conduit/access list must exist for IPSec traffic to flow through the firewall, as in any other traffic flow. However, if a crypto map is assigned to an interface, IPSec traffic for that map is allowed to bypass the adaptive security algorithm. So, you're probably OK, there, but maybe not. Why DO they make these things so complicated? :-) Keep us posted. Thank-you! Priscilla > you have the, "allow any out and return in", settings for > firewall rules... > Do the ports still need to be opened (I would think not since > there is the > nat0 command?)? The other issue I'm looking into is the MTU > size > > Once I establish the tunnel and maintain connectivity I'll let > y'all know > what I find > > Thanx for the help, > mkj > > -Original Message- > From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] > Sent: Thursday, August 01, 2002 2:54 PM > To: [EMAIL PROTECTED] > Subject: RE: VPN not connecting [7:50144] > > > Lidiya White wrote: > > > > Capture debugs on both ends at the same time. Should be more > > helpful. > > Make sure both ends have "isakmp identify address"... > > > > -- Lidiya White > > Sounds like a good idea. So Mike, what was the problem? It sure > would help > those of learning IPSec to hear how you resolved the issue. > Thanks. > > Priscilla > > > > > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On > > Behalf Of > > [EMAIL PROTECTED] > > Sent: Tuesday, July 30, 2002 4:05 PM > > To: [EMAIL PROTECTED] > > Subject: RE: VPN not connecting [7:50144] > > > > The ACLs are mirrors of each other and the transform sets > > match > > Very > > frustrating > > > > -Original Message- > > From: Silju Pillai [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, July 30, 2002 2:29 PM > > To: [EMAIL PROTECTED] > > Subject: RE: VPN not connecting [7:50144] > > > > > > Hi, > > > > Pls check the interesting traffic configured > > (access list) configured at both ends. Your transform set > > parameters > > too. It > > should be same. > > > > As you are receiving IKMP_no_error your isakmp policies are > > working > > fine. > > > > regards > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50483&t=50144 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Serial Interface Bandwidth [7:50381]
Henry D. wrote: > > That would work if you have integrated CSU, the timeslots would > be there. > If you connect say with V.35 to an external CSU/DSU then you > won't get the > timeslot information. The only way to figure out the bandwidth > then would be > to stress-test the circuit and see how far you can get the > bandwidth > utilization > on this interface. Or, of course, you can use the non-technical way. Ask your provider. We are supposed to be in a "communications" field, after all :-) JMcL > > ""Turpin, Mark"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > A show interface serial 'x' > > where x = the serial interface's number will tell you > > a couple things that are important. > > > > 1) the 5 minute load average for input/output > > 2) the timeslots used > > > > You can use the timeslots to determine the bandwidth > > that is technically available, and the load average > > to get an idea of what is currently being used. > > > > hth, > > -mark > > > > -Original Message- > > From: Curious [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, August 01, 2002 9:43 AM > > To: [EMAIL PROTECTED] > > Subject: Serial Interface Bandwidth [7:50381] > > > > > > I want to know the current bandwidth of my serial Interface > of Router. > Lets > > say i have a fractional T1, how would i know what bandwidth i > have for my > > serial interface. > > > > thanks, > > "The information transmitted is intended only for the person > or entity to > > which it is addressed and may contain confidential and/or > privileged > > material. Any review, retransmission, dissemination or other > use of, or > > taking of any action in reliance upon, this information by > persons or > > entities other than the intended recipient is prohibited. If > you received > > this in error, please contact the sender and delete the > material from all > > computers." > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50482&t=50381 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Very odd problem [7:50459]
can you clarify a few things? 1. are you able to connect to any other servers on the partner network? 2. is your workstation address being NATed as well? ie is the real address used when that specific server pings your workstation? 3. any chance you have a traceroute/tracert result from your workstation to the server? -Original Message- From: Drew [mailto:[EMAIL PROTECTED]] Sent: Friday, 2 August 2002 9:13AM To: [EMAIL PROTECTED] Subject: Very odd problem [7:50459] Hello all, I have a problem that I can barely describe, let alone quantify. I seek the assistance of the masters, and suspect this might be an interesting thing for those of us in the student role. Here goes: I have an internal network seperated from a partner network via a 6500 switch/router which is also running NAT. There is also a Raptor firewall between my network and the border switch. There are some servers in the partner network that are accessed from my network. The 6500 has static NAT entries for those servers. The firwall rulebase is set to allow the connections. The problem is, I can not connect to a specific server in the partner network.. that is, until that server pings my workstation. After that, I can connect to them. What could be the cause of this? Could it be a NAT issue? Where might I start troubleshooting? -Ds -- The information contained in this e-mail message is intended only for the use of the person or entity to whom it is addressed and may contain information that is CONFIDENTIAL and may be exempt from disclosure under applicable laws. If you read this message and are not the addressee you are notified that use, dissemination, distribution, or reproduction of this message is prohibited. If you have received this message in error, please notify us immediately and delete the original message. You should scan this message and any attached files for viruses. Axon Computertime accepts no liability for any loss caused either directly or indirectly by a virus arising from the use of this message or any attached file. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50481&t=50459 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: Cat2950 VLAN 1 ip address...can't connect [7:50331]
It was only particular to Dot1q trunks as well... as far as I can remember it wasn't an issue on isl trunked ports. is that correct?? rgds, Ciaron - Original Message - From: "Priscilla Oppenheimer" To: Sent: Thursday, August 01, 2002 11:34 PM Subject: Re: RE: Cat2950 VLAN 1 ip address...can't connect [7:50331] > [EMAIL PROTECTED] wrote: > > > > AT Cisco Networkers i went to the layer 2 security breakout > > session and they talked about this. 1st they said the article > > is out dated. When the article was written Cisco already had a > > fix for this. > > That was what I figured, Mr. Bond. (nice address! ;-) > > A fix would be pretty easy. The vulnerability required a host on an access > port to send a frame with a VLAN tag already in it. That could easily be > disallowed. (The switch itself should add any tags when sending across a > trunk link. Or, a server on a trunk link could include a tag, but a host on > an ordinary access port shouldn't include a tag in its frame.) > > I don't know if this is what the original poster had in mind, but I bet it > is. The story got blown out of proportion and will probably never die. > > Priscilla > > > 2nd they said with the current switch IOS and > > additional features they could not hop any VLANS. They tried > > everything and where not successful. the whole purpose of the > > breakout was to defuse the myths out there about how unsecure > > VLANs are. With all that said they did say they do not > > recommend using one switch with VLANS for web, dmz, and > > internal traffic > > > > > > From: "Priscilla Oppenheimer" > > > Date: 2002/08/01 Thu PM 03:40:39 EDT > > > To: [EMAIL PROTECTED] > > > Subject: RE: Cat2950 VLAN 1 ip address...can't connect > > [7:50331] > > > > > > Turpin, Mark wrote: > > > > > > > > I'm referring to trunks, sorry. > > > > > > There were some vulnerabilities related to this, but actually > > the fix was to > > > make sure the native VLAN wasn't trunked, if I understand it > > correctly > > > Although the vulnerabilities caused a big stir, they were > > hard to exploit. > > > They required physical access to the switch, a Sniffer, and > > traffic > > > generation capabilities. Also, Cisco may have made some > > changes to avoid the > > > problem after it got reported. But here's the info from SANS: > > > > > > http://www.sans.org/newlook/resources/IDFAQ/vlan.htm > > > > > > Priscilla > > > > > > > > > > > > > > -Original Message- > > > > From: MADMAN [mailto:[EMAIL PROTECTED]] > > > > Sent: Thursday, August 01, 2002 12:14 PM > > > > To: Turpin, Mark > > > > Cc: [EMAIL PROTECTED] > > > > Subject: Re: Cat2950 VLAN 1 ip address...can't connect > > [7:50331] > > > > > > > > > > > > > > > > Not sure what you mean. Your not changing the default > > VLAN, > > > > VLAN 1 > > > > will remain, can't delete it, (not talking about trunks). I > > > > know of no > > > > problems arising when using a VLAN other than 1 for inband > > > > connectivity. > > > > > > > > Dave > > > > > > > > > > > > "The information transmitted is intended only for the > > person > > > > or entity to > > > > which it is addressed and may contain confidential and/or > > > > privileged > > > > material. Any review, retransmission, dissemination or other > > > > use of, or > > > > taking of any action in reliance upon, this information by > > > > persons or > > > > entities other than the intended recipient is prohibited. If > > > > you received > > > > this in error, please contact the sender and delete the > > > > material from all > > > > computers." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50480&t=50331 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Very odd problem [7:50459]
Symon Thurlow wrote: > > Any VPN between the sites? > Raptor 6.5, no VPNs in use. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50479&t=50459 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: Cat2950 VLAN 1 ip address...can't connect [7:50331]
[EMAIL PROTECTED] wrote: > > AT Cisco Networkers i went to the layer 2 security breakout > session and they talked about this. 1st they said the article > is out dated. When the article was written Cisco already had a > fix for this. That was what I figured, Mr. Bond. (nice address! ;-) A fix would be pretty easy. The vulnerability required a host on an access port to send a frame with a VLAN tag already in it. That could easily be disallowed. (The switch itself should add any tags when sending across a trunk link. Or, a server on a trunk link could include a tag, but a host on an ordinary access port shouldn't include a tag in its frame.) I don't know if this is what the original poster had in mind, but I bet it is. The story got blown out of proportion and will probably never die. Priscilla > 2nd they said with the current switch IOS and > additional features they could not hop any VLANS. They tried > everything and where not successful. the whole purpose of the > breakout was to defuse the myths out there about how unsecure > VLANs are. With all that said they did say they do not > recommend using one switch with VLANS for web, dmz, and > internal traffic > > > > From: "Priscilla Oppenheimer" > > Date: 2002/08/01 Thu PM 03:40:39 EDT > > To: [EMAIL PROTECTED] > > Subject: RE: Cat2950 VLAN 1 ip address...can't connect > [7:50331] > > > > Turpin, Mark wrote: > > > > > > I'm referring to trunks, sorry. > > > > There were some vulnerabilities related to this, but actually > the fix was to > > make sure the native VLAN wasn't trunked, if I understand it > correctly > > Although the vulnerabilities caused a big stir, they were > hard to exploit. > > They required physical access to the switch, a Sniffer, and > traffic > > generation capabilities. Also, Cisco may have made some > changes to avoid the > > problem after it got reported. But here's the info from SANS: > > > > http://www.sans.org/newlook/resources/IDFAQ/vlan.htm > > > > Priscilla > > > > > > > > > > -Original Message- > > > From: MADMAN [mailto:[EMAIL PROTECTED]] > > > Sent: Thursday, August 01, 2002 12:14 PM > > > To: Turpin, Mark > > > Cc: [EMAIL PROTECTED] > > > Subject: Re: Cat2950 VLAN 1 ip address...can't connect > [7:50331] > > > > > > > > > > > > Not sure what you mean. Your not changing the default > VLAN, > > > VLAN 1 > > > will remain, can't delete it, (not talking about trunks). I > > > know of no > > > problems arising when using a VLAN other than 1 for inband > > > connectivity. > > > > > > Dave > > > > > > > > > "The information transmitted is intended only for the > person > > > or entity to > > > which it is addressed and may contain confidential and/or > > > privileged > > > material. Any review, retransmission, dissemination or other > > > use of, or > > > taking of any action in reliance upon, this information by > > > persons or > > > entities other than the intended recipient is prohibited. If > > > you received > > > this in error, please contact the sender and delete the > > > material from all > > > computers." > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50478&t=50331 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN not connecting [7:50144]
Hi Mike, When the other member mentioned 50 and 51 he was talking about two protocols ESP and AH rather than two ports. ie -- access-list FromInternet permit esp any host 1.1.1.1 If your using ESP/AH protocols you will need to allow it bidirectionally, so if you have an access-list on the "inside" interface of your router (ethernet) you must allow protocol 50/51 back out. Most people don't bother with protocol 51 AH anymore as ESP provides everything AH does and more. rgds, Ciaron - Original Message - From: To: Sent: Thursday, August 01, 2002 10:40 PM Subject: RE: VPN not connecting [7:50144] > I've been working on trying to eliminate the variables on each side of the > VPN The unfortunate thing is, the other side is home, so I usually wait > until the late evening/night to work on the remote side That's also the > reason for the "frustrating" comment earlier. I know I could SSH into it, > but, this isn't the only project I've been working on (as I'm sure a lot of > you can relate)... So I'm going to hopefully wrap it up by this weekend. > > One of the main issues I was running into was the remote network was > subnetted from the main network so the ACLs got a little confusing. So I've > changed the IP scheme on the remote side... This also brings me to another > question; a rather newbie one, what other ports should be open(beside 500)? > I received an email from someone saying 50 & 51, does that sound right? If > you have the, "allow any out and return in", settings for firewall rules... > Do the ports still need to be opened (I would think not since there is the > nat0 command?)? The other issue I'm looking into is the MTU size > > Once I establish the tunnel and maintain connectivity I'll let y'all know > what I find > > Thanx for the help, > mkj > > -Original Message- > From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] > Sent: Thursday, August 01, 2002 2:54 PM > To: [EMAIL PROTECTED] > Subject: RE: VPN not connecting [7:50144] > > > Lidiya White wrote: > > > > Capture debugs on both ends at the same time. Should be more > > helpful. > > Make sure both ends have "isakmp identify address"... > > > > -- Lidiya White > > Sounds like a good idea. So Mike, what was the problem? It sure would help > those of learning IPSec to hear how you resolved the issue. Thanks. > > Priscilla > > > > > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On > > Behalf Of > > [EMAIL PROTECTED] > > Sent: Tuesday, July 30, 2002 4:05 PM > > To: [EMAIL PROTECTED] > > Subject: RE: VPN not connecting [7:50144] > > > > The ACLs are mirrors of each other and the transform sets > > match > > Very > > frustrating > > > > -Original Message- > > From: Silju Pillai [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, July 30, 2002 2:29 PM > > To: [EMAIL PROTECTED] > > Subject: RE: VPN not connecting [7:50144] > > > > > > Hi, > > > > Pls check the interesting traffic configured > > (access list) configured at both ends. Your transform set > > parameters > > too. It > > should be same. > > > > As you are receiving IKMP_no_error your isakmp policies are > > working > > fine. > > > > regards Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50477&t=50144 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Routing Question [7:50431]
You can put the bandwidth command on both ends of the circuit and the clockrate on one end of the circuit. It may work in other ways but it looks cleaner this way. Winston. Winston V. Shaw -Original Message- From: Chan, Ricky [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 4:54 PM To: 'Winston Shaw'; [EMAIL PROTECTED] Subject: RE: Routing Question [7:50431] One last question, is it necessary to put the "bandwidth" command and "clock rate" command in all the serial interfaces? So far, I only specified them at router1 both serial interfaces. Router2 serial interfaces have no "bandwidth" command and "clock rate" command. Thanks Ricky -Original Message- From: Winston Shaw [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 4:30 PM To: Chan, Ricky; [EMAIL PROTECTED] Subject: RE: Routing Question [7:50431] Please be sure that no auto-summary is configured under the Eigrp processes. Winston -Original Message- From: Chan, Ricky [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 3:11 PM To: [EMAIL PROTECTED] Subject: Routing Question [7:50431] Hi all, I have two 2600 series routers setup with 2 serials connections to each other for redundancy. It means when one serial connection failed, the other one still connected. However, I can't get that to work. Below are the router1 and router2 configuration: router1 fa0/0 = ip address 10.10.10.245 255.255.255.0 serial 0/0 = ip address 11.11.11.1 255.255.255.248 serial 0/1 = ip address 12.12.12.1 255.255.255.248 router 2 Thanks Ricky Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50476&t=50431 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Routing Question [7:50431]
The eigrp process defaults to summarizing network 10.0.0.0/8 on both routers because there are major nets(11 and 12) in between them; and because the nets are discontiguous, you would have problems reaching from one 10 to the other 10. The "no auto-summary" command corrects that by making sure VLSM goes into effect. Of course you have to make sure the IP addressing is correct. Winston. -Original Message- From: Chan, Ricky [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 4:49 PM To: 'Winston Shaw'; [EMAIL PROTECTED] Subject: RE: Routing Question [7:50431] Yes, after I put no auto-summary in the eigrp statment on both routers, plus I removed the ip route statment. It is working fine now. Thanks all for help. What is no auto-summary does? Please advice Ricky -Original Message- From: Winston Shaw [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 4:30 PM To: Chan, Ricky; [EMAIL PROTECTED] Subject: RE: Routing Question [7:50431] Please be sure that no auto-summary is configured under the Eigrp processes. Winston -Original Message- From: Chan, Ricky [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 3:11 PM To: [EMAIL PROTECTED] Subject: Routing Question [7:50431] Hi all, I have two 2600 series routers setup with 2 serials connections to each other for redundancy. It means when one serial connection failed, the other one still connected. However, I can't get that to work. Below are the router1 and router2 configuration: router1 fa0/0 = ip address 10.10.10.245 255.255.255.0 serial 0/0 = ip address 11.11.11.1 255.255.255.248 serial 0/1 = ip address 12.12.12.1 255.255.255.248 router 2 Thanks Ricky Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50475&t=50431 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: routing question [7:50434]
Mishurov Art wrote: > > Disable EIGRP auto-summary on both routers: > > router eigrp 100 > no auto-summary Oh, I bet that's it! I wish I had thought of that. :-) I just noticed that network 10.10.10.0 is reachable via Router 1 and Router 2. I bet Router 1 does not add the 10.10.10.56/29 to its routing table since it can already get to 10.10.10.0/24. Does that make sense? Please quote messages so we can see the details in each message without having to find the original. Here's a copy and paste from the original: Router1 fa0/0 = ip address 10.10.10.245 255.255.255.0 serial 0/0 = ip address 11.11.11.1 255.255.255.0 serial 0/1 = ip address 12.12.12.1 255.255.255.0 router eigrp 100 network 10.0.0.0 network 11.0.0.0 network 12.0.0.0 Router2 fa0/0 = ip address 10.10.100.58 255.255.255.248 serial 0/0 = ip address 11.11.11.2 255.255.255.0 serial 0/1 = ip address 12.12.12.2 255.255.255.0 router eigrp 100 network 10.0.0.0 network 11.0.0.0 network 12.0.0.0 Priscilla > > I assume that the "duplicate address" that other group members > noticed, was just a typo. > > Art Mishurov > Network Engineer > Enterprise Access Group > AT&T Solutions > ph. 614.244.4555 > fax 614.244.1901 > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50474&t=50434 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Very odd problem [7:50459]
Can the server initiate a tcp connection to you? Have you checked the NAT mapping to ensure you are allowed to initiate connections to that server? It sounds like when the server pings you, it opens a "hole" through NAT allowing you to then initiate a connection to it through that "hole". This doesn't sound like it is in keeping with the proper function of stateful NAT, which should just allow ICMP back throught the translation it created, unless the NAT implementation isn't using stateful inspection. If you can contact all the servers except that one, I would look for the difference between the configuration for the other servers and that one. -Original Message- From: Drew [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 5:13 PM To: [EMAIL PROTECTED] Subject: Very odd problem [7:50459] Hello all, I have a problem that I can barely describe, let alone quantify. I seek the assistance of the masters, and suspect this might be an interesting thing for those of us in the student role. Here goes: I have an internal network seperated from a partner network via a 6500 switch/router which is also running NAT. There is also a Raptor firewall between my network and the border switch. There are some servers in the partner network that are accessed from my network. The 6500 has static NAT entries for those servers. The firwall rulebase is set to allow the connections. The problem is, I can not connect to a specific server in the partner network.. that is, until that server pings my workstation. After that, I can connect to them. What could be the cause of this? Could it be a NAT issue? Where might I start troubleshooting? -Ds Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50473&t=50459 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: routing question [7:50434]
Hi Ricky, Try changing the IP of MachineB first. It's the same as Fa0/0 on R2. Mark. -Original Message- From: Chan, Ricky [mailto:[EMAIL PROTECTED]] Sent: Friday, 2 August 2002 05:30 To: [EMAIL PROTECTED] Subject: routing question [7:50434] Hi all, I have a question about routing issue. Let's say I have two routers interconnected with serial cables. Router1's s0/0 connected to Router2's s0/0 and Router1's s0/1 connected to Router2's s0/1. It is for redundancy purpose. MachineA at Router1 would be able to communicate to MachineB at Router2. However, I won't be successful to nothing that. Do you guys have any idea? Please advice. Below are the configuration of Router1 and Router2: Router1 fa0/0 = ip address 10.10.10.245 255.255.255.0 serial 0/0 = ip address 11.11.11.1 255.255.255.0 serial 0/1 = ip address 12.12.12.1 255.255.255.0 router eigrp 100 network 10.0.0.0 network 11.0.0.0 network 12.0.0.0 Router2 fa0/0 = ip address 10.10.100.58 255.255.255.248 serial 0/0 = ip address 11.11.11.2 255.255.255.0 serial 0/1 = ip address 12.12.12.2 255.255.255.0 router eigrp 100 network 10.0.0.0 network 11.0.0.0 network 12.0.0.0 MachineA ip address 10.10.10.2/24 MachineB ip address 10.10.100.58/29 The purpose is able to let MachineA communicate to MachineB through the routers interconnected with serial links. Thanks in advance. Ricky Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50472&t=50434 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
router vs packet forwarding [7:50471]
what is the difference between router and a device that does packet forwarding between its interfaces. example: can a plain NT box with two network cards (with IP forwarding enabled) be called as a router ? or it is just doing packet forwarding. in my understanding even routers like say cisco router does such packet forwarding though it can make a decision on such packet forwarding based on a routing protocol. would that be correct to say ? __ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50471&t=50471 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: routing question [7:50434]
Chan, Ricky wrote: > > Each machines have the default gateway. > > MachineA ip address 10.10.10.2/24 and gateway 10.10.10.245 > > MachineB ip address 10.10.100.59/29 and gateway 10.10.100.58 > > Routers can ping it's and other serial interfaces. However, > machines can't > ping across the serial interfaces. Can the machines ping anything? Use a "troubleshooting outward" approach. >From Machine A, ping: Machine A's own Ethernet interface any other devices that are local to that Ethernet the Ethernet interface on the local router the serial interfaces on the local router the serial interfaces on the remote router the Ethernet interface on the remote router the Ethernet interface on Machine B Where does it fail? Priscilla > > Please advice. > > Ricky > > -Original Message- > From: Roberts, Larry [mailto:[EMAIL PROTECTED]] > Sent: Thursday, August 01, 2002 3:59 PM > To: Chan, Ricky; [EMAIL PROTECTED] > Subject: RE: routing question [7:50434] > > > Do the machines have a default gateway? Do the remote routers > show each > others LAN's in their database ? Can you ping across the serial > interfaces ? > > Thanks > > Larry > > > -Original Message- > From: Chan, Ricky [mailto:[EMAIL PROTECTED]] > Sent: Thursday, August 01, 2002 2:30 PM > To: [EMAIL PROTECTED] > Subject: routing question [7:50434] > > > Hi all, > > I have a question about routing issue. Let's say I have two > routers > interconnected with serial cables. Router1's s0/0 connected to > Router2's > s0/0 and Router1's s0/1 connected to Router2's s0/1. It is for > redundancy > purpose. MachineA at Router1 would be able to communicate to > MachineB at > Router2. However, I won't be successful to nothing that. Do you > guys have > any idea? Please advice. Below are the configuration of Router1 > and Router2: > > Router1 > > fa0/0 = ip address 10.10.10.245 255.255.255.0 > serial 0/0 = ip address 11.11.11.1 255.255.255.0 > serial 0/1 = ip address 12.12.12.1 255.255.255.0 > router eigrp 100 > network 10.0.0.0 > network 11.0.0.0 > network 12.0.0.0 > > > > Router2 > > fa0/0 = ip address 10.10.100.58 255.255.255.248 > serial 0/0 = ip address 11.11.11.2 255.255.255.0 > serial 0/1 = ip address 12.12.12.2 255.255.255.0 > router eigrp 100 > network 10.0.0.0 > network 11.0.0.0 > network 12.0.0.0 > > MachineA ip address 10.10.10.2/24 > MachineB ip address 10.10.100.58/29 > > The purpose is able to let MachineA communicate to MachineB > through the > routers interconnected with serial links. > > > Thanks in advance. > > Ricky > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50470&t=50434 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Routing Question [7:50431]
What was the static route?? I generally disable auto-summary but if you hace a default or other static route to the remote ethernet the default ip classless would have allowed connectivity. Auto summary summerizes networks to their natural subnet for/to you when crossing another network. Dave "Chan, Ricky" wrote: > > Yes, after I put no auto-summary in the eigrp statment on both routers, plus > I removed the ip route statment. It is working fine now. > > Thanks all for help. > > What is no auto-summary does? > > Please advice > > Ricky > > -Original Message- > From: Winston Shaw [mailto:[EMAIL PROTECTED]] > Sent: Thursday, August 01, 2002 4:30 PM > To: Chan, Ricky; [EMAIL PROTECTED] > Subject: RE: Routing Question [7:50431] > > Please be sure that no auto-summary is configured under the Eigrp processes. > > Winston > > -Original Message- > From: Chan, Ricky [mailto:[EMAIL PROTECTED]] > Sent: Thursday, August 01, 2002 3:11 PM > To: [EMAIL PROTECTED] > Subject: Routing Question [7:50431] > > Hi all, > > I have two 2600 series routers setup with 2 serials connections to each > other for redundancy. It means when one serial connection failed, the other > one still connected. However, I can't get that to work. Below are the > router1 and router2 configuration: > > router1 > > fa0/0 = ip address 10.10.10.245 255.255.255.0 > serial 0/0 = ip address 11.11.11.1 255.255.255.248 > serial 0/1 = ip address 12.12.12.1 255.255.255.248 > > router 2 > > > > > Thanks > > Ricky -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50469&t=50431 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Very odd problem [7:50459]
Any VPN between the sites? -Original Message- From: Drew [mailto:[EMAIL PROTECTED]] Sent: 01 August 2002 22:13 To: [EMAIL PROTECTED] Subject: Very odd problem [7:50459] Hello all, I have a problem that I can barely describe, let alone quantify. I seek the assistance of the masters, and suspect this might be an interesting thing for those of us in the student role. Here goes: I have an internal network seperated from a partner network via a 6500 switch/router which is also running NAT. There is also a Raptor firewall between my network and the border switch. There are some servers in the partner network that are accessed from my network. The 6500 has static NAT entries for those servers. The firwall rulebase is set to allow the connections. The problem is, I can not connect to a specific server in the partner network.. that is, until that server pings my workstation. After that, I can connect to them. What could be the cause of this? Could it be a NAT issue? Where might I start troubleshooting? -Ds Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50467&t=50459 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Very odd problem [7:50459]
What version of Raptor? -Original Message- From: Drew [mailto:[EMAIL PROTECTED]] Sent: 01 August 2002 22:13 To: [EMAIL PROTECTED] Subject: Very odd problem [7:50459] Hello all, I have a problem that I can barely describe, let alone quantify. I seek the assistance of the masters, and suspect this might be an interesting thing for those of us in the student role. Here goes: I have an internal network seperated from a partner network via a 6500 switch/router which is also running NAT. There is also a Raptor firewall between my network and the border switch. There are some servers in the partner network that are accessed from my network. The 6500 has static NAT entries for those servers. The firwall rulebase is set to allow the connections. The problem is, I can not connect to a specific server in the partner network.. that is, until that server pings my workstation. After that, I can connect to them. What could be the cause of this? Could it be a NAT issue? Where might I start troubleshooting? -Ds Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50466&t=50459 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN not connecting [7:50144]
I've been working on trying to eliminate the variables on each side of the VPN The unfortunate thing is, the other side is home, so I usually wait until the late evening/night to work on the remote side That's also the reason for the "frustrating" comment earlier. I know I could SSH into it, but, this isn't the only project I've been working on (as I'm sure a lot of you can relate)... So I'm going to hopefully wrap it up by this weekend. One of the main issues I was running into was the remote network was subnetted from the main network so the ACLs got a little confusing. So I've changed the IP scheme on the remote side... This also brings me to another question; a rather newbie one, what other ports should be open(beside 500)? I received an email from someone saying 50 & 51, does that sound right? If you have the, "allow any out and return in", settings for firewall rules... Do the ports still need to be opened (I would think not since there is the nat0 command?)? The other issue I'm looking into is the MTU size Once I establish the tunnel and maintain connectivity I'll let y'all know what I find Thanx for the help, mkj -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 2:54 PM To: [EMAIL PROTECTED] Subject: RE: VPN not connecting [7:50144] Lidiya White wrote: > > Capture debugs on both ends at the same time. Should be more > helpful. > Make sure both ends have "isakmp identify address"... > > -- Lidiya White Sounds like a good idea. So Mike, what was the problem? It sure would help those of learning IPSec to hear how you resolved the issue. Thanks. Priscilla > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On > Behalf Of > [EMAIL PROTECTED] > Sent: Tuesday, July 30, 2002 4:05 PM > To: [EMAIL PROTECTED] > Subject: RE: VPN not connecting [7:50144] > > The ACLs are mirrors of each other and the transform sets > match > Very > frustrating > > -Original Message- > From: Silju Pillai [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, July 30, 2002 2:29 PM > To: [EMAIL PROTECTED] > Subject: RE: VPN not connecting [7:50144] > > > Hi, > > Pls check the interesting traffic configured > (access list) configured at both ends. Your transform set > parameters > too. It > should be same. > > As you are receiving IKMP_no_error your isakmp policies are > working > fine. > > regards Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50468&t=50144 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Kind suggestion is Needed! [7:50317]
Dear All, Thanks for some valueable suggestions. One more thingif one is willing to be a great networker, young, energatic but unable to get hands on experience then what are some guidelines for him/her.. Thanks, AA Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50464&t=50317 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Kind suggestion is Needed! [7:50317]
Dear All, Thanks for some valueable suggestions. One more thingif one is willing to be a great networker, young, energatic but unable to get hands on experience then what are some guidelines for him/her.. Thanks, AA Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50465&t=50317 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
beginner bgp book review [7:50463]
I made a post asking advice for a beginners book to bgp. BGP4: Interdomain Routing in the Internet, by John W. Stewart III was recommended. I just finished reading it and I must say it was 1000 times better than the entire BGP sections of the Sybex lammle CCNP routing book (piece of trash) and the Cisco Press CCNP routing books. I recommend anyone wanting to learn BGP or studying CCNP routing to read this before the CCNP books. Thanks for putting on this book guys. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50463&t=50463 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Kind suggestion is Needed! [7:50317]
Dear All, Thanks for some valueable suggestions. One more thingif one is willing to be a great networker, young, energatic but unable to get hands on experience then what are some guidelines for him/her.. Thanks, AA Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50462&t=50317 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: routing question [7:50434]
Your saying that the machines can only ping the local ethernet interface and not beyond? What if you ping a machine from it's local router sourcing the serial? If that fails you have a default gateway issue or I have seen servers that supposedly support multiple defaults but it doesn't works. Can you ping the remote ethernets from each of the routers?? Dave "Chan, Ricky" wrote: > > Each machines have the default gateway. > > MachineA ip address 10.10.10.2/24 and gateway 10.10.10.245 > > MachineB ip address 10.10.100.59/29 and gateway 10.10.100.58 > > Routers can ping it's and other serial interfaces. However, machines can't > ping across the serial interfaces. > > Please advice. > > Ricky > > -Original Message- > From: Roberts, Larry [mailto:[EMAIL PROTECTED]] > Sent: Thursday, August 01, 2002 3:59 PM > To: Chan, Ricky; [EMAIL PROTECTED] > Subject: RE: routing question [7:50434] > > Do the machines have a default gateway? Do the remote routers show each > others LAN's in their database ? Can you ping across the serial interfaces ? > > Thanks > > Larry > > > -Original Message- > From: Chan, Ricky [mailto:[EMAIL PROTECTED]] > Sent: Thursday, August 01, 2002 2:30 PM > To: [EMAIL PROTECTED] > Subject: routing question [7:50434] > > Hi all, > > I have a question about routing issue. Let's say I have two routers > interconnected with serial cables. Router1's s0/0 connected to Router2's > s0/0 and Router1's s0/1 connected to Router2's s0/1. It is for redundancy > purpose. MachineA at Router1 would be able to communicate to MachineB at > Router2. However, I won't be successful to nothing that. Do you guys have > any idea? Please advice. Below are the configuration of Router1 and Router2: > > Router1 > > fa0/0 = ip address 10.10.10.245 255.255.255.0 > serial 0/0 = ip address 11.11.11.1 255.255.255.0 > serial 0/1 = ip address 12.12.12.1 255.255.255.0 > router eigrp 100 > network 10.0.0.0 > network 11.0.0.0 > network 12.0.0.0 > > Router2 > > fa0/0 = ip address 10.10.100.58 255.255.255.248 > serial 0/0 = ip address 11.11.11.2 255.255.255.0 > serial 0/1 = ip address 12.12.12.2 255.255.255.0 > router eigrp 100 > network 10.0.0.0 > network 11.0.0.0 > network 12.0.0.0 > > MachineA ip address 10.10.10.2/24 > MachineB ip address 10.10.100.58/29 > > The purpose is able to let MachineA communicate to MachineB through the > routers interconnected with serial links. > > Thanks in advance. > > Ricky -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50460&t=50434 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Very odd problem [7:50459]
Hello all, I have a problem that I can barely describe, let alone quantify. I seek the assistance of the masters, and suspect this might be an interesting thing for those of us in the student role. Here goes: I have an internal network seperated from a partner network via a 6500 switch/router which is also running NAT. There is also a Raptor firewall between my network and the border switch. There are some servers in the partner network that are accessed from my network. The 6500 has static NAT entries for those servers. The firwall rulebase is set to allow the connections. The problem is, I can not connect to a specific server in the partner network.. that is, until that server pings my workstation. After that, I can connect to them. What could be the cause of this? Could it be a NAT issue? Where might I start troubleshooting? -Ds Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50459&t=50459 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Serial Interface Bandwidth [7:50381]
A non csico way, try bing http://www.cnam.fr/reseau/bing.html -Original Message- From: Curious [mailto:[EMAIL PROTECTED]] Sent: 01 August 2002 15:43 To: [EMAIL PROTECTED] Subject: Serial Interface Bandwidth [7:50381] I want to know the current bandwidth of my serial Interface of Router. Lets say i have a fractional T1, how would i know what bandwidth i have for my serial interface. thanks, Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50458&t=50381 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: Cat2950 VLAN 1 ip address...can't connect [7:50331]
AT Cisco Networkers i went to the layer 2 security breakout session and they talked about this. 1st they said the article is out dated. When the article was written Cisco already had a fix for this. 2nd they said with the current switch IOS and additional features they could not hop any VLANS. They tried everything and where not successful. the whole purpose of the breakout was to defuse the myths out there about how unsecure VLANs are. With all that said they did say they do not recommend using one switch with VLANS for web, dmz, and internal traffic > > From: "Priscilla Oppenheimer" > Date: 2002/08/01 Thu PM 03:40:39 EDT > To: [EMAIL PROTECTED] > Subject: RE: Cat2950 VLAN 1 ip address...can't connect [7:50331] > > Turpin, Mark wrote: > > > > I'm referring to trunks, sorry. > > There were some vulnerabilities related to this, but actually the fix was to > make sure the native VLAN wasn't trunked, if I understand it correctly > Although the vulnerabilities caused a big stir, they were hard to exploit. > They required physical access to the switch, a Sniffer, and traffic > generation capabilities. Also, Cisco may have made some changes to avoid the > problem after it got reported. But here's the info from SANS: > > http://www.sans.org/newlook/resources/IDFAQ/vlan.htm > > Priscilla > > > > > > -Original Message- > > From: MADMAN [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, August 01, 2002 12:14 PM > > To: Turpin, Mark > > Cc: [EMAIL PROTECTED] > > Subject: Re: Cat2950 VLAN 1 ip address...can't connect [7:50331] > > > > > > > > Not sure what you mean. Your not changing the default VLAN, > > VLAN 1 > > will remain, can't delete it, (not talking about trunks). I > > know of no > > problems arising when using a VLAN other than 1 for inband > > connectivity. > > > > Dave > > > > > > "The information transmitted is intended only for the person > > or entity to > > which it is addressed and may contain confidential and/or > > privileged > > material. Any review, retransmission, dissemination or other > > use of, or > > taking of any action in reliance upon, this information by > > persons or > > entities other than the intended recipient is prohibited. If > > you received > > this in error, please contact the sender and delete the > > material from all > > computers." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50457&t=50331 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Kind suggestion is Needed! [7:50317]
Some interesting reading http://www.faqs.org/rfcs/rfc1122.html http://www.faqs.org/rfcs/rfc1180.html -Original Message- From: HORVATH TAMAS [mailto:[EMAIL PROTECTED]] Sent: Thursday, 1 August 2002 6:32 p.m. To: [EMAIL PROTECTED] Subject: RE: Kind suggestion is Needed! [7:50317] If you want to learn about - swicthing concept (not especially Cisco) the very best and very accurate book I've ever read it: Rich Seifert, The Swicth Book, - Ethernet: Charles E. Spurgeon, Ethernet, The Definitive Guide. Best regards, Tamas Horvath network engineer Tel.: +36 22/515-452, Fax: +36 22/327-532 E-Mail: [EMAIL PROTECTED] -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 2:25 AM To: [EMAIL PROTECTED] Subject: RE: Kind suggestion is Needed! [7:50317] a. ahmad wrote: > > Dear All, > > I just want to work on my basic concepts of networking and for > that I need the name of some valuable books. I am no more > interested in studying CCNA,CCNP books as I have already > studied those books. I hope you can understand my point. I > just want my base as strong as possible and then gradually move > towards advance networking stuff. My ultimate aim is to be a > Voice Engineer. > > Thanks in advance! > AA Dear AA, It's very important to get a good grounding in networking concepts while studying for Cisco certifications. You can actually attain some of the certifications without getting a good grounding ;-) but that's not advisable. I have a list of books on my Web site. They are all excellent books. Someone mentioned Tannenbaum's book. It's good, but quite theoretical, with lots of math. It even has Fourier analysis in it. ;-) I'm looking at an older edition. It may be different in the latest edition. To learn, TCP/IP, the must-have books are by Comer and W.R. Stevens. Comer also has a very good basic networking book called Computer Networks and Internets. To learn internetworking, especially bridging and routing, the must have book is by Radia Perlman, as someone mentioned. And to learn how protocols really work, the must have book is by Oppenheimer and Bardwell. ;-) Anyway, my list is here: http://www.troubleshootingnetworks.com/books.html Good luck! I applaud your desire to learn how networks really work. Priscilla Oppenheimer Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50456&t=50317 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco 1000TX GBICs [7:50316]
Cisco made mine, if they send me IBM I would put it right back in the box and send it back for a refund. IBM's equipment is junk and has no quality. I doubt Cisco would do something silly like that. IBM comes up with great concepts, ill give them that, but no ability whatsoever to execute them to final production. -Original Message- From: Jeffrey Reed [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 3:09 PM To: [EMAIL PROTECTED] Subject: RE: Cisco 1000TX GBICs [7:50316] I'm not sure if Cisco makes their own GBICs. The LX ones that came from Cisco with our 6509's are from IBM. Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hartnell, George Sent: Thursday, August 01, 2002 1:06 PM To: [EMAIL PROTECTED] Subject: RE: Cisco 1000TX GBICs [7:50316] >"and have nothing good to say about them." What "sweet nothings" would those be? On another, but similar, note, what 3d party GBICs for 1000LX single mode are out there for the Cat 3548 switches? And, are there any "sweet nothings" about using those in a Cisco platform? Very best, G. > -Original Message- > From: Ken Diliberto [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, July 31, 2002 2:55 PM > To: [EMAIL PROTECTED] > Subject: Cisco 1000TX GBICs [7:50316] > > > Anyone have experience with the 1000TX GBICs from Cisco? We have used > the stacking GBICs and have nothing good to say about them. The TX > GBICs are over $100 less (retail). > > Ken Confidential e-mail for addressee only. Access to this e-mail by anyone else is unauthorized. If you have received this message in error, please notify the sender immediately by reply e-mail and destroy the original communication. 2 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50454&t=50316 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN Simulator.... [7:50405]
Someone just asked me ISDN simulators, and told me that the price of the one they were thinking of buying, an Emutel, had dropped 500 dollars. I have a Teltone ISDN Demonstrator, and I like it fine, but I would look into the Emutel if its price has fallen so much. You don't need NT1s for the one he is looking at. The Emutel is British, I think, and the folks in Europe don't use NT1s, I gather. They get to connect to S/T interfaces, so their ISDN simulators tend to use S/T interfaces. The Emutel may have U interfaces, too, for all I know, which would be good to have in case you get routers that already have NT1s built in. ""Juan Blanco"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Team, > I am in the process of purchasing an ISDN simulator for my lab. There are to > many I could choose from. My questions is for those who may have already > purchased the B-Link2, How reliable and efficient the B-Link2 is, Do you > think that it is worth the cost compare to others simulators like one > offered byTeltone, Atlas. Will this simulator will be sufficient for all my > labs simulations > Arca(emutel). > > > Thanks, > > Juan Blanco > > The greatest glory in living lies not in never falling, > but in rising every time we fall ." > -- Nelson Mandela > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50453&t=50405 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: routing question [7:50434]
Disable EIGRP auto-summary on both routers: router eigrp 100 no auto-summary I assume that the "duplicate address" that other group members noticed, was just a typo. Art Mishurov Network Engineer Enterprise Access Group AT&T Solutions ph. 614.244.4555 fax 614.244.1901 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50452&t=50434 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Routing Question [7:50431]
One last question, is it necessary to put the "bandwidth" command and "clock rate" command in all the serial interfaces? So far, I only specified them at router1 both serial interfaces. Router2 serial interfaces have no "bandwidth" command and "clock rate" command. Thanks Ricky -Original Message- From: Winston Shaw [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 4:30 PM To: Chan, Ricky; [EMAIL PROTECTED] Subject: RE: Routing Question [7:50431] Please be sure that no auto-summary is configured under the Eigrp processes. Winston -Original Message- From: Chan, Ricky [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 3:11 PM To: [EMAIL PROTECTED] Subject: Routing Question [7:50431] Hi all, I have two 2600 series routers setup with 2 serials connections to each other for redundancy. It means when one serial connection failed, the other one still connected. However, I can't get that to work. Below are the router1 and router2 configuration: router1 fa0/0 = ip address 10.10.10.245 255.255.255.0 serial 0/0 = ip address 11.11.11.1 255.255.255.248 serial 0/1 = ip address 12.12.12.1 255.255.255.248 router 2 Thanks Ricky Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50451&t=50431 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Routing Question [7:50431]
Yes, after I put no auto-summary in the eigrp statment on both routers, plus I removed the ip route statment. It is working fine now. Thanks all for help. What is no auto-summary does? Please advice Ricky -Original Message- From: Winston Shaw [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 4:30 PM To: Chan, Ricky; [EMAIL PROTECTED] Subject: RE: Routing Question [7:50431] Please be sure that no auto-summary is configured under the Eigrp processes. Winston -Original Message- From: Chan, Ricky [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 3:11 PM To: [EMAIL PROTECTED] Subject: Routing Question [7:50431] Hi all, I have two 2600 series routers setup with 2 serials connections to each other for redundancy. It means when one serial connection failed, the other one still connected. However, I can't get that to work. Below are the router1 and router2 configuration: router1 fa0/0 = ip address 10.10.10.245 255.255.255.0 serial 0/0 = ip address 11.11.11.1 255.255.255.248 serial 0/1 = ip address 12.12.12.1 255.255.255.248 router 2 Thanks Ricky Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50450&t=50431 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: LANE Information [7:50420]
I'd like a copy of that doc, if you would be so kind... will be some very interesting reading. Mark -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 3:11 PM To: [EMAIL PROTECTED] Subject: Re: LANE Information [7:50420] I have digitized the doc but I doubt I can send a pdf to the list. If interested send me an email Dave MADMAN wrote: > > Ha, straight forward LANE, that's an oxymoron!! > > Actually I have a internal doc titled "LANE, it ain't rocket science" > I got several years ago from a Cisco engineer that is very good, clear > and consice in a way you won't find on CCO but I don't have it in > electronic form. > > Dave > > Neil Borne wrote: > > > > Does anyone know where I get can get some "straight forward" LANE > > information? > > > > Thanks, > > > > P. Neil Borne, CCDA,CCNP,C-voice and CWNA > > Systems Integrator III > > > > _ > > Send and receive Hotmail on your mobile device: http://mobile.msn.com > -- > David Madland > Sr. Network Engineer > CCIE# 2016 > Qwest Communications Int. Inc. > [EMAIL PROTECTED] > 612-664-3367 > > "Emotion should reflect reason not guide it" -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50447&t=50420 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Routing Question [7:50431]
Please be sure that no auto-summary is configured under the Eigrp processes. Winston -Original Message- From: Chan, Ricky [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 3:11 PM To: [EMAIL PROTECTED] Subject: Routing Question [7:50431] Hi all, I have two 2600 series routers setup with 2 serials connections to each other for redundancy. It means when one serial connection failed, the other one still connected. However, I can't get that to work. Below are the router1 and router2 configuration: router1 fa0/0 = ip address 10.10.10.245 255.255.255.0 serial 0/0 = ip address 11.11.11.1 255.255.255.248 serial 0/1 = ip address 12.12.12.1 255.255.255.248 router 2 Thanks Ricky Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50448&t=50431 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: routing question [7:50434]
Do a show ip route eigrp on each one and post if you can I want so see if they are learning all the routes. Thanks Larry -Original Message- From: Chan, Ricky [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 3:08 PM To: 'Roberts, Larry'; [EMAIL PROTECTED] Subject: RE: routing question [7:50434] Each machines have the default gateway. MachineA ip address 10.10.10.2/24 and gateway 10.10.10.245 MachineB ip address 10.10.100.59/29 and gateway 10.10.100.58 Routers can ping it's and other serial interfaces. However, machines can't ping across the serial interfaces. Please advice. Ricky -Original Message- From: Roberts, Larry [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 3:59 PM To: Chan, Ricky; [EMAIL PROTECTED] Subject: RE: routing question [7:50434] Do the machines have a default gateway? Do the remote routers show each others LAN's in their database ? Can you ping across the serial interfaces ? Thanks Larry -Original Message- From: Chan, Ricky [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 2:30 PM To: [EMAIL PROTECTED] Subject: routing question [7:50434] Hi all, I have a question about routing issue. Let's say I have two routers interconnected with serial cables. Router1's s0/0 connected to Router2's s0/0 and Router1's s0/1 connected to Router2's s0/1. It is for redundancy purpose. MachineA at Router1 would be able to communicate to MachineB at Router2. However, I won't be successful to nothing that. Do you guys have any idea? Please advice. Below are the configuration of Router1 and Router2: Router1 fa0/0 = ip address 10.10.10.245 255.255.255.0 serial 0/0 = ip address 11.11.11.1 255.255.255.0 serial 0/1 = ip address 12.12.12.1 255.255.255.0 router eigrp 100 network 10.0.0.0 network 11.0.0.0 network 12.0.0.0 Router2 fa0/0 = ip address 10.10.100.58 255.255.255.248 serial 0/0 = ip address 11.11.11.2 255.255.255.0 serial 0/1 = ip address 12.12.12.2 255.255.255.0 router eigrp 100 network 10.0.0.0 network 11.0.0.0 network 12.0.0.0 MachineA ip address 10.10.10.2/24 MachineB ip address 10.10.100.58/29 The purpose is able to let MachineA communicate to MachineB through the routers interconnected with serial links. Thanks in advance. Ricky Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50446&t=50434 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: routing question [7:50434]
Machine B has the same address the router2's fa0/0 interface!!! Dave "Chan, Ricky" wrote: > > Hi all, > > I have a question about routing issue. Let's say I have two routers > interconnected with serial cables. Router1's s0/0 connected to Router2's > s0/0 and Router1's s0/1 connected to Router2's s0/1. It is for redundancy > purpose. MachineA at Router1 would be able to communicate to MachineB at > Router2. However, I won't be successful to nothing that. Do you guys have > any idea? Please advice. Below are the configuration of Router1 and Router2: > > Router1 > > fa0/0 = ip address 10.10.10.245 255.255.255.0 > serial 0/0 = ip address 11.11.11.1 255.255.255.0 > serial 0/1 = ip address 12.12.12.1 255.255.255.0 > router eigrp 100 > network 10.0.0.0 > network 11.0.0.0 > network 12.0.0.0 > > Router2 > > fa0/0 = ip address 10.10.100.58 255.255.255.248 > serial 0/0 = ip address 11.11.11.2 255.255.255.0 > serial 0/1 = ip address 12.12.12.2 255.255.255.0 > router eigrp 100 > network 10.0.0.0 > network 11.0.0.0 > network 12.0.0.0 > > MachineA ip address 10.10.10.2/24 > MachineB ip address 10.10.100.58/29 > > The purpose is able to let MachineA communicate to MachineB through the > routers interconnected with serial links. > > Thanks in advance. > > Ricky -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50445&t=50434 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: can reach host [7:50422]
When you say you can access other hosts that are on the same switch, are they also on the native VLAN? If no you need a router if yes check the default gateway of problem child. Dave GEORGE wrote: > > I having problems pinging a host on a different vlan. However I can > access other host that are connected to the same switch?? Trunking is > enable > What can I look for . the device is on native vlan , while I am on vlan > 2 -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50443&t=50422 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: LANE Information [7:50420]
I have digitized the doc but I doubt I can send a pdf to the list. If interested send me an email Dave MADMAN wrote: > > Ha, straight forward LANE, that's an oxymoron!! > > Actually I have a internal doc titled "LANE, it ain't rocket science" > I got several years ago from a Cisco engineer that is very good, clear > and consice in a way you won't find on CCO but I don't have it in > electronic form. > > Dave > > Neil Borne wrote: > > > > Does anyone know where I get can get some "straight forward" LANE > > information? > > > > Thanks, > > > > P. Neil Borne, CCDA,CCNP,C-voice and CWNA > > Systems Integrator III > > > > _ > > Send and receive Hotmail on your mobile device: http://mobile.msn.com > -- > David Madland > Sr. Network Engineer > CCIE# 2016 > Qwest Communications Int. Inc. > [EMAIL PROTECTED] > 612-664-3367 > > "Emotion should reflect reason not guide it" -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50444&t=50420 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: routing question [7:50434]
-Original Message- From: Chan, Ricky Sent: Thursday, August 01, 2002 3:30 PM To: [EMAIL PROTECTED] Subject: routing question [7:50434] Hi all, I have a question about routing issue. Let's say I have two routers interconnected with serial cables. Router1's s0/0 connected to Router2's s0/0 and Router1's s0/1 connected to Router2's s0/1. It is for redundancy purpose. MachineA at Router1 would be able to communicate to MachineB at Router2. However, I won't be successful to nothing that. Do you guys have any idea? Please advice. Below are the configuration of Router1 and Router2: Router1 fa0/0 = ip address 10.10.10.245 255.255.255.0 serial 0/0 = ip address 11.11.11.1 255.255.255.0 serial 0/1 = ip address 12.12.12.1 255.255.255.0 router eigrp 100 network 10.0.0.0 network 11.0.0.0 network 12.0.0.0 Router2 fa0/0 = ip address 10.10.100.58 255.255.255.248 serial 0/0 = ip address 11.11.11.2 255.255.255.0 serial 0/1 = ip address 12.12.12.2 255.255.255.0 router eigrp 100 network 10.0.0.0 network 11.0.0.0 network 12.0.0.0 MachineA ip address 10.10.10.2/24 MachineB ip address 10.10.100.58/29 The purpose is able to let MachineA communicate to MachineB through the routers interconnected with serial links. Thanks in advance. Ricky Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50442&t=50434 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: routing question [7:50434]
Each machines have the default gateway. MachineA ip address 10.10.10.2/24 and gateway 10.10.10.245 MachineB ip address 10.10.100.59/29 and gateway 10.10.100.58 Routers can ping it's and other serial interfaces. However, machines can't ping across the serial interfaces. Please advice. Ricky -Original Message- From: Roberts, Larry [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 3:59 PM To: Chan, Ricky; [EMAIL PROTECTED] Subject: RE: routing question [7:50434] Do the machines have a default gateway? Do the remote routers show each others LAN's in their database ? Can you ping across the serial interfaces ? Thanks Larry -Original Message- From: Chan, Ricky [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 2:30 PM To: [EMAIL PROTECTED] Subject: routing question [7:50434] Hi all, I have a question about routing issue. Let's say I have two routers interconnected with serial cables. Router1's s0/0 connected to Router2's s0/0 and Router1's s0/1 connected to Router2's s0/1. It is for redundancy purpose. MachineA at Router1 would be able to communicate to MachineB at Router2. However, I won't be successful to nothing that. Do you guys have any idea? Please advice. Below are the configuration of Router1 and Router2: Router1 fa0/0 = ip address 10.10.10.245 255.255.255.0 serial 0/0 = ip address 11.11.11.1 255.255.255.0 serial 0/1 = ip address 12.12.12.1 255.255.255.0 router eigrp 100 network 10.0.0.0 network 11.0.0.0 network 12.0.0.0 Router2 fa0/0 = ip address 10.10.100.58 255.255.255.248 serial 0/0 = ip address 11.11.11.2 255.255.255.0 serial 0/1 = ip address 12.12.12.2 255.255.255.0 router eigrp 100 network 10.0.0.0 network 11.0.0.0 network 12.0.0.0 MachineA ip address 10.10.10.2/24 MachineB ip address 10.10.100.58/29 The purpose is able to let MachineA communicate to MachineB through the routers interconnected with serial links. Thanks in advance. Ricky Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50441&t=50434 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: routing question [7:50434]
Do the machines have a default gateway? Do the remote routers show each others LAN's in their database ? Can you ping across the serial interfaces ? Thanks Larry -Original Message- From: Chan, Ricky [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 2:30 PM To: [EMAIL PROTECTED] Subject: routing question [7:50434] Hi all, I have a question about routing issue. Let's say I have two routers interconnected with serial cables. Router1's s0/0 connected to Router2's s0/0 and Router1's s0/1 connected to Router2's s0/1. It is for redundancy purpose. MachineA at Router1 would be able to communicate to MachineB at Router2. However, I won't be successful to nothing that. Do you guys have any idea? Please advice. Below are the configuration of Router1 and Router2: Router1 fa0/0 = ip address 10.10.10.245 255.255.255.0 serial 0/0 = ip address 11.11.11.1 255.255.255.0 serial 0/1 = ip address 12.12.12.1 255.255.255.0 router eigrp 100 network 10.0.0.0 network 11.0.0.0 network 12.0.0.0 Router2 fa0/0 = ip address 10.10.100.58 255.255.255.248 serial 0/0 = ip address 11.11.11.2 255.255.255.0 serial 0/1 = ip address 12.12.12.2 255.255.255.0 router eigrp 100 network 10.0.0.0 network 11.0.0.0 network 12.0.0.0 MachineA ip address 10.10.10.2/24 MachineB ip address 10.10.100.58/29 The purpose is able to let MachineA communicate to MachineB through the routers interconnected with serial links. Thanks in advance. Ricky Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50440&t=50434 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN not connecting [7:50144]
Lidiya White wrote: > > Capture debugs on both ends at the same time. Should be more > helpful. > Make sure both ends have "isakmp identify address"... > > -- Lidiya White Sounds like a good idea. So Mike, what was the problem? It sure would help those of learning IPSec to hear how you resolved the issue. Thanks. Priscilla > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On > Behalf Of > [EMAIL PROTECTED] > Sent: Tuesday, July 30, 2002 4:05 PM > To: [EMAIL PROTECTED] > Subject: RE: VPN not connecting [7:50144] > > The ACLs are mirrors of each other and the transform sets > match > Very > frustrating > > -Original Message- > From: Silju Pillai [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, July 30, 2002 2:29 PM > To: [EMAIL PROTECTED] > Subject: RE: VPN not connecting [7:50144] > > > Hi, > > Pls check the interesting traffic configured > (access list) configured at both ends. Your transform set > parameters > too. It > should be same. > > As you are receiving IKMP_no_error your isakmp policies are > working > fine. > > regards > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50439&t=50144 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cat2950 VLAN 1 ip address...can't connect [7:50331]
Turpin, Mark wrote: > > I'm referring to trunks, sorry. There were some vulnerabilities related to this, but actually the fix was to make sure the native VLAN wasn't trunked, if I understand it correctly Although the vulnerabilities caused a big stir, they were hard to exploit. They required physical access to the switch, a Sniffer, and traffic generation capabilities. Also, Cisco may have made some changes to avoid the problem after it got reported. But here's the info from SANS: http://www.sans.org/newlook/resources/IDFAQ/vlan.htm Priscilla > > -Original Message- > From: MADMAN [mailto:[EMAIL PROTECTED]] > Sent: Thursday, August 01, 2002 12:14 PM > To: Turpin, Mark > Cc: [EMAIL PROTECTED] > Subject: Re: Cat2950 VLAN 1 ip address...can't connect [7:50331] > > > > Not sure what you mean. Your not changing the default VLAN, > VLAN 1 > will remain, can't delete it, (not talking about trunks). I > know of no > problems arising when using a VLAN other than 1 for inband > connectivity. > > Dave > > > "The information transmitted is intended only for the person > or entity to > which it is addressed and may contain confidential and/or > privileged > material. Any review, retransmission, dissemination or other > use of, or > taking of any action in reliance upon, this information by > persons or > entities other than the intended recipient is prohibited. If > you received > this in error, please contact the sender and delete the > material from all > computers." > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50436&t=50331 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: routing question [7:50434]
You are saying that this configuration doesn't work? Nothing seems amiss. Are you sure the interfaces are up and working? Clockrate and all. Are the routes not getting in the routing table? A show ip route would help. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50438&t=50434 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: routing question [7:50434]
Your machine B address is the same as your Router 2 f0/0 address. Give it a valid address in that subnet and you should get better results. -- Johnny Routin ""Chan, Ricky"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all, > > I have a question about routing issue. Let's say I have two routers > interconnected with serial cables. Router1's s0/0 connected to Router2's > s0/0 and Router1's s0/1 connected to Router2's s0/1. It is for redundancy > purpose. MachineA at Router1 would be able to communicate to MachineB at > Router2. However, I won't be successful to nothing that. Do you guys have > any idea? Please advice. Below are the configuration of Router1 and Router2: > > Router1 > > fa0/0 = ip address 10.10.10.245 255.255.255.0 > serial 0/0 = ip address 11.11.11.1 255.255.255.0 > serial 0/1 = ip address 12.12.12.1 255.255.255.0 > router eigrp 100 > network 10.0.0.0 > network 11.0.0.0 > network 12.0.0.0 > > > > Router2 > > fa0/0 = ip address 10.10.100.58 255.255.255.248 > serial 0/0 = ip address 11.11.11.2 255.255.255.0 > serial 0/1 = ip address 12.12.12.2 255.255.255.0 > router eigrp 100 > network 10.0.0.0 > network 11.0.0.0 > network 12.0.0.0 > > MachineA ip address 10.10.10.2/24 > MachineB ip address 10.10.100.58/29 > > The purpose is able to let MachineA communicate to MachineB through the > routers interconnected with serial links. > > > Thanks in advance. > > Ricky Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50437&t=50434 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: can reach host [7:50422]
What are the source and destination IP addresses? Are they on the same vlan? -Original Message- From: GEORGE [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 2:30 PM To: [EMAIL PROTECTED] Subject: can reach host [7:50422] I having problems pinging a host on a different vlan. However I can access other host that are connected to the same switch?? Trunking is enable What can I look for . the device is on native vlan , while I am on vlan 2 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50435&t=50422 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
routing question [7:50434]
Hi all, I have a question about routing issue. Let's say I have two routers interconnected with serial cables. Router1's s0/0 connected to Router2's s0/0 and Router1's s0/1 connected to Router2's s0/1. It is for redundancy purpose. MachineA at Router1 would be able to communicate to MachineB at Router2. However, I won't be successful to nothing that. Do you guys have any idea? Please advice. Below are the configuration of Router1 and Router2: Router1 fa0/0 = ip address 10.10.10.245 255.255.255.0 serial 0/0 = ip address 11.11.11.1 255.255.255.0 serial 0/1 = ip address 12.12.12.1 255.255.255.0 router eigrp 100 network 10.0.0.0 network 11.0.0.0 network 12.0.0.0 Router2 fa0/0 = ip address 10.10.100.58 255.255.255.248 serial 0/0 = ip address 11.11.11.2 255.255.255.0 serial 0/1 = ip address 12.12.12.2 255.255.255.0 router eigrp 100 network 10.0.0.0 network 11.0.0.0 network 12.0.0.0 MachineA ip address 10.10.10.2/24 MachineB ip address 10.10.100.58/29 The purpose is able to let MachineA communicate to MachineB through the routers interconnected with serial links. Thanks in advance. Ricky Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50434&t=50434 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: LANE Information [7:50420]
Ha, straight forward LANE, that's an oxymoron!! Actually I have a internal doc titled "LANE, it ain't rocket science" I got several years ago from a Cisco engineer that is very good, clear and consice in a way you won't find on CCO but I don't have it in electronic form. Dave Neil Borne wrote: > > Does anyone know where I get can get some "straight forward" LANE > information? > > Thanks, > > P. Neil Borne, CCDA,CCNP,C-voice and CWNA > Systems Integrator III > > _ > Send and receive Hotmail on your mobile device: http://mobile.msn.com -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50433&t=50420 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Cheap IP Serial Console Switch? [7:50432]
What's a *cheap* source or brand for a 6+ port serial console switch (db9 or rj45) with a 10bT telnet interface? I don't have 1000 bucks to spend. I could get a 486 with some serial cards if there really isnt anything out there. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50432&t=50432 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Caveat for 12.1.11 "ip address dhcp" command? [7:50415]
Mark, I seem to recall from a document on CCO that Cisco's "T" releases were on a separate release track than the release of the non-T releases of the same version. In other words, 12.1 and 12.1T are parallel releases that do not cross over. It's not until the next minor version (in this case 12.2) where the previous version's T's are integrated into the mainline IOS. Therefore any 12.2T's will become a part of 12.3 mainline IOS. At least, that's my understanding of it all. To get the "ip address dhcp" command, upgrade to a 12.2 IOS. I am using 12.2 on a 1605 at my house with a cable modem and DHCP address. James Willard [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mark Yanalitis Sent: Thursday, August 01, 2002 2:19 PM To: [EMAIL PROTECTED] Subject: Caveat for 12.1.11 "ip address dhcp" command? [7:50415] I am putting a 2514 16f/16d behind an Ericcson cable modem. image c2500-jos65i-L121.11-bin Enterprise IP/FW plus 56des When I issue the "ip address dhcp" command in (config-if)# for eth0 or eht1, I get a "^ error". when I access help and issue "ip address ?" I see no DHCP option. What gives? This command was first added to IOS in 12.1(2)T. I should have this command in 12.1(11). Any ideas why it is not there? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50429&t=50415 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Routing Question [7:50431]
Hi all, I have two 2600 series routers setup with 2 serials connections to each other for redundancy. It means when one serial connection failed, the other one still connected. However, I can't get that to work. Below are the router1 and router2 configuration: router1 fa0/0 = ip address 10.10.10.245 255.255.255.0 serial 0/0 = ip address 11.11.11.1 255.255.255.248 serial 0/1 = ip address 12.12.12.1 255.255.255.248 router 2 Thanks Ricky Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50431&t=50431 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco 1000TX GBICs [7:50316]
I'm not sure if Cisco makes their own GBICs. The LX ones that came from Cisco with our 6509's are from IBM. Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hartnell, George Sent: Thursday, August 01, 2002 1:06 PM To: [EMAIL PROTECTED] Subject: RE: Cisco 1000TX GBICs [7:50316] >"and have nothing good to say about them." What "sweet nothings" would those be? On another, but similar, note, what 3d party GBICs for 1000LX single mode are out there for the Cat 3548 switches? And, are there any "sweet nothings" about using those in a Cisco platform? Very best, G. > -Original Message- > From: Ken Diliberto [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, July 31, 2002 2:55 PM > To: [EMAIL PROTECTED] > Subject: Cisco 1000TX GBICs [7:50316] > > > Anyone have experience with the 1000TX GBICs from Cisco? We have used > the stacking GBICs and have nothing good to say about them. The TX > GBICs are over $100 less (retail). > > Ken Confidential e-mail for addressee only. Access to this e-mail by anyone else is unauthorized. If you have received this message in error, please notify the sender immediately by reply e-mail and destroy the original communication. 2 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50430&t=50316 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Policy Based Routing [7:50412]
No, the match statement is a standard or extended IP access-list. http://www.cisco.com/warp/partner/synchronicd/cc/pd/iosw/tech/plicy_wp.htm#xtocid8 Dave Jay Greenberg wrote: > > Is it possible to policy-route on the source mac address of the Ethernet > frame? -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50428&t=50412 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Summarizing External LSAs at the ABR [7:50395]
Hi Jay, Not only would doing so violate the spec and potentially cause interop issues with other implementations, it would also likely be tough to implement. The LSA's that can be summarized are all LSA's that the router itself generates. I imagine it is quite easy to apply some logic within the generation process that allows the ABR to make some LSA population decisions for type 3's and 5's (in the NSSA ABR role) as it generates them. Creating hooks into the type 5 flooding process for complete regeneration of the LSA would be a challenge, plus would lead to other nastiness in multivendor environments. my .02 pete At 03:57 PM 8/1/2002 +, Jay Greenberg wrote: >How can you summarize external LSAs when the LSAs come from different >ASBRs? > > >summary?-ABR--ASBR-external-lsa > area 0\area 1 > \ > \ASBR-external-lsa > >area-range (on the ABR) doesn't summarize type 5 lsa's, and you can only >use summary-address on ASBRs. > >If there are any Cisco employees on the list - if this functionality has >not been developed, could it? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50427&t=50395 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Anyone took EVODD (9E0-411)? [7:50340]
I have a co-worker who has taken and past this exam, both the old online version and the proctored one. If I remember correctly (He's not in the office today), the online version was a cake walk, one small step above a sales exam. The proctored one, however, scared him. He was expected somthing easy, and it wasn't. He barely passed. He said the best prep in his opinion would be the study material for CCDA, with an emphasis on voice technologies. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50426&t=50340 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Anyone took EVODD (9E0-411)? [7:50340]
I don't know how "easy" the exam is, as I've not taken it. What I have heard though is that it was/may still be an open-book test. Also, the study material for it is apparently web-based, as there isn't anything in hard-copy... at least that is what I've been told- have not been able to confirm for sure. Maybe someone else will have a more definitive answer. At least I hope so. Mark -Original Message- From: blitzlight [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 9:40 AM To: [EMAIL PROTECTED] Subject: Anyone took EVODD (9E0-411)? [7:50340] Hi all, I've completed DQoS (a badly written exam) and would like to move on to IPT Design Specialist. I've been searching high and low for the study guide or other self-study material, but couldn't find it. CCO doesn't help either. Whenever I do keyword search based on exam topics, CCO search results only points me back to the Exam Description/Topics Page. I wrote to Boson asking whether or not they have it, they replied that they have no author for this exam. Anyone took EVODD 9e0-411 exam yet? What did you use for study & preparation? PEC? I can't afford to go for the full-blown training. Some suggest that this exam is an easy one ... a walk in the park ... is this true? Regards Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50387&t=50340 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF External Summarization Problem [7:50260]
Type 5 LSA's flood ospf domain wide and are not processed by ABR's. The only opportunity to summarize or otherwise modify them is at the point of injection into the OSPF domain (which by definition occurs on an ASBR) The only small exception to this is for type 7 to type 5 conversions which can be summarized or filtered by the NSSA ABR that performs the translation from 7 to 5. At 03:39 PM 8/1/2002 +, Jason Greenberg wrote: >No, I just tested this and summary-address on the ABR did not summarize >the external LSAs, because the redistribution did not occur on the ABR. > >On Thu, 2002-08-01 at 10:10, Mark Turpin wrote: > > I'm just going to assume you're running standard areas everywhere. > > > > While it is supposedly possible to summarize on the ABR with > > summary-address, > > I prefer to use summary-address on the ASBR that is doing the > > redistribution. > > > > area range is used for summarizing that area's networks into the backbone > > area as such: > > area4_abr(config-router)#area 0 range 192.168.0.0 255.255.255.0 > > (summarizes from area4 into area0) > > > > foo_abr(config-router)#area foo range 192.168.0.0 255.255.255.0 > > will summarize 192.168.0.0/24 into area 'foo' > > > > hth, > > -Mark > > > > ""Jay Greenberg"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Hello group, > > > > > > I seem to have a problem with OSPF external LSA summarization. I have > > > an Ethernet segment in area 4. There are 2 ASBRs (RAS Gear), and 1 ABR > > > (the router connected to my backbone). Suppose for now, that ASBR1 is > > > injecting 192.168.0.1/32 into OSPF as an E2 LSA, and ASBR2 is injecting > > > 192.168.0.128/25 into OSPF as an E2 LSA. I would like the other areas > > > to just understand that 192.168.0.0/24 is reachable via the area 4 ABR, > > > however, #area 4 range 192.168.0.0 255.255.255.0 will not work, because > > > it will not summarize external routes, and I cannot use summary-address > > > (or can I?) on the ABR, because it is only supposed to be used by > > > ASBRs. > > > > > > My question is: How can I get the ABR to summarise the /24? > > > > > > Jay Greenberg >-- >Jason Greenberg, CCNP >Network Administrator >Execulink, Inc. >[EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50425&t=50260 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: can reach host [7:50422]
To access one VLAN from another, you need to use a router. Even if both VLANS are on the same switch, without a layer 3 device (a router), you will not be able to access one from the other. Also, the router needs to be either trunked to the switch or have multiple connections to the switch (or intergrated in the case of a layer3 switch). If you'd like to explain further, I'd be happy to entertain questions. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50424&t=50422 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Recertification [7:50372]
one of various recert, written exams. At 01:44 PM 8/1/2002 +, Reza wrote: >Hello Group, >I know that CCIE,s have to recertify every 2 years. For recertification do >you have to take the Lab or the Written? > >Thanks >Reza Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50423&t=50372 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
can reach host [7:50422]
I having problems pinging a host on a different vlan. However I can access other host that are connected to the same switch?? Trunking is enable What can I look for . the device is on native vlan , while I am on vlan 2 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50422&t=50422 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Got problem installing CallManager 3.1 on IBM x330 [7:50401]
First of all, what revision are you trying to install? Second, are you attempting to install from CD or from a file? If you are using a CD, are you trying to boot from it? As I understand it, the CallManager installation itself should work fine (post 3.1.0), but you will run into problems trying to use the Spirion install (that's the cds that are bootable) on non-Cisco blessed hardware. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50421&t=50401 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
LANE Information [7:50420]
Does anyone know where I get can get some "straight forward" LANE information? Thanks, P. Neil Borne, CCDA,CCNP,C-voice and CWNA Systems Integrator III _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50420&t=50420 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: switch command [7:50413]
Switches don't give a fig about ip addresses and don't store them in any tables. Your sho arp command will only show ip addresses that the management interface has accessed; i.e. pc's from which you have telneted to the switch, hosts you have pinged from the switch CLI, etc. All the switch cares about is MAC addresses and VLANS. It's a layer 2 device, so it doesn't care about layer 3 addresses. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50419&t=50413 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
6506 [7:50418]
Hi All, I was wondering if anyone had run into any problems when using a sup2 and the new 6148 board. Cisco says that we should be using 7.2.2, but we cannot get the sup to take it. Any help would be appreciated. Thank you, Frank W. Dagenhardt Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50418&t=50418 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]