RE: NSSA and related design questions [7:50608]
In relation to your last paragraph, once you add the line redistribute, that router is classed as an asbr.. so the answer is no. HTH, Mark -Original Message- From: bergenpeak [mailto:[EMAIL PROTECTED]] Sent: Sunday, 4 August 2002 07:28 To: [EMAIL PROTECTED] Subject: NSSA and related design questions [7:50608] I'd like to setup a group of routers to be in an OSPF sub-area. The sub-area will connect to the backbone via one or two ABRs. All other routers in the sub-area will be ASBRs. The ABRs will not be ASBRs. From a design perspective, I want to put these routers into a sub-area so that I can limit the amount of routing information they need to be aware of. Further, I'd like to limit what information the backbone routers see regarding these ASBRs. Stub and Totally Stubby areas are not an option since the sub- areas contains ASBRs. Configuring the sub-area as an NSSA would help limit the number of routes in the sub-area (via the ABR nssa no-summary command) as the sub-area will have just a default, intra-area, and type 7 routes from the redist process. This is good. When the ABR gets the Type 7 LSAs from the ASBRs, it will translate them into type 5s and flood them throughout the backbone. While it appears that the backbone routers don't see the ASBRs (via type 4 LSAs from the ABR), I'd like to determine if it's possible to configure the ABR to take the type 7s and include these routes instead in the ABR's type 3 LSA? This would prevent the backbone routers from seeing the type 5s. Is this possible? Or, is it possible to perform redist from RIP into OSPF, but to configure this router to put the routes learned via RIP into it's type 1 LSA (ie do a redist but prevent the router from being an ASBR) Thanks for any info. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50620t=50608 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
two ABRs for a sub-area and partitioning [7:50621]
Suppose I have two ABRs that are supporting the same sub-area. The ABRs are not directly connected, but can reach each other through links inside the sub-area. Suppose a link fails causing the two ABRs to not have connectivity through the sub-area. The sub-area is therefore partitioned. Suppose the ABRs are not doing route summarization. Will this cause a problem from the backbone perspective? Will this cause a problem for traffic which needs to flow from one side of the sub-area to the other part of the sub-area? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50621t=50621 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ACS PIX [7:50589]
need for more info Magdy Mohannad Khuffash wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear all, Why not the usage time in the user property not increased when I pass through the PIX which get Authentication Authorization and send accounting to ACS? Not like the dialup access? The version of ACS is 3.0 and I have PIX 515. Thanks for your response. -- Mohannad N. Khuffash Network Administrator Palestine Telecommunication Company Tel: 00972-02-2982330 Fax:00972-02-2980235 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50622t=50589 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP new version!!! [7:50623]
Dear All, I just want to get more info about what is new in CCNP Version3 and Is there any new materials for thsi version?? Please advise me Best regards,,, Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50623t=50623 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Routing Protocol PIX Firewall ? [7:50625]
Hi Friends, I am planning to deploy a network in the following manner. R1 --- PIX INSIDEPIX OUTSIDE -- INTERNET ROUTER | PIX DMZ | | R2 R1 ( FOR LEASE LINE AND DDR FOR LEASE LINE) R2 ( FOR DIAL UP CUSTOMERS) For security reasons i am planning to have the dialup customers on one router(R2) and Lease line customers on other router (R1). Infact i wanted a routing protocol to be enabled on the network. Since one router is inside the DMZ zone and another router inside interface I am not sure will the routing updates will be passed through the PIX firwall. Another question , as per the above network if i use a RADIUS server for the dial in authentication and if i place the server in the inside segment (PIX) will the authentication/ accounting ports(1645 and 1646) will passed through the PIX firewall. Request your expert comments and sugesstion the above design. Thanks in Advance. Regards...Anil __ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50625t=50625 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ACS2.6 on w2k server with bugs!!! [7:50624]
Hi all, I have ACS2.6 server runs on W2k server used to authenticate my dialup users when they connect to the internet.. few days ago, it started a strange behaves which are: 1- When I tried to modify or editing an existing user to make some changes on his privileges. when I clicked on that user it gives me the add new user window with NEW USER statement ... that user already exist in the ACS user database... 2- some usernames the ACS refused to add them, I do not know why... unless I change it to an other username 3- most times when a user disconnected, and after a while 10 min or more when this user trys to reconnect again the ACS does not allow him to reconnect unless I purge all the users and they connect again and the Access server where the user connected still show me that the user still logging to the server??? Please is there any solution to fix this problem?? and if I upgrade to ACS3.0 these problems will fixes or those bugs still exist. I need your advices ASAP. Best regards,,, Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50624t=50624 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
HSRP OSPF [7:50626]
Hi all, I know that I asked this question in the past, but I still have some problem with this issue. What I am trying to do is as follows: Site A| Site B __802.1q _ |_ | _ _|_ | SW-L3 |--| SW - L2 | | | SW - L3 |-| SW - L2| ||--|_| | ||-|_| // | // // | / / // | Vlan2//Vlan3 / Vlan3 / / / Vlan 2 // / / / / / / _/__/ /__/ | || | |Host A | | Host B | |__| |___| The L-3 at site A and B holds two HSRP IP addresses for each Vlan, Vlan 2 Vlan 3. Host A B don't hold a static default gateway configuration, they are running an OSPF process and should learn their default gateway IP address via OSPF advertisements. The question is, how can I advertise an HSRP IP address via OSPF routing protocol. I have been trying to achieve it by using the default-information originate always but the default gateway which the hosts gets is the real IP address of the interface. Help will be most appreciated. Cheers, Gil ** The contents of this email and any attachments are confidential. It is intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately and do not disclose the contents to any one or make copies. ** eSafe scanned this email for viruses, vandals and malicious content ** ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50626t=50626 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DRAM for 2500 series [7:50572]
Thanks for each of your responses. JackJack Lane wrote: I don't care about a SmartNet contract. Will a standard, fast-page with parity SIMM chip work with a 2500 series router? Am I asking for trouble if I don't get a for Cisco 2500 series ram? I found this chip for $6: 16 MB SIMM FAST PAGE with PARITY (4X36) 72 PIN Thanks, Jack Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50627t=50572 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP OSPF [7:50626]
Your hosts use HSRP, to set the HOST ip default to the HSRP virtual Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50628t=50626 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF, /31s on FE/GE, and ip ospf network point-to-point [7:50630]
In a network where FE/GE are used as direct connects between routers (with a /30 mask), is there any issue from a network or OSPF perspective if - one numbers these links with a /31 network in order to save two IPs per link. - one uses the ip ospf network point-to-point command remove the need for the DR router to generate a corresponding type 2 LSA? Can anyone think of any issues this might cause? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50630t=50630 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ACS PIX [7:50631]
Thanks for your response. I mean when i get authenticated through PIX to out side , where PIX configured to send AAA to ACS 3.0, the Current Usage remian zero either the time or the number of sessions, as follow : Current Usage Day Week Month Absolute Online time 00:00 00:00 00:00 00:00 Sessions 0 0 0 0 where i want to limit the access to outside Interntet to a limited time quota . I hope it's clear now ? Thanks in advance -- Mohannad N. Khuffash Network Administrator Palestine Telecommunication Company Tel: 00972-02-2982330 Fax:00972-02-2980235 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50631t=50631 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ACS2.6 on w2k server with bugs!!! [7:50624]
Dear Magdy, I don't think the upgrade to ACS 3.0 will solve the problem since i'm using version 3.0 of ACS but have the same problem you have problem no. 1 plz any one have comment for that ? Thanks Magdy H. Ibrahim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, I have ACS2.6 server runs on W2k server used to authenticate my dialup users when they connect to the internet.. few days ago, it started a strange behaves which are: 1- When I tried to modify or editing an existing user to make some changes on his privileges. when I clicked on that user it gives me the add new user window with NEW USER statement ... that user already exist in the ACS user database... 2- some usernames the ACS refused to add them, I do not know why... unless I change it to an other username 3- most times when a user disconnected, and after a while 10 min or more when this user trys to reconnect again the ACS does not allow him to reconnect unless I purge all the users and they connect again and the Access server where the user connected still show me that the user still logging to the server??? Please is there any solution to fix this problem?? and if I upgrade to ACS3.0 these problems will fixes or those bugs still exist. I need your advices ASAP. Best regards,,, Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50632t=50624 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF GRE tunnel to connect areas. [7:50633]
Timothy, I don't think you will be able to form a neighbor relationship through the tunnel with that configuration. What I would do is put the tunnel interface on both sides in the same network rather than using unnumbered. Also, you would need to add the tunnel network into the OSPF process in order to form an adjacency and pass routes. Royce - Original Message - From: Timothy Ouellette To: ; Sent: Saturday, August 03, 2002 3:36 AM Subject: OSPF GRE tunnel to connect areas. Hey team, Just playing around with OSPF and GRE tunnels and having no luck. Can anyone help? Router1's s1 interface is in area 12 as is router2's s0. Between R2 and R5 is area 51 (network 151.1.222.0/24). As you can see in order for area 12 to communicate with the rest of the ospf network it needs a virtual link beween r2 and r5. I did that and it worked. What i'm trying to do now is a GRE tunnel between r2 and r5. The tunnel is up but r1 never sees the routers that it did when the virtual-link was up. The tunnel interfaces show up can I ping the loopback on r5 from r2 and vice verase but r1 sees no ospf routes. R1--area12--R2area51--R5--area0 (150.1.2.2) (151.1.5.5) Below are the configs. Feel free to email me directly with my blunder if you so desire. r2's config - nterface Loopback0 ip address 150.1.2.2 255.255.255.0 ! interface Tunnel1 ip unnumbered Loopback0 tunnel source Loopback0 tunnel destination 150.1.5.5 ! interface Ethernet0 ip address 150.1.222.2 255.255.255.0 ! interface Serial0 ip address 150.1.12.2 255.255.255.0 clockrate 64000 ! router ospf 1 router-id 150.1.222.2 log-adjacency-changes network 150.1.12.2 0.0.0.0 area 12 network 150.1.222.2 0.0.0.0 area 51 ! ip classless ip route 150.1.5.5 255.255.255.255 Ethernet0 r5's config interface Loopback0 ip address 150.1.5.5 255.255.255.0 ! interface Tunnel0 ip unnumbered Loopback0 tunnel source Loopback0 tunnel destination 150.1.2.2 ! interface Ethernet0 ip address 150.1.222.5 255.255.255.0 ! ! router ospf 1 router-id 150.1.111.5 log-adjacency-changes network 150.1.111.5 0.0.0.0 area 0 network 150.1.222.5 0.0.0.0 area 51 ! ip classless ip route 150.1.2.2 255.255.255.255 Ethernet0 _ Commercial lab list: http://www.groupstudy.com/list/commercial.html Please discuss commercial lab solutions on this list. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50633t=50633 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco Instructor [7:50634]
Looking for a CCNP level instructor in the Des Moines Area. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50634t=50634 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Xyplex 1600 as Terminal server For my Routers [7:14504]
My XYPLEX MAXserver 1600 Terminal Server config notes. This is alot of peices I have pulled together to get my Maxserver 1600 (16port) working for my CCIE LAB rack. Since the Terminal server is not part of the lab I need to spend my money on thing like ISDN hardware. I was not able to find any instruction that let me put this config behind me quickly. Since we need to focus our time working on CCIE lab task (not the mysteries of Xplex Terminal server configs). I have put thess instruction/notes together. resources: http://www.gno.org/~gdr/xyplex/ http://www.pimpworks.org/xyplex/ My system information getting started: 1)reset ---all light on 2)reset - hold-- until rotating lights stop and 15,16 go solid 3)hit return on console (after 20 seconds) type access(blind input) at greeting hit return. Terminal Server Configuration/Maintenance Menu 1. Display unit configuration 2. Modify unit configuration 3. Initialize server and port parameters 4. Revert to stored configuration S. Exit saving configuration changes X. Exit without saving configuration changes Enter menu selection [X]: 1 Stored Configuration New Configuration Parameter load method: NVS NVS Image load method: DTFTP BOOTP RARPDTFTP BOOTP RARP Dump method: BOOTP RARP BOOTP RARP XMOP/MOP filename: N/A N/A Default unit IP addr:192.168.123.6 192.168.123.6 DTFTP host IP addr: 192.168.123.15 192.168.123.15 DTFTP gateway IP addr: 192.168.123.1 192.168.123.1 DTFTP filename: mx1500.sys mx1500.sys Load status messages:Enabled Enabled Network interface: Automatic Selection Automatic Selection Memory size expected:4 Megabytes 4 Megabytes (Found 4 Megabytes) XYPLEX instructiuons ---basic boot config--- Setting An MX-1600, MX-1608 or MX-1450 To Factory Defaults Straighten a paper clip and press into the pin-size hole next to console LED on the front panel of the unit. All LEDs on the front of the unit will light up. Press the paper clip in again and hold it in for 3-5 seconds. The LEDs will light up in a sweeping fashion from right to left, then left to right. When this sweeping stops, there will be 2 or 3 LEDS to the right lit, at this point release the paper clip. The LEDs will light up in a countdown pattern to 1 (diagnostic test pattern). Then they will all go out and the RUN light will be flashing very fast. You should have a terminal attached to one of the serial ports on the back of the unit. Press the ENTER key several times for the port to autobaud. You will see a text display similar to this: Terminal Server, Type 97, Rev G.00.00 Ethernet address 08-00-87-05-A1-16, port 2 Configuration in progress. Please wait Type the password access (there is no password prompt and it will not display the characters you type) and then press ENTER on your keyboard. The menu below will display. Please select the menu options and answer the questions as detailed below to default your unit. To Default The Server Load/Dump Parameters: Welcome to the Configuration Menu. Terminal Server Configuration/Maintenance Menu 1. Display unit configuration 2. Modify unit configuration 3. Initialize server and port parameters 4. Revert to stored configuration S. Exit saving configuration changes X. Exit without saving configuration changes Enter menu selection [X]: 2 -[see my setup above for tftp no flash example]-- Initialize configuration to defaults (Y,N) [N]? Y Press ENTER on your keyboard at this time... To Default The Server Port Parameters: Terminal Server Configuration/Maintenance Menu 1. Display unit configuration 2. Modify unit configuration 3. Initialize server and port parameters 4. Revert to stored configuration S. Exit saving configuration changes X. Exit without saving configuration changes Enter menu selection [X]: 3 When the software has been loaded, should default server and port parameters be used (Y,N) [N]? Y Save Configuration Changes And Reboot The Server: Terminal Server Configuration/Maintenance Menu 1. Display unit configuration 2. Modify unit configuration 3. Initialize server and port parameters 4. Revert to stored configuration S. Exit saving configuration changes X. Exit without saving configuration changes Enter menu selection [X]: S Save changes and exit (Y,N) [Y]? Y The access server will now reboot using factory settings. -main command line menu-- #1 (enter) ones in this caes(password)is blindly typed Xyplex set privalege
RE: HSRP OSPF [7:50626]
Gil Shulman wrote: Hi all, I know that I asked this question in the past, but I still have some problem with this issue. What I am trying to do is as follows: Site A| Site B __802.1q _ |_ | _ _|_ | SW-L3 |--| SW - L2 | | | SW - L3 |-| SW - L2| ||--|_| | ||-|_| // | / / // | / / // | Vlan2//Vlan3 / Vlan3 / / / Vlan 2 // / / / / / / _/__/ /__/ | || | |Host A | | Host B | |__| |___| The L-3 at site A and B holds two HSRP IP addresses for each Vlan, Vlan 2 Vlan 3. Host A B don't hold a static default gateway configuration, they are running an OSPF process and should learn their default gateway IP address via OSPF advertisements. Is it custom software or something? What ARE Host A and Host B? In general, IP hosts don't learn the default gateway from a routing protocol. AppleTalk and DECnet work that way. And a Novell IPX host learns about a router from the GetNearestServer interaction. But IP generally doesn't work that way. Instead, you manually configure a default gateway (or let the host learn it via DHCP). This has the obvious disadvantage that the default gateway could go down. That's why HSRP was invented. HSRP deals with the first hop workstation-to-router connection, in the control plane. OSPF and routing protocols deal with router-to-router paths in the management plane. A host can also learn about other routers through ICMP redirects. On a PC, you can isuse a route print command to verify whether a host has learned more than one way out, i.e. more than one workstation-to-router connection. Another alternative for IP workstation-to-router communication is the Router Discovery Protocol (RDP). RFC 1256 specifies the RDP extension to ICMP. With RDP, each router periodically multicasts an ICMP router advertisement packet from each of its interfaces, announcing the IP address of that interface. Workstations discover the addresses of their local routers simply by listening for advertisements, in a similar fashion to the method AppleTalk workstations use to discover the address of a router. When a workstation starts up, it can multicast an ICMP router solicitation packet to ask for immediate advertisements, rather than wait for the next periodic advertisement to arrive. Now, you may have a custom operating system or custom software that doesn't behave in the normal IP way, in which case, you need to tell us more about your situation. The question is, how can I advertise an HSRP IP address via OSPF routing protocol. I have been trying to achieve it by using the default-information originate always but the default gateway which the hosts gets is the real IP address of the interface. Perhaps the IOS developers never considered this a requirement and never made it possible to advertise the virtual HSRP address in an OSPF packet, since they solve two different problems. There may be a workaround, but I can't find one. Once again, I have to ask, what ARE these hosts? If they can talk OSPF, why don't you just let them use OSPF? OSPF can be designed to support the redundancy that you require. OSPF has support for quick convergence. HSRP solved a different problem, which was that IP, despite good routing protocols, didn't support quick convergence for the workstation-to-router first-hop problem. Priscilla Help will be most appreciated. Cheers, Gil ** The contents of this email and any attachments are confidential. It is intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately and do not disclose the contents to any one or make copies. ** eSafe scanned this email for viruses, vandals and malicious content ** ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50636t=50626 -- FAQ,
RE: HSRP OSPF [7:50626]
I thought of one workaround but I don't know if it would work. Use a loopback interface. Perhaps OSPF would use the address in a way that would meet your needs. Then, would IOS let you say that the HSRP address is the loopback address also?? That's the part that I don't have time to test. It may be an off the wall suggestion, but your question is sort of off the wall too!? ;-) Priscilla Priscilla Oppenheimer wrote: Gil Shulman wrote: Hi all, I know that I asked this question in the past, but I still have some problem with this issue. What I am trying to do is as follows: Site A| Site B __802.1q _ |_ | _ _|_ | SW-L3 |--| SW - L2 | | | SW - L3 |-| SW - L2| ||--|_| | ||-|_| // | // // | / / // | Vlan2//Vlan3 / Vlan3 / / / Vlan 2 // / / / / / / _/__/ /__/ | || | |Host A | | Host B | |__| |___| The L-3 at site A and B holds two HSRP IP addresses for each Vlan, Vlan 2 Vlan 3. Host A B don't hold a static default gateway configuration, they are running an OSPF process and should learn their default gateway IP address via OSPF advertisements. Is it custom software or something? What ARE Host A and Host B? In general, IP hosts don't learn the default gateway from a routing protocol. AppleTalk and DECnet work that way. And a Novell IPX host learns about a router from the GetNearestServer interaction. But IP generally doesn't work that way. Instead, you manually configure a default gateway (or let the host learn it via DHCP). This has the obvious disadvantage that the default gateway could go down. That's why HSRP was invented. HSRP deals with the first hop workstation-to-router connection, in the control plane. OSPF and routing protocols deal with router-to-router paths in the management plane. A host can also learn about other routers through ICMP redirects. On a PC, you can isuse a route print command to verify whether a host has learned more than one way out, i.e. more than one workstation-to-router connection. Another alternative for IP workstation-to-router communication is the Router Discovery Protocol (RDP). RFC 1256 specifies the RDP extension to ICMP. With RDP, each router periodically multicasts an ICMP router advertisement packet from each of its interfaces, announcing the IP address of that interface. Workstations discover the addresses of their local routers simply by listening for advertisements, in a similar fashion to the method AppleTalk workstations use to discover the address of a router. When a workstation starts up, it can multicast an ICMP router solicitation packet to ask for immediate advertisements, rather than wait for the next periodic advertisement to arrive. Now, you may have a custom operating system or custom software that doesn't behave in the normal IP way, in which case, you need to tell us more about your situation. The question is, how can I advertise an HSRP IP address via OSPF routing protocol. I have been trying to achieve it by using the default-information originate always but the default gateway which the hosts gets is the real IP address of the interface. Perhaps the IOS developers never considered this a requirement and never made it possible to advertise the virtual HSRP address in an OSPF packet, since they solve two different problems. There may be a workaround, but I can't find one. Once again, I have to ask, what ARE these hosts? If they can talk OSPF, why don't you just let them use OSPF? OSPF can be designed to support the redundancy that you require. OSPF has support for quick convergence. HSRP solved a different problem, which was that IP, despite good routing protocols, didn't support quick convergence for the workstation-to-router first-hop problem. Priscilla Help will be most appreciated. Cheers, Gil ** The contents of this email and any attachments are
