RE: Pix logging to a Freebsd syslog server [7:51124]

[HORVATH TAMAS]

Hello!

To GAZ:

Yes 514 is both the source and the destination port.
See:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/gl.htm#xtocid15

I dont't know why the source port is important, maybe security reason.

Best regards, 

Tamas Horvath 
network engineer 
Tel.: +36 22/515-452, 
Fax: +36 22/327-532 
E-Mail: [EMAIL PROTECTED] 




-Original Message-
From: Gaz [mailto:[EMAIL PROTECTED]]
Sent: Saturday, August 10, 2002 8:02 PM
To: [EMAIL PROTECTED]
Subject: Re: Pix logging to a Freebsd syslog server [7:51124]


Is it really the source port?

Normally the destination port is UDP 514.

Does it care what the source port is?

Gaz


HORVATH TAMAS  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Helo!

 To Neal Rauhauser : If you don't specify source port, the PIX (OS 6.x)
will
 send syslog messages from UDP port 514!! You can change this to whatever
 from range 1025-65535 : for example: logging host inside 192.168.11.4
udp/1025

 So I think this is not a problem, if the FreeBSD syslogd expects the
packets
 to be sourced from UDP port 514.
 

 To Elijah Savage: Did you checked the connections among syslog host and
PIX
 inside interface, and IP adressess and mask? If they will correct then the
 problem will be in the FreeBSD syslogd config, because your PIX config is
 good.

 BIe, HT!

 -Original Message-
 From: Neal Rauhauser [mailto:[EMAIL PROTECTED]]
 Sent: Saturday, August 10, 2002 11:38 AM
 To: [EMAIL PROTECTED]
 Subject: Re: Pix logging to a Freebsd syslog server [7:51124]


 The Cisco logging facility on a router uses a random high port as the
 source for the syslog packets. I assume the PIX is the same since you're
 having trouble. The FreeBSD syslogd expects the packets to be sourced
 from port 514. You can try the flag that supposedly allows syslogd to
 take random source ports, but it doesn't work :-(

   I'd strongly suggest you do what I did - just modify the syslogd
 source so it doesn't check source port, compile it, then install.

   If that is beyond your C programming skills drop me a note and I can
 email you the bungholed syslogd.c file and you can take it from there.



 Elijah Savage III wrote:
 
  Can anyone help me out with a PIX logging to a Freebsd syslog server. I
  thought I was sure about setting this up but I am not getting any
  messages on the server, see my configs below.
 
  logging on
 
  logging timestamp
 
  logging trap debugging
 
  logging facility 23
 
  logging host inside 192.168.11.4
 
  FreeBSD
 
  local7.debug/var/log/cisco.all
 
  I also startes syslogd with these parameters
 
  29612  ??  Ss 0:00.03 syslogd -a 192.168.11.2/255.255.255.0
 --
 Neal Rauhauser CCNP, CCDP voice: 402-301-9555
 mailto:[EMAIL PROTECTED] fcc  : k0bsd
 This is my private email devoted to various mailing lists. If you're
 a twerp with an attorney and someone else's money, don't bother my
 employer about the things I say, just come see me personally and we'll
 discuss the situation. No names, you twerps should know who you are.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51219t=51124
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Reverse Telnet on Cisco [7:51218]

[crow]

hi
I am using TeraTermPro as a Terminalsoftware, were u have the possibility to
send breaks.
greetings
andy


RAJESH.V.S  schrieb im Newsbeitrag
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi All,

 I have a scenario like this.
 one 2509 is acting as the console access server for several routers. each
of
 these router's console is connected to a tty line of 2509, and from 2509 I
 can access any routers console using reverse telnet.
 Now my problem is that I want send break command to these reverse telnet
 accessible console, so that I can break the booting of these routers and
 force them enter ROMMON.

 Is it possible to send break via reverse telnet ? If yes how ?
 Thanks in advance.

 regards
 Rajesh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51220t=51218
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Interesting Situation with a 2948G-L3 and Inter-VL [7:51221]

[Cisco_Maniac]

If that is the case Priscilla, then one might as well enable Port-Fast on a
those ports and observe for a few days. If the switch activity stabilizes
then it is surely a STP re-convergence problem. Am I on track?
Chaoo,
Cisco_Maniac
Priscilla Oppenheimer  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 You say that the stations connected to the 2948G-L3 stop transmitting for
15
 seconds. Could the Spanning Tree be reconverging for some reason? Since
 you're doing IRB with both bridging and routing, presumably STP is running
 and 15 seconds sticks out as the Forward Delay timer used by STP. It's
also
 the timer for aging the bridging table when BPDUs arrive with the Topology
 Change Flag set.

 I can't see why the change you made would cause a problem, but maybe it
did
 for some reason or maybe it caused you to hit a bug. You may want to try
 debug span events or the equivalent if that doesn't work on a 2948G-L3.
If
 debug is too risky, show spantree might give you some hints as to when
the
 last topology change occured.

 It's just a guess but that 15 seconds sure sticks out as a possible clue
 that something is up with Spanning Tree.

 Hopefully somebody else will have ideas too!

 Priscilla

 Don Pezet wrote:
 
  Hey guys,
 
  Well, I've been tinkering with the network again, and in search
  of performance increases I have come across something a little
  weird.
  Let me run it by you all and see if anyone can play spot the
  mistake
  for me. We have nine separate in house networks in our
  facility, each
  with roughly 20 network attached devices (PCs mostly). They are
  built up
  as follows:
 
  10.10.10.0/24 - Administrative network (for me) (VLAN 1)
  192.168.0.0/24 - Servers and NAS appliances (VLAN 2)
  192.168.1.0/24 - Network 1 (VLAN 10)
  192.168.2.0/24 - Network 2 (VLAN 20)
  192.168.3.0/24 - Network 3 (VLAN 30)
  192.168.4.0/24 - Network 4 (VLAN 40)
  192.168.5.0/24 - Network 5 (VLAN 50)
  192.168.6.0/24 - Network 6 (VLAN 60)
  192.168.7.0/24 - Network 7 (VLAN 70)
  192.168.8.0/24 - Network 8 (VLAN 80)
 
  The physical network is made up of the following:
  (1) Cisco 3620 with 10/100 Network Module
  (1) Cisco Catalyst 2948G-L3
  (4) Cisco Catalyst 3548XL
 
  The physical arrangement is the 3620 connects via the 100MBit
  module to port F48 of the 2948G-L3. The four 3548XLs are linked
  via
  Cisco GigaStack Gbics in a non-clustered arrangement. One of
  the 3548s
  links to the 2948G-L3 via a standard 1000MBit Gbic from its
  G0/2 into
  the 2948G-L3's G49. The physical configuration is sound, all
  VLANs are
  present on all of the cisco equipment, and I have been having
  no issues
  from that end.
 
  Each network must be able to reach the server network
  (192.168.0.0/24). Initially, I configured ISL between all of the
  switches, and since I have the 100Mbit module on the 3620,
  created an
  ISL trunk to it with a sub-interface for each VLAN and began
  providing
  inter-VLAN routing and internet access through it. Well, on
  high-speed
  switches, hitting a 100Mbit bottleneck at the router during
  inter-VLAN
  communications was kind of a downer so I began looking for other
  options. Which is exactly how I ended up where I am now.
 
  My idea was, hey, the 2948G-L3 is fully Layer 3 capable, so why
  not make it do all of the routing so that I do not get the
  100Mbit
  bottleneck created by going through the 3620. Then, the only
  traffic the
  3620 would need to get is internet traffic. So I set it up
  (configs at
  the end of the letter, with scattered in-line comments). I
  configured
  the 2948G-L3 to do IRB and route between the VLANs using the
  BVIs. Then,
  I threw in a static default route so internet traffic would be
  routed to
  the 3620. Lastly, I configured OSPF to run between the 2948G-L3
  and the
  3620 so that the 3620 would know about any existing or new
  networks that
  I may create on the 2948G-L3.
 
  Now for the problem part. At first, everything was working
  great, but after a while I began watching performance and
  noticing that
  I did not gain that much in the way of improved performance
  except for
  machines that were plugged directly into the 2949G-L3. Machines
  connected to a 3548XL and following the ISL trunk to the
  2948G-L3 still
  performed as if competing for a 100Mbit uplink. I was willing
  to live
  with that, even though I should have at least quadrupled my
  routing
  bandwidth by switching over to the 2948G-L3, but it was the
  next symptom
  that got me. I started getting reports from people who were
  plugged
  directly into the 2948G-L3 that occasionally their link would
  go dead
  for about 15 seconds and then come back up. About two minutes
  later it
  would happen again. Then things would be fine for a while,
  maybe an
  hour, and it would repeat. Well, the 2948G-L3 takes longer that
  15
  seconds to reboot, so it isn't rebooting and I'm kind of
  stumped as to
  what is happening. This is not occurring on 

Problem with UDP Broadcast/forwarding on cisco 770 and [7:51222]

[pravin]

Hi
Does anyone has any idea about how to enable udp broadcast/flooding on cisco
770

From our central site we forward broadcast and at remote end we has cisco
IOS router which recives this broadcast in control manner.Now one of my
client is having Cisco 770,I am able to get conetinvity but i can't receive
any udp packets..may be I need to enable some command on it.Currently it is
configured in routing mode with encap ppp.

Another problem i am facing is with framerelay encapp.I am dailing from
cisco 2610 to 3641 over bri port..config is give below.with this i am able
to connet and it show line protocol up but i am not able to ping and if i
change encap to ppp it works fine.

interface BRI1/0
 ip address 12.1.1.1 255.0.0.0
 encapsulation frame-relay
 frame-relay map ip 12.1.1.1 59 broadcast
 frame-relay map ip 12.1.1.2 59 broadcast
 frame-relay interface-dlci 59
!
 bandwidth 64
 ip broadcast-address 172.16.255.255
 ip helper-address 172.16.255.255
 ip directed-broadcast
 ip accounting output-packets
  dialer string 4628429
 dialer-group 1
 dialer idle-timeout 300
 isdn switch-type basic-net3
 isdn tei-negotiation first-call

Thanks
Pravin gade




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51222t=51222
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

new exam 640-604 [7:51223]

[rommel]

Hi, everybody

does anybody know if the material for the exam 640-504  is the same for the
new  exam 640-604 ?
This exam has simulators like ccna 607?

  thank you in advance

--
Rommel Rizzato
Evolugco Informatica
Gerente de Tecnologia da Informagco
Coordenador Programa Cisco Academy - CNAP
CCDA,CCNA,CCNP,CCAI,MCSE-2k,MCDBA,MCSE+I




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51223t=51223
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: NAT Keyword has me puzzled [7:51122]

[Art Davis]

Yes, that will work, too.

-Art


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51224t=51122
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Traffic geneartor for SNMP [7:51172]

[Turpin, Mark]

Are your network management people stating that they are
experiencing timeouts when attempting to communicate to
your 7500, or through your 7500?

I doubt the 7500 is going to be upset about passing UDP traffic
through it.  The router should just forward the traffic, generally
speaking, the router doesn't care what kind of traffic it is.

However, an SNMP query must be processed by the RSP, and requires
an interrupt.  A large amount of interrupts is going to cause
slowdowns, and SNMP timeouts are possible.  If they are doing
large amounts of queries on the box, you might want to look
into the following links:
http://www.cisco.com/warp/public/63/highcpu.html
http://www.cisco.com/warp/public/477/SNMP/ipsnmphighcpu.shtml
http://www.cisco.com/warp/public/477/SNMP/collect_cpu_util_snmp.html

As well as getting with your network management people to
see just why in the world they need to pound your 7500
with SNMP queries.

If that still doesn't help, it'd be handy to pull out
a sniffer, or use tcpdump/snoop on the box making all
those SNMP requests.  See just what its sending the messages
to, etc...

hth,
-mark

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Saturday, August 10, 2002 7:16 PM
To: [EMAIL PROTECTED]
Subject: Traffic geneartor for SNMP [7:51172]


Hi,

Anybody know any traffic geneartor which is available for testing the snmp
traffic.

I am having a lab configuration with cisco 7500 router and the network
management people are syaing that there are lot of SNMP timeouts.

I want to pump in lot of UDP packets on to the network and see whether it's
the problem of the network?

How can u see the udp problem in Cisco routers?
Is there any command to see that?

How will you see the CPU utilization of the routers?
Is there any command?

Any help appreciated.

gpj



__
Pre-order the NEW Netscape 7.0 browser. Reserve your FREE CD and pay only
$2.99 shipping and handling. http://cd.netscape.com/promo_one/

Get your own FREE, personal Netscape Mail account today at
http://webmail.netscape.com/
 The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from all
computers.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51225t=51172
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Interesting Situation with a 2948G-L3 and Inter-VL [7:51226]

[Don Pezet]

Priscilla and Cisco_Maniac,

Well, I have been tinkering around with it a bit more (which is
pretty much how I got here) and here are my findings. First, I went
ahead and did a 'debug span events' on the 2948G-L3 and noticed no
convergence issues... actually no events at all. A quick 'show span'
returned the following:


Bridge group 1 is executing the IEEE compatible Spanning Tree protocol
  Bridge Identifier has priority 32768, address 0001.c779.f807
  Configured hello time 2, max age 20, forward delay 15
  We are the root of the spanning tree
  Topology change flag not set, detected flag not set
  Times:  hold 1, topology change 35, notification 2
  hello 2, max age 20, forward delay 15
  Timers: hello 1, topology change 0, notification 0
  bridge aging time 300

Port 4 (FastEthernet1) of Bridge group 1 is forwarding
   Port path cost 19, Port priority 128
   Designated root has priority 32768, address 0001.c779.f807
   Designated bridge has priority 32768, address 0001.c779.f807
   Designated port is 4, path cost 0
   Timers: message age 0, forward delay 0, hold 0
   BPDU: sent 40808, received 0

... Removed additional ports (2 - 46)

Port 50 (FastEthernet47) of Bridge group 1 is forwarding
   Port path cost 19, Port priority 128
   Designated root has priority 32768, address 0001.c779.f807
   Designated bridge has priority 32768, address 0001.c779.f807
   Designated port is 50, path cost 0
   Timers: message age 0, forward delay 0, hold 0
   BPDU: sent 40865, received 0

Port 54 (FastEthernet48.1 ISL) of Bridge group 1 is forwarding
   Port path cost 19, Port priority 128
   Designated root has priority 32768, address 0001.c779.f807
   Designated bridge has priority 32768, address 0001.c779.f807
   Designated port is 54, path cost 0
   Timers: message age 0, forward delay 0, hold 0
   BPDU: sent 40867, received 0

Port 56 (GigabitEthernet49.1 ISL) of Bridge group 1 is forwarding
   Port path cost 4, Port priority 128
   Designated root has priority 32768, address 0001.c779.f807
   Designated bridge has priority 32768, address 0001.c779.f807
   Designated port is 56, path cost 0
   Timers: message age 0, forward delay 0, hold 0
   BPDU: sent 40874, received 5

 Bridge group 2 is executing the IEEE compatible Spanning Tree protocol
  Bridge Identifier has priority 32768, address 0001.c779.f836
  Configured hello time 2, max age 20, forward delay 15
  We are the root of the spanning tree
  Topology change flag not set, detected flag not set
  Times:  hold 1, topology change 35, notification 2
  hello 2, max age 20, forward delay 15
  Timers: hello 0, topology change 0, notification 0
  bridge aging time 300

Port 55 (FastEthernet48.2 ISL) of Bridge group 2 is forwarding
   Port path cost 19, Port priority 128
   Designated root has priority 32768, address 0001.c779.f836
   Designated bridge has priority 32768, address 0001.c779.f836
   Designated port is 55, path cost 0
   Timers: message age 0, forward delay 0, hold 0
   BPDU: sent 40867, received 0

Port 57 (GigabitEthernet49.2 ISL) of Bridge group 2 is forwarding
   Port path cost 4, Port priority 128
   Designated root has priority 32768, address 0001.c779.f836
   Designated bridge has priority 32768, address 0001.c779.f836
   Designated port is 57, path cost 0
   Timers: message age 0, forward delay 0, hold 0
   BPDU: sent 40876, received 6

 Bridge group 10 is executing the IEEE compatible Spanning Tree protocol
  Bridge Identifier has priority 32768, address 0001.c779.f907
  Configured hello time 2, max age 20, forward delay 15
  We are the root of the spanning tree
  Topology change flag not set, detected flag not set
  Times:  hold 1, topology change 35, notification 2
  hello 2, max age 20, forward delay 15
  Timers: hello 1, topology change 0, notification 0
  bridge aging time 300

Port 58 (GigabitEthernet49.10 ISL) of Bridge group 10 is forwarding
   Port path cost 4, Port priority 128
   Designated root has priority 32768, address 0001.c779.f907
   Designated bridge has priority 32768, address 0001.c779.f907
   Designated port is 58, path cost 0
   Timers: message age 0, forward delay 0, hold 0
   BPDU: sent 40874, received 4

 Bridge group 20 is executing the IEEE compatible Spanning Tree protocol
  Bridge Identifier has priority 32768, address .0c97.2af8
  Configured hello time 2, max age 20, forward delay 15
  We are the root of the spanning tree
  Topology change flag not set, detected flag not set
  Times:  hold 1, topology change 35, notification 2
  hello 2, max age 20, forward delay 15
  Timers: hello 0, topology change 0, notification 0
  bridge aging time 300

Port 59 (GigabitEthernet49.20 ISL) of Bridge group 20 is forwarding
   Port path cost 4, Port priority 128
   Designated root has priority 32768, address .0c97.2af8
   Designated bridge has priority 32768, address .0c97.2af8
   Designated port is 59, path cost 0
   Timers: 

RE: * Routing/Subnetting question [7:51193]

[Turpin, Mark]

James,

I don't think I'm entirely catching what you're getting at.
Probably because I'm a visual guy, and need to see a config.
Can you post up an example of this config, and what you're trying
to do with inline notes?

Here's what it sounds like you're trying to do:

int f0/0.1
 desc lab net1
 ip some ip
int f0/0.2
 desc lab net2
 ip some ip
int f0/0.3
 desc pacbell's /29 - to dsl modem
 ip pacbells/29
 ip nat outside
int f0/0.4
 desc dmz
 ip some.rfc1918.space
 ip nat inside
!
ip nat inside source static rfc1918 someip.in.pacbell/29

Is this correct?

Thanks,


-Original Message-
From: James Wilson [mailto:[EMAIL PROTECTED]]
Sent: Sunday, August 11, 2002 3:22 PM
To: [EMAIL PROTECTED]
Subject: RE: * Routing/Subnetting question [7:51193]


Nigel,

The router itself calls the 100M interface fastethernet0/0, which is why I
referred to it as such, and the trunking was because I am running lab
configurations with more than two subnets on the private side and I need to
be able to route between them as well as filter between them for security.

The ISP is PacBell and for enhanced DSL they only give you a /29, and they
take one of the addresses for their side of the connection.

The reason I am leaving a host with a public address in the DMZ is because
it is a DNS server, and there are issues with BIND and Solaris when the DNS
server does not use the same IP address and name as that which is listed as
authoritive for the domain (i.e. the domain server knows itself as on
10.50.0.65 in /etc/hosts but has the address 216.103.77.99 as its address
within its zone.)  If I want to protect that host with CBAC, I need to put
the router between it and the ISP.  Remember that the traffic is coming from
the ISP via a DSL MODEM 10 M ethernet connection and not a WAN connection to
the router.

The addresses which would be valid in the /29 but not in the /30 would only
be referenced as static NAT entries which would be translated on the
interface with the /29 which is facing the ISP.  Once the traffic for that
address enters the Fa0/0 it would be translated to an RFC1918 address and
sent out to the host on the 10. net, so the host would not know it is being
referenced by the public address.

I realize that this is not a standard type configuration for this, but
PacBell will only give me a /29, and I'm trying to find a way to meet BIND's
requirements for the DNS server and have the server protected by CBAC plus
have other public IP addresses for static NAT entries for other servers on
my net (I've got a number of different servers on my net and want to have
public address to different services i.e. web server, mail server,
application servers.

Thanks!

--
James D. Wilson, CCDA, MCP
Sr. Network/Security Engineer
non sunt multiplicanda entia praeter necessitatem
William of Ockham (1285-1347/49)


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Nigel Taylor
Sent: Sunday, August 11, 2002 11:51 AM
To: [EMAIL PROTECTED]
Subject: Re: * Routing/Subnetting question [7:51193]


James,
  See Inline..

- Original Message -
From: James Wilson
To:
Sent: Sunday, August 11, 2002 12:34 PM
Subject: * Routing/Subnetting question [7:51193]


 I have a 1750 with a /29 assigned to me, and I need to create a DMZ to put
 a DNS server on so that I can control access using CBAC.  My FastEthernet
 interface is trunked to a Cat 2924. I'd like to have the /29 on one
 subinterface which talks to PacBell's router, and take a /30 out of the
 /29 and put it on another subinterface so that I can hang the DNS server
 off a port on that VLAN using a public IP address.

NT:  Why would you vlan traffic from you ISP instead of using the extra
interface(eth0/0)
You must consider a number of things when using your existing design.
Firstly, the interface
you're referring to as a FE interface is shown in the cisco catalog as a
10/100 ethernet interface.
Secondly, please note that based on your current traffic utilization what
kind of performance
could be achieved/expected on the physical interface(the subs are
technically part of the same
physical NIC/transiciever).

On the area of addressing you might want to take a look at the following
links which could answer
some of your questions as they apply to addressing(VLSM in particular).
http://www.3com.com/other/pdfs/infra/corpinfo/en_US/501302.pdf (watch the
wrap)
http://www.ietf.org/rfc/rfc3021.txt?number=3021

I'd also like to use
 static NAT addresses out of the /29 including what would be an all zero or
 all one address out of the /30.  My thought is that this would work since
 the NAT will take place via the subinterface on the /29 (ip nat outside),
 and the only time the /30 will come into play is with traffic destined to
 the DNS server, which is not NAT'ed.  This would allow me to have routing
 and CBAC protection for the host on the /30 net and not lose the ability
 to use those addresses which would normally be lost from the /30 all zeros
 and 

CCM - Product Codes... [7:51228]

[Neal, Tim]

Hi,

Can anyone point me to the correct URL, as I'm re-installing CCM on a
MCS7835 and need a valid product code.

thx
Tim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51228t=51228
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Notes on salaries [7:51052]

[Brian Zeitz]

With more applications becoming internet ready everyday. With rapid
changed in technology, with companies using the internet in new ways.
With files getting larger, requiring more bandwidth, with video apps
becoming more commonplace, with common users using and editing streaming
video/Tivo. With DSL speed increasing, with the predictions of the 2nd
coming of the internet boom. With Voice over IP becoming more standard,
with XML ready to come onboard to integrate the web. With handhelds and
wirless internet ready to break. Also, thousands of new companies are
waiting to implement their internet ideas, the economy is just not
stable enough for them right now. Someone needs to support this stuff!
Too many new technologies to mention.

I would say that the few left standing though the hard times, which we
are experiencing now, will be paid seven fold. There are too many
reasons to mention why to get Cisco certified.

Just like investing, it takes time and patience.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51229t=51052
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Dial out solution [7:51230]

[neil K.]

Hi All,
Guys I am currently using a Shiva modem pool for dial out, Is there a Cisco
solution for this.The Shiva is not working upto our expectations.
Will the Cisco Access Servers or a cisco 3640 with modem card be able to do
the same.

Any help will be highly apprecisted.

Thanks,

neiL




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51230t=51230
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Dial out solution [7:51231]

[neil K.]

Hi All,
Guys I am currently using a Shiva modem pool for dial out, Is there a Cisco
solution for this.The Shiva is not working upto our expectations.
Will the Cisco Access Servers or a cisco 3640 with modem card be able to do
the same.

Any help will be highly apprecisted.

Thanks,

neiL




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51231t=51231
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCNP virtual lab and CCNP routersim [7:51232]

[Fadi Younes]

Dear all,
I am planning to buy a CCNP simulation software and i am trying to
choose between to available software products which are CCNP Cybex
Virtual Lab and CCNP RouterSim. Can you advice or comment on both
softwares if you used them before. Many thanks in advance.

 Fadi Younes
  IT Team Member
  ARAMEX International
  P.O.Box 960913, Amman 11196
  Jordan
  http://www.aramex.com 

  Office: +962 6 552 2192
  Fax: +962 6 552 7461




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51232t=51232
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCM - Product Codes... [7:51228]

[[EMAIL PROTECTED]]

ml

Zhen Cai
www.shakespearenetwork.com
Cisco IP Telephony Hands-on Training


 Hi,
 
 Can anyone point me to the correct URL, as I'm re-installing CCM on a
 MCS7835 and need a valid product code.
 
 thx
 Tim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51233t=51228
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Dial out solution [7:51231]

[Michael Williams]

We have a 3640 setup for both a dial-in and dial-out solution.  We install a
device on the PC that basically allows a redirected telnet session to act
as an outgoing modem call, so anyone on our network can dial-out or fax from
their desktop without a physical modem being connected.

Mike W.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51234t=51231
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OSI...Please help... [7:51235]

[maine dude]

Please help... In the example :access-list 101 deny tcp host 172.16.3.10
172.16.1.0 0.0.0.255 eq ftpaccess-list 101 permit ip any any Do the terms
tcp and ip refer to the individual protocols or the stack ? I assume
they refer to the individual protocols as you could substitute them with
udp or icmp but then surely the last statement would allow only the
individual ip protocol and therefore all other packets such as tcp , udp,
icmp would be filtered. Or does tcp , udp , icmp get through because it is
encapsulated in ip ? ( I hate the OSI model )  -DJ



-
Get a bigger mailbox -- choose a size that fits your needs.

http://uk.docs.yahoo.com/mail_storage.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51235t=51235
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: * Routing/Subnetting question [7:51193]

[Chris Charlebois]

The problem is you cannot assign the same IP addresses to mulitple
interfaces, especially on the same router.  From what I'm reading, you are
trying to assign a /29 (let's say 209.98.10.160/29, which allows for
addresses .161-.166) and a /30 from that same range (like 209.98.10.164/30,
which allows for .165 and .166).  You must be assuming, incorrectly, that
addressing is handled like routing, and the router will follow the most
specific address.  If the router received routes for both these networks on
two different interfaces, this works.  However, a router cannot have
directly connected interfaces that share IP addresses.  For instance, in the
above example, if allowed (which is why you are getting the overlapping
error), the router would have to send packets addressed to 209.98.10.165 out
both interfaces, which it can't.James Wilson wrote:
 
 I have a 1750 with a /29 assigned to me, and I need to create a
 DMZ to put
 a DNS server on so that I can control access using CBAC.  My
 FastEthernet
 interface is trunked to a Cat 2924.  I'd like to have the /29
 on one
 subinterface which talks to PacBell's router, and take a /30
 out of the
 /29 and put it on another subinterface so that I can hang the
 DNS server
 off a port on that VLAN using a public IP address.  I'd also
 like to use
 static NAT addresses out of the /29 including what would be an
 all zero or
 all one address out of the /30.  My thought is that this would
 work since
 the NAT will take place via the subinterface on the /29 (ip nat
 outside),
 and the only time the /30 will come into play is with traffic
 destined to
 the DNS server, which is not NAT'ed.  This would allow me to
 have routing
 and CBAC protection for the host on the /30 net and not lose
 the ability
 to use those addresses which would normally be lost from the
 /30 all zeros
 and all ones addresses by using them for static NAT entries for
 hosts on
 the private IP side of my network.  When I go to assign an
 address out of
 the /30 to the subinterface facing the DMZ I get a message
 stating that
 the addresses overlap the other interface.  Will this still
 work the way I
 believe it will?  Would it make a difference if I use my
 currently shut
 down Eth0/0 interface instead of the trunked Fa0/0?
 
 Thanks for your time/help!
 
 --
 James D. Wilson, CCDA, MCP
 Sr. Network/Security Engineer
 non sunt multiplicanda entia praeter necessitatem
 William of Ockham (1285-1347/49)
 
 [GroupStudy.com removed an attachment of type
 application/x-pkcs7-signature which had a name of smime.p7s]
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51237t=51193
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCM - Product Codes... [7:51228]

[zhencai]

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
[EMAIL PROTECTED]
Sent: Monday, August 12, 2002 9:05 AM
To: [EMAIL PROTECTED]
Subject: Re: CCM - Product Codes... [7:51228]

ml

Zhen Cai
www.shakespearenetwork.com
Cisco IP Telephony Hands-on Training


 Hi,
 
 Can anyone point me to the correct URL, as I'm re-installing CCM on a
 MCS7835 and need a valid product code.
 
 thx
 Tim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51236t=51228
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IDS [7:51147]

[Richard Deal]

Joe,

The Cisco Press book has material to help you with both tests. Boson and I
use the book to teach our CSS1 bootcamp classes.

Cheers!

--
Richard Deal

* Author of the ebook CCNA Secrets Revealed! and Exam Cram and Exam Prep
books from the Coriolis Group
* Test author for QuizWare (www.quizware.com)


Joe Rubino  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I am on the trail of the last test for CSS1 Cert  - The IDS test.
 From what I gather on their website; Cisco is phasing out CSIDS and
 replacing it with IDSPM.  There are no books titled IDSPM.
 So I have 2 questions:
 A) is the CSIDS book a valid study guide for IDSPM?
 B) If they are phasing it out how long do I have to take the
 CSIDS?

 Thanks in advance JDR




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51156t=51147
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: T1 interface type compatibility [7:51137]

[Chris Charlebois]

You need a T1 CSU/DSU to translate from the T1 to the serial.  In T1, you
only have 2 pair, 2 wire Tx, 2 wire Rx.  In serial, you will have alot more
pairs, which means some pairs can be used for control.  That's what the DCD,
DSR, DTR, RTS, and CTS are.  They are individual wires (5 wires) that are
either on or off.  T1 simply doesn't have the parallel bandwidth for that.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51238t=51137
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSI...Please help... [7:51235]

[John Neiberger]

You're putting too much thought into this.  :-)  The ip keyword will
match any ip packet regardless of the transport layer protocol being
used.  You use the tcp, udp, and icmp keywords when you want to be even
more specific.

HTH,
John

 maine dude  8/12/02 10:16:19 AM 
Please help... In the example :access-list 101 deny tcp host
172.16.3.10
172.16.1.0 0.0.0.255 eq ftpaccess-list 101 permit ip any any Do the
terms
tcp and ip refer to the individual protocols or the stack ? I
assume
they refer to the individual protocols as you could substitute them
with
udp or icmp but then surely the last statement would allow only
the
individual ip protocol and therefore all other packets such as tcp ,
udp,
icmp would be filtered. Or does tcp , udp , icmp get through because it
is
encapsulated in ip ? ( I hate the OSI model )  -DJ



-
Get a bigger mailbox -- choose a size that fits your needs.

http://uk.docs.yahoo.com/mail_storage.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51239t=51235
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Interesting Situation with a 2948G-L3 and Inter-VLAN routing [7:51240]

[Don Pezet]

Priscilla and Cisco_Maniac,

Well, I have been tinkering around with it a bit more (which is
pretty much how I got here) and here are my findings. First, I went
ahead and did a 'debug span events' on the 2948G-L3 and noticed no
convergence issues... actually no events at all. A quick 'show span'
returned the following:


Bridge group 1 is executing the IEEE compatible Spanning Tree protocol
  Bridge Identifier has priority 32768, address 0001.c779.f807
  Configured hello time 2, max age 20, forward delay 15
  We are the root of the spanning tree
  Topology change flag not set, detected flag not set
  Times:  hold 1, topology change 35, notification 2
  hello 2, max age 20, forward delay 15
  Timers: hello 1, topology change 0, notification 0
  bridge aging time 300

Port 4 (FastEthernet1) of Bridge group 1 is forwarding
   Port path cost 19, Port priority 128
   Designated root has priority 32768, address 0001.c779.f807
   Designated bridge has priority 32768, address 0001.c779.f807
   Designated port is 4, path cost 0
   Timers: message age 0, forward delay 0, hold 0
   BPDU: sent 40808, received 0

... Removed additional ports (2 - 46)

Port 50 (FastEthernet47) of Bridge group 1 is forwarding
   Port path cost 19, Port priority 128
   Designated root has priority 32768, address 0001.c779.f807
   Designated bridge has priority 32768, address 0001.c779.f807
   Designated port is 50, path cost 0
   Timers: message age 0, forward delay 0, hold 0
   BPDU: sent 40865, received 0

Port 54 (FastEthernet48.1 ISL) of Bridge group 1 is forwarding
   Port path cost 19, Port priority 128
   Designated root has priority 32768, address 0001.c779.f807
   Designated bridge has priority 32768, address 0001.c779.f807
   Designated port is 54, path cost 0
   Timers: message age 0, forward delay 0, hold 0
   BPDU: sent 40867, received 0

Port 56 (GigabitEthernet49.1 ISL) of Bridge group 1 is forwarding
   Port path cost 4, Port priority 128
   Designated root has priority 32768, address 0001.c779.f807
   Designated bridge has priority 32768, address 0001.c779.f807
   Designated port is 56, path cost 0
   Timers: message age 0, forward delay 0, hold 0
   BPDU: sent 40874, received 5

 Bridge group 2 is executing the IEEE compatible Spanning Tree protocol
  Bridge Identifier has priority 32768, address 0001.c779.f836
  Configured hello time 2, max age 20, forward delay 15
  We are the root of the spanning tree
  Topology change flag not set, detected flag not set
  Times:  hold 1, topology change 35, notification 2
  hello 2, max age 20, forward delay 15
  Timers: hello 0, topology change 0, notification 0
  bridge aging time 300

Port 55 (FastEthernet48.2 ISL) of Bridge group 2 is forwarding
   Port path cost 19, Port priority 128
   Designated root has priority 32768, address 0001.c779.f836
   Designated bridge has priority 32768, address 0001.c779.f836
   Designated port is 55, path cost 0
   Timers: message age 0, forward delay 0, hold 0
   BPDU: sent 40867, received 0

Port 57 (GigabitEthernet49.2 ISL) of Bridge group 2 is forwarding
   Port path cost 4, Port priority 128
   Designated root has priority 32768, address 0001.c779.f836
   Designated bridge has priority 32768, address 0001.c779.f836
   Designated port is 57, path cost 0
   Timers: message age 0, forward delay 0, hold 0
   BPDU: sent 40876, received 6

 Bridge group 10 is executing the IEEE compatible Spanning Tree protocol
  Bridge Identifier has priority 32768, address 0001.c779.f907
  Configured hello time 2, max age 20, forward delay 15
  We are the root of the spanning tree
  Topology change flag not set, detected flag not set
  Times:  hold 1, topology change 35, notification 2
  hello 2, max age 20, forward delay 15
  Timers: hello 1, topology change 0, notification 0
  bridge aging time 300

Port 58 (GigabitEthernet49.10 ISL) of Bridge group 10 is forwarding
   Port path cost 4, Port priority 128
   Designated root has priority 32768, address 0001.c779.f907
   Designated bridge has priority 32768, address 0001.c779.f907
   Designated port is 58, path cost 0
   Timers: message age 0, forward delay 0, hold 0
   BPDU: sent 40874, received 4

 Bridge group 20 is executing the IEEE compatible Spanning Tree protocol
  Bridge Identifier has priority 32768, address .0c97.2af8
  Configured hello time 2, max age 20, forward delay 15
  We are the root of the spanning tree
  Topology change flag not set, detected flag not set
  Times:  hold 1, topology change 35, notification 2
  hello 2, max age 20, forward delay 15
  Timers: hello 0, topology change 0, notification 0
  bridge aging time 300

Port 59 (GigabitEthernet49.20 ISL) of Bridge group 20 is forwarding
   Port path cost 4, Port priority 128
   Designated root has priority 32768, address .0c97.2af8
   Designated bridge has priority 32768, address .0c97.2af8
   Designated port is 59, path cost 0
   Timers: 

OSPF lab in CCIE practical studies pg 786. [7:51241]

[Rajesh Kumar]

Hi all,

I was trying to setup this network in fig 12-9.  I got stuck in one
particular route.  I am not able to view the route 172.16.10.0/24 on the
router peter which is running RIP and got to see this route as
redistributed one.

The question is in which router do I need to  give  the  area range 
command in order to see this route appear on router peter.

I tried several options of giving in the router john which is ABR -as
this area 10 range 172.16.10.0 255.255.255.0, but this summarised
route is not advertised back to the same area for the ASBR router ( mark
) to redistribute to RIP.

Any workaround to overcome this?


PS :  Sample output of sh ip route for router peter shows this route,
but my setup doesn't = So I am trying to get some idea of how to make
available this route.

Thanks,
Rajesh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51241t=51241
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OSI...Please help... [7:51235]

[Priscilla Oppenheimer]

=?iso-8859-1?q?maine=20dude?= wrote:
 
 Please help... In the example :access-list 101 deny tcp host
 172.16.3.10 172.16.1.0 0.0.0.255 eq ftp access-list 101 permit
 ip any any Do the terms tcp and ip refer to the individual
 protocols or the stack ? 

They refer to the protocols. Don't worry too much about the stack. The
TCP/IP stack is just as elusive and harmful to learning as the OSI stack.
(Just kidding. I think they are good for learning, actually, but you have to
go beyond them, as you know.)

 I assume they refer to the individual
 protocols as you could substitute them with udp or icmp but
 then surely the last statement would allow only the individual
 ip protocol and therefore all other packets such as tcp ,
 udp, icmp would be filtered. Or does tcp , udp , icmp get
 through because it is encapsulated in ip ? ( I hate the OSI
 model )  -DJ

The statement at the end (access-list 101 permit ip any any) is to avoid
problems with the implicit deny at the end of every access list. If you
don't put something like that, everything will be denied as soon as you have
any access list.

The good news is that you don't really have to be specific in that final
statement if you don't want to be. You don't have to specify any IP
addresses and you don't have to specify anything above IP. The other good
news is that essentially everything (except ARP and IS-IS) in an IP network
runs above IP.

When you want to be more specific then you'll have to know things like the
following info.

The following protocols run directly above IP

Protocol Protocol Number in Decimal
ICMP 1
IGMP 2
IP   4 (IP-in-IP tunneling) 
TCP  6
IGRP 9
UDP  17
GRE  47
ESP  50
AH   51
EIGRP88
OSPF 89

The following protocols run above TCP

Service  Port Number in Decimal
FTP  21 for control, 20 for data
Telnet   23
SMTP 25
DNS  53*
Gopher   70
Finger   79
HTTP 80
POP  110
NNTP 119
NetBIOS  139* (Session)
BGP  179
LDAP 389
SSL  443
NCP  524*
AFP  548
* DNS uses TCP for large transfers, but otherwise uses UDP.
* NCP and NetBIOS also use UDP for some purposes

The following protocols use UDP:

Service  Port Number in Decimal
DNS  53
DHCP 67 for the DHCP server, 68 for the DHCP client
TFTP 69
RPC  111
NetBIOS  138 (Datagram)
SNMP 161
AURP 387
SLP  427
RIP  520
NCP  524

One place to go to learn protocol types and port numbers is the Internet
Assigned Numbers Authority documents. Unfortunatley, they tend to list every
protocol as using TCP and UDP, since theoretically they could. So it takes
experience to learn which one is really used in the real world. (Experience
or reading my books! ;-) The IANA documents are here:

http://www.iana.org

And it also takes experience to learn about the protocols that misbehave
in various ways. FTP is especially ugly. There's more info FTP here:

http://www.troubleshootingnetworks.com/ftpinfo.html

TFTP is almost impossible to permit, although possible to deny. This is
because only the first packet uses a well-known port number (69). After that
the packets go to and come from non well-known port numbers, meaning that
you can't do a good permit access list. Deny works because TFTP won't work
if you deny the first packet, which does use the well-known port number I'll
have to do a white paper on that too, at some point!

That's all for now! Good luck. Try to see it as fun, not frustrating!

Priscilla Oppenheimer
http://www.priscilla.com



 
 
 
 -
 Get a bigger mailbox -- choose a size that fits your needs.
 
 http://uk.docs.yahoo.com/mail_storage.html
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51242t=51235
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSI...Please help... [7:51235]

[mlh]

the first one specifies tcp and the second one includes any upper protocols
encapsulated in ip packets.

- Original Message -
From: maine dude 
To: 
Sent: Monday, August 12, 2002 12:16 PM
Subject: OSI...Please help... [7:51235]


 Please help... In the example :access-list 101 deny tcp host 172.16.3.10
 172.16.1.0 0.0.0.255 eq ftpaccess-list 101 permit ip any any Do the terms
 tcp and ip refer to the individual protocols or the stack ? I assume
 they refer to the individual protocols as you could substitute them with
 udp or icmp but then surely the last statement would allow only the
 individual ip protocol and therefore all other packets such as tcp ,
udp,
 icmp would be filtered. Or does tcp , udp , icmp get through because it is
 encapsulated in ip ? ( I hate the OSI model )  -DJ



 -
 Get a bigger mailbox -- choose a size that fits your needs.

 http://uk.docs.yahoo.com/mail_storage.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51243t=51235
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: load balance/share [7:50988]

[Jason Owens]

Mark,
I have looked EIGRP in this regard. My issue seems to be with the default
route. If put it in statically there is no failover if one link goes down,
and I can't figure out another way to get it in. I have looked at bgp to
resolve this as well (both routers need it to peer with the PER anyway),
however since the connection between Rtr A and B is IBGP, the EBGP route
from the PER takes precedence and there is no load sharing.

Turpin, Mark wrote:
 
 Jason,
 Lots!  Basically your network looks like this:
 
PER
 m10/ \m10
   AB
m10
 
 Let's say a metric of 10 for each link for example?
 A-PER = 10
 A-B-PER = 20
 
 Before we get really far into this, have you looked into
 EIGRP's capability to load balance across unequal cost paths?
 Modifying the variance on your CE routers should do the trick.
 http://www.cisco.com/warp/public/103/eigrp1.html
 http://www.cisco.com/warp/public/103/eigrp9.html
 http://www.cisco.com/warp/public/103/19.html
 
 One question though when you do this:
 I have not tried a HSRP impelmentation like this.
 Variance should be local to the router.  Please let
 me know if Router A changes the way it advertises
 its metrics to router B once variance is implemented.
 
 Thanks,
 -Mark
 
 
 -Original Message-
 From: Jason Owens [mailto:[EMAIL PROTECTED]]
 Sent: Friday, August 09, 2002 11:05 AM
 To: [EMAIL PROTECTED]
 Subject: RE: load balance/share [7:50988]
 
 
 Mark,
  Your diagram is correct. I am trying to load balance/share
 across the
 links to the PER (per-packet preferably). The clients are
 behind Rtr A  B
 using an HSRP address. So say Rtr A is the active router. I
 want to load
 balance across both links (half of the traffic needs to
 traverse out Rtr A's
 ser0 and the other half across the link to Rtr B and then out
 it's ser0). If
 I use a static and one link goes down, half of my traffic
 becomes
 blackholed. I was trying to find a way to have a default route
 put into a
 routing protocol so the routing process would recognize that if
 one link was
 down that it needed to send all traffic out the remaining link.
 Is this
 clearer?
 
 Turpin, Mark wrote:
  
  Jason,
  
  Is this your lab network?
  
  
  +  PE Rtr  +
  
  /   \
   /   \
  +   
  + RtrA +--+ Rtr B +
  +
\- Client Networks  
  With that diagram, or a revised one, can you clarify
  your question?  You mention statics; what routers are
  you trying to advertise statics to, and from what router
  are you wishing to advertise them?
  
  In regards to load balancing, are you asking if you
  can load balance clients to router A and router B?
  Or do you want to load balance the PE router to AB?
  
  Thanks,
  -Mark
  
  
  -Original Message-
  From: Jason Owens [mailto:[EMAIL PROTECTED]]
  Sent: Thursday, August 08, 2002 4:16 PM
  To: [EMAIL PROTECTED]
  Subject: load balance/share [7:50988]
  
  
  I am trying to lab up a scenario where I can load
 balance/share
  across two
  routers (for redundancy) connected into an MPLS cloud.
  Additionally, I have
  HSRP running between the two (I don't want to use MHSRP
 because
  I don't want
  two gateways on the LAN). There is a direct connection between
  the routers.
  
  I know I can use statics, however I want all traffic to be
 able
  to failover
  to the remaining link if one goes down, instead of being being
  blackholed.
  
  |   |
  |   |
  Router 1---Router 2
   activestandby
  
  I have tried with EIGRP, however I was having trouble with
  getting a default
  route injected in (without using statics). Is there any way to
  do this?
  The information transmitted is intended only for the person
 or entity to
 which it is addressed and may contain confidential and/or
 privileged
 material. Any review, retransmission, dissemination or other
 use of, or
 taking of any action in reliance upon, this information by
 persons or
 entities other than the intended recipient is prohibited. If
 you received
 this in error, please contact the sender and delete the
 material from all
 computers.
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51244t=50988
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Interesting Situation with a 2948G-L3 and Inter-VL [7:51240]

[Priscilla Oppenheimer]

It doesn't sound like it's an STP problem then. And I don't think it could
have been a portfast problem anyway, since the symptoms aren't that the
stations can't transmit after a switch reboot. The symptom is that they
can't transmit for about 15 seconds every once in a while after they have
been running for while, n'est-ce pas? Have you been able to check what the
switch port status is during that time? I think you implied that there
wasn't even a link light during that time.

What else would cause a port to swoon for 15 seconds?? 

Can you put a Sniffer on it? That's always my answer. ;-) I think you'll
want to do more than just throughput tests. Obviously the throughput is
going to suck if nothing happens for 15 seconds every so often.

There's nothing obviously wrong with your configs Sorry I can't think of
anything else. Please keep us posted. It would be pretty important for all
of us to know if you get better throughput doing inter-VLAN routing with the
3600 on the 100 Mbps interface than you do with the 2948G-L3 and Gig
Ethernet!?

Priscilla

Don Pezet wrote:
 
 Priscilla and Cisco_Maniac,
 
   Well, I have been tinkering around with it a bit more (which is
 pretty much how I got here) and here are my findings. First, I
 went
 ahead and did a 'debug span events' on the 2948G-L3 and noticed
 no
 convergence issues... actually no events at all. A quick 'show
 span'
 returned the following:
 
 
 Bridge group 1 is executing the IEEE compatible Spanning Tree
 protocol
   Bridge Identifier has priority 32768, address 0001.c779.f807
   Configured hello time 2, max age 20, forward delay 15
   We are the root of the spanning tree
   Topology change flag not set, detected flag not set
   Times:  hold 1, topology change 35, notification 2
   hello 2, max age 20, forward delay 15
   Timers: hello 1, topology change 0, notification 0
   bridge aging time 300
 
 Port 4 (FastEthernet1) of Bridge group 1 is forwarding
Port path cost 19, Port priority 128
Designated root has priority 32768, address 0001.c779.f807
Designated bridge has priority 32768, address 0001.c779.f807
Designated port is 4, path cost 0
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 40808, received 0
 
 ... Removed additional ports (2 - 46)
 
 Port 50 (FastEthernet47) of Bridge group 1 is forwarding
Port path cost 19, Port priority 128
Designated root has priority 32768, address 0001.c779.f807
Designated bridge has priority 32768, address 0001.c779.f807
Designated port is 50, path cost 0
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 40865, received 0
 
 Port 54 (FastEthernet48.1 ISL) of Bridge group 1 is forwarding
Port path cost 19, Port priority 128
Designated root has priority 32768, address 0001.c779.f807
Designated bridge has priority 32768, address 0001.c779.f807
Designated port is 54, path cost 0
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 40867, received 0
 
 Port 56 (GigabitEthernet49.1 ISL) of Bridge group 1 is
 forwarding
Port path cost 4, Port priority 128
Designated root has priority 32768, address 0001.c779.f807
Designated bridge has priority 32768, address 0001.c779.f807
Designated port is 56, path cost 0
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 40874, received 5
 
  Bridge group 2 is executing the IEEE compatible Spanning Tree
 protocol
   Bridge Identifier has priority 32768, address 0001.c779.f836
   Configured hello time 2, max age 20, forward delay 15
   We are the root of the spanning tree
   Topology change flag not set, detected flag not set
   Times:  hold 1, topology change 35, notification 2
   hello 2, max age 20, forward delay 15
   Timers: hello 0, topology change 0, notification 0
   bridge aging time 300
 
 Port 55 (FastEthernet48.2 ISL) of Bridge group 2 is forwarding
Port path cost 19, Port priority 128
Designated root has priority 32768, address 0001.c779.f836
Designated bridge has priority 32768, address 0001.c779.f836
Designated port is 55, path cost 0
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 40867, received 0
 
 Port 57 (GigabitEthernet49.2 ISL) of Bridge group 2 is
 forwarding
Port path cost 4, Port priority 128
Designated root has priority 32768, address 0001.c779.f836
Designated bridge has priority 32768, address 0001.c779.f836
Designated port is 57, path cost 0
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 40876, received 6
 
  Bridge group 10 is executing the IEEE compatible Spanning Tree
 protocol
   Bridge Identifier has priority 32768, address 0001.c779.f907
   Configured hello time 2, max age 20, forward delay 15
   We are the root of the spanning tree
   Topology change flag not set, detected flag not set
   Times:  hold 1, topology change 35, notification 2
   hello 2, max age 20, forward delay 15
  

Re: OSI...Please help... [7:51235]

[Howard C. Berkowitz]

At 4:35 PM + 8/12/02, John Neiberger wrote:
You're putting too much thought into this.  :-)  The ip keyword will
match any ip packet regardless of the transport layer protocol being
used.  You use the tcp, udp, and icmp keywords when you want to be even
more specific.

HTH,
John

  maine dude  8/12/02 10:16:19 AM 
Please help... In the example :access-list 101 deny tcp host
172.16.3.10
172.16.1.0 0.0.0.255 eq ftpaccess-list 101 permit ip any any Do the
terms
tcp and ip refer to the individual protocols or the stack ? I
assume
they refer to the individual protocols as you could substitute them
with
udp or icmp but then surely the last statement would allow only
the
individual ip protocol and therefore all other packets such as tcp ,
udp,
icmp would be filtered. Or does tcp , udp , icmp get through because it
is
encapsulated in ip ? ( I hate the OSI model )  -DJ

Trust me. IP designers did not have OSI compliance in mind.

And to be picky, John, ICMP isn't a transport protocol. It is a 
control/management protocol at the network layer.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51247t=51235
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Interesting Situation with a 2948G-L3 and Inter-VL [7:51240]

[Jason Owens]

I am not sure about the 2948, however with the 2950T it is spanning-tree
portfast applied from the interface.

2840-1st-sw1(config-if)#int fa0/1
2840-1st-sw1(config-if)#spanning-tree portfast
%Warning: portfast enabled on FastEthernet0/1.
 Usually portfast should be enabled on ports connected to a single host.
 When portfast is enabled, connecting hubs, concentrators, switches, bridges,
 etc. to this interface may cause temporary spanning tree loops.
 Use with CAUTION.

Don Pezet wrote:
 
 Priscilla and Cisco_Maniac,
 
   Well, I have been tinkering around with it a bit more (which is
 pretty much how I got here) and here are my findings. First, I
 went
 ahead and did a 'debug span events' on the 2948G-L3 and noticed
 no
 convergence issues... actually no events at all. A quick 'show
 span'
 returned the following:
 
 
 Bridge group 1 is executing the IEEE compatible Spanning Tree
 protocol
   Bridge Identifier has priority 32768, address 0001.c779.f807
   Configured hello time 2, max age 20, forward delay 15
   We are the root of the spanning tree
   Topology change flag not set, detected flag not set
   Times:  hold 1, topology change 35, notification 2
   hello 2, max age 20, forward delay 15
   Timers: hello 1, topology change 0, notification 0
   bridge aging time 300
 
 Port 4 (FastEthernet1) of Bridge group 1 is forwarding
Port path cost 19, Port priority 128
Designated root has priority 32768, address 0001.c779.f807
Designated bridge has priority 32768, address 0001.c779.f807
Designated port is 4, path cost 0
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 40808, received 0
 
 ... Removed additional ports (2 - 46)
 
 Port 50 (FastEthernet47) of Bridge group 1 is forwarding
Port path cost 19, Port priority 128
Designated root has priority 32768, address 0001.c779.f807
Designated bridge has priority 32768, address 0001.c779.f807
Designated port is 50, path cost 0
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 40865, received 0
 
 Port 54 (FastEthernet48.1 ISL) of Bridge group 1 is forwarding
Port path cost 19, Port priority 128
Designated root has priority 32768, address 0001.c779.f807
Designated bridge has priority 32768, address 0001.c779.f807
Designated port is 54, path cost 0
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 40867, received 0
 
 Port 56 (GigabitEthernet49.1 ISL) of Bridge group 1 is
 forwarding
Port path cost 4, Port priority 128
Designated root has priority 32768, address 0001.c779.f807
Designated bridge has priority 32768, address 0001.c779.f807
Designated port is 56, path cost 0
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 40874, received 5
 
  Bridge group 2 is executing the IEEE compatible Spanning Tree
 protocol
   Bridge Identifier has priority 32768, address 0001.c779.f836
   Configured hello time 2, max age 20, forward delay 15
   We are the root of the spanning tree
   Topology change flag not set, detected flag not set
   Times:  hold 1, topology change 35, notification 2
   hello 2, max age 20, forward delay 15
   Timers: hello 0, topology change 0, notification 0
   bridge aging time 300
 
 Port 55 (FastEthernet48.2 ISL) of Bridge group 2 is forwarding
Port path cost 19, Port priority 128
Designated root has priority 32768, address 0001.c779.f836
Designated bridge has priority 32768, address 0001.c779.f836
Designated port is 55, path cost 0
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 40867, received 0
 
 Port 57 (GigabitEthernet49.2 ISL) of Bridge group 2 is
 forwarding
Port path cost 4, Port priority 128
Designated root has priority 32768, address 0001.c779.f836
Designated bridge has priority 32768, address 0001.c779.f836
Designated port is 57, path cost 0
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 40876, received 6
 
  Bridge group 10 is executing the IEEE compatible Spanning Tree
 protocol
   Bridge Identifier has priority 32768, address 0001.c779.f907
   Configured hello time 2, max age 20, forward delay 15
   We are the root of the spanning tree
   Topology change flag not set, detected flag not set
   Times:  hold 1, topology change 35, notification 2
   hello 2, max age 20, forward delay 15
   Timers: hello 1, topology change 0, notification 0
   bridge aging time 300
 
 Port 58 (GigabitEthernet49.10 ISL) of Bridge group 10 is
 forwarding
Port path cost 4, Port priority 128
Designated root has priority 32768, address 0001.c779.f907
Designated bridge has priority 32768, address 0001.c779.f907
Designated port is 58, path cost 0
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 40874, received 4
 
  Bridge group 20 is executing the IEEE compatible Spanning Tree
 protocol
   Bridge Identifier has priority 32768, address .0c97.2af8
   Configured 

RE: Interesting Situation with a 2948G-L3 and Inter-VLAN [7:51249]

[Don Pezet]

I ran a bandwidth monitor between six stations on one VLAN and
six stations on a second VLAN to see what kind of latency, packet loss,
and throughput I could get on the stations. I found I could easily get
six separate communication streams going with each absorbing 25Mbits of
bandwidth which would have more than saturated the 3620 so I am
definitely seeing performance improvements over the old configuration.
Now it's just a matter of tracking down my dropped link issue.

Don Pezet
Enterprise Technology Solutions
[EMAIL PROTECTED]
(352) 248-1010




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51249t=51249
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ADSL routers [7:51250]

[Brian Zeitz]

Can anyone suggest a good router to get for ADSL? I want to utilize a
full IOS, and not a dumbed down version. Or should I just go with a 2600
with an ADSL card. This firewall will be for a home connection, but I am
the type to mess around with the routers, try to do different things
with Pix firewalls, security, servers and whatnot.  I know netgear
routers work well for some people, but I want to use my router as
something functional and as educational at the same time. What would be
the cheapest way to go for an ADSL router, with full IOS capabilities.



Thanks in advance




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51250t=51250
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

scariest IOS image name [7:51251]

[Neal Rauhauser]

Yes, this is a real image that I downloaded for real work - can anyone
top it?

c1700-bk8no3r2sy7-mz.122-8.T5.bin

-- 
Neal Rauhauser CCNP, CCDP   voice: 402-301-9555
mailto:[EMAIL PROTECTED] fcc  : k0bsd
I've seen the angels wearing their disguise,
ordinary people leading ordinary lives - Tracy Chapman




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51251t=51251
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: scariest IOS image name [7:51251]

[Maccubbin, Duncan]

How about xp9040.939 ... Enterasys code :)

-Original Message-
From: Neal Rauhauser [mailto:[EMAIL PROTECTED]] 
Sent: Monday, August 12, 2002 2:03 PM
To: [EMAIL PROTECTED]
Subject: scariest IOS image name [7:51251]

Yes, this is a real image that I downloaded for real work - can anyone
top it?

c1700-bk8no3r2sy7-mz.122-8.T5.bin

-- 
Neal Rauhauser CCNP, CCDP   voice: 402-301-9555
mailto:[EMAIL PROTECTED] fcc  : k0bsd
I've seen the angels wearing their disguise,
ordinary people leading ordinary lives - Tracy Chapman




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51252t=51251
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSI...Please help... [7:51235]

[John Neiberger]

Good point!  Forgive me, I'd only had one cup of coffee when I wrote
that.  Usually I need at least three before my explainer works
correctly.  

John

 Howard C. Berkowitz  8/12/02 11:39:12 AM 
At 4:35 PM + 8/12/02, John Neiberger wrote:
You're putting too much thought into this.  :-)  The ip keyword will
match any ip packet regardless of the transport layer protocol being
used.  You use the tcp, udp, and icmp keywords when you want to be
even
more specific.

HTH,
John

  maine dude  8/12/02 10:16:19 AM 
Please help... In the example :access-list 101 deny tcp host
172.16.3.10
172.16.1.0 0.0.0.255 eq ftpaccess-list 101 permit ip any any Do the
terms
tcp and ip refer to the individual protocols or the stack ? I
assume
they refer to the individual protocols as you could substitute them
with
udp or icmp but then surely the last statement would allow only
the
individual ip protocol and therefore all other packets such as tcp
,
udp,
icmp would be filtered. Or does tcp , udp , icmp get through because
it
is
encapsulated in ip ? ( I hate the OSI model )  -DJ

Trust me. IP designers did not have OSI compliance in mind.

And to be picky, John, ICMP isn't a transport protocol. It is a 
control/management protocol at the network layer.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51253t=51235
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CSPFA Beta Exams [7:51246]

[Brian Zeitz]

I am scheduled for all three, VPN, MCNS, and CSPFA. I scheduled them the
20th, 21st, and 22nd. Because I needed a few days to study for these
suckers. I cant go wrong for free! 

Here is my trick, I have all 3 CSS1 books, I just go to the back of the
book and look at all the question an answers. Starting with chapter 1,
and go to the end. If I don't understand what they are talking about, or
a term, like ACS, I just look it up. I pretty much did this in a few
hours.

I did this for all 3 CSS1 books so far, then I took a look at the Boson
exams, they were a no-brainer for the most part.

Besides this, I am familiar with networking and security. Some of the
new technology, like the 3005 concentrator is in your VPN book, if you
opened it. With the pix, there is a lot of common sense questions I am
sure they will ask like how many interfaces does a pix have?. Ans:
depends on the model. Wow, how hard!

I usually would give these exams a lot more time, if I was actually
paying for it. The time from the announcement, until the time you needed
to register, was only seconds. These free beta exams fill up quick. I
remember the CCNA 2.0 beta which was cheap, or free. It filled up from
all the other countries in the world registering first, by the time it
came to the USA, for VUE to open its lines, all the seats were filled.
They made a special exception for loud mouth people like me though. 

I think the masses are taking MCNS, I don't think that many are taking
VPN and CSPFA. But if you waited til now, they are probably filled by
people who just wanted to say they took these.

Note: I have not taken any of the exams yet, so I am not breaking any
NDA.



-Original Message-
From: Roberts, Larry [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, August 08, 2002 4:33 PM
To: Cisco CCIE Mailing List ([EMAIL PROTECTED]); Cisco Security
Mailing List ([EMAIL PROTECTED])
Subject: CSPFA Beta Exams

Just curious if anyone else has taken this exam yet? 
Wanted to see if your opinion of it is the same as mine! This being the
first beta I have taken for Cisco, I can only hope the other 2 are
better!


Thanks

Larry 
__
To unsubscribe from the SECURITY list, send a message to
[EMAIL PROTECTED] with the body containing:
unsubscribe SECURITY




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51246t=51246
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Using QoS to Control Utilization [7:51254]

[YASSER ALY]

Hi Group   I need your suggestions regarding the following Scenario.A
company's main Branch is having 1M Internet and inturn it is providing
Internet/Connectivity between 4 branches using a hub--spoke topology
over another 1M.The client requirments are as follows1) Frame Relay is
used to acheive connectivity between branches and the main office2) Main
Branch is feeding the 4 branches with a total bandwidth of 1M3) Each
Branch will have 1M connecting it to the main branch. (Over-Booking )4)
Any branch can burst traffic up to the 1M if working alone.5) Traffic of
any branch should fall to a pre-defined value incase more than one branch
trying to access the main branch at the same time to either have Internet
or to reach another branch through the hub.  I thought about QoS and I
guess this target can be acheived using it. Haven't digged enough yet to
figure out how this could be done and thought about hearing from you
about it. Thanks for your feedback. Regards,Yasser



Send and receive Hotmail on your mobile device: Click Here




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51254t=51254
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSI...Please help... [7:51235]

[Howard C. Berkowitz]

At 6:16 PM + 8/12/02, John Neiberger wrote:
Good point!  Forgive me, I'd only had one cup of coffee when I wrote
that.  Usually I need at least three before my explainer works
correctly. 

John


You bring up an interesting question.  Could we have predicted our 
industry crash by monitoring coffee consumption by accountants, 
vendors, or venture capitalists, etc.?  There _ought_ to be a 
correlation.


  Howard C. Berkowitz  8/12/02 11:39:12 AM 
At 4:35 PM + 8/12/02, John Neiberger wrote:
You're putting too much thought into this.  :-)  The ip keyword will
match any ip packet regardless of the transport layer protocol being
used.  You use the tcp, udp, and icmp keywords when you want to be
even
more specific.

HTH,
John

   maine dude  8/12/02 10:16:19 AM 
Please help... In the example :access-list 101 deny tcp host
172.16.3.10
172.16.1.0 0.0.0.255 eq ftpaccess-list 101 permit ip any any Do the
terms
tcp and ip refer to the individual protocols or the stack ? I
assume
they refer to the individual protocols as you could substitute them
with
udp or icmp but then surely the last statement would allow only
the
individual ip protocol and therefore all other packets such as tcp
,
udp,
icmp would be filtered. Or does tcp , udp , icmp get through because
it
is
encapsulated in ip ? ( I hate the OSI model )  -DJ

Trust me. IP designers did not have OSI compliance in mind.

And to be picky, John, ICMP isn't a transport protocol. It is a
control/management protocol at the network layer.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51255t=51235
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: scariest IOS image name [7:51251]

[MADMAN]

Can't get this off of CCO but I guess it's kinda scary;)

c1700-bk2no3r2sv3y-mz.intercooler-beta.1122

  Dave

Neal Rauhauser wrote:
 
 Yes, this is a real image that I downloaded for real work - can anyone
 top it?
 
 c1700-bk8no3r2sy7-mz.122-8.T5.bin
 
 --
 Neal Rauhauser CCNP, CCDP   voice: 402-301-9555
 mailto:[EMAIL PROTECTED] fcc  : k0bsd
 I've seen the angels wearing their disguise,
 ordinary people leading ordinary lives - Tracy Chapman
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

You don't make the poor richer by making the rich poorer. --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51257t=51251
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSI...Please help... [7:51235]

[[EMAIL PROTECTED]]

Did you see the movie Pi? :)



   
 
Howard
C.
Berkowitz   To:
[EMAIL PROTECTED]
 Subject: Re: OSI...Please help...
[7:51235]
Sent
by:
   
nobody@groupst
   
udy.com
   
 
   
 
   
08/12/2002
03:02
PM
Please
respond
to Howard
C.
   
Berkowitz
   
 
   
 




At 6:16 PM + 8/12/02, John Neiberger wrote:
Good point!  Forgive me, I'd only had one cup of coffee when I wrote
that.  Usually I need at least three before my explainer works
correctly.

John


You bring up an interesting question.  Could we have predicted our
industry crash by monitoring coffee consumption by accountants,
vendors, or venture capitalists, etc.?  There _ought_ to be a
correlation.


  Howard C. Berkowitz  8/12/02 11:39:12 AM 
At 4:35 PM + 8/12/02, John Neiberger wrote:
You're putting too much thought into this.  :-)  The ip keyword will
match any ip packet regardless of the transport layer protocol being
used.  You use the tcp, udp, and icmp keywords when you want to be
even
more specific.

HTH,
John

   maine dude  8/12/02 10:16:19 AM 
Please help... In the example :access-list 101 deny tcp host
172.16.3.10
172.16.1.0 0.0.0.255 eq ftpaccess-list 101 permit ip any any Do the
terms
tcp and ip refer to the individual protocols or the stack ? I
assume
they refer to the individual protocols as you could substitute them
with
udp or icmp but then surely the last statement would allow only
the
individual ip protocol and therefore all other packets such as tcp
,
udp,
icmp would be filtered. Or does tcp , udp , icmp get through because
it
is
encapsulated in ip ? ( I hate the OSI model )  -DJ

Trust me. IP designers did not have OSI compliance in mind.

And to be picky, John, ICMP isn't a transport protocol. It is a
control/management protocol at the network layer.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51259t=51235
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 3550 EMI [7:50103]

[Don Queen]

What happens if the switch receives an IPX packet? Will it try to route it
or drop the packet or will it handle the packet at layer 2 only? I have a
customer that interested in using the 3550 but they have Novell servers. Of
course using Novell IP shouldn't be a problem but they're still running IPX.

- Original Message -
From: Chuck 
To: 
Sent: Tuesday, July 30, 2002 9:28 AM
Subject: Re: 3550 EMI [7:50103]


 just getting into it. 1500 pages of documentation to read :-O

 They do IGRP, EIGRP, RIPv1, RIPv2, and OSPF. Don't believe the output of
the
 router ?

 BGP is expected to be released real soon now, but according to Cisco
 people I've spoken to, it will not be a full featured release.
Limitations
 as to the number of routes processed and stored, for example ( due to the
 physical limitations of the switch ) I.e. don't expect to get full BGP
 routes over your DSL connection.

 Chuck


 Symon Thurlow  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Anyone played with the new 3550 EMI switches? They report layer 3
  routing etc.
 
  Symon




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51260t=50103
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSI...Please help... [7:51235]

[MADMAN]

Hmmm, that explains why my explianer is unexplainable, I don't like
coffee :)

  Dave

Howard C. Berkowitz wrote:
 
 At 6:16 PM + 8/12/02, John Neiberger wrote:
 Good point!  Forgive me, I'd only had one cup of coffee when I wrote
 that.  Usually I need at least three before my explainer works
 correctly.
 
 John
 
 You bring up an interesting question.  Could we have predicted our
 industry crash by monitoring coffee consumption by accountants,
 vendors, or venture capitalists, etc.?  There _ought_ to be a
 correlation.
 
 
   Howard C. Berkowitz  8/12/02 11:39:12 AM 
 At 4:35 PM + 8/12/02, John Neiberger wrote:
 You're putting too much thought into this.  :-)  The ip keyword will
 match any ip packet regardless of the transport layer protocol being
 used.  You use the tcp, udp, and icmp keywords when you want to be
 even
 more specific.
 
 HTH,
 John
 
maine dude  8/12/02 10:16:19 AM 
 Please help... In the example :access-list 101 deny tcp host
 172.16.3.10
 172.16.1.0 0.0.0.255 eq ftpaccess-list 101 permit ip any any Do the
 terms
 tcp and ip refer to the individual protocols or the stack ? I
 assume
 they refer to the individual protocols as you could substitute them
 with
 udp or icmp but then surely the last statement would allow only
 the
 individual ip protocol and therefore all other packets such as tcp
 ,
 udp,
 icmp would be filtered. Or does tcp , udp , icmp get through because
 it
 is
 encapsulated in ip ? ( I hate the OSI model )  -DJ
 
 Trust me. IP designers did not have OSI compliance in mind.
 
 And to be picky, John, ICMP isn't a transport protocol. It is a
 control/management protocol at the network layer.
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

You don't make the poor richer by making the rich poorer. --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51261t=51235
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSI...Please help... [7:51235]

[Howard C. Berkowitz]

At 4:14 PM -0400 8/12/02, [EMAIL PROTECTED] wrote:
Did you see the movie Pi? :)


No, but I like pi with coffee.  It's just rarely on my blueprint...I 
mean, diet.


At 6:16 PM + 8/12/02, John Neiberger wrote:
Good point!  Forgive me, I'd only had one cup of coffee when I wrote
that.  Usually I need at least three before my explainer works
correctly.

John


You bring up an interesting question.  Could we have predicted our
industry crash by monitoring coffee consumption by accountants,
vendors, or venture capitalists, etc.?  There _ought_ to be a
correlation.


   Howard C. Berkowitz  8/12/02 11:39:12 AM 
At 4:35 PM + 8/12/02, John Neiberger wrote:
You're putting too much thought into this.  :-)  The ip keyword will
match any ip packet regardless of the transport layer protocol being
used.  You use the tcp, udp, and icmp keywords when you want to be
even
more specific.

HTH,
John

maine dude  8/12/02 10:16:19 AM 
Please help... In the example :access-list 101 deny tcp host
172.16.3.10
172.16.1.0 0.0.0.255 eq ftpaccess-list 101 permit ip any any Do the
terms
tcp and ip refer to the individual protocols or the stack ? I
assume
they refer to the individual protocols as you could substitute them
with
udp or icmp but then surely the last statement would allow only
the
individual ip protocol and therefore all other packets such as tcp
,
udp,
icmp would be filtered. Or does tcp , udp , icmp get through because
it
is
encapsulated in ip ? ( I hate the OSI model )  -DJ

Trust me. IP designers did not have OSI compliance in mind.

And to be picky, John, ICMP isn't a transport protocol. It is a
  control/management protocol at the network layer.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51262t=51235
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: load balance/share [7:50988]

[Turpin, Mark]

Jason,

Where are you trying to advertise a default route from?  The PER?
If so, check out http://www.cisco.com/warp/public/103/eigrp8.html
where it discusses using a summary per interface to advertise a 
default to neighbors.  You could stick this on your PER's interfaces
towards RtrA and RtrB.  If we're talking about BGP, you can have
your PER advertise a default with 'neighbor x.x.x.x default-originate'
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr
rp_r/bgp_r/1rfbgp1.htm#xtocid46
(wrap there)

Let me know if this is what you meant, or if this works out for you.

hth,
-Mark

-Original Message-
From: Jason Owens [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 12, 2002 12:29 PM
To: [EMAIL PROTECTED]
Subject: RE: load balance/share [7:50988]


Mark,
I have looked EIGRP in this regard. My issue seems to be with the
default
route. If put it in statically there is no failover if one link goes down,
and I can't figure out another way to get it in. I have looked at bgp to
resolve this as well (both routers need it to peer with the PER anyway),
however since the connection between Rtr A and B is IBGP, the EBGP route
from the PER takes precedence and there is no load sharing.

Turpin, Mark wrote:
 
 Jason,
 Lots!  Basically your network looks like this:
 
PER
 m10/ \m10
   AB
m10
 
 Let's say a metric of 10 for each link for example?
 A-PER = 10
 A-B-PER = 20
 
 Before we get really far into this, have you looked into
 EIGRP's capability to load balance across unequal cost paths?
 Modifying the variance on your CE routers should do the trick.
 http://www.cisco.com/warp/public/103/eigrp1.html
 http://www.cisco.com/warp/public/103/eigrp9.html
 http://www.cisco.com/warp/public/103/19.html
 
 One question though when you do this:
 I have not tried a HSRP impelmentation like this.
 Variance should be local to the router.  Please let
 me know if Router A changes the way it advertises
 its metrics to router B once variance is implemented.
 
 Thanks,
 -Mark
 
 
 -Original Message-
 From: Jason Owens [mailto:[EMAIL PROTECTED]]
 Sent: Friday, August 09, 2002 11:05 AM
 To: [EMAIL PROTECTED]
 Subject: RE: load balance/share [7:50988]
 
 
 Mark,
  Your diagram is correct. I am trying to load balance/share
 across the
 links to the PER (per-packet preferably). The clients are
 behind Rtr A  B
 using an HSRP address. So say Rtr A is the active router. I
 want to load
 balance across both links (half of the traffic needs to
 traverse out Rtr A's
 ser0 and the other half across the link to Rtr B and then out
 it's ser0). If
 I use a static and one link goes down, half of my traffic
 becomes
 blackholed. I was trying to find a way to have a default route
 put into a
 routing protocol so the routing process would recognize that if
 one link was
 down that it needed to send all traffic out the remaining link.
 Is this
 clearer?
 
 Turpin, Mark wrote:
  
  Jason,
  
  Is this your lab network?
  
  
  +  PE Rtr  +
  
  /   \
   /   \
  +   
  + RtrA +--+ Rtr B +
  +
\- Client Networks  
  With that diagram, or a revised one, can you clarify
  your question?  You mention statics; what routers are
  you trying to advertise statics to, and from what router
  are you wishing to advertise them?
  
  In regards to load balancing, are you asking if you
  can load balance clients to router A and router B?
  Or do you want to load balance the PE router to AB?
  
  Thanks,
  -Mark
  



 The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from all
computers.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51264t=50988
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSI...Please help... [7:51235]

[Priscilla Oppenheimer]

Howard C. Berkowitz wrote:
 
 At 6:16 PM + 8/12/02, John Neiberger wrote:
 Good point!  Forgive me, I'd only had one cup of coffee when I
 wrote
 that.  Usually I need at least three before my explainer works
 correctly. 
 
 John
 
 
 You bring up an interesting question.  Could we have predicted
 our
 industry crash by monitoring coffee consumption by accountants, 
 vendors, or venture capitalists, etc.?  There _ought_ to be a 
 correlation.

How about caffeine consumption by gamers (i.e. programmers, Web designers,
etc. at dot coms? ;-) Did you happen to see the article from the Mercury
News yesterday about a drink favored by gamers called BAWLS (seriously).
It's a sweet drink with 80 milligrams of caffeine in a 12-ounce bottle. More
here:

http://www.bayarea.com/mld/bayarea/business/technology/3842507.htm

Priscilla
 
 
   Howard C. Berkowitz  8/12/02 11:39:12 AM 
 At 4:35 PM + 8/12/02, John Neiberger wrote:
 You're putting too much thought into this.  :-)  The ip
 keyword will
 match any ip packet regardless of the transport layer
 protocol being
 used.  You use the tcp, udp, and icmp keywords when you want
 to be
 even
 more specific.
 
 HTH,
 John
 
maine dude  8/12/02 10:16:19 AM 
 Please help... In the example :access-list 101 deny tcp host
 172.16.3.10
 172.16.1.0 0.0.0.255 eq ftpaccess-list 101 permit ip any any
 Do the
 terms
 tcp and ip refer to the individual protocols or the stack
 ? I
 assume
 they refer to the individual protocols as you could
 substitute them
 with
 udp or icmp but then surely the last statement would
 allow only
 the
 individual ip protocol and therefore all other packets such
 as tcp
 ,
 udp,
 icmp would be filtered. Or does tcp , udp , icmp get through
 because
 it
 is
 encapsulated in ip ? ( I hate the OSI model )  -DJ
 
 Trust me. IP designers did not have OSI compliance in mind.
 
 And to be picky, John, ICMP isn't a transport protocol. It is a
 control/management protocol at the network layer.
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51263t=51235
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Dial out solution [7:51230]

[Benjamin Pierce]

We replaced our Shiva LanRover with a Cisco AS5300. 
We then purchased a software product called DialOut EZ
that allowed for clients to do a remote reverse telnet
session and associate it with a com port.  It was
actually very easy to set up and it was recommended by
cisco so the support is there.

Thanks,
Benjamin Pierce
--- neil K.  wrote:
 Hi All,
 Guys I am currently using a Shiva modem pool for
 dial out, Is there a Cisco
 solution for this.The Shiva is not working upto our
 expectations.
 Will the Cisco Access Servers or a cisco 3640 with
 modem card be able to do
 the same.
 
 Any help will be highly apprecisted.
 
 Thanks,
 
 neiL
[EMAIL PROTECTED]


__
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51265t=51230
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 3550 EMI [7:50103]

[MADMAN]

It will work fine at layer 2 you just can't route IPX with a 3550.

  Dave

Don Queen wrote:
 
 What happens if the switch receives an IPX packet? Will it try to route it
 or drop the packet or will it handle the packet at layer 2 only? I have a
 customer that interested in using the 3550 but they have Novell servers. Of
 course using Novell IP shouldn't be a problem but they're still running
IPX.
 
 - Original Message -
 From: Chuck
 To:
 Sent: Tuesday, July 30, 2002 9:28 AM
 Subject: Re: 3550 EMI [7:50103]
 
  just getting into it. 1500 pages of documentation to read :-O
 
  They do IGRP, EIGRP, RIPv1, RIPv2, and OSPF. Don't believe the output of
 the
  router ?
 
  BGP is expected to be released real soon now, but according to Cisco
  people I've spoken to, it will not be a full featured release.
 Limitations
  as to the number of routes processed and stored, for example ( due to the
  physical limitations of the switch ) I.e. don't expect to get full BGP
  routes over your DSL connection.
 
  Chuck
 
 
  Symon Thurlow  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   Anyone played with the new 3550 EMI switches? They report layer 3
   routing etc.
  
   Symon
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

You don't make the poor richer by making the rich poorer. --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51267t=50103
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCNP virtual lab and CCNP routersim [7:51232]

[Curious]

Fadi
I used CCNP SwitchSIM, it was crap. I felt like i wasted my money on it. I
wont recommend this to any one.



Fadi Younes  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Dear all,
 I am planning to buy a CCNP simulation software and i am trying to
 choose between to available software products which are CCNP Cybex
 Virtual Lab and CCNP RouterSim. Can you advice or comment on both
 softwares if you used them before. Many thanks in advance.

  Fadi Younes
   IT Team Member
   ARAMEX International
   P.O.Box 960913, Amman 11196
   Jordan
   http://www.aramex.com

   Office: +962 6 552 2192
   Fax: +962 6 552 7461




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51269t=51232
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Dial out solution [7:51230]

[Gaz]

In article , [EMAIL PROTECTED] 
says...
 We replaced our Shiva LanRover with a Cisco AS5300. 
 We then purchased a software product called DialOut EZ
 that allowed for clients to do a remote reverse telnet
 session and associate it with a com port.  It was
 actually very easy to set up and it was recommended by
 cisco so the support is there.
 
 Thanks,
 Benjamin Pierce
 --- neil K.  wrote:
  Hi All,
  Guys I am currently using a Shiva modem pool for
  dial out, Is there a Cisco
  solution for this.The Shiva is not working upto our
  expectations.
  Will the Cisco Access Servers or a cisco 3640 with
  modem card be able to do
  the same.
  
  Any help will be highly apprecisted.
  
  Thanks,
  
  neiL
 [EMAIL PROTECTED]
 
 
 __
 Do You Yahoo!?
 HotJobs - Search Thousands of New Jobs
 http://www.hotjobs.com
This is probably a more recent version of the one I mentioned a couple 
of weeks ago Cisco Dialout.
Cisco Dialout became a free download, before it disappeared. Although 
it's no longer supported it may give you an idea if it's what you want.
I don't think I'm doing anybody out of business with this. If you want 
support, etc, you're going to have to pay for an up to date 3rd party 
version.

A few people asked me for a copy last time and my dial-up connection got 
hammered, so if you'd like a copy I dumped it on an old web page. This 
is not a plug, it's just a page I used to sell my road bike and it's 
gone.
Go to www.bikespace.co.uk and click on the download button.
Please use at your own risk.

Cheers,

Gaz




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51270t=51230
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: scariest IOS image name [7:51251]

[Sean Wolfe]

Neal Rauhauser wrote:
 
 Yes, this is a real image that I downloaded for real work - can
 anyone
 top it?
 
 c1700-bk8no3r2sy7-mz.122-8.T5.bin
 
 -- 
 Neal Rauhauser CCNP, CCDP voice: 402-301-9555
 mailto:[EMAIL PROTECTED]   fcc  : k0bsd
 I've seen the angels wearing their disguise,
 ordinary people leading ordinary lives - Tracy Chapman
 
 

Cool Tracy Chapman quote, though. . .  8^)


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51271t=51251
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Multilayer Switching, CCO contradicts itself? [7:51272]

[Sean Wolfe]

Hello all. In the below quote from CCO, is Cisco contradicting themselves in
the 2nd paragraph regarding each transport-layer session being a different
flow? Or do they mean that IF only the destination IP is used to ID a flow,
THEN all diff transport-layer sessions are the same flow?

Thanks!

URL is:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_2/layer3/mls.htm

Quote is here:


A flow is a unidirectional sequence of packets between a particular source
and destination that share the same protocol and transport-layer
information. Communication from a client to a server and from the server to
the client are separate flows. For example, Telnet traffic transferred from
a particular source to a particular destination comprises a separate flow
from File Transfer Protocol (FTP) packets between the same source and
destination.

Flows are based only on Layer 3 addresses, which allow IP traffic from
multiple users or applications to a particular destination to be carried on
a single flow if only the destination IP address is used to identify a flow.





Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51272t=51272
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RTS down, interface up/up [7:50911]

[Priscilla Oppenheimer]

Too bad nobody else is participating in this interesting thread. I changed
the title. Mabye that will help! ;-)

Your question boils down to: Does it matter that RTS is down on a serial
interface acting as DCE on a router acting as a Frame Relay switch? The
interface is connected to the DCE side of a cross-over cable.

Your testing reveals that it doesn't matter. The interface is up/up and
passing traffic. So you're wondering if RTS really matters.
There's a good chance it doesn't matter in this situation. Consider what it
stands for: Request to Send. On a full-duplex point-to-point serial
interface, the DTE shouldn't have to send RTS before the DCE side asserts
Clear to Send (CTS) and accepts incoming data. That stuff was used on old
RS-232 multidrop lines, as far as I know. On a multidrop line, it's
important that only one station send at a time. So that station has to
assert RTS. The DCE side then asserts CTS. When the DTE sees Clear To Send
(CTS) it knows it can send.

See here for more info on RS-232 and V.35 specifications:

http://www.sangoma.com/signal.htm

Just out of curiousity, does it work even if that router with the problem is
the DTE side? Turn the cross-over cable the other way so that DTE is on the
Frame Relay switch side. (That will still work by the way. The side that is
doing FR DCE doesn't have to be the 'physical-layer' DCE.) On the new DCE
router, specify the clocking. Does the interface still come up/up? If not,
then you would have a problem in the real world. In the lab, though,
there's no problem. You can just make sure that you connect the DCE side to
the interface that seems to have a problem with this signal.

Priscilla

He Shuchen wrote:
 
 Thank you again. Here is the detail information about RTS=down
 
   I have 5 routers, and configured the 2520 as Frame Relay
 Switch. Four 2501 routers connected to it. All other three
 serial interfaces's singal of 2520 are DCD=up  DSR=up  DTR=up 
 RTS=up  CTS=up, only serial 1's interface status is DCD=up 
 DSR=up  DTR=up  RTS=down  CTS=up. and I have changed cable and
 routers to the s1, The RTS still down. But it did and do work
 well. So I want to know Is RTS meaningless?
 
 The configuration and show output of 2520's serial 1  
 
 R7#sh ru in s1
 Building configuration...
 
 Current configuration:
 !
 interface Serial1
  no ip address
  no ip directed-broadcast
  encapsulation frame-relay
  clockrate 125000
  frame-relay lmi-type ansi
  frame-relay intf-type dce
  frame-relay route 501 interface Serial0 105
 end
 
 R7#
 Serial1 is up, line protocol is up
   Hardware is HD64570
   MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, rely 255/255,
 load 1/255
   Encapsulation FRAME-RELAY, loopback not set, keepalive set
 (10 sec)
   LMI enq sent  0, LMI stat recvd 0, LMI upd recvd 0
   LMI enq recvd 105, LMI stat sent  105, LMI upd sent  0, DCE
 LMI up
   LMI DLCI 0  LMI type is ANSI Annex D  frame relay DCE
   Broadcast queue 0/64, broadcasts sent/dropped 0/0, interface
 broadcasts 0
   Last input 00:00:01, output 00:00:01, output hang never
   Last clearing of show interface counters 00:17:24
   Input queue: 0/75/0 (size/max/drops); Total output drops: 0
   Queueing strategy: weighted fair
   Output queue: 0/1000/64/0 (size/max total/threshold/drops)
  Conversations  0/1/256 (active/max active/max total)
  Reserved Conversations 0/0 (allocated/max allocated)
   5 minute input rate 0 bits/sec, 0 packets/sec
   5 minute output rate 0 bits/sec, 0 packets/sec
  148 packets input, 4350 bytes, 0 no buffer
  Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0
 abort
  168 packets output, 5832 bytes, 0 underruns
  0 output errors, 0 collisions, 0 interface resets
  0 output buffer failures, 0 output buffers swapped out
  0 carrier transitions
  DCD=up  DSR=up  DTR=up  RTS=down  CTS=up
 R7#
 
 R7# sh fr pvc
 
 PVC Statistics for interface Serial0 (Frame Relay DCE)
 
 DLCI = 102, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE,
 INTERFACE = Serial0
 
   input pkts 41output pkts 211  in bytes
 2624
   out bytes 79455  dropped pkts 0   in FECN
 pkts 0
   in BECN pkts 0   out FECN pkts 0  out BECN
 pkts 0
   in DE pkts 0 out DE pkts 0
   out bcast pkts 0  out bcast bytes 0Num
 Pkts Switched 41
 
   pvc create time 00:51:45, last time pvc status changed
 00:51:35
 
 DLCI = 103, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE,
 INTERFACE = Serial0
 
   input pkts 133   output pkts 102  in bytes
 10216
   out bytes 7776   dropped pkts 0   in FECN
 pkts 0
   in BECN pkts 0   out FECN pkts 0  out BECN
 pkts 0
   in DE pkts 0 out DE pkts 0
   out bcast pkts 0  out bcast bytes 0Num
 Pkts Switched 133
 
   pvc create time 00:51:48, last time pvc status changed
 00:38:08
 
 DLCI = 105, DLCI USAGE = SWITCHED, PVC 

RE: NAT Keyword has me puzzled [7:51122]

[Sean Wolfe]

Kelly Cobean wrote:
 
 Art,
Thanks for the clarification!  Can this keyword also be used
 to map
 multiple inside LOCAL addresses to a single inside GLOBAL
 address on
 different ports?  Example follows...

Isn't this just asking to do standard overloading onto a single global IP?

Or is this a way to do both static one-to-one NAT and also have some
overloading as well? I seem to remember on a Cisco router you can do either
one-to-one OR overloading but not both at the same time. . .?

-Sean.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51274t=51122
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 3550 EMI [7:50103]

[Don Queen]

Thanks, that's what I needed to know.
- Original Message -
From: MADMAN 
To: 
Sent: Monday, August 12, 2002 4:12 PM
Subject: Re: 3550 EMI [7:50103]


 It will work fine at layer 2 you just can't route IPX with a 3550.

   Dave

 Don Queen wrote:
 
  What happens if the switch receives an IPX packet? Will it try to route
it
  or drop the packet or will it handle the packet at layer 2 only? I have
a
  customer that interested in using the 3550 but they have Novell servers.
Of
  course using Novell IP shouldn't be a problem but they're still running
 IPX.
 
  - Original Message -
  From: Chuck
  To:
  Sent: Tuesday, July 30, 2002 9:28 AM
  Subject: Re: 3550 EMI [7:50103]
 
   just getting into it. 1500 pages of documentation to read :-O
  
   They do IGRP, EIGRP, RIPv1, RIPv2, and OSPF. Don't believe the output
of
  the
   router ?
  
   BGP is expected to be released real soon now, but according to Cisco
   people I've spoken to, it will not be a full featured release.
  Limitations
   as to the number of routes processed and stored, for example ( due to
the
   physical limitations of the switch ) I.e. don't expect to get full BGP
   routes over your DSL connection.
  
   Chuck
  
  
   Symon Thurlow  wrote in message
   [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Anyone played with the new 3550 EMI switches? They report layer 3
routing etc.
   
Symon
 --
 David Madland
 CCIE# 2016
 Sr. Network Engineer
 Qwest Communications
 612-664-3367

 You don't make the poor richer by making the rich poorer. --Winston
 Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51275t=50103
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Multilayer Switching, CCO contradicts itself? [7:51272]

[Turpin, Mark]

There types of flows:
Destination - per {dest} flow
Source Destination - per {source/dest address} pair
IP (aka Full) Flow - per {source, dest, protocol and port} set

Look under the section labeled Flow Mask Modes

hth,
-mark


-Original Message-
From: Sean Wolfe [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 12, 2002 4:51 PM
To: [EMAIL PROTECTED]
Subject: Multilayer Switching, CCO contradicts itself? [7:51272]


Hello all. In the below quote from CCO, is Cisco contradicting themselves in
the 2nd paragraph regarding each transport-layer session being a different
flow? Or do they mean that IF only the destination IP is used to ID a flow,
THEN all diff transport-layer sessions are the same flow?

Thanks!

URL is:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_2/layer3/m
ls.htm

Quote is here:


A flow is a unidirectional sequence of packets between a particular source
and destination that share the same protocol and transport-layer
information. Communication from a client to a server and from the server to
the client are separate flows. For example, Telnet traffic transferred from
a particular source to a particular destination comprises a separate flow
from File Transfer Protocol (FTP) packets between the same source and
destination.

Flows are based only on Layer 3 addresses, which allow IP traffic from
multiple users or applications to a particular destination to be carried on
a single flow if only the destination IP address is used to identify a flow.

 The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from all
computers.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51277t=51272
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CSPFA exam [7:51278]

[Simer Mayo]

What is the passing score for the CSPFA exam?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51278t=51278
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: 802.1t extensions to spanning tree [7:51280]

[Chuck's Long Road]

Having done a bit of research here on CCO, I am curious about something.

the information regarding number of vlans supported in the Cisco Products
Quick Reference Guide seem to have been hastily done. For example, the 6000
series states 4000 vlans are supported, the 4000 series states 1000 vlans
are supported, and the 3500 and 3550 series gives no info.

Some CCO switch documentation states that there can be 4096 vlans, 4095
vlans, or 4094 vlans, depending upon the particular switch documentation one
looks at.

On the other hand, it looks to me like the 802.1t extensions to spanning
tree reserve 12 bits for vlan identification, meaning that there can be
values of zero ( all bits zero ) through 4095 ( all bits set to one )

Since there is no vlan zero that I have ever seen anywhere, I presume that
is by standard. One of the CCO documents states that the 4095 value is
reserved, meaning that one may have vlans numbered 1 through 4094

Is this the correct conclusion to jump to?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51280t=51280
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: scariest IOS image name [7:51251]

[Sasa Milic]

Lets see:

b   - appletalk
k8  - IPSec 56-bit encryption
n   - Novell
o3  - Firewall
r2  - IBM
sy7 - IP+, reduced from normal IP feature set

Sasa
CCIE 8635

Neal Rauhauser wrote:
 
 Yes, this is a real image that I downloaded for real work - can anyone
 top it?
 
 c1700-bk8no3r2sy7-mz.122-8.T5.bin
 
 --
 Neal Rauhauser CCNP, CCDP   voice: 402-301-9555
 mailto:[EMAIL PROTECTED] fcc  : k0bsd
 I've seen the angels wearing their disguise,
 ordinary people leading ordinary lives - Tracy Chapman




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51281t=51251
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Local Cisco office and CCIE [7:51282]

[NetEng]

I thought I read once on cisco.com (can not find now) that once you pass the
CCIE written your local cisco office will help you prepare for the lab
portion with local lab/resources. Was this wishful thinking or do they help?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51282t=51282
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Local Cisco office and CCIE [7:51282]

[Kaminski, Shawn G]

I work for EDS and our Cisco rep has told me that we are able to use their
local lab for CCIE preparation. However, this is only because I work for EDS
and we do a lot of business with Cisco. If the company you work for has a
Cisco rep, ask them and they should be able to give you an answer.

Shawn K.

 -Original Message-
 From: NetEng [SMTP:[EMAIL PROTECTED]]
 Sent: Monday, August 12, 2002 8:00 PM
 To:   [EMAIL PROTECTED]
 Subject:  Local Cisco office and CCIE [7:51282]
 
 I thought I read once on cisco.com (can not find now) that once you pass
 the
 CCIE written your local cisco office will help you prepare for the lab
 portion with local lab/resources. Was this wishful thinking or do they
 help?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51283t=51282
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Local Cisco office and CCIE [7:51282]

[cebuano]

I believe this is only true for Silver and up if the local Cisco CAM
will sponsor you to the ASET program, which has been on, off, on, off...
You can contact your local Cisco office to see if the in-house lab
engineer will let you practice on their equipment. Last time I checked,
the SE was real friendly, as long as he thinks you won't damage anything
on the racks.

Elmer
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
NetEng
Sent: Monday, August 12, 2002 8:00 PM
To: [EMAIL PROTECTED]
Subject: Local Cisco office and CCIE [7:51282]

I thought I read once on cisco.com (can not find now) that once you pass
the
CCIE written your local cisco office will help you prepare for the lab
portion with local lab/resources. Was this wishful thinking or do they
help?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51284t=51282
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: GBIC's - Cisco and otherwise [7:51148]

[William Pearch]

When I was learning a bit about SAN's and Fibre Channel, one of my
instructors mentioned that there were only 3 manufacturers of GBICs
(couple years ago, may have changed by now).  I have put GBICs (no long
haul stuff) obtained from Nortel, IBM, Compaq, Brocade, Cisco, and
unknown into a 3500, a 2950, a Nortel 420, Dell and a couple others
just to see if they would work.  They did.  Fibre Channel GBICs, GigE
GBICs, all seemed to work just fine.  I'll try it in a 3550 later this
month, and it will probably seem to work just fine also.

SEEMED to work just fine.  I wouldn't do that on a production network,
but on a 'oh s$!%' or a giggles and grin basis, yea - no worries.

YMMV, VWPBL, OSTCAAT...

TTFN,
Bill Pearch, Anchorage

-Original Message-
From: Chuck's Long Road [mailto:[EMAIL PROTECTED]] 
Sent: Saturday, August 10, 2002 9:27 AM
To: [EMAIL PROTECTED]
Subject: OT: GBIC's - Cisco and otherwise [7:51148]


I took a bit of a risk, and purchased some GBIC;s off That Auction Site.
Of the four, three are Cisco branded, and the fourth is labeled
Agilent ( used to be HP )

I had done a bit of investigation prior to purchase. I see that the
Auction Site has listings for Agilent, IBM, and Extreme GBIC's, as well
as Cisco. However, I was unable to find any direct and clearly stated
indication that all GBIC's are interchangeable.

IBM and Agilent GBIC's cost few pretty pennies less than Cisco BTW,
although I suspect now that the same source OEM's for all these
manufacturers.

So I paid my money, took my chance, and have an Agilent GBIC on one
switch connected to a Cisco GBIC on another. No connectivity problems.
Came right up. Is passing traffic even as I write.

Thinking logically, why should GBIC's be any different that NIC's or
patch cables, transceivers of various sorts and brands, or CSU/DSU's?
They are all build to industry specifications and industry standards.
They all do the same thing.

Just thought I'd pass that along to those trying to stretch their
practice lab or network upgrade dollars.

[GroupStudy.com removed an attachment of type application/x-pkcs7-signature
which had a name of smime.p7s]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51285t=51148
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

flash RAM upgrade for WS-X5550 Sup III G [7:51286]

[nettable_walker]

8/12/20029:02pm  Monday

Anyone know a CHEAP source for flash  RAM for above ?
I want to upgrade my home lab

RLP_NIU_5505 (enable)
RLP_NIU_5505 (enable) sho version
WS-C5505 Software, Version McpSW: 6.3(8) NmpSW: 6.3(8)
Copyright (c) 1995-2002 by Cisco Systems
NMP S/W compiled on Jul 30 2002, 22:35:56
MCP S/W compiled on Jul 30 2002, 22:21:10

System Bootstrap Version: 5.1(1)

Hardware Version: 1.0  Model: WS-C5505  Serial #: 6304970035
Mod Port Model  Serial #  Versions
Mod Port Model  Serial #  Versions
1   2WS-X5550   024411176 Hw : 1.2
  Fw : 5.1(1)
  Fw1: 5.2(1)
  Sw : 6.3(8)
2   12   WS-X5203   00949 Hw : 1.1
  Fw : 3.1(1)
  Sw : 6.3(8)
3   24   WS-X5224   40740 Hw : 1.4
  Fw : 3.1(1)
  Sw : 6.3(8)
4   24   WS-X5224   00072 Hw : 1.4
  Fw : 3.1(1)
  Sw : 6.3(8)
5   24   WS-X5224   06090 Hw : 1.4
  Fw : 3.1(1)
  Sw : 6.3(8)

   DRAMFLASH   NVRAM
Module Total   UsedFreeTotal   UsedFreeTotal Used  Free
-- --- --- --- --- --- --- - - -
1   32768K  18998K  13770K   8192K   3923K   4269K  512K  187K  325K

Uptime is 0 day, 0 hour, 30 minutes
RLP_NIU_5505 (enable)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51286t=51286
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ATM Emulator ? [7:50990]

[David C Prall]

Couldn't you use FUNI for this, in some weird twisted way. I've never tried
this, but it may work.

David C Prall [EMAIL PROTECTED] http://dcp.dcptech.com
 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, August 08, 2002 5:19 PM
 To: [EMAIL PROTECTED]
 Subject: ATM Emulator ? [7:50990]


 Anyone know of any way to emulate a ATM link?

 Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51287t=50990
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: New CCIE RS Exam thoughts... [7:51130]

[Jagan Krishnaraj]

Hi Raj

I would like to know what books you use to prepare for new CCIE RS.

thanks  regards
jagan


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51288t=51130
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Solution to: Redistributing BGP into OSPF [7:51289]

[Ejay Hire]

Hello all, thank you for your help with the problem I was having.  I am 
responding to let you know what the solution was.

There is a restriction in BGP that prevents it from redistributing Ibgp 
routes into any other routing protocol.  You can over come this limitation 
using the following commands.

router bgp nnn
bgp redistribute-internal

This is a command that was introduced in a 12.x ios.  If you use this 
solution, you must have filtering in place to prevent routing loops.

-Ejay

_
Join the worlds largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51289t=51289
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Off Topic - First Look - Troubleshooting Campus Networks [7:51290]

[Chuck's Long Road]

Folks, it is always a pleasure to read a well written technical book, and
Troubleshooting Campus Networks is no exception. Priscilla Oppenheimer and
co-author Joseph Bardwell have created an outstanding book, one which will
occupy a place of honor on my bookshelf, right next to Top Down Network
Design.

This book goes into a lot of detail, making it an excellent choice for study
and for life with real networks. Examples abound. As does good advice for
design and troubleshooting. For example, in the chapter on switching, the
authors point out good reasons why one should NOT directly link two core
switches in a typical core / distribution / access design. Having seen many
such designs where high level engineers with years of good experience have
done just that, with the belief that more redundancy is better, it is nice
to read a solid explanation of the opposite.

From what I have read so far, I am guessing that the actual writing was
locked down six months ago. There is no discussion of the Cisco 3550 line of
switches, no discussion of 802.1t STP extensions, and no discussion of
802.1q tunneling, for example, which if nothing else serves to show how fast
this business continues to change.

For those who think I am sucking up, you are absolutely right. I am. But
only because I am thankful for the advice and guidance that PO has given to
me and to many others on this list, both directly and indirectly. I want to
ensure that the flow of good advice continues. :-

So check it out

http://www.amazon.com/exec/obidos/ASIN/0471210137/ref=pd_rhf_p_1/002-3394114
-4544058
watch the wrap

This is most definitely a book for those looking for good solid information
for work and for study. You will most definitely find both here.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51290t=51290
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ADSL routers [7:51250]

[Chuck's Long Road]

define full

the 827 can do many things, including 3DES and firewall feature set, but
supports only RIP and EIGRP. no fun finding that out the hard way. :-

I like your idea about the 26xx with the DSL WIC. I've used the DSL WICs in
production for customer networks ( on the 1720 series ) and have been quite
pleased, except for that one hardware failure in Fresno. And Cisco TAC
identified the problem as hardware and replaced the card very quickly
indeed.

Chuck

--
TANSTAAFL

there ain't no such thing as a free lunch
Robert A. Heinlein
may his soul grumble in peace


Brian Zeitz  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Can anyone suggest a good router to get for ADSL? I want to utilize a
 full IOS, and not a dumbed down version. Or should I just go with a 2600
 with an ADSL card. This firewall will be for a home connection, but I am
 the type to mess around with the routers, try to do different things
 with Pix firewalls, security, servers and whatnot.  I know netgear
 routers work well for some people, but I want to use my router as
 something functional and as educational at the same time. What would be
 the cheapest way to go for an ADSL router, with full IOS capabilities.



 Thanks in advance




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51291t=51250
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RS Lab Study Partner in Hampton Roads, VA [7:51292]

[cebuano]

Hi,
If you are scheduled for the lab and live in the Hampton Roads
Or Tidewater, VA area, please contact me offline if you are
Interested in a study partner.
 
[EMAIL PROTECTED]
 
Elmer




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51292t=51292
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]