RE: 2501 IOS Flash! [7:50512]

2002-08-01 Thread richard roe 

Argh! Still can't get the IOS to copy from tftp to flash!

In addition, here's what i got from #sh flash all command:
System flash directory:
No files in System flash
[0 bytes used, 16777216 available, 16777216 total]
16384K bytes of  System flash (Device not programmable)

   ChipBankCode  Size  Name
1  1   89A0  4096KBINTEL 28F016SA
2  1   89A0  4096KBINTEL 28F016SA
3  1     4096KBUnknown Chip
4  1   89A0  4096KBINTEL 28F016SA

Are the chips still good? Whats the "unknown chip" and does it have any
effect on the transfer?! Says "READ-ONLY" for the flash when copying, any
idea/s on how to change that?

Been through loads of documentation but still can't find the answer!
Do hope someone can help...thanks!



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50517&t=50512
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cheap IP Serial Console Switch? [7:50432]

2002-08-01 Thread Vance Krier 

Cisco made a cheaper one, model 500CS.  Specifically 508CS and 516CS with 8
and 16 rj45 serial ports and a 10Mb AUI interface.  I've bought two of them
on ebay for around $300, and $400.  They work great.  I don't see any on
Ebay right now, but they show up from time to time.

Good Luck,
Vance




""McAllister Paul""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> What's a *cheap* source or brand for a 6+ port serial console switch (db9
or
> rj45) with a 10bT telnet interface?
>
> I don't have 1000 bucks to spend.  I could get a 486 with some serial
cards
> if there really isnt anything out there.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50513&t=50432
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2501 IOS Flash! [7:50512]

2002-08-01 Thread KW S 

This URL may be useful to you

http://www.cisco.com/warp/public/471/13.html





Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50516&t=50512
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cat 4000 Series Power Supply Question [7:50510]

2002-08-01 Thread Ronnie Higginbotham 

Yes The power supplies are hot-swappable.


""Firesox""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Could please someon confirm the additional power supply the existing cat
> 4000 serires switches are hot-swappable?
> For example for 4006, I can plug in the third power supply without
> disrupting the operation.
> for 4003, 2nd power supply can be added without disrupting the service
>
> Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50515&t=50510
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Pix static mappings to the inside [7:50500]

2002-08-01 Thread Lidiya White 

If you have only one public ip address and it is used on the outside
interface:
static (inside,outside) tcp interface 25 inside_ip 25 netmask
255.255.255.255
conduit permit tcp host outside_ip eq 25 any

-- Lidiya White


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Elijah Savage III
Sent: Thursday, August 01, 2002 10:23 PM
To: [EMAIL PROTECTED]
Subject: Pix static mappings to the inside [7:50500]

I have my pix 501 firewall working but I have yet to be able to get
static mapping working. I try this

Static "outside ip address" "inside ip address"

Conduit permit tcp outside ip inside ip eq 25 any



When I issue these commands I can get mail into my mail server behind
the pix but it breaks my nat. I have read that it is not good to use
your outside global ip address for static mapping but if you only have 1
static ip address how else can you do it.



With me only having one static ip will this work?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50514&t=50500
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

2501 IOS Flash! [7:50512]

2002-08-01 Thread richard roe 

Hey all,

Could someone be kind enough to explain to me why I can't copy IOS by tftp
to my flash, my flash currently reads:
System flash directory:
No files in System flash
[0 bytes used, 16777216 available, 16777216 total]
16384K bytes of  System flash (Device not programmable)

I think (Device not programmable) may be the problem(could be wrong), any
ideas how to rectify this?

Please help.

Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50512&t=50512
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: router vs packet forwarding [7:50471]

2002-08-01 Thread Cisco_Maniac 

Well to tell you the truth a NT box with IP forwarding enabled and dual NIC
cards is truely a router with L3 functinality. But Cisco or Juniper or
Nortel add a lot of extra features in to the boxes to enhance the routing
performance features like latency, QoS and stuff like that.
These boxes are made to do only L3 functionailty not a NT box with 2 E or FE
ports. A router can have virtually any kind of interface that can be thought
off. A router has a much faster RAM called the Flash (expensive too).
Now I would anyday use a NT box for computing only anad a specialist router
to do L3 routing between networks. I am sure the amount of traffic that can
pass through the L3 devices in todays networks (20/80 rule) will toast the
NT box.
Chaoo,
Cisco_Maniac


""John Green""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> what is the difference between router and a device
> that does packet forwarding between its interfaces.
>
> example:
> can a plain NT box with two network cards (with IP
> forwarding enabled) be called as a router ? or it is
> just doing packet forwarding.
> in my understanding even routers like say cisco router
> does such packet forwarding though it can make a
> decision on such packet forwarding based on a routing
> protocol. would that be correct to say ?
>
> __
> Do You Yahoo!?
> Yahoo! Health - Feel better, live better
> http://health.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50511&t=50471
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cat 4000 Series Power Supply Question [7:50510]

2002-08-01 Thread Firesox 

Could please someon confirm the additional power supply the existing cat
4000 serires switches are hot-swappable?
For example for 4006, I can plug in the third power supply without
disrupting the operation.
for 4003, 2nd power supply can be added without disrupting the service

Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50510&t=50510
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Pix 501 connected to dsl [7:50449]

2002-08-01 Thread Jagan Krishnaraj 

Hi

To get a reply from outside users PIX must include 

conduit permit icmp echo
conduit permit icmp echo-reply

regards
jagan CCNP,CCNA,CCDA,MCNS,MCSE+I,CLP






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50509&t=50449
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 3620 RAS [7:50397]

2002-08-01 Thread Juli Hato 

Try this:

http://www.cisco.com/warp/public/471/upgrading_modem_firmware.shtml

Regards,
HATO


>From: "Mel Chandler PMI" 
>Reply-To: "Mel Chandler PMI" 
>To: [EMAIL PROTECTED]
>Subject: 3620 RAS [7:50397]
>Date: Thu, 1 Aug 2002 16:30:17 GMT
>
>I have a 3620 that's functioning as a RAS server.  We have issues with
>connection speed for dial up users.  They're getting below 28k.  We're
>currently running 2720 for the MICA firmware.  I found and download 2740
>firmware and would like to update, but according to the documentation on 
>the
>TAC spe is only available to AS5X00's.  How do I update the 3620?  If you
>point me to an article or give me something step by step I'd be most
>grateful.  Thanks.
>
>Mel L. Chandler, A+, Network+, MCNE, MCDBA, MCSE+I, CCNA
>[EMAIL PROTECTED]
>Network Analyst
>Information Services
>PMI Delta Dental
>(562) 467-6627
>
>"Life's a reach and then you jibe."
>
>[GroupStudy.com removed an attachment of type image/gif which had a name of
>Image1.gif]
_
Join the worlds largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50508&t=50397
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Pix static mappings to the inside [7:50500]

2002-08-01 Thread Elijah Savage III 

I have my pix 501 firewall working but I have yet to be able to get
static mapping working. I try this

Static "outside ip address" "inside ip address"

Conduit permit tcp outside ip inside ip eq 25 any



When I issue these commands I can get mail into my mail server behind
the pix but it breaks my nat. I have read that it is not good to use
your outside global ip address for static mapping but if you only have 1
static ip address how else can you do it.



With me only having one static ip will this work?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50500&t=50500
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISDN Simulator.... [7:50405]

2002-08-01 Thread Fanglo MA 

Hi,

I just bidded one from NLI in ebay. If you are no hurry I will let you
know if it is worth or not in next week. As I expect I will get it on this
weekend or next monday. I hope
so...

Regards,
Fanglo


On Thu, 1 Aug 2002, Juan Blanco wrote:

> Team,
> I am in the process of purchasing an ISDN simulator for my lab. There are
to
> many I could choose from. My questions is for those who may have already
> purchased the B-Link2, How reliable and efficient the B-Link2 is, Do you
> think that it is worth the cost compare to others simulators like one
> offered byTeltone, Atlas. Will this simulator will be sufficient for all my
> labs simulations
> Arca(emutel).
>
>
> Thanks,
>
> Juan Blanco
> 
> The greatest glory in living lies not in never falling,
>  but in rising every time we fall ."
>  -- Nelson Mandela
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50498&t=50405
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Route Summary syntax [7:50507]

2002-08-01 Thread John Brandis 

Hi All, are the 2 following statements the same ?

Route Summary for my global empire

Sydney 10.64.0.0/21

Melb10.64.0.8/23

Bris10.64.0.10/23

Is whats below the same ?

10.64.0.0/21

10.64.8.0/23

10.64.10.0/23

Thanks for your time everyone.

JB


**

visit http://www.solution6.com
visit http://www.eccountancy.com - everything for accountants.

UK Customers - http://www.solution6.co.uk

*
This email message (and attachments) may contain information that is
confidential to Solution 6. If you are not the intended recipient you cannot
use, distribute or copy the message or attachments.  In such a case, please
notify the sender by return email immediately and erase all copies of the
message and attachments.  Opinions, conclusions and other information in
this message and attachments that do not relate to the official business of
Solution 6 are neither given nor endorsed by it.
*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50507&t=50507
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cheap IP Serial Console Switch? [7:50432]

2002-08-01 Thread Larry Letterman 

in fact its a 2511 and has 16 console ports and 1 10bt port...


Larry Letterman
Cisco Systems
[EMAIL PROTECTED] 




-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Michael L. Williams
Sent: Thursday, August 01, 2002 4:08 PM
To: [EMAIL PROTECTED]
Subject: Re: Cheap IP Serial Console Switch? [7:50432]


There a 2500 series router (2511 I believe, but hopefully someone else will
pipe up and correct me) that has 8 serial ports and a 10baseT interface that
you should be able to pick up for alot cheaper than $1000.  I've even
seen it referred to as "the poor man's term server".

Mike W.

"McAllister Paul"  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> What's a *cheap* source or brand for a 6+ port serial console switch (db9
or
> rj45) with a 10bT telnet interface?
>
> I don't have 1000 bucks to spend.  I could get a 486 with some serial
cards
> if there really isnt anything out there.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50506&t=50432
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: router vs packet forwarding [7:50471]

2002-08-01 Thread Kevin Cullimore 

Partially marketing, partially an ability to scale (general purpose os'
generally tend to get burdened with tasks that deprive the routing threads
of vital system resources).

As a device that passes data between two L3 networks, and makes decisions
based upon L3 header information, you can call it a router.

As a device that is dedicated to, and designed for, routing, you probably
wouldn't want to.

They both forward packets.

- Original Message -
From: "John Green" 
To: 
Sent: 01 August 2002 6:03 pm
Subject: router vs packet forwarding [7:50471]


> what is the difference between router and a device
> that does packet forwarding between its interfaces.
>
> example:
> can a plain NT box with two network cards (with IP
> forwarding enabled) be called as a router ? or it is
> just doing packet forwarding.
> in my understanding even routers like say cisco router
> does such packet forwarding though it can make a
> decision on such packet forwarding based on a routing
> protocol. would that be correct to say ?
>
> __
> Do You Yahoo!?
> Yahoo! Health - Feel better, live better
> http://health.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50505&t=50471
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 3620 RAS [7:50397]

2002-08-01 Thread supernet 

The 3rd one is for 3600:
http://www.cisco.com/public/sw-center/sw-access.shtml

HTH.
Yoshi

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Mel Chandler PMI
Sent: Thursday, August 01, 2002 9:30 AM
To: [EMAIL PROTECTED]
Subject: 3620 RAS [7:50397]

I have a 3620 that's functioning as a RAS server.  We have issues with
connection speed for dial up users.  They're getting below 28k.  We're
currently running 2720 for the MICA firmware.  I found and download 2740
firmware and would like to update, but according to the documentation on
the
TAC spe is only available to AS5X00's.  How do I update the 3620?  If
you
point me to an article or give me something step by step I'd be most
grateful.  Thanks.

Mel L. Chandler, A+, Network+, MCNE, MCDBA, MCSE+I, CCNA 
[EMAIL PROTECTED] 
Network Analyst 
Information Services 
PMI Delta Dental 
(562) 467-6627

"Life's a reach and then you jibe."

[GroupStudy.com removed an attachment of type image/gif which had a name
of
Image1.gif]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50504&t=50397
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VLAN Leaking [7:50404]

2002-08-01 Thread Larry Letterman 

I have no leakage issues with mgmt vlans being on vlans other than
vlan 1 in most switches here...


Larry Letterman
Cisco Systems
[EMAIL PROTECTED] 




-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Ken Diliberto
Sent: Thursday, August 01, 2002 10:10 AM
To: [EMAIL PROTECTED]
Subject: RE: VLAN Leaking [7:50404]


That would explain why I see traffic on my VLAN that should be on a
different VLAN.

>>> "Turpin, Mark"  08/01/02 08:55AM >>>
Lore has it that changing the default vlan can result in leaking.

Real life experiences?
-Mark

-Original Message-
From: MADMAN [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 01, 2002 10:30 AM
To: [EMAIL PROTECTED]
Subject: Re: Cat2950 VLAN 1 ip address...can't connect [7:50331]


What do they mean by management?  for inband managment you could use
any VLAN, large switched networks will often choose a VLAN that is
used
for inband management only.  VLAN 1 also is used by the switches for
management via VTP, spanning, DISL, PAGP etc.

  Dave


 "The information transmitted is intended only for the person or entity
to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of,
or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you
received
this in error, please contact the sender and delete the material from
all
computers."




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50503&t=50404
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: LANE Information [7:50420]

2002-08-01 Thread Daniel Cotts 

Cisco LAN Switching by Clark and Hamilton has an interesting chapter on
LANE.

> -Original Message-
> From: Neil Borne [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 01, 2002 1:26 PM
> To: [EMAIL PROTECTED]
> Subject: LANE Information [7:50420]
> 
> 
> Does anyone know where I get can get some "straight forward" LANE 
> information?
> 
> Thanks,
> 
> 
> P. Neil Borne, CCDA,CCNP,C-voice and CWNA
> Systems Integrator III
> 
> 
> _
> Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50502&t=50420
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco 1000TX GBICs [7:50316]

2002-08-01 Thread Larry Letterman 

I have several hundred sx and lx gbics in operation on the 6509
base here at cisco, with very few failures or issues.


Larry Letterman
Cisco Systems
[EMAIL PROTECTED] 




-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
eo
Sent: Thursday, August 01, 2002 10:01 AM
To: [EMAIL PROTECTED]
Subject: Re: Cisco 1000TX GBICs [7:50316]


On Wednesday 31 July 2002 06:09 pm, Brian Zeitz wrote:
> I have two them on (2) 3550-24s, the fiber ones, and they work fine. CDW
> tried to say I needed just one. Don't ask! Ha ha. I think you can do 1
> GBIC if you chose copper. They seem to be working flawlessly so far.
> They could have just embedded this 180$ GBICs in the switch. Lets see,
> 180x2 for the Fiber GBIC, 2x 1500 for the EMI upgrade Hello :) 3500$
> later, I can use the switches ;)
>
> -Original Message-
> From: Ken Diliberto [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 31, 2002 5:55 PM
> To: [EMAIL PROTECTED]
> Subject: Cisco 1000TX GBICs [7:50316]
>
> Anyone have experience with the 1000TX GBICs from Cisco?  We have used
> the stacking GBICs and have nothing good to say about them.  The TX
> GBICs are over $100 less (retail).
>
> Ken
> Nondisclosure violations to [EMAIL PROTECTED]

We use quite a few Gigastacks, LX SX and and copper and have used them for
quite some time on a cat 6509 and cat 3524xl's they have worked very well
for
us. They certainly aren't the choke point in our network.

D
--
David Cooper
[EMAIL PROTECTED]/http://www.eosin.org




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50501&t=50316
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN not connecting [7:50144]

2002-08-01 Thread supernet 

I've seen VPN problems between PIXs, Cisco routers and VPN-1s. Sometimes
everything seems to be right but it doesn't work. Remove "crypto map"
and add them back may help. At least, it helped me twice.

HTH.
Yoshi

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, August 01, 2002 2:40 PM
To: [EMAIL PROTECTED]
Subject: RE: VPN not connecting [7:50144]

I've been working on trying to eliminate the variables on each side of
the
VPN  The unfortunate thing is, the other side is home, so I usually
wait
until the late evening/night to work on the remote side  That's also
the
reason for the "frustrating" comment earlier.  I know I could SSH into
it,
but, this isn't the only project I've been working on (as I'm sure a lot
of
you can relate)...  So I'm going to hopefully wrap it up by this
weekend.

One of the main issues I was running into was the remote network was
subnetted from the main network so the ACLs got a little confusing.  So
I've
changed the IP scheme on the remote side...  This also brings me to
another
question; a rather newbie one, what other ports should be open(beside
500)?
I received an email from someone saying 50 & 51, does that sound right?
If
you have the, "allow any out and return in", settings for firewall
rules...
Do the ports still need to be opened (I would think not since there is
the
nat0 command?)?  The other issue I'm looking into is the MTU size

Once I establish the tunnel and maintain connectivity I'll let y'all
know
what I find

Thanx for the help,
mkj

-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, August 01, 2002 2:54 PM
To: [EMAIL PROTECTED]
Subject: RE: VPN not connecting [7:50144]


Lidiya White wrote:
> 
> Capture debugs on both ends at the same time. Should be more
> helpful.
> Make sure both ends have "isakmp identify address"...
> 
> -- Lidiya White

Sounds like a good idea. So Mike, what was the problem? It sure would
help
those of learning IPSec to hear how you resolved the issue. Thanks.

Priscilla


> 
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On
> Behalf Of
> [EMAIL PROTECTED]
> Sent: Tuesday, July 30, 2002 4:05 PM
> To: [EMAIL PROTECTED]
> Subject: RE: VPN not connecting [7:50144]
> 
> The ACLs are mirrors of each other and the transform sets
> match
> Very
> frustrating  
> 
> -Original Message-
> From: Silju Pillai [mailto:[EMAIL PROTECTED]] 
> Sent: Tuesday, July 30, 2002 2:29 PM
> To: [EMAIL PROTECTED]
> Subject: RE: VPN not connecting [7:50144]
> 
> 
> Hi,
> 
>   Pls check the interesting traffic configured 
> (access list) configured at both ends. Your transform set
> parameters
> too. It
> should be same.
> 
> As you are receiving IKMP_no_error your isakmp policies are
> working
> fine. 
> 
> regards




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50499&t=50144
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Very odd problem [7:50459]

2002-08-01 Thread Daniel Cotts 

First question is - Did it ever work? If so, what changed?
Can anyone from your network connect to the server?
If so, what is different between the successful PC and yours?
Does the network look like this:
you...FW...6500...Servers
If there is lack of connectivity we want to determine where the packets are
dropped when you attempt a ping. Outbound from you to the server or inbound
from the server to you.
Can you capture packets? If so, trying pinging from your PC and capture at
different locations. I might start at the server location. If you can see
your outbound pings there then look for the replies from the server.
If you can't see your pings then capture between the FW and the 6500. If
successful the FW looks good. Check the 6500.
If the server does see your pings and replies again capture between the 6500
and FW.
See where the traffic fails then look for the cause.

> -Original Message-
> From: Drew [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 01, 2002 4:13 PM
> To: [EMAIL PROTECTED]
> Subject: Very odd problem [7:50459]
> 
> 
> Hello all,
> I have a problem that I can barely describe, let alone quantify.
> I seek the assistance of the masters, and suspect this might be
> an interesting thing for those of us in the student role.
> 
> Here goes:
> 
> I have an internal network seperated from a partner network
> via a 6500 switch/router which is also running NAT.  There is 
> also a Raptor firewall between my network and the border switch.
> There are some servers in the partner network that are accessed
> from my network.  The 6500 has static NAT entries for those 
> servers.  The firwall rulebase is set to allow the connections.
> 
> The problem is, I can not connect to a specific server in the 
> partner network.. that is, until that server pings my workstation.
> After that, I can connect to them.  
> 
> What could be the cause of this?  Could it be a NAT issue?
> Where might I start troubleshooting?
> 
> -Ds




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50497&t=50459
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CSPFA Exam [7:50496]

2002-08-01 Thread Pierrek 

CSPFA Exam what is the passing grade ?

Thanks

Pierrek




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50496&t=50496
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Kind suggestion is Needed! [7:50317]

2002-08-01 Thread Priscilla Oppenheimer 

a. ahmad wrote:
> 
> Dear All,
> 
> Thanks for some valueable suggestions. One more thingif one
> is willing to be a great networker, young, energatic but unable
> to get hands on experience then what are some guidelines for
> him/her..

Could you get some experience in a volunteer job? A lot of schools and
non-profit organizations need networking help, whether they know it or not.

Or how about convincing a company to let you be a part-time apprentice or
intern at little or no pay.

And of course, you can get a lot of experience in a home lab.

Priscilla


> 
> Thanks,
> AA




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50495&t=50317
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Does IOS 11.1(2) support "show tech" command [7:50494]

2002-08-01 Thread Jimmy 

Hi all :

Does anyone know whether IOS 11.1(2) support "show
tech" command ? I have a 2501 router running on
11.1(2) and it does not has "show tech ". However
another 2501 router running on 11.0(22) and it has
"show tech" command.

Thanks in advance.

cheers
Jimmy

  

__
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50494&t=50494
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Anyone took EVODD (9E0-411)? [7:50340]

2002-08-01 Thread Matthew F. Crane 

Yep taken both and yep the proctored one is a real - insert expletive of
choice - and its certainly not open book, not that there are any books to
help you. The online one certainly was not worth the #40

I took the 5 day course #1,800 and it was well worth it, BUT only if you had
done CVOICE & CIPT before hand since the course made many assumptions about
student knowledge and experience. Those that were on the EVODD course who
had little or no experience or who had not done CIPT were left floundering.
Those who simply missed CVOICE had a little evening studying to do,
generally in the bar with those of us who had passed that exam.

That said the course is relatively easy and there are no hands-on labs. This
may have changed since the course notes I have still have 'Cisco For
Internal Use Only' stamped all over them.

I might if I can ever get the IRS to give me an ITIN write an exam for Boson
for this one, but don't hold your breath.

MFC

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
blitzlight
Sent: 01 August 2002 15:40
To: [EMAIL PROTECTED]
Subject: Anyone took EVODD (9E0-411)? [7:50340]


Hi all,

I've completed DQoS (a badly written exam) and would like to move on to IPT
Design Specialist.

I've been searching high and low for the study guide or other self-study
material, but couldn't find it.
CCO doesn't help either. Whenever I do keyword search based on exam topics,
CCO search results only points me back to the Exam Description/Topics Page.

I wrote to Boson asking whether or not they have it, they replied that they
have no author for this exam.

Anyone took EVODD 9e0-411 exam yet? What did you use for study &
preparation? PEC?
I can't afford to go for the full-blown training.
Some suggest that this exam is an easy one ... a walk in the park ... is
this true?

Regards




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50455&t=50340
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Pix 501 connected to dsl [7:50449]

2002-08-01 Thread Elijah Savage III 

All,

I have just got my pix 501 and I have it connected to my dsl provider I have
a static ip address. I have it configured as best as I could from the docs
but can't get traffic through it. Also I can ping my default gateway of my
isp but when I try to ping anything outside of my isp default gateway like
www.cisco.com by name or ip address I get no response. And my clients on the
inside can't get out. Any help would be greatly appreciated.

 

pixfirewall# sh conf
: Saved
:
PIX Version 6.1(3)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xzodKzXOwh/IjrTt encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pixfirewall
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
pager lines 24
interface ethernet0 10baset
interface ethernet1 10full
mtu outside 1500
mtu inside 1500
ip address outside 66.93.21.X 255.255.255.0
ip address inside 192.168.X.X 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 66.93.21.0 255.255.255.0 outside
pdm location 0.0.0.0 255.255.255.0 outside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http 192.168.X.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet timeout 5
ssh timeout 5
dhcpd dns 192.168.X.X
dhcpd wins 192.168.X.X
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd domain digitalrage.org
terminal width 80
Cryptochecksum:b8fe98213b66bb850c58ba5ad7831262
pixfirewall# sh ver

Cisco PIX Firewall Version 6.1(3)
Cisco PIX Device Manager Version 1.1(2)

Compiled on Fri 22-Feb-02 08:15 by morlee

pixfirewall up 17 mins 46 secs

Hardware:   PIX-501, 16 MB RAM, CPU Am5x86 133 MHz
Flash E28F640J3 @ 0x300, 8MB
BIOS Flash E28F640J3 @ 0xfffd8000, 128KB

0: ethernet0: address is 000a.411e.f554, irq 9
1: ethernet1: address is 000a.411e.f555, irq 10

Licensed Features:
Failover:   Disabled
VPN-DES:Enabled
VPN-3DES:   Disabled
Maximum Interfaces: 2
Cut-through Proxy:  Enabled
Guards: Enabled
Websense:   Enabled
Inside Hosts:   10
Throughput: Limited
ISAKMP peers:   5

pixfirewall#




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50449&t=50449
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cheap IP Serial Console Switch? [7:50432]

2002-08-01 Thread Symon Thurlow 

I got a Digiboard 16 port RJ45 terminal server for #150 I think from Ebay.
Found the pin outs, made some cables up and it works well.

I would keep an eye on there.

Symon

-Original Message-
From: McAllister Paul [mailto:[EMAIL PROTECTED]] 
Sent: 01 August 2002 20:18
To: [EMAIL PROTECTED]
Subject: OT: Cheap IP Serial Console Switch? [7:50432]


What's a *cheap* source or brand for a 6+ port serial console switch (db9 or
rj45) with a 10bT telnet interface?

I don't have 1000 bucks to spend.  I could get a 486 with some serial cards
if there really isnt anything out there.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50461&t=50432
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RFC 3345 on Border Gateway Protocol (BGP) Persistent Route [7:50492]

2002-08-01 Thread Howard C. Berkowitz 

This has relevance to setting up multiple levels of route reflectors, 
IGP metric redistribution into BGP, and certain confederation 
configurations.  The problem tends to occur when connecting POPs to a 
core.



>
>A new Request for Comments is now available in online RFC libraries.
>
>
> RFC 3345
>
> Title:Border Gateway Protocol (BGP) Persistent Route
> Oscillation Condition
> Author(s):  D. McPherson, V. Gill, D. Walton, A. Retana
> Status:   Informational
>   Date:   August 2002
> Mailbox:[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
> [EMAIL PROTECTED]
> Pages:  19
> Characters: 38137
> Updates/Obsoletes/SeeAlso:None
>
> I-D Tag:draft-ietf-idr-route-oscillation-01.txt
>
> URL:ftp://ftp.rfc-editor.org/in-notes/rfc3345.txt
>
>
>In particular configurations, the BGP scaling mechanisms defined in
>"BGP Route Reflection - An Alternative to Full Mesh IBGP" and
>"Autonomous System Confederations for BGP" will introduce persistent
>BGP route oscillation.  This document discusses the two types of
>persistent route oscillation that have been identified, describes
>when these conditions will occur, and provides some network design
>guidelines to avoid introducing such occurrences.
>
>This document is a product of the Inter-Domain Routing Working Group
>of the IETF.
>
>This memo provides information for the Internet community.  It does
>not specify an Internet standard of any kind.  Distribution of this
>memo is unlimited.
>
>This announcement is sent to the IETF list and the RFC-DIST list.
>Requests to be added to or deleted from the IETF distribution list
>should be sent to [EMAIL PROTECTED]  Requests to be
>added to or deleted from the RFC-DIST distribution list should
>be sent to [EMAIL PROTECTED]
>
>Details on obtaining RFCs via FTP or EMAIL may be obtained by sending
>an EMAIL message to [EMAIL PROTECTED] with the message body
>help: ways_to_get_rfcs.  For example:
>
> To: [EMAIL PROTECTED]
> Subject: getting rfcs
>
> help: ways_to_get_rfcs
>
>Requests for special distribution should be addressed to either the
>author of the RFC in question, or to [EMAIL PROTECTED]  Unless
>specifically noted otherwise on the RFC itself, all RFCs are for
>unlimited distribution.echo
>Submissions for Requests for Comments should be sent to
>[EMAIL PROTECTED]  Please consult RFC 2223, Instructions to RFC
>Authors, for further information.
>
>
>Joyce K. Reynolds and Sandy Ginoza
>USC/Information Sciences Institute
>
>...
>
>Below is the data which will enable a MIME compliant Mail Reader
>implementation to automatically retrieve the ASCII version
>of the RFCs.
>
>
>[The following attachment must be fetched by mail. Command-click the 
>URL below and send the resulting message to get the attachment.]
>
>[The following attachment must be fetched by ftp.  Command-click the 
>URL below to ask your ftp client to fetch it.]
>




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50492&t=50492
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Very odd problem [7:50459]

2002-08-01 Thread Drew 

"Lupi, Guy" wrote:
> 
> Can the server initiate a tcp connection to you?  

After it pings me, I can connect using TCP as well as pinging.
They have not tried to initiate a connection to me, so I can't say.

> Have you checked the NAT
> mapping to ensure you are allowed to initiate connections to that server?
> It sounds like when the server pings you, it opens a "hole" through NAT
> allowing you to then initiate a connection to it through that "hole".  This
> doesn't sound like it is in keeping with the proper function of stateful
> NAT, which should just allow ICMP back throught the translation it created,
> unless the NAT implementation isn't using stateful inspection.  If you can
> contact all the servers except that one, I would look for the difference
> between the configuration for the other servers and that one.
> 

I'm leaning that way as well...




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50491&t=50459
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Very odd problem [7:50459]

2002-08-01 Thread Drew 

"[EMAIL PROTECTED]" wrote:
> 
> can you clarify a few things?
> 
> 1. are you able to connect to any other servers on the partner network?

I believe so, but I am not 100%. 

> 2. is your workstation address being NATed as well? ie is the real address
> used when that specific server pings your workstation?

Yes.  The workstations are NATed from a pool of addresses.
The servers on the partner net are static NATs


> 3. any chance you have a traceroute/tracert result from your workstation to
> the server?
> 

Alas, I cannot.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50490&t=50459
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN not connecting [7:50144]

2002-08-01 Thread Ciaron Gogarty 

An interesting fact is also that you must use one of the following transform
sets (or so I seem to remember reading):

"The transform must be one of the following combinations. If it is not,
modify the transform to match one of the following and try again.
  a.. Esp-3des esp-sha-hmac
  b.. Esp-3des esp-md5-hmac
  c.. Esp-des esp-sha-hmac
  d.. Esp-des esp-md5-hmac"
may be helpful.

rgds,

Ciaron


- Original Message -
From: "Priscilla Oppenheimer" 
To: 
Sent: Thursday, August 01, 2002 11:59 PM
Subject: RE: VPN not connecting [7:50144]


> [EMAIL PROTECTED] wrote:
> >
> > I've been working on trying to eliminate the variables on each
> > side of the
> > VPN  The unfortunate thing is, the other side is home, so I
> > usually wait
> > until the late evening/night to work on the remote side
> > That's also the
> > reason for the "frustrating" comment earlier.  I know I could
> > SSH into it,
> > but, this isn't the only project I've been working on (as I'm
> > sure a lot of
> > you can relate)...  So I'm going to hopefully wrap it up by
> > this weekend.
>
> No problem, but do let us know what you learn! :-) Thanks. A few more
> comments below...
> >
> > One of the main issues I was running into was the remote
> > network was
> > subnetted from the main network so the ACLs got a little
> > confusing.
>
> I was thinking that ACLs might be related to the problem. On the crypto
ACL
> that defines interesting packets that must be protected by IPSec, you have
> to get addresses and any protocols, ports, etc., just right. It doesn't
help
> that PIX doesn't do the mask the same as IOS. While troubleshooting, you
> might want to make this access list pretty general purpose using big
blocks
> of addresses and not worrying about ports.
>
> Now, don't confuse this with general-purpose access lists. This crypto
> access list is just for defining traffic that must be protected.
>
> >  So I've
> > changed the IP scheme on the remote side...  This also brings
> > me to another
> > question; a rather newbie one, what other ports should be
> > open(beside 500)?
> > I received an email from someone saying 50 & 51, does that
> > sound right?  If
>
> That's a different issue from the crypto access list, but also very
> important, (although from what you were saying about your symptoms
earlier,
> I don't think that's the problem.) But it's possible for IPSec to fail
> because general-purpose access lists are denying the UDP port used by
> ISAKMP, which is 500.
>
> In addition, you should make sure that IP protocol types 50 and 51 are
> allowed. These are used by IPSec's Encapsulating Security Payload and
> Authentication Header, respectively. They aren't UDP or TCP port numbers;
> they are IP protocol numbers.
>
> I also read this confusing warning in the VPN book I'm reading. It could
be
> relevant:
>
> By default, all IPSec traffic is disallowed through the PIX Firewall. A
NAT
> and conduit/access list must exist for IPSec traffic to flow through the
> firewall, as in any other traffic flow. However, if a crypto map is
assigned
> to an interface, IPSec traffic for that map is allowed to bypass the
> adaptive security algorithm.
>
> So, you're probably OK, there, but maybe not. Why DO they make these
things
> so complicated? :-) Keep us posted. Thank-you!
>
> Priscilla
>
> > you have the, "allow any out and return in", settings for
> > firewall rules...
> > Do the ports still need to be opened (I would think not since
> > there is the
> > nat0 command?)?  The other issue I'm looking into is the MTU
> > size
> >
> > Once I establish the tunnel and maintain connectivity I'll let
> > y'all know
> > what I find
> >
> > Thanx for the help,
> > mkj
> >
> > -Original Message-
> > From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, August 01, 2002 2:54 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: VPN not connecting [7:50144]
> >
> >
> > Lidiya White wrote:
> > >
> > > Capture debugs on both ends at the same time. Should be more
> > > helpful.
> > > Make sure both ends have "isakmp identify address"...
> > >
> > > -- Lidiya White
> >
> > Sounds like a good idea. So Mike, what was the problem? It sure
> > would help
> > those of learning IPSec to hear how you resolved the issue.
> > Thanks.
> >
> > Priscilla
> >
> >
> > >
> > >
> > > -Original Message-
> > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On
> > > Behalf Of
> > > [EMAIL PROTECTED]
> > > Sent: Tuesday, July 30, 2002 4:05 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: RE: VPN not connecting [7:50144]
> > >
> > > The ACLs are mirrors of each other and the transform sets
> > > match
> > > Very
> > > frustrating
> > >
> > > -Original Message-
> > > From: Silju Pillai [mailto:[EMAIL PROTECTED]]
> > > Sent: Tuesday, July 30, 2002 2:29 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: RE: VPN not connecting [7:50144]
> > >
> > >
> > > Hi,
> > >
> > >   Pls check the interesting traffic configured
> > >

Re: VPN not connecting [7:50144]

2002-08-01 Thread Ciaron Gogarty 

Priscilla, you may have a good point.  Perhaps Mike your missing the command
"sysopt connection permit-ipsec" this is what allows IPSEC to bypass the ASA
via crypto maps.  without it you must explicitly allow IPSEC and Isakmp in
on your access-lists.  It may explain why your phase one negotiation seems
to succeed but gets no farther... and then re-transmits.  Just a guess.

C
- Original Message -
From: "Priscilla Oppenheimer" 
To: 
Sent: Thursday, August 01, 2002 11:59 PM
Subject: RE: VPN not connecting [7:50144]


> [EMAIL PROTECTED] wrote:
> >
> > I've been working on trying to eliminate the variables on each
> > side of the
> > VPN  The unfortunate thing is, the other side is home, so I
> > usually wait
> > until the late evening/night to work on the remote side
> > That's also the
> > reason for the "frustrating" comment earlier.  I know I could
> > SSH into it,
> > but, this isn't the only project I've been working on (as I'm
> > sure a lot of
> > you can relate)...  So I'm going to hopefully wrap it up by
> > this weekend.
>
> No problem, but do let us know what you learn! :-) Thanks. A few more
> comments below...
> >
> > One of the main issues I was running into was the remote
> > network was
> > subnetted from the main network so the ACLs got a little
> > confusing.
>
> I was thinking that ACLs might be related to the problem. On the crypto
ACL
> that defines interesting packets that must be protected by IPSec, you have
> to get addresses and any protocols, ports, etc., just right. It doesn't
help
> that PIX doesn't do the mask the same as IOS. While troubleshooting, you
> might want to make this access list pretty general purpose using big
blocks
> of addresses and not worrying about ports.
>
> Now, don't confuse this with general-purpose access lists. This crypto
> access list is just for defining traffic that must be protected.
>
> >  So I've
> > changed the IP scheme on the remote side...  This also brings
> > me to another
> > question; a rather newbie one, what other ports should be
> > open(beside 500)?
> > I received an email from someone saying 50 & 51, does that
> > sound right?  If
>
> That's a different issue from the crypto access list, but also very
> important, (although from what you were saying about your symptoms
earlier,
> I don't think that's the problem.) But it's possible for IPSec to fail
> because general-purpose access lists are denying the UDP port used by
> ISAKMP, which is 500.
>
> In addition, you should make sure that IP protocol types 50 and 51 are
> allowed. These are used by IPSec's Encapsulating Security Payload and
> Authentication Header, respectively. They aren't UDP or TCP port numbers;
> they are IP protocol numbers.
>
> I also read this confusing warning in the VPN book I'm reading. It could
be
> relevant:
>
> By default, all IPSec traffic is disallowed through the PIX Firewall. A
NAT
> and conduit/access list must exist for IPSec traffic to flow through the
> firewall, as in any other traffic flow. However, if a crypto map is
assigned
> to an interface, IPSec traffic for that map is allowed to bypass the
> adaptive security algorithm.
>
> So, you're probably OK, there, but maybe not. Why DO they make these
things
> so complicated? :-) Keep us posted. Thank-you!
>
> Priscilla
>
> > you have the, "allow any out and return in", settings for
> > firewall rules...
> > Do the ports still need to be opened (I would think not since
> > there is the
> > nat0 command?)?  The other issue I'm looking into is the MTU
> > size
> >
> > Once I establish the tunnel and maintain connectivity I'll let
> > y'all know
> > what I find
> >
> > Thanx for the help,
> > mkj
> >
> > -Original Message-
> > From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, August 01, 2002 2:54 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: VPN not connecting [7:50144]
> >
> >
> > Lidiya White wrote:
> > >
> > > Capture debugs on both ends at the same time. Should be more
> > > helpful.
> > > Make sure both ends have "isakmp identify address"...
> > >
> > > -- Lidiya White
> >
> > Sounds like a good idea. So Mike, what was the problem? It sure
> > would help
> > those of learning IPSec to hear how you resolved the issue.
> > Thanks.
> >
> > Priscilla
> >
> >
> > >
> > >
> > > -Original Message-
> > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On
> > > Behalf Of
> > > [EMAIL PROTECTED]
> > > Sent: Tuesday, July 30, 2002 4:05 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: RE: VPN not connecting [7:50144]
> > >
> > > The ACLs are mirrors of each other and the transform sets
> > > match
> > > Very
> > > frustrating
> > >
> > > -Original Message-
> > > From: Silju Pillai [mailto:[EMAIL PROTECTED]]
> > > Sent: Tuesday, July 30, 2002 2:29 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: RE: VPN not connecting [7:50144]
> > >
> > >
> > > Hi,
> > >
> > >   Pls check the interesting traffic configured
> > > (access list) configur

Re: switch command [7:50413]

2002-08-01 Thread Michael L. Williams 

You would need to find the router that is acting as the default gateway for
the clients connected to said switch, then do a show arp there and match it
with the mac addresses you see attached to you switch.

The couple of arp entries you are seeing on the switch are the entries being
used by the switch as a L3 device (i.e. although it is L2 switching traffic
for other devices, it in itself is a Layer 3 device that has an IP address,
etc)

Mike W.

"GEORGE"  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Is their a command to view all the ip addresses connected to my switch.
> I do a show arp shows a couple
> Or how often does ip addresses get  added   to the switch?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50487&t=50413
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: Cat2950 VLAN 1 ip address...can't connect [7:50331]

2002-08-01 Thread Priscilla Oppenheimer 

Ciaron Gogarty wrote:
> 
> It was only particular to Dot1q trunks as well... as far as I
> can remember
> it wasn't an issue on isl trunked ports.

The testing that revealed the problem was done on Dot1q VLANs. It's possible
it could have been a problem on ISL too and that just wasn't tested. It's
probably not a problem anymore, either way.

Priscilla


> 
> is that correct??
> 
> rgds,
> 
> Ciaron
> - Original Message -
> From: "Priscilla Oppenheimer" 
> To: 
> Sent: Thursday, August 01, 2002 11:34 PM
> Subject: Re: RE: Cat2950 VLAN 1 ip address...can't connect
> [7:50331]
> 
> 
> > [EMAIL PROTECTED] wrote:
> > >
> > > AT Cisco Networkers i went to the layer 2 security breakout
> > > session and they talked about this. 1st they said the
> article
> > > is out dated. When the article was written Cisco already
> had a
> > > fix for this.
> >
> > That was what I figured, Mr. Bond. (nice address! ;-)
> >
> > A fix would be pretty easy. The vulnerability required a host
> on an access
> > port to send a frame with a VLAN tag already in it. That
> could easily be
> > disallowed. (The switch itself should add any tags when
> sending across a
> > trunk link. Or, a server on a trunk link could include a tag,
> but a host
> on
> > an ordinary access port shouldn't include a tag in its frame.)
> >
> > I don't know if this is what the original poster had in mind,
> but I bet it
> > is. The story got blown out of proportion and will probably
> never die.
> >
> > Priscilla
> >
> > > 2nd they said with the current switch IOS and
> > > additional features they could not hop any VLANS. They tried
> > > everything and where not successful. the whole purpose of
> the
> > > breakout was to defuse the myths out there about how
> unsecure
> > > VLANs are. With all that said they did say they do not
> > > recommend using one switch with VLANS for web, dmz, and
> > > internal traffic
> > > >
> > > > From: "Priscilla Oppenheimer"
> > > > Date: 2002/08/01 Thu PM 03:40:39 EDT
> > > > To: [EMAIL PROTECTED]
> > > > Subject: RE: Cat2950 VLAN 1 ip address...can't connect
> > > [7:50331]
> > > >
> > > > Turpin, Mark wrote:
> > > > >
> > > > > I'm referring to trunks, sorry.
> > > >
> > > > There were some vulnerabilities related to this, but
> actually
> > > the fix was to
> > > > make sure the native VLAN wasn't trunked, if I understand
> it
> > > correctly
> > > > Although the vulnerabilities caused a big stir, they were
> > > hard to exploit.
> > > > They required physical access to the switch, a Sniffer,
> and
> > > traffic
> > > > generation capabilities. Also, Cisco may have made some
> > > changes to avoid the
> > > > problem after it got reported. But here's the info from
> SANS:
> > > >
> > > > http://www.sans.org/newlook/resources/IDFAQ/vlan.htm
> > > >
> > > > Priscilla
> > > >
> > > >
> > > > >
> > > > > -Original Message-
> > > > > From: MADMAN [mailto:[EMAIL PROTECTED]]
> > > > > Sent: Thursday, August 01, 2002 12:14 PM
> > > > > To: Turpin, Mark
> > > > > Cc: [EMAIL PROTECTED]
> > > > > Subject: Re: Cat2950 VLAN 1 ip address...can't connect
> > > [7:50331]
> > > > >
> > > > >
> > > > >
> > > > >   Not sure what you mean.  Your not changing the default
> > > VLAN,
> > > > > VLAN 1
> > > > > will remain, can't delete it, (not talking about
> trunks).  I
> > > > > know of no
> > > > > problems arising when using a VLAN other than 1 for
> inband
> > > > > connectivity.
> > > > >
> > > > >   Dave
> > > > >
> > > > >
> > > > >  "The information transmitted is intended only for the
> > > person
> > > > > or entity to
> > > > > which it is addressed and may contain confidential
> and/or
> > > > > privileged
> > > > > material. Any review, retransmission, dissemination or
> other
> > > > > use of, or
> > > > > taking of any action in reliance upon, this information
> by
> > > > > persons or
> > > > > entities other than the intended recipient is
> prohibited. If
> > > > > you received
> > > > > this in error, please contact the sender and delete the
> > > > > material from all
> > > > > computers."
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50486&t=50331
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cheap IP Serial Console Switch? [7:50432]

2002-08-01 Thread Michael L. Williams 

There a 2500 series router (2511 I believe, but hopefully someone else will
pipe up and correct me) that has 8 serial ports and a 10baseT interface that
you should be able to pick up for alot cheaper than $1000.  I've even
seen it referred to as "the poor man's term server".

Mike W.

"McAllister Paul"  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> What's a *cheap* source or brand for a 6+ port serial console switch (db9
or
> rj45) with a 10bT telnet interface?
>
> I don't have 1000 bucks to spend.  I could get a 486 with some serial
cards
> if there really isnt anything out there.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50485&t=50432
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: router vs packet forwarding [7:50471]

2002-08-01 Thread Michael L. Williams 

In a sense the NT box is acting as a router...  I think by default it
would only know the two networks that are attached (like a router would) but
you can add your own routes to an NT/2000/XP box, effectively you could use
it as a router that only understands static routes (although I think you
could use RIP with them I'm not sure if I'm confusing NT/2000 with another
OS)...

Mike W.

"John Green"  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> what is the difference between router and a device
> that does packet forwarding between its interfaces.
>
> example:
> can a plain NT box with two network cards (with IP
> forwarding enabled) be called as a router ? or it is
> just doing packet forwarding.
> in my understanding even routers like say cisco router
> does such packet forwarding though it can make a
> decision on such packet forwarding based on a routing
> protocol. would that be correct to say ?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50484&t=50471
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN not connecting [7:50144]

2002-08-01 Thread Priscilla Oppenheimer 

[EMAIL PROTECTED] wrote:
> 
> I've been working on trying to eliminate the variables on each
> side of the
> VPN  The unfortunate thing is, the other side is home, so I
> usually wait
> until the late evening/night to work on the remote side 
> That's also the
> reason for the "frustrating" comment earlier.  I know I could
> SSH into it,
> but, this isn't the only project I've been working on (as I'm
> sure a lot of
> you can relate)...  So I'm going to hopefully wrap it up by
> this weekend.

No problem, but do let us know what you learn! :-) Thanks. A few more
comments below...
> 
> One of the main issues I was running into was the remote
> network was
> subnetted from the main network so the ACLs got a little
> confusing. 

I was thinking that ACLs might be related to the problem. On the crypto ACL
that defines interesting packets that must be protected by IPSec, you have
to get addresses and any protocols, ports, etc., just right. It doesn't help
that PIX doesn't do the mask the same as IOS. While troubleshooting, you
might want to make this access list pretty general purpose using big blocks
of addresses and not worrying about ports.

Now, don't confuse this with general-purpose access lists. This crypto
access list is just for defining traffic that must be protected.

>  So I've
> changed the IP scheme on the remote side...  This also brings
> me to another
> question; a rather newbie one, what other ports should be
> open(beside 500)?
> I received an email from someone saying 50 & 51, does that
> sound right?  If

That's a different issue from the crypto access list, but also very
important, (although from what you were saying about your symptoms earlier,
I don't think that's the problem.) But it's possible for IPSec to fail
because general-purpose access lists are denying the UDP port used by
ISAKMP, which is 500.

In addition, you should make sure that IP protocol types 50 and 51 are
allowed. These are used by IPSec's Encapsulating Security Payload and
Authentication Header, respectively. They aren't UDP or TCP port numbers;
they are IP protocol numbers.

I also read this confusing warning in the VPN book I'm reading. It could be
relevant:

By default, all IPSec traffic is disallowed through the PIX Firewall. A NAT
and conduit/access list must exist for IPSec traffic to flow through the
firewall, as in any other traffic flow. However, if a crypto map is assigned
to an interface, IPSec traffic for that map is allowed to bypass the
adaptive security algorithm.

So, you're probably OK, there, but maybe not. Why DO they make these things
so complicated? :-) Keep us posted. Thank-you!

Priscilla

> you have the, "allow any out and return in", settings for
> firewall rules...
> Do the ports still need to be opened (I would think not since
> there is the
> nat0 command?)?  The other issue I'm looking into is the MTU
> size
> 
> Once I establish the tunnel and maintain connectivity I'll let
> y'all know
> what I find
> 
> Thanx for the help,
> mkj
> 
> -Original Message-
> From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, August 01, 2002 2:54 PM
> To: [EMAIL PROTECTED]
> Subject: RE: VPN not connecting [7:50144]
> 
> 
> Lidiya White wrote:
> > 
> > Capture debugs on both ends at the same time. Should be more
> > helpful.
> > Make sure both ends have "isakmp identify address"...
> > 
> > -- Lidiya White
> 
> Sounds like a good idea. So Mike, what was the problem? It sure
> would help
> those of learning IPSec to hear how you resolved the issue.
> Thanks.
> 
> Priscilla
> 
> 
> > 
> > 
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On
> > Behalf Of
> > [EMAIL PROTECTED]
> > Sent: Tuesday, July 30, 2002 4:05 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: VPN not connecting [7:50144]
> > 
> > The ACLs are mirrors of each other and the transform sets
> > match
> > Very
> > frustrating  
> > 
> > -Original Message-
> > From: Silju Pillai [mailto:[EMAIL PROTECTED]] 
> > Sent: Tuesday, July 30, 2002 2:29 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: VPN not connecting [7:50144]
> > 
> > 
> > Hi,
> > 
> >   Pls check the interesting traffic configured 
> > (access list) configured at both ends. Your transform set
> > parameters
> > too. It
> > should be same.
> > 
> > As you are receiving IKMP_no_error your isakmp policies are
> > working
> > fine. 
> > 
> > regards
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50483&t=50144
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Serial Interface Bandwidth [7:50381]

2002-08-01 Thread Jenny McLeod 

Henry D. wrote:
> 
> That would work if you have integrated CSU, the timeslots would
> be there.
> If you connect say with V.35 to an external CSU/DSU then you
> won't get the
> timeslot information. The only way to figure out the bandwidth
> then would be
> to stress-test the circuit and see how far you can get the
> bandwidth
> utilization
> on this interface.

Or, of course, you can use the non-technical way.  Ask your provider.  We
are supposed to be in a "communications" field, after all :-)

JMcL
> 
> ""Turpin, Mark""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > A show interface serial 'x'
> > where x = the serial interface's number will tell you
> > a couple things that are important.
> >
> > 1) the 5 minute load average for input/output
> > 2) the timeslots used
> >
> > You can use the timeslots to determine the bandwidth
> > that is technically available, and the load average
> > to get an idea of what is currently being used.
> >
> > hth,
> > -mark
> >
> > -Original Message-
> > From: Curious [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, August 01, 2002 9:43 AM
> > To: [EMAIL PROTECTED]
> > Subject: Serial Interface Bandwidth [7:50381]
> >
> >
> > I want to know the current bandwidth of my serial Interface
> of Router.
> Lets
> > say i have a fractional T1, how would i know what bandwidth i
> have for my
> > serial interface.
> >
> > thanks,
> >  "The information transmitted is intended only for the person
> or entity to
> > which it is addressed and may contain confidential and/or
> privileged
> > material. Any review, retransmission, dissemination or other
> use of, or
> > taking of any action in reliance upon, this information by
> persons or
> > entities other than the intended recipient is prohibited. If
> you received
> > this in error, please contact the sender and delete the
> material from all
> > computers."
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50482&t=50381
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Very odd problem [7:50459]

2002-08-01 Thread [EMAIL PROTECTED] 

can you clarify a few things?

1. are you able to connect to any other servers on the partner network?
2. is your workstation address being NATed as well? ie is the real address
used when that specific server pings your workstation?
3. any chance you have a traceroute/tracert result from your workstation to
the server?


-Original Message-
From: Drew [mailto:[EMAIL PROTECTED]]
Sent: Friday, 2 August 2002 9:13AM
To: [EMAIL PROTECTED]
Subject: Very odd problem [7:50459]


Hello all,
I have a problem that I can barely describe, let alone quantify.
I seek the assistance of the masters, and suspect this might be
an interesting thing for those of us in the student role.

Here goes:

I have an internal network seperated from a partner network
via a 6500 switch/router which is also running NAT.  There is 
also a Raptor firewall between my network and the border switch.
There are some servers in the partner network that are accessed
from my network.  The 6500 has static NAT entries for those 
servers.  The firwall rulebase is set to allow the connections.

The problem is, I can not connect to a specific server in the 
partner network.. that is, until that server pings my workstation.
After that, I can connect to them.  

What could be the cause of this?  Could it be a NAT issue?
Where might I start troubleshooting?

-Ds
-- 
The information contained in this e-mail message is intended only for the
use of the person or entity to whom it is addressed and may contain
information that is CONFIDENTIAL and may be exempt from disclosure under
applicable laws.

If you read this message and are not the addressee you are notified that
use, dissemination, distribution, or reproduction of this message is
prohibited. If you have received this message in error, please notify us
immediately and delete the original message. You should scan this message
and any attached files for viruses.

Axon Computertime accepts no liability for any loss caused either directly
or indirectly by a virus arising from the use of this message or any
attached file.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50481&t=50459
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: Cat2950 VLAN 1 ip address...can't connect [7:50331]

2002-08-01 Thread Ciaron Gogarty 

It was only particular to Dot1q trunks as well... as far as I can remember
it wasn't an issue on isl trunked ports.

is that correct??

rgds,

Ciaron
- Original Message -
From: "Priscilla Oppenheimer" 
To: 
Sent: Thursday, August 01, 2002 11:34 PM
Subject: Re: RE: Cat2950 VLAN 1 ip address...can't connect [7:50331]


> [EMAIL PROTECTED] wrote:
> >
> > AT Cisco Networkers i went to the layer 2 security breakout
> > session and they talked about this. 1st they said the article
> > is out dated. When the article was written Cisco already had a
> > fix for this.
>
> That was what I figured, Mr. Bond. (nice address! ;-)
>
> A fix would be pretty easy. The vulnerability required a host on an access
> port to send a frame with a VLAN tag already in it. That could easily be
> disallowed. (The switch itself should add any tags when sending across a
> trunk link. Or, a server on a trunk link could include a tag, but a host
on
> an ordinary access port shouldn't include a tag in its frame.)
>
> I don't know if this is what the original poster had in mind, but I bet it
> is. The story got blown out of proportion and will probably never die.
>
> Priscilla
>
> > 2nd they said with the current switch IOS and
> > additional features they could not hop any VLANS. They tried
> > everything and where not successful. the whole purpose of the
> > breakout was to defuse the myths out there about how unsecure
> > VLANs are. With all that said they did say they do not
> > recommend using one switch with VLANS for web, dmz, and
> > internal traffic
> > >
> > > From: "Priscilla Oppenheimer"
> > > Date: 2002/08/01 Thu PM 03:40:39 EDT
> > > To: [EMAIL PROTECTED]
> > > Subject: RE: Cat2950 VLAN 1 ip address...can't connect
> > [7:50331]
> > >
> > > Turpin, Mark wrote:
> > > >
> > > > I'm referring to trunks, sorry.
> > >
> > > There were some vulnerabilities related to this, but actually
> > the fix was to
> > > make sure the native VLAN wasn't trunked, if I understand it
> > correctly
> > > Although the vulnerabilities caused a big stir, they were
> > hard to exploit.
> > > They required physical access to the switch, a Sniffer, and
> > traffic
> > > generation capabilities. Also, Cisco may have made some
> > changes to avoid the
> > > problem after it got reported. But here's the info from SANS:
> > >
> > > http://www.sans.org/newlook/resources/IDFAQ/vlan.htm
> > >
> > > Priscilla
> > >
> > >
> > > >
> > > > -Original Message-
> > > > From: MADMAN [mailto:[EMAIL PROTECTED]]
> > > > Sent: Thursday, August 01, 2002 12:14 PM
> > > > To: Turpin, Mark
> > > > Cc: [EMAIL PROTECTED]
> > > > Subject: Re: Cat2950 VLAN 1 ip address...can't connect
> > [7:50331]
> > > >
> > > >
> > > >
> > > >   Not sure what you mean.  Your not changing the default
> > VLAN,
> > > > VLAN 1
> > > > will remain, can't delete it, (not talking about trunks).  I
> > > > know of no
> > > > problems arising when using a VLAN other than 1 for inband
> > > > connectivity.
> > > >
> > > >   Dave
> > > >
> > > >
> > > >  "The information transmitted is intended only for the
> > person
> > > > or entity to
> > > > which it is addressed and may contain confidential and/or
> > > > privileged
> > > > material. Any review, retransmission, dissemination or other
> > > > use of, or
> > > > taking of any action in reliance upon, this information by
> > > > persons or
> > > > entities other than the intended recipient is prohibited. If
> > > > you received
> > > > this in error, please contact the sender and delete the
> > > > material from all
> > > > computers."




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50480&t=50331
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Very odd problem [7:50459]

2002-08-01 Thread Drew 

Symon Thurlow wrote:
> 
> Any VPN between the sites?
> 


Raptor 6.5, no VPNs in use.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50479&t=50459
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: Cat2950 VLAN 1 ip address...can't connect [7:50331]

2002-08-01 Thread Priscilla Oppenheimer 

[EMAIL PROTECTED] wrote:
> 
> AT Cisco Networkers i went to the layer 2 security breakout
> session and they talked about this. 1st they said the article
> is out dated. When the article was written Cisco already had a
> fix for this. 

That was what I figured, Mr. Bond. (nice address! ;-)

A fix would be pretty easy. The vulnerability required a host on an access
port to send a frame with a VLAN tag already in it. That could easily be
disallowed. (The switch itself should add any tags when sending across a
trunk link. Or, a server on a trunk link could include a tag, but a host on
an ordinary access port shouldn't include a tag in its frame.)

I don't know if this is what the original poster had in mind, but I bet it
is. The story got blown out of proportion and will probably never die.

Priscilla

> 2nd they said with the current switch IOS and
> additional features they could not hop any VLANS. They tried
> everything and where not successful. the whole purpose of the
> breakout was to defuse the myths out there about how unsecure
> VLANs are. With all that said they did say they do not
> recommend using one switch with VLANS for web, dmz, and
> internal traffic
> > 
> > From: "Priscilla Oppenheimer" 
> > Date: 2002/08/01 Thu PM 03:40:39 EDT
> > To: [EMAIL PROTECTED]
> > Subject: RE: Cat2950 VLAN 1 ip address...can't connect
> [7:50331]
> > 
> > Turpin, Mark wrote:
> > > 
> > > I'm referring to trunks, sorry.
> > 
> > There were some vulnerabilities related to this, but actually
> the fix was to
> > make sure the native VLAN wasn't trunked, if I understand it
> correctly
> > Although the vulnerabilities caused a big stir, they were
> hard to exploit.
> > They required physical access to the switch, a Sniffer, and
> traffic
> > generation capabilities. Also, Cisco may have made some
> changes to avoid the
> > problem after it got reported. But here's the info from SANS:
> > 
> > http://www.sans.org/newlook/resources/IDFAQ/vlan.htm
> > 
> > Priscilla
> > 
> > 
> > > 
> > > -Original Message-
> > > From: MADMAN [mailto:[EMAIL PROTECTED]]
> > > Sent: Thursday, August 01, 2002 12:14 PM
> > > To: Turpin, Mark
> > > Cc: [EMAIL PROTECTED]
> > > Subject: Re: Cat2950 VLAN 1 ip address...can't connect
> [7:50331]
> > > 
> > > 
> > > 
> > >   Not sure what you mean.  Your not changing the default
> VLAN,
> > > VLAN 1
> > > will remain, can't delete it, (not talking about trunks).  I
> > > know of no
> > > problems arising when using a VLAN other than 1 for inband
> > > connectivity.
> > > 
> > >   Dave
> > > 
> > > 
> > >  "The information transmitted is intended only for the
> person
> > > or entity to
> > > which it is addressed and may contain confidential and/or
> > > privileged
> > > material. Any review, retransmission, dissemination or other
> > > use of, or
> > > taking of any action in reliance upon, this information by
> > > persons or
> > > entities other than the intended recipient is prohibited. If
> > > you received
> > > this in error, please contact the sender and delete the
> > > material from all
> > > computers."
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50478&t=50331
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN not connecting [7:50144]

2002-08-01 Thread Ciaron Gogarty 

Hi Mike,

When the other member mentioned 50 and 51 he was talking about two protocols
ESP and AH rather than two ports.   ie -- access-list FromInternet permit
esp any host 1.1.1.1

If your using ESP/AH  protocols you will need to allow it bidirectionally,
so if you have an access-list on the "inside" interface of your router
(ethernet) you must allow protocol 50/51 back out.  Most people don't bother
with protocol 51 AH anymore as ESP provides everything AH does and more.

rgds,

Ciaron


- Original Message -
From: 
To: 
Sent: Thursday, August 01, 2002 10:40 PM
Subject: RE: VPN not connecting [7:50144]


> I've been working on trying to eliminate the variables on each side of the
> VPN  The unfortunate thing is, the other side is home, so I usually
wait
> until the late evening/night to work on the remote side  That's also
the
> reason for the "frustrating" comment earlier.  I know I could SSH into it,
> but, this isn't the only project I've been working on (as I'm sure a lot
of
> you can relate)...  So I'm going to hopefully wrap it up by this weekend.
>
> One of the main issues I was running into was the remote network was
> subnetted from the main network so the ACLs got a little confusing.  So
I've
> changed the IP scheme on the remote side...  This also brings me to
another
> question; a rather newbie one, what other ports should be open(beside
500)?
> I received an email from someone saying 50 & 51, does that sound right?
If
> you have the, "allow any out and return in", settings for firewall
rules...
> Do the ports still need to be opened (I would think not since there is the
> nat0 command?)?  The other issue I'm looking into is the MTU size
>
> Once I establish the tunnel and maintain connectivity I'll let y'all know
> what I find
>
> Thanx for the help,
> mkj
>
> -Original Message-
> From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 01, 2002 2:54 PM
> To: [EMAIL PROTECTED]
> Subject: RE: VPN not connecting [7:50144]
>
>
> Lidiya White wrote:
> >
> > Capture debugs on both ends at the same time. Should be more
> > helpful.
> > Make sure both ends have "isakmp identify address"...
> >
> > -- Lidiya White
>
> Sounds like a good idea. So Mike, what was the problem? It sure would help
> those of learning IPSec to hear how you resolved the issue. Thanks.
>
> Priscilla
>
>
> >
> >
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On
> > Behalf Of
> > [EMAIL PROTECTED]
> > Sent: Tuesday, July 30, 2002 4:05 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: VPN not connecting [7:50144]
> >
> > The ACLs are mirrors of each other and the transform sets
> > match
> > Very
> > frustrating
> >
> > -Original Message-
> > From: Silju Pillai [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, July 30, 2002 2:29 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: VPN not connecting [7:50144]
> >
> >
> > Hi,
> >
> >   Pls check the interesting traffic configured
> > (access list) configured at both ends. Your transform set
> > parameters
> > too. It
> > should be same.
> >
> > As you are receiving IKMP_no_error your isakmp policies are
> > working
> > fine.
> >
> > regards




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50477&t=50144
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Routing Question [7:50431]

2002-08-01 Thread Winston Shaw 

You can put the bandwidth command on both ends of the circuit and the
clockrate on one end of the circuit. It may work in other ways but it looks
cleaner this way.

Winston.


Winston V. Shaw

-Original Message-
From: Chan, Ricky [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 01, 2002 4:54 PM
To: 'Winston Shaw'; [EMAIL PROTECTED]
Subject: RE: Routing Question [7:50431]


One last question, is it necessary to put the "bandwidth" command and "clock
rate" command in all the serial interfaces? So far, I only specified them at
router1 both serial interfaces. Router2 serial interfaces have no
"bandwidth" command and "clock rate" command. Thanks

Ricky

-Original Message-
From: Winston Shaw [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 01, 2002 4:30 PM
To: Chan, Ricky; [EMAIL PROTECTED]
Subject: RE: Routing Question [7:50431]


Please be sure that no auto-summary is configured under the Eigrp processes.

Winston



-Original Message-
From: Chan, Ricky [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 01, 2002 3:11 PM
To: [EMAIL PROTECTED]
Subject: Routing Question [7:50431]


Hi all,

I have two 2600 series routers setup with 2 serials connections to each
other for redundancy. It means when one serial connection failed, the other
one still connected. However, I can't get that to work. Below are the
router1 and router2 configuration:

router1 

fa0/0 = ip address 10.10.10.245 255.255.255.0
serial 0/0 = ip address 11.11.11.1 255.255.255.248
serial 0/1 = ip address 12.12.12.1 255.255.255.248

router 2

 
 



Thanks

Ricky




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50476&t=50431
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Routing Question [7:50431]

2002-08-01 Thread Winston Shaw 

The eigrp process defaults to summarizing network 10.0.0.0/8 on both routers
because there are major nets(11 and 12) in between them; and because the
nets are discontiguous, you would have problems reaching from one 10 to the
other 10. The "no auto-summary" command corrects that by making sure VLSM
goes into effect.
Of course you have to make sure the IP addressing is correct.

Winston.


-Original Message-
From: Chan, Ricky [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 01, 2002 4:49 PM
To: 'Winston Shaw'; [EMAIL PROTECTED]
Subject: RE: Routing Question [7:50431]


Yes, after I put no auto-summary in the eigrp statment on both routers, plus
I removed the ip route statment. It is working fine now.

Thanks all for help. 

What is no auto-summary does?

Please advice 

Ricky

-Original Message-
From: Winston Shaw [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 01, 2002 4:30 PM
To: Chan, Ricky; [EMAIL PROTECTED]
Subject: RE: Routing Question [7:50431]


Please be sure that no auto-summary is configured under the Eigrp processes.

Winston



-Original Message-
From: Chan, Ricky [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 01, 2002 3:11 PM
To: [EMAIL PROTECTED]
Subject: Routing Question [7:50431]


Hi all,

I have two 2600 series routers setup with 2 serials connections to each
other for redundancy. It means when one serial connection failed, the other
one still connected. However, I can't get that to work. Below are the
router1 and router2 configuration:

router1 

fa0/0 = ip address 10.10.10.245 255.255.255.0
serial 0/0 = ip address 11.11.11.1 255.255.255.248
serial 0/1 = ip address 12.12.12.1 255.255.255.248

router 2

 
 



Thanks

Ricky




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50475&t=50431
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: routing question [7:50434]

2002-08-01 Thread Priscilla Oppenheimer 

Mishurov Art wrote:
> 
> Disable EIGRP auto-summary on both routers:
> 
> router eigrp 100
> no auto-summary

Oh, I bet that's it! I wish I had thought of that. :-) I just noticed that
network 10.10.10.0 is reachable via Router 1 and Router 2. I bet Router 1
does not add the 10.10.10.56/29 to its routing table since it can already
get to 10.10.10.0/24. Does that make sense?

Please quote messages so we can see the details in each message without
having to find the original. Here's a copy and paste from the original:

Router1 

fa0/0 = ip address 10.10.10.245 255.255.255.0 
serial 0/0 = ip address 11.11.11.1 255.255.255.0 
serial 0/1 = ip address 12.12.12.1 255.255.255.0 
router eigrp 100 
network 10.0.0.0 
network 11.0.0.0 
network 12.0.0.0 



Router2 

fa0/0 = ip address 10.10.100.58 255.255.255.248 
serial 0/0 = ip address 11.11.11.2 255.255.255.0 
serial 0/1 = ip address 12.12.12.2 255.255.255.0 
router eigrp 100 
network 10.0.0.0 
network 11.0.0.0 
network 12.0.0.0 


Priscilla


> 
> I assume that the "duplicate address" that other group members
> noticed, was just a typo.
> 
> Art Mishurov
> Network Engineer
> Enterprise Access Group
> AT&T Solutions
> ph. 614.244.4555
> fax 614.244.1901
> [EMAIL PROTECTED] 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50474&t=50434
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Very odd problem [7:50459]

2002-08-01 Thread Lupi, Guy 

Can the server initiate a tcp connection to you?  Have you checked the NAT
mapping to ensure you are allowed to initiate connections to that server?
It sounds like when the server pings you, it opens a "hole" through NAT
allowing you to then initiate a connection to it through that "hole".  This
doesn't sound like it is in keeping with the proper function of stateful
NAT, which should just allow ICMP back throught the translation it created,
unless the NAT implementation isn't using stateful inspection.  If you can
contact all the servers except that one, I would look for the difference
between the configuration for the other servers and that one.

-Original Message-
From: Drew [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 01, 2002 5:13 PM
To: [EMAIL PROTECTED]
Subject: Very odd problem [7:50459]


Hello all,
I have a problem that I can barely describe, let alone quantify.
I seek the assistance of the masters, and suspect this might be
an interesting thing for those of us in the student role.

Here goes:

I have an internal network seperated from a partner network
via a 6500 switch/router which is also running NAT.  There is 
also a Raptor firewall between my network and the border switch.
There are some servers in the partner network that are accessed
from my network.  The 6500 has static NAT entries for those 
servers.  The firwall rulebase is set to allow the connections.

The problem is, I can not connect to a specific server in the 
partner network.. that is, until that server pings my workstation.
After that, I can connect to them.  

What could be the cause of this?  Could it be a NAT issue?
Where might I start troubleshooting?

-Ds




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50473&t=50459
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: routing question [7:50434]

2002-08-01 Thread Vicuna, Mark 

Hi Ricky,

Try changing the IP of MachineB first.  It's the same as Fa0/0 on R2.


Mark.

-Original Message-
From: Chan, Ricky [mailto:[EMAIL PROTECTED]]
Sent: Friday, 2 August 2002 05:30
To: [EMAIL PROTECTED]
Subject: routing question [7:50434]


Hi all,

I have a question about routing issue. Let's say I have two routers
interconnected with serial cables. Router1's s0/0 connected to Router2's
s0/0 and Router1's s0/1 connected to Router2's s0/1. It is for
redundancy
purpose. MachineA at Router1 would be able to communicate to MachineB at
Router2. However, I won't be successful to nothing that. Do you guys
have
any idea? Please advice. Below are the configuration of Router1 and
Router2:

Router1

fa0/0 = ip address 10.10.10.245 255.255.255.0
serial 0/0 = ip address 11.11.11.1 255.255.255.0
serial 0/1 = ip address 12.12.12.1 255.255.255.0
router eigrp 100
network 10.0.0.0
network 11.0.0.0
network 12.0.0.0



Router2

fa0/0 = ip address 10.10.100.58 255.255.255.248
serial 0/0 = ip address 11.11.11.2 255.255.255.0
serial 0/1 = ip address 12.12.12.2 255.255.255.0
router eigrp 100
network 10.0.0.0
network 11.0.0.0
network 12.0.0.0

MachineA ip address 10.10.10.2/24
MachineB ip address 10.10.100.58/29

The purpose is able to let MachineA communicate to MachineB through the
routers interconnected with serial links. 


Thanks in advance.

Ricky




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50472&t=50434
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

router vs packet forwarding [7:50471]

2002-08-01 Thread John Green 

what is the difference between router and a device
that does packet forwarding between its interfaces.

example:
can a plain NT box with two network cards (with IP
forwarding enabled) be called as a router ? or it is
just doing packet forwarding. 
in my understanding even routers like say cisco router
does such packet forwarding though it can make a
decision on such packet forwarding based on a routing
protocol. would that be correct to say ?

__
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50471&t=50471
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: routing question [7:50434]

2002-08-01 Thread Priscilla Oppenheimer 

Chan, Ricky wrote:
> 
> Each machines have the default gateway. 
> 
> MachineA ip address 10.10.10.2/24 and gateway 10.10.10.245
> 
> MachineB ip address 10.10.100.59/29 and gateway 10.10.100.58
> 
> Routers can ping it's and other serial interfaces. However,
> machines can't
> ping across the serial interfaces.

Can the machines ping anything? Use a "troubleshooting outward" approach.
>From Machine A, ping:

Machine A's own Ethernet interface
any other devices that are local to that Ethernet
the Ethernet interface on the local router
the serial interfaces on the local router
the serial interfaces on the remote router
the Ethernet interface on the remote router
the Ethernet interface on Machine B

Where does it fail?

Priscilla

> 
> Please advice.
> 
> Ricky
> 
> -Original Message-
> From: Roberts, Larry [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 01, 2002 3:59 PM
> To: Chan, Ricky; [EMAIL PROTECTED]
> Subject: RE: routing question [7:50434]
> 
> 
> Do the machines have a default gateway? Do the remote routers
> show each
> others LAN's in their database ? Can you ping across the serial
> interfaces ?
> 
> Thanks
> 
> Larry
>  
> 
> -Original Message-
> From: Chan, Ricky [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, August 01, 2002 2:30 PM
> To: [EMAIL PROTECTED]
> Subject: routing question [7:50434]
> 
> 
> Hi all,
> 
> I have a question about routing issue. Let's say I have two
> routers
> interconnected with serial cables. Router1's s0/0 connected to
> Router2's
> s0/0 and Router1's s0/1 connected to Router2's s0/1. It is for
> redundancy
> purpose. MachineA at Router1 would be able to communicate to
> MachineB at
> Router2. However, I won't be successful to nothing that. Do you
> guys have
> any idea? Please advice. Below are the configuration of Router1
> and Router2:
> 
> Router1
> 
> fa0/0 = ip address 10.10.10.245 255.255.255.0
> serial 0/0 = ip address 11.11.11.1 255.255.255.0
> serial 0/1 = ip address 12.12.12.1 255.255.255.0
> router eigrp 100
> network 10.0.0.0
> network 11.0.0.0
> network 12.0.0.0
> 
> 
> 
> Router2
> 
> fa0/0 = ip address 10.10.100.58 255.255.255.248
> serial 0/0 = ip address 11.11.11.2 255.255.255.0
> serial 0/1 = ip address 12.12.12.2 255.255.255.0
> router eigrp 100
> network 10.0.0.0
> network 11.0.0.0
> network 12.0.0.0
> 
> MachineA ip address 10.10.10.2/24
> MachineB ip address 10.10.100.58/29
> 
> The purpose is able to let MachineA communicate to MachineB
> through the
> routers interconnected with serial links. 
> 
> 
> Thanks in advance.
> 
> Ricky
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50470&t=50434
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Routing Question [7:50431]

2002-08-01 Thread MADMAN 

What was the static route??  I generally disable auto-summary but if
you hace a default or other static route to the remote ethernet the
default ip classless would have allowed connectivity.

  Auto summary summerizes networks to their natural subnet for/to you
when crossing another network.  

  Dave

"Chan, Ricky" wrote:
> 
> Yes, after I put no auto-summary in the eigrp statment on both routers,
plus
> I removed the ip route statment. It is working fine now.
> 
> Thanks all for help.
> 
> What is no auto-summary does?
> 
> Please advice
> 
> Ricky
> 
> -Original Message-
> From: Winston Shaw [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 01, 2002 4:30 PM
> To: Chan, Ricky; [EMAIL PROTECTED]
> Subject: RE: Routing Question [7:50431]
> 
> Please be sure that no auto-summary is configured under the Eigrp
processes.
> 
> Winston
> 
> -Original Message-
> From: Chan, Ricky [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 01, 2002 3:11 PM
> To: [EMAIL PROTECTED]
> Subject: Routing Question [7:50431]
> 
> Hi all,
> 
> I have two 2600 series routers setup with 2 serials connections to each
> other for redundancy. It means when one serial connection failed, the other
> one still connected. However, I can't get that to work. Below are the
> router1 and router2 configuration:
> 
> router1
> 
> fa0/0 = ip address 10.10.10.245 255.255.255.0
> serial 0/0 = ip address 11.11.11.1 255.255.255.248
> serial 0/1 = ip address 12.12.12.1 255.255.255.248
> 
> router 2
> 
> 
> 
> 
> Thanks
> 
> Ricky
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50469&t=50431
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Very odd problem [7:50459]

2002-08-01 Thread Symon Thurlow 

Any VPN between the sites?

-Original Message-
From: Drew [mailto:[EMAIL PROTECTED]] 
Sent: 01 August 2002 22:13
To: [EMAIL PROTECTED]
Subject: Very odd problem [7:50459]


Hello all,
I have a problem that I can barely describe, let alone quantify. I seek
the assistance of the masters, and suspect this might be an interesting
thing for those of us in the student role.

Here goes:

I have an internal network seperated from a partner network
via a 6500 switch/router which is also running NAT.  There is 
also a Raptor firewall between my network and the border switch. There
are some servers in the partner network that are accessed from my
network.  The 6500 has static NAT entries for those 
servers.  The firwall rulebase is set to allow the connections.

The problem is, I can not connect to a specific server in the 
partner network.. that is, until that server pings my workstation. After
that, I can connect to them.  

What could be the cause of this?  Could it be a NAT issue? Where might I
start troubleshooting?

-Ds




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50467&t=50459
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Very odd problem [7:50459]

2002-08-01 Thread Symon Thurlow 

What version of Raptor?

-Original Message-
From: Drew [mailto:[EMAIL PROTECTED]] 
Sent: 01 August 2002 22:13
To: [EMAIL PROTECTED]
Subject: Very odd problem [7:50459]


Hello all,
I have a problem that I can barely describe, let alone quantify. I seek
the assistance of the masters, and suspect this might be an interesting
thing for those of us in the student role.

Here goes:

I have an internal network seperated from a partner network
via a 6500 switch/router which is also running NAT.  There is 
also a Raptor firewall between my network and the border switch. There
are some servers in the partner network that are accessed from my
network.  The 6500 has static NAT entries for those 
servers.  The firwall rulebase is set to allow the connections.

The problem is, I can not connect to a specific server in the 
partner network.. that is, until that server pings my workstation. After
that, I can connect to them.  

What could be the cause of this?  Could it be a NAT issue? Where might I
start troubleshooting?

-Ds




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50466&t=50459
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN not connecting [7:50144]

2002-08-01 Thread [EMAIL PROTECTED] 

I've been working on trying to eliminate the variables on each side of the
VPN  The unfortunate thing is, the other side is home, so I usually wait
until the late evening/night to work on the remote side  That's also the
reason for the "frustrating" comment earlier.  I know I could SSH into it,
but, this isn't the only project I've been working on (as I'm sure a lot of
you can relate)...  So I'm going to hopefully wrap it up by this weekend.

One of the main issues I was running into was the remote network was
subnetted from the main network so the ACLs got a little confusing.  So I've
changed the IP scheme on the remote side...  This also brings me to another
question; a rather newbie one, what other ports should be open(beside 500)?
I received an email from someone saying 50 & 51, does that sound right?  If
you have the, "allow any out and return in", settings for firewall rules...
Do the ports still need to be opened (I would think not since there is the
nat0 command?)?  The other issue I'm looking into is the MTU size

Once I establish the tunnel and maintain connectivity I'll let y'all know
what I find

Thanx for the help,
mkj

-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, August 01, 2002 2:54 PM
To: [EMAIL PROTECTED]
Subject: RE: VPN not connecting [7:50144]


Lidiya White wrote:
> 
> Capture debugs on both ends at the same time. Should be more
> helpful.
> Make sure both ends have "isakmp identify address"...
> 
> -- Lidiya White

Sounds like a good idea. So Mike, what was the problem? It sure would help
those of learning IPSec to hear how you resolved the issue. Thanks.

Priscilla


> 
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On
> Behalf Of
> [EMAIL PROTECTED]
> Sent: Tuesday, July 30, 2002 4:05 PM
> To: [EMAIL PROTECTED]
> Subject: RE: VPN not connecting [7:50144]
> 
> The ACLs are mirrors of each other and the transform sets
> match
> Very
> frustrating  
> 
> -Original Message-
> From: Silju Pillai [mailto:[EMAIL PROTECTED]] 
> Sent: Tuesday, July 30, 2002 2:29 PM
> To: [EMAIL PROTECTED]
> Subject: RE: VPN not connecting [7:50144]
> 
> 
> Hi,
> 
>   Pls check the interesting traffic configured 
> (access list) configured at both ends. Your transform set
> parameters
> too. It
> should be same.
> 
> As you are receiving IKMP_no_error your isakmp policies are
> working
> fine. 
> 
> regards




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50468&t=50144
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Kind suggestion is Needed! [7:50317]

2002-08-01 Thread a. ahmad 

Dear All,

Thanks for some valueable suggestions. One more thingif one is willing
to be a great networker, young, energatic but unable to get hands on
experience then what are some guidelines for him/her..

Thanks,
AA


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50464&t=50317
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Kind suggestion is Needed! [7:50317]

2002-08-01 Thread a. ahmad 

Dear All,

Thanks for some valueable suggestions. One more thingif one is willing
to be a great networker, young, energatic but unable to get hands on
experience then what are some guidelines for him/her..

Thanks,
AA


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50465&t=50317
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

beginner bgp book review [7:50463]

2002-08-01 Thread sam sneed 

I made a post asking advice for a beginners book to bgp.
BGP4: Interdomain Routing in the Internet, by John W. Stewart III
was recommended. I just finished reading it and  I must say it was 1000
times better than the entire BGP sections of the Sybex lammle CCNP routing
book (piece of trash) and the Cisco Press CCNP routing books. I recommend
anyone wanting to learn BGP or studying CCNP routing to read this before the
CCNP books.

Thanks for putting on this book guys.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50463&t=50463
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Kind suggestion is Needed! [7:50317]

2002-08-01 Thread a. ahmad 

Dear All,

Thanks for some valueable suggestions. One more thingif one is willing
to be a great networker, young, energatic but unable to get hands on
experience then what are some guidelines for him/her..

Thanks,
AA


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50462&t=50317
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: routing question [7:50434]

2002-08-01 Thread MADMAN 

Your saying that the machines can only ping the local ethernet
interface and not beyond?  What if you ping a machine from it's local
router sourcing the serial?  If that fails you have a default gateway
issue or I have seen servers that supposedly support multiple defaults
but it doesn't works.  Can you ping the remote ethernets from each of
the routers??

  Dave

"Chan, Ricky" wrote:
> 
> Each machines have the default gateway.
> 
> MachineA ip address 10.10.10.2/24 and gateway 10.10.10.245
> 
> MachineB ip address 10.10.100.59/29 and gateway 10.10.100.58
> 
> Routers can ping it's and other serial interfaces. However, machines can't
> ping across the serial interfaces.
> 
> Please advice.
> 
> Ricky
> 
> -Original Message-
> From: Roberts, Larry [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 01, 2002 3:59 PM
> To: Chan, Ricky; [EMAIL PROTECTED]
> Subject: RE: routing question [7:50434]
> 
> Do the machines have a default gateway? Do the remote routers show each
> others LAN's in their database ? Can you ping across the serial interfaces
?
> 
> Thanks
> 
> Larry
> 
> 
> -Original Message-
> From: Chan, Ricky [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 01, 2002 2:30 PM
> To: [EMAIL PROTECTED]
> Subject: routing question [7:50434]
> 
> Hi all,
> 
> I have a question about routing issue. Let's say I have two routers
> interconnected with serial cables. Router1's s0/0 connected to Router2's
> s0/0 and Router1's s0/1 connected to Router2's s0/1. It is for redundancy
> purpose. MachineA at Router1 would be able to communicate to MachineB at
> Router2. However, I won't be successful to nothing that. Do you guys have
> any idea? Please advice. Below are the configuration of Router1 and
Router2:
> 
> Router1
> 
> fa0/0 = ip address 10.10.10.245 255.255.255.0
> serial 0/0 = ip address 11.11.11.1 255.255.255.0
> serial 0/1 = ip address 12.12.12.1 255.255.255.0
> router eigrp 100
> network 10.0.0.0
> network 11.0.0.0
> network 12.0.0.0
> 
> Router2
> 
> fa0/0 = ip address 10.10.100.58 255.255.255.248
> serial 0/0 = ip address 11.11.11.2 255.255.255.0
> serial 0/1 = ip address 12.12.12.2 255.255.255.0
> router eigrp 100
> network 10.0.0.0
> network 11.0.0.0
> network 12.0.0.0
> 
> MachineA ip address 10.10.10.2/24
> MachineB ip address 10.10.100.58/29
> 
> The purpose is able to let MachineA communicate to MachineB through the
> routers interconnected with serial links.
> 
> Thanks in advance.
> 
> Ricky
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50460&t=50434
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Very odd problem [7:50459]

2002-08-01 Thread Drew 

Hello all,
I have a problem that I can barely describe, let alone quantify.
I seek the assistance of the masters, and suspect this might be
an interesting thing for those of us in the student role.

Here goes:

I have an internal network seperated from a partner network
via a 6500 switch/router which is also running NAT.  There is 
also a Raptor firewall between my network and the border switch.
There are some servers in the partner network that are accessed
from my network.  The 6500 has static NAT entries for those 
servers.  The firwall rulebase is set to allow the connections.

The problem is, I can not connect to a specific server in the 
partner network.. that is, until that server pings my workstation.
After that, I can connect to them.  

What could be the cause of this?  Could it be a NAT issue?
Where might I start troubleshooting?

-Ds




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50459&t=50459
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Serial Interface Bandwidth [7:50381]

2002-08-01 Thread Symon Thurlow 

A non csico way, try bing

http://www.cnam.fr/reseau/bing.html

-Original Message-
From: Curious [mailto:[EMAIL PROTECTED]] 
Sent: 01 August 2002 15:43
To: [EMAIL PROTECTED]
Subject: Serial Interface Bandwidth [7:50381]


I want to know the current bandwidth of my serial Interface of Router.
Lets say i have a fractional T1, how would i know what bandwidth i have
for my serial interface.

thanks,




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50458&t=50381
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: Cat2950 VLAN 1 ip address...can't connect [7:50331]

2002-08-01 Thread [EMAIL PROTECTED] 

AT Cisco Networkers i went to the layer 2 security breakout session and they
talked about this. 1st they said the article is out dated. When the article
was written Cisco already had a fix for this. 2nd they said with the current
switch IOS and additional features they could not hop any VLANS. They tried
everything and where not successful. the whole purpose of the breakout was
to defuse the myths out there about how unsecure VLANs are. With all that
said they did say they do not recommend using one switch with VLANS for web,
dmz, and internal traffic
> 
> From: "Priscilla Oppenheimer" 
> Date: 2002/08/01 Thu PM 03:40:39 EDT
> To: [EMAIL PROTECTED]
> Subject: RE: Cat2950 VLAN 1 ip address...can't connect [7:50331]
> 
> Turpin, Mark wrote:
> > 
> > I'm referring to trunks, sorry.
> 
> There were some vulnerabilities related to this, but actually the fix was
to
> make sure the native VLAN wasn't trunked, if I understand it correctly
> Although the vulnerabilities caused a big stir, they were hard to exploit.
> They required physical access to the switch, a Sniffer, and traffic
> generation capabilities. Also, Cisco may have made some changes to avoid
the
> problem after it got reported. But here's the info from SANS:
> 
> http://www.sans.org/newlook/resources/IDFAQ/vlan.htm
> 
> Priscilla
> 
> 
> > 
> > -Original Message-
> > From: MADMAN [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, August 01, 2002 12:14 PM
> > To: Turpin, Mark
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: Cat2950 VLAN 1 ip address...can't connect [7:50331]
> > 
> > 
> > 
> >   Not sure what you mean.  Your not changing the default VLAN,
> > VLAN 1
> > will remain, can't delete it, (not talking about trunks).  I
> > know of no
> > problems arising when using a VLAN other than 1 for inband
> > connectivity.
> > 
> >   Dave
> > 
> > 
> >  "The information transmitted is intended only for the person
> > or entity to
> > which it is addressed and may contain confidential and/or
> > privileged
> > material. Any review, retransmission, dissemination or other
> > use of, or
> > taking of any action in reliance upon, this information by
> > persons or
> > entities other than the intended recipient is prohibited. If
> > you received
> > this in error, please contact the sender and delete the
> > material from all
> > computers."




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50457&t=50331
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Kind suggestion is Needed! [7:50317]

2002-08-01 Thread Kohli, Jaspreet 

Some interesting reading 

http://www.faqs.org/rfcs/rfc1122.html

http://www.faqs.org/rfcs/rfc1180.html



-Original Message-
From: HORVATH TAMAS [mailto:[EMAIL PROTECTED]]
Sent: Thursday, 1 August 2002 6:32 p.m.
To: [EMAIL PROTECTED]
Subject: RE: Kind suggestion is Needed! [7:50317]


If you want to learn about

- swicthing concept (not especially Cisco) the very best and very accurate
book I've ever read it: Rich Seifert, The Swicth Book,
- Ethernet: Charles E. Spurgeon, Ethernet, The Definitive Guide.

Best regards, 

Tamas Horvath 
network engineer 
Tel.: +36 22/515-452, 
Fax: +36 22/327-532 
E-Mail: [EMAIL PROTECTED] 




-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 01, 2002 2:25 AM
To: [EMAIL PROTECTED]
Subject: RE: Kind suggestion is Needed! [7:50317]


a. ahmad wrote:
> 
> Dear All,
> 
> I just want to work on my basic concepts of networking and for
> that I need the name of some valuable books. I am no more
> interested in studying CCNA,CCNP books as I have already
> studied those books. I hope you can understand my point. I
> just want my base as strong as possible and then gradually move
> towards advance networking stuff. My ultimate aim is to be a
> Voice Engineer.
> 
> Thanks in advance!
> AA

Dear AA,

It's very important to get a good grounding in networking concepts while
studying for Cisco certifications. You can actually attain some of the
certifications without getting a good grounding ;-) but that's not
advisable.

I have a list of books on my Web site. They are all excellent books.

Someone mentioned Tannenbaum's book. It's good, but quite theoretical, with
lots of math. It even has Fourier analysis in it.  ;-) I'm looking at an
older edition. It may be different in the latest edition.

To learn, TCP/IP, the must-have books are by Comer and W.R. Stevens. Comer
also has a very good basic networking book called Computer Networks and
Internets. To learn internetworking, especially bridging and routing, the
must have book is by Radia Perlman, as someone mentioned. And to learn how
protocols really work, the must have book is by Oppenheimer and Bardwell.
;-)

Anyway, my list is here:

http://www.troubleshootingnetworks.com/books.html

Good luck! I applaud your desire to learn how networks really work.

Priscilla Oppenheimer




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50456&t=50317
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco 1000TX GBICs [7:50316]

2002-08-01 Thread Brian Zeitz 

Cisco made mine, if they send me IBM I would put it right back in the
box and send it back for a refund. IBM's equipment is junk and has no
quality. I doubt Cisco would do something silly like that. IBM comes up
with great concepts, ill give them that, but no ability whatsoever to
execute them to final production.


-Original Message-
From: Jeffrey Reed [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, August 01, 2002 3:09 PM
To: [EMAIL PROTECTED]
Subject: RE: Cisco 1000TX GBICs [7:50316]

I'm not sure if Cisco makes their own GBICs. The LX ones that came from
Cisco with our 6509's are from IBM.

Jeff


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Hartnell, George
Sent: Thursday, August 01, 2002 1:06 PM
To: [EMAIL PROTECTED]
Subject: RE: Cisco 1000TX GBICs [7:50316]

>"and have nothing good to say about them."

What "sweet nothings" would those be?

On another, but similar, note, what 3d party GBICs for 1000LX single
mode
are out there for the Cat 3548 switches?  And, are there any "sweet
nothings" about using those in a Cisco platform?

Very best, G.


> -Original Message-
> From: Ken Diliberto [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 31, 2002 2:55 PM
> To: [EMAIL PROTECTED]
> Subject: Cisco 1000TX GBICs [7:50316]
>
>
> Anyone have experience with the 1000TX GBICs from Cisco?  We have used
> the stacking GBICs and have nothing good to say about them.  The TX
> GBICs are over $100 less (retail).
>
> Ken
Confidential e-mail for addressee only.  Access to this e-mail by anyone
else is unauthorized.  If you have received this message in error,
please
notify the sender immediately by reply e-mail and destroy the original
communication. 2




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50454&t=50316
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISDN Simulator.... [7:50405]

2002-08-01 Thread Thomas Larus 

Someone just asked me ISDN simulators, and told me that the price of the one
they were thinking of buying, an Emutel, had dropped 500 dollars.

I have a Teltone ISDN Demonstrator, and I like it fine, but I would look
into the Emutel if its price has fallen so much.  You don't need NT1s for
the one he is looking at.  The Emutel is British, I think, and the folks in
Europe don't use NT1s, I gather.  They get to connect to S/T interfaces, so
their ISDN simulators tend to use S/T interfaces.  The Emutel may have U
interfaces, too, for all I know, which would be good to have in case you get
routers that already have NT1s built in.





""Juan Blanco""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Team,
> I am in the process of purchasing an ISDN simulator for my lab. There are
to
> many I could choose from. My questions is for those who may have already
> purchased the B-Link2, How reliable and efficient the B-Link2 is, Do you
> think that it is worth the cost compare to others simulators like one
> offered byTeltone, Atlas. Will this simulator will be sufficient for all
my
> labs simulations
> Arca(emutel).
>
>
> Thanks,
>
> Juan Blanco
> 
> The greatest glory in living lies not in never falling,
>  but in rising every time we fall ."
>  -- Nelson Mandela
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50453&t=50405
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: routing question [7:50434]

2002-08-01 Thread Mishurov Art 

Disable EIGRP auto-summary on both routers:

router eigrp 100
no auto-summary

I assume that the "duplicate address" that other group members noticed, was
just a typo.

Art Mishurov
Network Engineer
Enterprise Access Group
AT&T Solutions
ph. 614.244.4555
fax 614.244.1901
[EMAIL PROTECTED] 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50452&t=50434
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Routing Question [7:50431]

2002-08-01 Thread Chan, Ricky 

One last question, is it necessary to put the "bandwidth" command and "clock
rate" command in all the serial interfaces? So far, I only specified them at
router1 both serial interfaces. Router2 serial interfaces have no
"bandwidth" command and "clock rate" command. Thanks

Ricky

-Original Message-
From: Winston Shaw [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 01, 2002 4:30 PM
To: Chan, Ricky; [EMAIL PROTECTED]
Subject: RE: Routing Question [7:50431]


Please be sure that no auto-summary is configured under the Eigrp processes.

Winston



-Original Message-
From: Chan, Ricky [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 01, 2002 3:11 PM
To: [EMAIL PROTECTED]
Subject: Routing Question [7:50431]


Hi all,

I have two 2600 series routers setup with 2 serials connections to each
other for redundancy. It means when one serial connection failed, the other
one still connected. However, I can't get that to work. Below are the
router1 and router2 configuration:

router1 

fa0/0 = ip address 10.10.10.245 255.255.255.0
serial 0/0 = ip address 11.11.11.1 255.255.255.248
serial 0/1 = ip address 12.12.12.1 255.255.255.248

router 2

 
 



Thanks

Ricky




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50451&t=50431
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Routing Question [7:50431]

2002-08-01 Thread Chan, Ricky 

Yes, after I put no auto-summary in the eigrp statment on both routers, plus
I removed the ip route statment. It is working fine now.

Thanks all for help. 

What is no auto-summary does?

Please advice 

Ricky

-Original Message-
From: Winston Shaw [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 01, 2002 4:30 PM
To: Chan, Ricky; [EMAIL PROTECTED]
Subject: RE: Routing Question [7:50431]


Please be sure that no auto-summary is configured under the Eigrp processes.

Winston



-Original Message-
From: Chan, Ricky [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 01, 2002 3:11 PM
To: [EMAIL PROTECTED]
Subject: Routing Question [7:50431]


Hi all,

I have two 2600 series routers setup with 2 serials connections to each
other for redundancy. It means when one serial connection failed, the other
one still connected. However, I can't get that to work. Below are the
router1 and router2 configuration:

router1 

fa0/0 = ip address 10.10.10.245 255.255.255.0
serial 0/0 = ip address 11.11.11.1 255.255.255.248
serial 0/1 = ip address 12.12.12.1 255.255.255.248

router 2

 
 



Thanks

Ricky




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50450&t=50431
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: LANE Information [7:50420]

2002-08-01 Thread Mark W. Odette II 

I'd like a copy of that doc, if you would be so kind... will be some
very interesting reading.

Mark

-Original Message-
From: MADMAN [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, August 01, 2002 3:11 PM
To: [EMAIL PROTECTED]
Subject: Re: LANE Information [7:50420]

I have digitized the doc but I doubt I can send a pdf to the list.  If
interested send me an email

  Dave

MADMAN wrote:
> 
> Ha, straight forward LANE, that's an oxymoron!!
> 
>   Actually I have a internal doc titled "LANE, it ain't rocket
science"
> I got several years ago from a Cisco engineer that is very good, clear
> and consice in a way you won't find on CCO but I don't have it in
> electronic form.
> 
>   Dave
> 
> Neil Borne wrote:
> >
> > Does anyone know where I get can get some "straight forward" LANE
> > information?
> >
> > Thanks,
> >
> > P. Neil Borne, CCDA,CCNP,C-voice and CWNA
> > Systems Integrator III
> >
> > _
> > Send and receive Hotmail on your mobile device:
http://mobile.msn.com
> --
> David Madland
> Sr. Network Engineer
> CCIE# 2016
> Qwest Communications Int. Inc.
> [EMAIL PROTECTED]
> 612-664-3367
> 
> "Emotion should reflect reason not guide it"
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50447&t=50420
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Routing Question [7:50431]

2002-08-01 Thread Winston Shaw 

Please be sure that no auto-summary is configured under the Eigrp processes.

Winston



-Original Message-
From: Chan, Ricky [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 01, 2002 3:11 PM
To: [EMAIL PROTECTED]
Subject: Routing Question [7:50431]


Hi all,

I have two 2600 series routers setup with 2 serials connections to each
other for redundancy. It means when one serial connection failed, the other
one still connected. However, I can't get that to work. Below are the
router1 and router2 configuration:

router1 

fa0/0 = ip address 10.10.10.245 255.255.255.0
serial 0/0 = ip address 11.11.11.1 255.255.255.248
serial 0/1 = ip address 12.12.12.1 255.255.255.248

router 2

 
 



Thanks

Ricky




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50448&t=50431
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: routing question [7:50434]

2002-08-01 Thread Roberts, Larry 

Do a show ip route eigrp on each one and post if you can

I want so see if they are learning all the routes.

Thanks

Larry
 

-Original Message-
From: Chan, Ricky [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, August 01, 2002 3:08 PM
To: 'Roberts, Larry'; [EMAIL PROTECTED]
Subject: RE: routing question [7:50434]


Each machines have the default gateway. 

MachineA ip address 10.10.10.2/24 and gateway 10.10.10.245

MachineB ip address 10.10.100.59/29 and gateway 10.10.100.58

Routers can ping it's and other serial interfaces. However, machines can't
ping across the serial interfaces.

Please advice.

Ricky

-Original Message-
From: Roberts, Larry [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 01, 2002 3:59 PM
To: Chan, Ricky; [EMAIL PROTECTED]
Subject: RE: routing question [7:50434]


Do the machines have a default gateway? Do the remote routers show each
others LAN's in their database ? Can you ping across the serial interfaces ?

Thanks

Larry
 

-Original Message-
From: Chan, Ricky [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, August 01, 2002 2:30 PM
To: [EMAIL PROTECTED]
Subject: routing question [7:50434]


Hi all,

I have a question about routing issue. Let's say I have two routers
interconnected with serial cables. Router1's s0/0 connected to Router2's
s0/0 and Router1's s0/1 connected to Router2's s0/1. It is for redundancy
purpose. MachineA at Router1 would be able to communicate to MachineB at
Router2. However, I won't be successful to nothing that. Do you guys have
any idea? Please advice. Below are the configuration of Router1 and Router2:

Router1

fa0/0 = ip address 10.10.10.245 255.255.255.0
serial 0/0 = ip address 11.11.11.1 255.255.255.0
serial 0/1 = ip address 12.12.12.1 255.255.255.0
router eigrp 100
network 10.0.0.0
network 11.0.0.0
network 12.0.0.0



Router2

fa0/0 = ip address 10.10.100.58 255.255.255.248
serial 0/0 = ip address 11.11.11.2 255.255.255.0
serial 0/1 = ip address 12.12.12.2 255.255.255.0
router eigrp 100
network 10.0.0.0
network 11.0.0.0
network 12.0.0.0

MachineA ip address 10.10.10.2/24
MachineB ip address 10.10.100.58/29

The purpose is able to let MachineA communicate to MachineB through the
routers interconnected with serial links. 


Thanks in advance.

Ricky




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50446&t=50434
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: routing question [7:50434]

2002-08-01 Thread MADMAN 

Machine B has the same address the router2's fa0/0 interface!!!

  Dave

"Chan, Ricky" wrote:
> 
> Hi all,
> 
> I have a question about routing issue. Let's say I have two routers
> interconnected with serial cables. Router1's s0/0 connected to Router2's
> s0/0 and Router1's s0/1 connected to Router2's s0/1. It is for redundancy
> purpose. MachineA at Router1 would be able to communicate to MachineB at
> Router2. However, I won't be successful to nothing that. Do you guys have
> any idea? Please advice. Below are the configuration of Router1 and
Router2:
> 
> Router1
> 
> fa0/0 = ip address 10.10.10.245 255.255.255.0
> serial 0/0 = ip address 11.11.11.1 255.255.255.0
> serial 0/1 = ip address 12.12.12.1 255.255.255.0
> router eigrp 100
> network 10.0.0.0
> network 11.0.0.0
> network 12.0.0.0
> 
> Router2
> 
> fa0/0 = ip address 10.10.100.58 255.255.255.248
> serial 0/0 = ip address 11.11.11.2 255.255.255.0
> serial 0/1 = ip address 12.12.12.2 255.255.255.0
> router eigrp 100
> network 10.0.0.0
> network 11.0.0.0
> network 12.0.0.0
> 
> MachineA ip address 10.10.10.2/24
> MachineB ip address 10.10.100.58/29
> 
> The purpose is able to let MachineA communicate to MachineB through the
> routers interconnected with serial links.
> 
> Thanks in advance.
> 
> Ricky
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50445&t=50434
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: can reach host [7:50422]

2002-08-01 Thread MADMAN 

When you say you can access other hosts that are on the same switch,
are they also on the native VLAN?  If no you need a router if yes check
the default gateway of problem child.

  Dave
GEORGE wrote:
> 
> I having problems pinging a host on a different vlan. However I can
> access other host that are connected to the same switch?? Trunking is
> enable
> What can I look for . the device is on native vlan , while I am on vlan
> 2
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50443&t=50422
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: LANE Information [7:50420]

2002-08-01 Thread MADMAN 

I have digitized the doc but I doubt I can send a pdf to the list.  If
interested send me an email

  Dave

MADMAN wrote:
> 
> Ha, straight forward LANE, that's an oxymoron!!
> 
>   Actually I have a internal doc titled "LANE, it ain't rocket science"
> I got several years ago from a Cisco engineer that is very good, clear
> and consice in a way you won't find on CCO but I don't have it in
> electronic form.
> 
>   Dave
> 
> Neil Borne wrote:
> >
> > Does anyone know where I get can get some "straight forward" LANE
> > information?
> >
> > Thanks,
> >
> > P. Neil Borne, CCDA,CCNP,C-voice and CWNA
> > Systems Integrator III
> >
> > _
> > Send and receive Hotmail on your mobile device: http://mobile.msn.com
> --
> David Madland
> Sr. Network Engineer
> CCIE# 2016
> Qwest Communications Int. Inc.
> [EMAIL PROTECTED]
> 612-664-3367
> 
> "Emotion should reflect reason not guide it"
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50444&t=50420
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: routing question [7:50434]

2002-08-01 Thread Chan, Ricky 

-Original Message-
From: Chan, Ricky 
Sent: Thursday, August 01, 2002 3:30 PM
To: [EMAIL PROTECTED]
Subject: routing question [7:50434]


Hi all,

I have a question about routing issue. Let's say I have two routers
interconnected with serial cables. Router1's s0/0 connected to Router2's
s0/0 and Router1's s0/1 connected to Router2's s0/1. It is for redundancy
purpose. MachineA at Router1 would be able to communicate to MachineB at
Router2. However, I won't be successful to nothing that. Do you guys have
any idea? Please advice. Below are the configuration of Router1 and Router2:

Router1

fa0/0 = ip address 10.10.10.245 255.255.255.0
serial 0/0 = ip address 11.11.11.1 255.255.255.0
serial 0/1 = ip address 12.12.12.1 255.255.255.0
router eigrp 100
network 10.0.0.0
network 11.0.0.0
network 12.0.0.0



Router2

fa0/0 = ip address 10.10.100.58 255.255.255.248
serial 0/0 = ip address 11.11.11.2 255.255.255.0
serial 0/1 = ip address 12.12.12.2 255.255.255.0
router eigrp 100
network 10.0.0.0
network 11.0.0.0
network 12.0.0.0

MachineA ip address 10.10.10.2/24
MachineB ip address 10.10.100.58/29

The purpose is able to let MachineA communicate to MachineB through the
routers interconnected with serial links. 


Thanks in advance.

Ricky




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50442&t=50434
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: routing question [7:50434]

2002-08-01 Thread Chan, Ricky 

Each machines have the default gateway. 

MachineA ip address 10.10.10.2/24 and gateway 10.10.10.245

MachineB ip address 10.10.100.59/29 and gateway 10.10.100.58

Routers can ping it's and other serial interfaces. However, machines can't
ping across the serial interfaces.

Please advice.

Ricky

-Original Message-
From: Roberts, Larry [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 01, 2002 3:59 PM
To: Chan, Ricky; [EMAIL PROTECTED]
Subject: RE: routing question [7:50434]


Do the machines have a default gateway? Do the remote routers show each
others LAN's in their database ? Can you ping across the serial interfaces ?

Thanks

Larry
 

-Original Message-
From: Chan, Ricky [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, August 01, 2002 2:30 PM
To: [EMAIL PROTECTED]
Subject: routing question [7:50434]


Hi all,

I have a question about routing issue. Let's say I have two routers
interconnected with serial cables. Router1's s0/0 connected to Router2's
s0/0 and Router1's s0/1 connected to Router2's s0/1. It is for redundancy
purpose. MachineA at Router1 would be able to communicate to MachineB at
Router2. However, I won't be successful to nothing that. Do you guys have
any idea? Please advice. Below are the configuration of Router1 and Router2:

Router1

fa0/0 = ip address 10.10.10.245 255.255.255.0
serial 0/0 = ip address 11.11.11.1 255.255.255.0
serial 0/1 = ip address 12.12.12.1 255.255.255.0
router eigrp 100
network 10.0.0.0
network 11.0.0.0
network 12.0.0.0



Router2

fa0/0 = ip address 10.10.100.58 255.255.255.248
serial 0/0 = ip address 11.11.11.2 255.255.255.0
serial 0/1 = ip address 12.12.12.2 255.255.255.0
router eigrp 100
network 10.0.0.0
network 11.0.0.0
network 12.0.0.0

MachineA ip address 10.10.10.2/24
MachineB ip address 10.10.100.58/29

The purpose is able to let MachineA communicate to MachineB through the
routers interconnected with serial links. 


Thanks in advance.

Ricky




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50441&t=50434
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: routing question [7:50434]

2002-08-01 Thread Roberts, Larry 

Do the machines have a default gateway? Do the remote routers show each
others LAN's in their database ? Can you ping across the serial interfaces ?

Thanks

Larry
 

-Original Message-
From: Chan, Ricky [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, August 01, 2002 2:30 PM
To: [EMAIL PROTECTED]
Subject: routing question [7:50434]


Hi all,

I have a question about routing issue. Let's say I have two routers
interconnected with serial cables. Router1's s0/0 connected to Router2's
s0/0 and Router1's s0/1 connected to Router2's s0/1. It is for redundancy
purpose. MachineA at Router1 would be able to communicate to MachineB at
Router2. However, I won't be successful to nothing that. Do you guys have
any idea? Please advice. Below are the configuration of Router1 and Router2:

Router1

fa0/0 = ip address 10.10.10.245 255.255.255.0
serial 0/0 = ip address 11.11.11.1 255.255.255.0
serial 0/1 = ip address 12.12.12.1 255.255.255.0
router eigrp 100
network 10.0.0.0
network 11.0.0.0
network 12.0.0.0



Router2

fa0/0 = ip address 10.10.100.58 255.255.255.248
serial 0/0 = ip address 11.11.11.2 255.255.255.0
serial 0/1 = ip address 12.12.12.2 255.255.255.0
router eigrp 100
network 10.0.0.0
network 11.0.0.0
network 12.0.0.0

MachineA ip address 10.10.10.2/24
MachineB ip address 10.10.100.58/29

The purpose is able to let MachineA communicate to MachineB through the
routers interconnected with serial links. 


Thanks in advance.

Ricky




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50440&t=50434
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN not connecting [7:50144]

2002-08-01 Thread Priscilla Oppenheimer 

Lidiya White wrote:
> 
> Capture debugs on both ends at the same time. Should be more
> helpful.
> Make sure both ends have "isakmp identify address"...
> 
> -- Lidiya White

Sounds like a good idea. So Mike, what was the problem? It sure would help
those of learning IPSec to hear how you resolved the issue. Thanks.

Priscilla


> 
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On
> Behalf Of
> [EMAIL PROTECTED]
> Sent: Tuesday, July 30, 2002 4:05 PM
> To: [EMAIL PROTECTED]
> Subject: RE: VPN not connecting [7:50144]
> 
> The ACLs are mirrors of each other and the transform sets
> match
> Very
> frustrating  
> 
> -Original Message-
> From: Silju Pillai [mailto:[EMAIL PROTECTED]] 
> Sent: Tuesday, July 30, 2002 2:29 PM
> To: [EMAIL PROTECTED]
> Subject: RE: VPN not connecting [7:50144]
> 
> 
> Hi,
> 
>   Pls check the interesting traffic configured 
> (access list) configured at both ends. Your transform set
> parameters
> too. It
> should be same.
> 
> As you are receiving IKMP_no_error your isakmp policies are
> working
> fine. 
> 
> regards
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50439&t=50144
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cat2950 VLAN 1 ip address...can't connect [7:50331]

2002-08-01 Thread Priscilla Oppenheimer 

Turpin, Mark wrote:
> 
> I'm referring to trunks, sorry.

There were some vulnerabilities related to this, but actually the fix was to
make sure the native VLAN wasn't trunked, if I understand it correctly
Although the vulnerabilities caused a big stir, they were hard to exploit.
They required physical access to the switch, a Sniffer, and traffic
generation capabilities. Also, Cisco may have made some changes to avoid the
problem after it got reported. But here's the info from SANS:

http://www.sans.org/newlook/resources/IDFAQ/vlan.htm

Priscilla


> 
> -Original Message-
> From: MADMAN [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 01, 2002 12:14 PM
> To: Turpin, Mark
> Cc: [EMAIL PROTECTED]
> Subject: Re: Cat2950 VLAN 1 ip address...can't connect [7:50331]
> 
> 
> 
>   Not sure what you mean.  Your not changing the default VLAN,
> VLAN 1
> will remain, can't delete it, (not talking about trunks).  I
> know of no
> problems arising when using a VLAN other than 1 for inband
> connectivity.
> 
>   Dave
> 
> 
>  "The information transmitted is intended only for the person
> or entity to
> which it is addressed and may contain confidential and/or
> privileged
> material. Any review, retransmission, dissemination or other
> use of, or
> taking of any action in reliance upon, this information by
> persons or
> entities other than the intended recipient is prohibited. If
> you received
> this in error, please contact the sender and delete the
> material from all
> computers."
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50436&t=50331
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: routing question [7:50434]

2002-08-01 Thread Chris Charlebois 

You are saying that this configuration doesn't work?  Nothing seems amiss. 
Are you sure the interfaces are up and working?  Clockrate and all.  Are the
routes not getting in the routing table?  A show ip route would help.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50438&t=50434
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: routing question [7:50434]

2002-08-01 Thread Johnny Routin 

Your machine B address is the same as your Router 2 f0/0 address. Give it a
valid address in that subnet and you should get better results.

--
Johnny Routin




""Chan, Ricky""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi all,
>
> I have a question about routing issue. Let's say I have two routers
> interconnected with serial cables. Router1's s0/0 connected to Router2's
> s0/0 and Router1's s0/1 connected to Router2's s0/1. It is for redundancy
> purpose. MachineA at Router1 would be able to communicate to MachineB at
> Router2. However, I won't be successful to nothing that. Do you guys have
> any idea? Please advice. Below are the configuration of Router1 and
Router2:
>
> Router1
>
> fa0/0 = ip address 10.10.10.245 255.255.255.0
> serial 0/0 = ip address 11.11.11.1 255.255.255.0
> serial 0/1 = ip address 12.12.12.1 255.255.255.0
> router eigrp 100
> network 10.0.0.0
> network 11.0.0.0
> network 12.0.0.0
>
>
>
> Router2
>
> fa0/0 = ip address 10.10.100.58 255.255.255.248
> serial 0/0 = ip address 11.11.11.2 255.255.255.0
> serial 0/1 = ip address 12.12.12.2 255.255.255.0
> router eigrp 100
> network 10.0.0.0
> network 11.0.0.0
> network 12.0.0.0
>
> MachineA ip address 10.10.10.2/24
> MachineB ip address 10.10.100.58/29
>
> The purpose is able to let MachineA communicate to MachineB through the
> routers interconnected with serial links.
>
>
> Thanks in advance.
>
> Ricky




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50437&t=50434
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: can reach host [7:50422]

2002-08-01 Thread Walker, James - Is 

What are the source and destination IP addresses?

Are they on the same vlan?



-Original Message-
From: GEORGE [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 01, 2002 2:30 PM
To: [EMAIL PROTECTED]
Subject: can reach host [7:50422]


I having problems pinging a host on a different vlan. However I can
access other host that are connected to the same switch?? Trunking is
enable
What can I look for . the device is on native vlan , while I am on vlan
2




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50435&t=50422
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

routing question [7:50434]

2002-08-01 Thread Chan, Ricky 

Hi all,

I have a question about routing issue. Let's say I have two routers
interconnected with serial cables. Router1's s0/0 connected to Router2's
s0/0 and Router1's s0/1 connected to Router2's s0/1. It is for redundancy
purpose. MachineA at Router1 would be able to communicate to MachineB at
Router2. However, I won't be successful to nothing that. Do you guys have
any idea? Please advice. Below are the configuration of Router1 and Router2:

Router1

fa0/0 = ip address 10.10.10.245 255.255.255.0
serial 0/0 = ip address 11.11.11.1 255.255.255.0
serial 0/1 = ip address 12.12.12.1 255.255.255.0
router eigrp 100
network 10.0.0.0
network 11.0.0.0
network 12.0.0.0



Router2

fa0/0 = ip address 10.10.100.58 255.255.255.248
serial 0/0 = ip address 11.11.11.2 255.255.255.0
serial 0/1 = ip address 12.12.12.2 255.255.255.0
router eigrp 100
network 10.0.0.0
network 11.0.0.0
network 12.0.0.0

MachineA ip address 10.10.10.2/24
MachineB ip address 10.10.100.58/29

The purpose is able to let MachineA communicate to MachineB through the
routers interconnected with serial links. 


Thanks in advance.

Ricky




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50434&t=50434
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: LANE Information [7:50420]

2002-08-01 Thread MADMAN 

Ha, straight forward LANE, that's an oxymoron!!

  Actually I have a internal doc titled "LANE, it ain't rocket science"
I got several years ago from a Cisco engineer that is very good, clear
and consice in a way you won't find on CCO but I don't have it in
electronic form.

  Dave

Neil Borne wrote:
> 
> Does anyone know where I get can get some "straight forward" LANE
> information?
> 
> Thanks,
> 
> P. Neil Borne, CCDA,CCNP,C-voice and CWNA
> Systems Integrator III
> 
> _
> Send and receive Hotmail on your mobile device: http://mobile.msn.com
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50433&t=50420
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: Cheap IP Serial Console Switch? [7:50432]

2002-08-01 Thread McAllister Paul 

What's a *cheap* source or brand for a 6+ port serial console switch (db9 or
rj45) with a 10bT telnet interface?

I don't have 1000 bucks to spend.  I could get a 486 with some serial cards
if there really isnt anything out there.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50432&t=50432
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Caveat for 12.1.11 "ip address dhcp" command? [7:50415]

2002-08-01 Thread James Willard 

Mark,

I seem to recall from a document on CCO that Cisco's "T" releases were
on a separate release track than the release of the non-T releases of
the same version. In other words, 12.1 and 12.1T are parallel releases
that do not cross over. It's not until the next minor version (in this
case 12.2) where the previous version's T's are integrated into the
mainline IOS. Therefore any 12.2T's will become a part of 12.3 mainline
IOS. At least, that's my understanding of it all.

To get the "ip address dhcp" command, upgrade to a 12.2 IOS. I am using
12.2 on a 1605 at my house with a cable modem and DHCP address.

James Willard
[EMAIL PROTECTED]


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Mark Yanalitis
Sent: Thursday, August 01, 2002 2:19 PM
To: [EMAIL PROTECTED]
Subject: Caveat for 12.1.11 "ip address dhcp" command? [7:50415]


I am putting a 2514 16f/16d behind an Ericcson cable modem. image
c2500-jos65i-L121.11-bin  Enterprise IP/FW plus 56des

When I issue the "ip address dhcp" command in (config-if)# 
for eth0 or eht1, I get a "^ error".  when I access help 
and issue "ip address ?"  I see no DHCP option.  

What gives?  This command was first added to IOS in 12.1(2)T.
I should have this command in 12.1(11).  Any ideas why it is not there?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50429&t=50415
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Routing Question [7:50431]

2002-08-01 Thread Chan, Ricky 

Hi all,

I have two 2600 series routers setup with 2 serials connections to each
other for redundancy. It means when one serial connection failed, the other
one still connected. However, I can't get that to work. Below are the
router1 and router2 configuration:

router1 

fa0/0 = ip address 10.10.10.245 255.255.255.0
serial 0/0 = ip address 11.11.11.1 255.255.255.248
serial 0/1 = ip address 12.12.12.1 255.255.255.248

router 2

 
 



Thanks

Ricky




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50431&t=50431
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco 1000TX GBICs [7:50316]

2002-08-01 Thread Jeffrey Reed 

I'm not sure if Cisco makes their own GBICs. The LX ones that came from
Cisco with our 6509's are from IBM.

Jeff


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Hartnell, George
Sent: Thursday, August 01, 2002 1:06 PM
To: [EMAIL PROTECTED]
Subject: RE: Cisco 1000TX GBICs [7:50316]

>"and have nothing good to say about them."

What "sweet nothings" would those be?

On another, but similar, note, what 3d party GBICs for 1000LX single mode
are out there for the Cat 3548 switches?  And, are there any "sweet
nothings" about using those in a Cisco platform?

Very best, G.


> -Original Message-
> From: Ken Diliberto [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 31, 2002 2:55 PM
> To: [EMAIL PROTECTED]
> Subject: Cisco 1000TX GBICs [7:50316]
>
>
> Anyone have experience with the 1000TX GBICs from Cisco?  We have used
> the stacking GBICs and have nothing good to say about them.  The TX
> GBICs are over $100 less (retail).
>
> Ken
Confidential e-mail for addressee only.  Access to this e-mail by anyone
else is unauthorized.  If you have received this message in error, please
notify the sender immediately by reply e-mail and destroy the original
communication. 2




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50430&t=50316
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Policy Based Routing [7:50412]

2002-08-01 Thread MADMAN 

No, the match statement is a standard or extended IP access-list.

http://www.cisco.com/warp/partner/synchronicd/cc/pd/iosw/tech/plicy_wp.htm#xtocid8

  Dave

Jay Greenberg wrote:
> 
> Is it possible to policy-route on the source mac address of the Ethernet
> frame?
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50428&t=50412
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Summarizing External LSAs at the ABR [7:50395]

2002-08-01 Thread Peter van Oene 

Hi Jay,

Not only would doing so violate the spec and potentially cause interop 
issues with other implementations, it would also likely be tough to 
implement.  The LSA's that can be summarized are all LSA's that the router 
itself generates.  I imagine it is quite easy to apply some logic within 
the generation process that allows the ABR to make some LSA population 
decisions for type 3's and 5's (in the NSSA ABR role) as it generates 
them.  Creating hooks into the type 5 flooding process for complete 
regeneration of the LSA would be a challenge, plus would lead to other 
nastiness in multivendor environments.

my .02

pete


At 03:57 PM 8/1/2002 +, Jay Greenberg wrote:
>How can you summarize external LSAs when the LSAs come from different
>ASBRs?
>
>
>summary?-ABR--ASBR-external-lsa
>  area 0\area 1
> \
>  \ASBR-external-lsa
>
>area-range (on the ABR) doesn't summarize type 5 lsa's, and you can only
>use summary-address on ASBRs.
>
>If there are any Cisco employees on the list - if this functionality has
>not been developed, could it?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50427&t=50395
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Anyone took EVODD (9E0-411)? [7:50340]

2002-08-01 Thread Chris Charlebois 

I have a co-worker who has taken and past this exam, both the old online
version and the proctored one.  If I remember correctly (He's not in the
office today), the online version was a cake walk, one small step above a
sales exam.  The proctored one, however, scared him.  He was expected
somthing easy, and it wasn't.  He barely passed.  He said the best prep in
his opinion would be the study material for CCDA, with an emphasis on voice
technologies.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50426&t=50340
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Anyone took EVODD (9E0-411)? [7:50340]

2002-08-01 Thread Mark W. Odette II 

I don't know how "easy" the exam is, as I've not taken it.

What I have heard though is that it was/may still be an open-book test.

Also, the study material for it is apparently web-based, as there isn't
anything in hard-copy...  at least that is what I've been told- have not
been able to confirm for sure.

Maybe someone else will have a more definitive answer.  At least I hope
so.

Mark

-Original Message-
From: blitzlight [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, August 01, 2002 9:40 AM
To: [EMAIL PROTECTED]
Subject: Anyone took EVODD (9E0-411)? [7:50340]

Hi all,

I've completed DQoS (a badly written exam) and would like to move on to
IPT
Design Specialist.

I've been searching high and low for the study guide or other self-study
material, but couldn't find it.
CCO doesn't help either. Whenever I do keyword search based on exam
topics,
CCO search results only points me back to the Exam Description/Topics
Page.

I wrote to Boson asking whether or not they have it, they replied that
they
have no author for this exam.

Anyone took EVODD 9e0-411 exam yet? What did you use for study &
preparation? PEC?
I can't afford to go for the full-blown training. 
Some suggest that this exam is an easy one ... a walk in the park ... is
this true?

Regards




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50387&t=50340
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSPF External Summarization Problem [7:50260]

2002-08-01 Thread Peter van Oene 

Type 5 LSA's flood ospf domain wide and are not processed by ABR's.  The 
only opportunity to summarize or otherwise modify them is at the point of 
injection into the OSPF domain (which by definition occurs on an ASBR)  The 
only small exception to this is for type 7 to type 5 conversions which can 
be summarized or filtered by the NSSA ABR that performs the translation 
from 7 to 5.


At 03:39 PM 8/1/2002 +, Jason Greenberg wrote:
>No, I just tested this and summary-address on the ABR did not summarize
>the external LSAs, because the redistribution did not occur on the ABR.
>
>On Thu, 2002-08-01 at 10:10, Mark Turpin wrote:
> > I'm just going to assume you're running standard areas everywhere.
> >
> > While it is supposedly possible to summarize on the ABR with
> > summary-address,
> > I prefer to use summary-address on the ASBR that is doing the
> > redistribution.
> >
> > area range is used for summarizing that area's networks into the backbone
> > area as such:
> > area4_abr(config-router)#area 0 range 192.168.0.0 255.255.255.0
> > (summarizes from area4 into area0)
> >
> > foo_abr(config-router)#area foo range 192.168.0.0 255.255.255.0
> > will summarize 192.168.0.0/24 into area 'foo'
> >
> > hth,
> > -Mark
> >
> > ""Jay Greenberg""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Hello group,
> > >
> > > I seem to have a problem with OSPF external LSA summarization.  I have
> > > an Ethernet segment in area 4.  There are 2 ASBRs (RAS Gear), and 1 ABR
> > > (the router connected to my backbone).   Suppose for now, that ASBR1 is
> > > injecting 192.168.0.1/32 into OSPF as an E2 LSA, and ASBR2 is injecting
> > > 192.168.0.128/25 into OSPF as an E2 LSA.  I would like the other areas
> > > to just understand that 192.168.0.0/24 is reachable via the area 4 ABR,
> > > however,  #area 4 range 192.168.0.0 255.255.255.0 will not work,
because
> > > it will not summarize external routes, and I cannot use summary-address
> > > (or can I?) on the ABR, because it is only supposed to be used by
> > > ASBRs.
> > >
> > > My question is: How can I get the ABR to summarise the /24?
> > >
> > > Jay Greenberg
>--
>Jason Greenberg, CCNP
>Network Administrator
>Execulink, Inc.
>[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50425&t=50260
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: can reach host [7:50422]

2002-08-01 Thread Chris Charlebois 

To access one VLAN from another, you need to use a router.  Even if both
VLANS are on the same switch, without a layer 3 device (a router), you will
not be able to access one from the other.  Also, the router needs to be
either trunked to the switch or have multiple connections to the switch (or
intergrated in the case of a layer3 switch).

If you'd like to explain further, I'd be happy to entertain questions.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50424&t=50422
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE Recertification [7:50372]

2002-08-01 Thread Peter van Oene 

one of various recert, written exams.

At 01:44 PM 8/1/2002 +, Reza wrote:
>Hello Group,
>I know that CCIE,s have to recertify every 2 years. For recertification do
>you have to take the Lab or the Written?
>
>Thanks
>Reza




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50423&t=50372
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

can reach host [7:50422]

2002-08-01 Thread GEORGE 

I having problems pinging a host on a different vlan. However I can
access other host that are connected to the same switch?? Trunking is
enable
What can I look for . the device is on native vlan , while I am on vlan
2




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50422&t=50422
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Got problem installing CallManager 3.1 on IBM x330 [7:50401]

2002-08-01 Thread Chris Charlebois 

First of all, what revision are you trying to install?  Second, are you
attempting to install from CD or from a file?  If you are using a CD, are
you trying to boot from it?

As I understand it, the CallManager installation itself should work fine
(post 3.1.0), but you will run into problems trying to use the Spirion
install (that's the cds that are bootable) on non-Cisco blessed hardware.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50421&t=50401
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

LANE Information [7:50420]

2002-08-01 Thread Neil Borne 

Does anyone know where I get can get some "straight forward" LANE 
information?

Thanks,


P. Neil Borne, CCDA,CCNP,C-voice and CWNA
Systems Integrator III


_
Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50420&t=50420
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: switch command [7:50413]

2002-08-01 Thread Chris Charlebois 

Switches don't give a fig about ip addresses and don't store them in any
tables.  Your sho arp command will only show ip addresses that the
management interface has accessed; i.e. pc's from which you have telneted to
the switch, hosts you have pinged from the switch CLI, etc.  All the switch
cares about is MAC addresses and VLANS.  It's a layer 2 device, so it
doesn't care about layer 3 addresses.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50419&t=50413
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

6506 [7:50418]

2002-08-01 Thread Frank Dagenhardt 

Hi All,

I was wondering if anyone had run into any problems when using a sup2 and
the new 6148 board. Cisco says that we should be using 7.2.2, but we cannot
get the sup to take it.

Any help would be appreciated.

Thank you,

Frank W. Dagenhardt




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50418&t=50418
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

  1   2   >