Re: -->Switching $ Remote Access EXAM CCNP<-- [7:51900]
well I passed both and agree with you SWTCH has no sim but REMOTE has many ""Arni V. Skarphedinsson"" wrote in message news:[EMAIL PROTECTED]... > No simulation questions, on my switching exam, can4t say about the Remote > access, Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53072&t=51900 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Support exam [7:52727]
Im sorry John Hope to pass it next time Would u tell us your test detail % report and categories ? Im sure this is not breaking the NDA Regards joupin www.joupin.com ""John McCartney"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Well I just got back from taking the test and failed by six points!! What a > bummer, now its time to regroup and study some more and re-take the exam in > a month. The questions were very different from what I expected, ie very > vague as to what they were asking. Oh well, know Appletalk - that's what got > me. HTH's Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53070&t=52727 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Switching and Remot access test [7:51128]
I pass it too it was very simple :) Next RTING ""Suresh Naipal"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi Joupin, >That bascially sounds like what I did. I passed easily. Good luck. > > Kind regards, > > Swish Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53071&t=51128 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
4000 flash problem [7:53069]
I saw this in the archives but didnt get an answer. I have a cisco 4000 (not a 4000m or 4000-series). Yes, I have the bastard child of the 4000 series with the daughter eprom card for flash. I cant load an IOS image because the "device is not programmable". I made sure the jumper is set correctly but still it registers as not programmable. I am at a loss as what to do except finish the 6-pack and buy a flash card which I dont want to do. Does anyone have any ideas? Is there some way I can make the device programmable again from the bootstrap IOS 10.2? Ben __ Yahoo! - We Remember 9-11: A tribute to the more than 3,000 lives lost http://dir.remember.yahoo.com/tribute Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53069&t=53069 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: A HUB can work in Full-duplex mode? [7:52973]
Priscilla Oppenheimer wrote: > > What is an "internal switch in a hub?" Is that another case of a marketing > term? ;-) I've never heard of the term. I believe that it is usually a bridge between the 10mb segment and 100Mb segment in a dual speed hub. Naturally the marketing people use the term switch :-) Peter Walker CISSP, CSS1, CIPTSS, CCIP, CCNP, etc Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53068&t=52973 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: Duplicate packets with same SEQ #'s... [7:53024]
Is it possible that you are doing a dump on a link that the packet must transverse to and fro to get to the destination. You stated that you did this dump off of one of your core switches. I'm assuming your spanning or port mirroring the port or vlan possibly. If these PC's are on separate networks..see what I'm saying. Well if you don't here goes. If you have a switch connected to a router using some kind of trunking capability(or internal router) and the user's are on separate VLAN/subnets. They must cross the router to get to each other. Thus when you do a dump you will see the same packet come across twice. If you have a protocol analyzer you should see the mac address change as it crosses the router. I only believe my theory to be true if the PC's are on separate sub networks. Hope this helps D -Original Message- From: Neil Desai [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 11, 2002 11:59 AM To: [EMAIL PROTECTED] Subject: Re: Duplicate packets with same SEQ #'s... [7:53024] We have a similar situation in our network. We have proxy arp turned on and it is causing the same thing. Neil ""r34rv13wm1rr0r"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > This is from a tcpdump off of one of my core switches. It appears that it is > logging a duplicate packet with the same SEQ #. Does any one have any idea > why this is occuring? > > Thanks, > > A > > 11:18:04.688408 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 1:65(64) ack > 49 > win 8320NBT Packet (DF) > 11:18:04.688409 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 1:65(64) ack > 49 > win 8320NBT Packet (DF) > > 11:18:04.688643 172.X.103.10.netbios-ssn > 172.X.15.15.1503: P > 158405518:158405625(107) ack 1210141117 win 8608NBT Packet (DF) > 11:18:04.688644 172.X.103.10.netbios-ssn > 172.X.15.15.1503: P 0:107(107) ack > 1 win 8608NBT Packet (DF) > > 11:18:04.688645 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 65:119(54) ack > 98 win 8271NBT Packet (DF) > 11:18:04.688646 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 65:119(54) ack > 98 win 8271NBT Packet (DF) > > 11:18:04.63 X.X.6.3.http > 172.X.14.50.1123: . ack 4294967295 win 8155 > (DF) > 11:18:04.65 X.X.6.3.http > 172.X.14.50.1123: . ack 4294967295 win 8155 > (DF) > > 11:18:04.66 172.23.27.10.3021 > 172.X.15.10.netbios-ssn: P > 3194256684:3194256844(160) ack 95965178 win 7515NBT Packet (DF) > 11:18:04.67 172.23.27.10.3021 > 172.X.15.10.netbios-ssn: P 0:160(160) ack > 1 win 7515NBT Packet (DF) > > 11:18:04.68 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 119:173(54) > ack > 147 win 8222NBT Packet (DF) > 11:18:04.69 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 119:173(54) > ack > 147 win 8222NBT Packet (DF) > > 11:18:04.688890 172.X.15.15.1503 > 172.X.103.10.netbios-ssn: P 1:161(160) ack > 107 win 7996NBT Packet (DF) > 11:18:04.688891 172.X.15.15.1503 > 172.X.103.10.netbios-ssn: P 1:161(160) ack > 107 win 7996NBT Packet (DF) > > 11:18:04.689183 172.X.15.10.netbios-ssn > 172.23.27.10.3021: P 1:129(128) ack > 160 win 8138NBT Packet (DF) > 11:18:04.689185 172.X.15.10.netbios-ssn > 172.23.27.10.3021: P 1:129(128) ack > 160 win 8138NBT Packet (DF) > > 11:18:04.689186 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 173:255(82) > ack > 196 win 8173NBT Packet (DF) > 11:18:04.689187 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 173:255(82) > ack > 196 win 8173NBT Packet (DF) > > 11:18:04.689188 172.X.15.151.ssh > 172.X.53.186.1219: P > 2849560709:2849560801(92) ack 2980294350 win 9648 (DF) [tos 0x10] > 11:18:04.689189 172.X.15.151.ssh > 172.X.53.186.1219: P 0:92(92) ack 1 win > 9648 (DF) [tos 0x10] > > 11:18:04.689192 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 255:309(54) > ack > 245 win 8124NBT Packet (DF) > 11:18:04.689193 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 255:309(54) > ack > 245 win 8124NBT Packet (DF) > > 11:18:04.689608 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 309:363(54) > ack > 294 win 8075NBT Packet (DF) > 11:18:04.689609 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 309:363(54) > ack > 294 win 8075NBT Packet (DF) > > 11:18:04.689610 172.X.243.6.printer > 172.X.240.10.723: . ack 4096314569 win > 2144 > 11:18:04.689610 172.X.243.6.printer > 172.X.240.10.723: . ack 1 win 2144 > > 11:18:04.689611 172.X.53.186.1219 > 172.X.15.151.ssh: P 1:45(44) ack 92 win > 16724 (DF) > 11:18:04.689612 172.X.53.186.1219 > 172.X.15.151.ssh: P 1:45(44) ack 92 win > 16724 (DF) > > 11:18:04.689614 172.X.61.103.1066 > 172.X.15.49.netbios-ssn: P 294:343(49) > ack > 363 win 7380NBT Packet (DF) [tos 0x4] > 11:18:04.718183 172.X.61.103.1066 > 172.X.15.49.netbios-ssn: P 6762:6811(49) > ack 8223 win 8397NBT Packet (DF) [tos 0x4] > > 11:18:04.718187 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 8223:8287(64) > ack 6811 win 7438NBT Packet (DF) > 11:18:04.718188 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 8223:8287(64) > ack 6811 win 7438NBT Packet (DF) > > 11:18:04.718423 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 8287:8341(54)
bandwith restriction [7:53066]
hi groupand routers guru's, I have 2610 router.We have coustomer to whom we r providing bandwith.I have a range of ip address for those cutomers.Now we want that we difne a group of ip address and restrict that group to 64 kbps that means any ip from that group start to access the bandwith should not get more than 64kbps if two cutomer are simulteniously browsing than 64 kbps should be diveded in 32+32 so on. How can i do that plz help Thnx in advance Kaushalender Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53066&t=53066 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Anybody passed New CCIE R/S Qualification Exam? [7:52862]
Yes, I just took (today in fact) the R/S written and it was a nightmare. I know that I can't speak for all recent test takers as I am sure all of our exams are somewhat different, however, I can tell you one key thing based off of the exam that I took: KNOW MULTICASTING AND MPLS!! Be prepared to FULLY understand concepts, fundamentals, designs, best practices, & troubleshooting regarding multicasting topics such as IGMP (v1 & v2 and their differences), CGMP, DVMRP, & PIM (PIM-DM & PIM-SM) as well as MPLS architectures and implementation. I would say that close to 1/3 of my exam was on multicasting and MPLS alone. I thought that I had the wrong test as most "exam study guides" seem to show very little emphasis on these areas. I studied my ass off (6 months prep) for this as my current CCNP certification runs out next year and I want to get the "big upgrade". Anyway, I read (cover to cover) these books in preparation for taking the CCIE R/S written: McGraw Hill All-In-One CCIE Lab Study Guide Cisco Press Internet Routing Architectures Cisco Press CCIE Professional Development: Routing TCP/IP Volume I Cisco Press CCIE Professional Development: Routing TCP/IP Volume II Cisco Press CCIE Professional Development: Cisco LAN Switching Cisco Press CCIE Practical Studies Volume I Cisco Press Routing and Switching Exam Certification Guide Addison-Wesley Interconnections Second Ed (Perlman) Various RFCs and a sh*&load of configuration documents from Cisco's website With the exception of Jeff Doyle in Routing TCP/IP Volume II, none of the "CCIE development or study guides" provide much information on these areas. This is where I got destroyed on the test. I put most of my focus on areas such as routing protocols (EGPs & IGPs), wireless networks, LANs/WANs (switching & routing), QOS, access-lists, traffic management... (you get the idea). Don't be fooled by the amount of focus on multicasting or MPLS that you see in some of these books on the market (such as the list above). Before taking this test, I should have read (until I was blue in the face) Cisco Press MPLS & VPN Architectures and Interdomain Multicast Solutions Guide. You can really see Cisco emphasizing the AVVID architecture in this certification. I was praying for questions on issues such as wireless LANs, ISDN, BGP or ATM because it was what I had studied and practiced (extensively) on in my home lab (not to mention paid for); but they never came (I didn't get one single question on OSPF or EIGRP on the whole damn exam). I drove me nuts and to add insult to injury, they used every acronym in the book regarding these multicasting technologies. Anyway my suggestion is, and this just based on my experience with the test today and may not reflect all other test takers, study and be well prepared to address complex issues regarding MPLS, multicasting, and multiservice. I am scheduling the test again in a month or so as this will give me some time to improve on these areas. Good luck! Regards, Jim ""Cisco Rookie"" wrote in message news:[EMAIL PROTECTED]... > Hello Friends, > > I would like to hear from anybody who has passed the new ccie RS > qualification exam and try to understand the format, style, focus, weightage > to topics, suggested method of preparation etc. > > I would also like to get some advise from people to took the test and failed > about the same things and what went wrong? > > Regards. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53065&t=52862 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP and subnets [7:52991]
I didn't mean to scare anyone with the bizarre addressing. Maybe I went a little overboard while trying to create an extreme situation. I have not done HSRP in some time and I got confused by likening HSRP peers to IPSec or ISAKMP peers (where peer IP addresses can be specified). I had forgotten about the virtual MAC and ARP. =) - Here's what I have: - 2 sites in the same metro area- A and Z - Both sites have similar sized links to the same provider. Here's the problem I am trying to solve: 1. Need fail-over, if not load-sharing (most inbound traffic is headed to A and it has enough capacity on it's own, so load-sharing isn't critical). 2. Both sites to be connected by high speed metro fiber. I am trying to decide whether to route or bridge this link. I was told that I could use HSRP on the provider routers for fail-over if I bridged and kept the HSRP addresses in the same subnet. -- I know this sounds like a job for BGP, but I wanted to explore all options. Thanks, Sam At 09:56 PM 9/10/2002 +, you wrote: >enabled wrote: > > > > Is there a rule stating that addresses in a HSRP group need to > > be in the > > same subnet? > > > > For example can I have 2 devices with the following addresses: > > RouterA: 10.10.10.1 > > RouterB: 172.16.10.1 > > HSRP address: 192.168.10.1 > >What problem are you trying to solve? Haven't heard that one in a while!? ;-) > >Why would 10.10.10.1 and 172.16.10.1 be offering redundant default gateway >services to the same hosts? (Recall that HSRP provides redundancy for the >end host-to-default gateway link.) An end host's default gateway must be on >the same LAN (broadcast domain, IP subnet) as the end host. The end host >ARPs to find the MAC address to send off-net packets to. The ARP broadcast >contains the IP address of the default gateway that the host is searching. >With HSRP, the active router responds with the "phantom" MAC address. > >Priscilla > > > > > Thanks, > > > > Sam Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53064&t=52991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP/OSPF Synchronization [7:52980]
Karl, > Specifically, we are working on a lab with three routers running BGP. They > are in the same AS (IBGP). They are not fully meshed one is acting as a > router reflector for the other two. One of the RR clients has a loopback > injected into BGP by redistribute connected. All three routers are also > running OSPF and have an IGP route to the same network being injected into > BGP. The route is synchronized on the router it is injected into and on the > route reflector, but it isn't synchronized on the other route reflector > client. We are aware of how BGP and OSPF router IDs can prevent > synchronization, so we have specified the same router IDs for BGP and OSPF. > What version of IOS? You can try to verify the ospf next-hop and bgp learned next-hop, if they are different and the ospf has a higher admin distance than your bgp, bgp will show a RIB failure. CSCdx26714 for more information. HTH Kent ""Karl Brusen"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Can anyone point me towards a resource that describes in detail what it > takes for BGP to consider a route synchronized when it learned it through > IGP OSPF? My study partner and I are struggling understanding how it works. > All of our resources provide only general information with statements like, > "a route must be learned by IGP before BGP will consider it synchronized". > Merely learning a route from IGP is apparently not good enough. There must > be other, more specific requirements. How does route-reflection affect > BGP/OSPF synchronization? > > Specifically, we are working on a lab with three routers running BGP. They > are in the same AS (IBGP). They are not fully meshed one is acting as a > router reflector for the other two. One of the RR clients has a loopback > injected into BGP by redistribute connected. All three routers are also > running OSPF and have an IGP route to the same network being injected into > BGP. The route is synchronized on the router it is injected into and on the > route reflector, but it isn't synchronized on the other route reflector > client. We are aware of how BGP and OSPF router IDs can prevent > synchronization, so we have specified the same router IDs for BGP and OSPF. > > What is interesting is that if we point a static route from the problem > route-reflector client to the BGP route "next hop", BGP synchs. Due to the > network topology and modifications of the ad distance, the problem router > also has a route learned from EIGRP but is not normally in the IP routing > table. When we shut down an interface so that the EIGRP route is placed in > the IP routing table, BGP synchs. > > We are very confused. There is something about how BGP synchs with OSPF > that we just don't understand. Any insight from the group will be greatly > appreciated. > > Thanks, > > > Karl Brusen Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53062&t=52980 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP/OSPF Synchronization [7:52980]
Hi Karl, I posted this on the CCIE board the other day, might be useful for yourself. Also want to note that the 'no sych' command is required if you are using OSPF, since there is a extra requirement that the OSPF route and BGP route have to be sourced from the same router-id. Take a look at the below CCO info. http://www.cisco.com/warp/customer/459/25.shtml Paths marked as "not synchronized" in the show ip bgp output. If BGP synchronization is enabled, which it is by default in Cisco IOS. Software, there must be a match for the prefix in the IP routing table in order for an internal (iBGP) path to be considered a valid path. If the matching route is learned from an OSPF neighbor, its OSPF router ID must match the BGP router ID of the iBGP neighbor. Most users prefer to disable synchronization using the no synchronization BGP subcommand. Regards, Albert CCIE #8705 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Karl Brusen Sent: Tuesday, September 10, 2002 11:16 PM To: [EMAIL PROTECTED] Subject: BGP/OSPF Synchronization [7:52980] Can anyone point me towards a resource that describes in detail what it takes for BGP to consider a route synchronized when it learned it through IGP OSPF? My study partner and I are struggling understanding how it works. All of our resources provide only general information with statements like, "a route must be learned by IGP before BGP will consider it synchronized". Merely learning a route from IGP is apparently not good enough. There must be other, more specific requirements. How does route-reflection affect BGP/OSPF synchronization? Specifically, we are working on a lab with three routers running BGP. They are in the same AS (IBGP). They are not fully meshed one is acting as a router reflector for the other two. One of the RR clients has a loopback injected into BGP by redistribute connected. All three routers are also running OSPF and have an IGP route to the same network being injected into BGP. The route is synchronized on the router it is injected into and on the route reflector, but it isn't synchronized on the other route reflector client. We are aware of how BGP and OSPF router IDs can prevent synchronization, so we have specified the same router IDs for BGP and OSPF. What is interesting is that if we point a static route from the problem route-reflector client to the BGP route "next hop", BGP synchs. Due to the network topology and modifications of the ad distance, the problem router also has a route learned from EIGRP but is not normally in the IP routing table. When we shut down an interface so that the EIGRP route is placed in the IP routing table, BGP synchs. We are very confused. There is something about how BGP synchs with OSPF that we just don't understand. Any insight from the group will be greatly appreciated. Thanks, Karl Brusen Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53061&t=52980 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CA on Redhat [7:53060]
Hi, Is there any CA server which is free on Linux and could be supported by PIX? Interesting questions, huh :) Best Regards. Leo Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53060&t=53060 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Duplicate packets with same SEQ #'s... [7:53024]
We have a similar situation in our network. We have proxy arp turned on and it is causing the same thing. Neil ""r34rv13wm1rr0r"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > This is from a tcpdump off of one of my core switches. It appears that it is > logging a duplicate packet with the same SEQ #. Does any one have any idea > why this is occuring? > > Thanks, > > A > > 11:18:04.688408 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 1:65(64) ack > 49 > win 8320NBT Packet (DF) > 11:18:04.688409 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 1:65(64) ack > 49 > win 8320NBT Packet (DF) > > 11:18:04.688643 172.X.103.10.netbios-ssn > 172.X.15.15.1503: P > 158405518:158405625(107) ack 1210141117 win 8608NBT Packet (DF) > 11:18:04.688644 172.X.103.10.netbios-ssn > 172.X.15.15.1503: P 0:107(107) ack > 1 win 8608NBT Packet (DF) > > 11:18:04.688645 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 65:119(54) ack > 98 win 8271NBT Packet (DF) > 11:18:04.688646 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 65:119(54) ack > 98 win 8271NBT Packet (DF) > > 11:18:04.63 X.X.6.3.http > 172.X.14.50.1123: . ack 4294967295 win 8155 > (DF) > 11:18:04.65 X.X.6.3.http > 172.X.14.50.1123: . ack 4294967295 win 8155 > (DF) > > 11:18:04.66 172.23.27.10.3021 > 172.X.15.10.netbios-ssn: P > 3194256684:3194256844(160) ack 95965178 win 7515NBT Packet (DF) > 11:18:04.67 172.23.27.10.3021 > 172.X.15.10.netbios-ssn: P 0:160(160) ack > 1 win 7515NBT Packet (DF) > > 11:18:04.68 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 119:173(54) > ack > 147 win 8222NBT Packet (DF) > 11:18:04.69 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 119:173(54) > ack > 147 win 8222NBT Packet (DF) > > 11:18:04.688890 172.X.15.15.1503 > 172.X.103.10.netbios-ssn: P 1:161(160) ack > 107 win 7996NBT Packet (DF) > 11:18:04.688891 172.X.15.15.1503 > 172.X.103.10.netbios-ssn: P 1:161(160) ack > 107 win 7996NBT Packet (DF) > > 11:18:04.689183 172.X.15.10.netbios-ssn > 172.23.27.10.3021: P 1:129(128) ack > 160 win 8138NBT Packet (DF) > 11:18:04.689185 172.X.15.10.netbios-ssn > 172.23.27.10.3021: P 1:129(128) ack > 160 win 8138NBT Packet (DF) > > 11:18:04.689186 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 173:255(82) > ack > 196 win 8173NBT Packet (DF) > 11:18:04.689187 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 173:255(82) > ack > 196 win 8173NBT Packet (DF) > > 11:18:04.689188 172.X.15.151.ssh > 172.X.53.186.1219: P > 2849560709:2849560801(92) ack 2980294350 win 9648 (DF) [tos 0x10] > 11:18:04.689189 172.X.15.151.ssh > 172.X.53.186.1219: P 0:92(92) ack 1 win > 9648 (DF) [tos 0x10] > > 11:18:04.689192 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 255:309(54) > ack > 245 win 8124NBT Packet (DF) > 11:18:04.689193 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 255:309(54) > ack > 245 win 8124NBT Packet (DF) > > 11:18:04.689608 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 309:363(54) > ack > 294 win 8075NBT Packet (DF) > 11:18:04.689609 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 309:363(54) > ack > 294 win 8075NBT Packet (DF) > > 11:18:04.689610 172.X.243.6.printer > 172.X.240.10.723: . ack 4096314569 win > 2144 > 11:18:04.689610 172.X.243.6.printer > 172.X.240.10.723: . ack 1 win 2144 > > 11:18:04.689611 172.X.53.186.1219 > 172.X.15.151.ssh: P 1:45(44) ack 92 win > 16724 (DF) > 11:18:04.689612 172.X.53.186.1219 > 172.X.15.151.ssh: P 1:45(44) ack 92 win > 16724 (DF) > > 11:18:04.689614 172.X.61.103.1066 > 172.X.15.49.netbios-ssn: P 294:343(49) > ack > 363 win 7380NBT Packet (DF) [tos 0x4] > 11:18:04.718183 172.X.61.103.1066 > 172.X.15.49.netbios-ssn: P 6762:6811(49) > ack 8223 win 8397NBT Packet (DF) [tos 0x4] > > 11:18:04.718187 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 8223:8287(64) > ack 6811 win 7438NBT Packet (DF) > 11:18:04.718188 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 8223:8287(64) > ack 6811 win 7438NBT Packet (DF) > > 11:18:04.718423 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 8287:8341(54) > ack 6860 win 7389NBT Packet (DF) > 11:18:04.718424 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 8287:8341(54) > ack 6860 win 7389NBT Packet (DF) > > 11:18:04.718425 172.X.240.220.6103 > 172.X.15.68.4720: . 2920:4380(1460) ack > 1 > win 16816 (DF) > 11:18:04.718586 172.X.240.220.6103 > 172.X.15.68.4720: . 4380:5840(1460) ack > 1 > win 16816 (DF) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53059&t=53024 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Certification Digest V2 #2243 (I am out of the [7:53058]
I will be out of the office September 10th - 16th. If this is network related emergency please contact the help desk and they will route your issue to the appropriate destination. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53058&t=53058 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF MTU [7:53047]
Priscilla Oppenheimer wrote: > > OSPF routers that don't agree on the MTU can get stuck in the > EXSTART phase and never succesfully exchange their database > description (DBD) packets, thus never becoming fully adjacent. And I've actually seen this happen between a Cisco 6509 with a Flexwan and A3 Port adapter at one end, and at the other end was a Nortel BCN router with an ARE card. This was tested in a lab and the team who was implementing it got it working in the lab (it didn't work initially) by setting the 'mtu-ignore'. Unfortunately when it went to production the adjacency wouldn't come up because now the DBD's were too large. It turned out that in the Lab the adjacency came up because the initial descriptors were rather small, and hence the DBD's fell at less than a full MTU size, and came up ok in the lab once they told the Cisco to ignore the MTU mismatch. Fixed this in production by looking at what the Cisco box recorded in it's log that the mismatch size was, and set them appropriately. The Nortel box actually sent something different than what it was actually set for, and so that gave us a fit for a few minutes, until we saw what it was actually sending in the Cisco log. It's been in operation for over a year now. Have fun, Frank Merrill > > Neither router should have the MTU set to bigger than the > maximum as specified by the relevant standards for the data > link in use, but one of the routers could be set with an MTU > that is smaller than the max allowed. This router might be > unable to receive full-sized DBD packets from its neighbor. > > One fix is just to make sure the routers do agree on the MTU. > But what if the other router is Brand X router and doesn't > support such a change? > > In that case, you might want to use this new "ip ospf > mtu-ignore" command. > > Here's what Cisco says: > > "Cisco IOS ® Software Release 12.0(3) introduced interface MTU > mismatch detection. This detection involves OSPF advertising > the interface MTU in the DBD packets, which is in accordance > with the OSPF RFC 2178, appendix G.9. When a router receives a > DBD packet advertising a MTU larger than the router can > receive, the router ignores the DBD packet and the neighbor > state remains in exstart. This prevents an adjacency from > forming. To fix this problem, make sure the MTU are the same on > both ends of a link. > > In Cisco IOS Software 12.1(3), the interface-level ip ospf > mtu-ignore command was introduced to turn off the MTU mismatch > detection; however, this is only needed in rare instances." > > See this URL for the full story: > > http://www.cisco.com/warp/public/104/12.html > > Priscilla Oppenheimer > > Hello Goodbye wrote: > > > > There is a command 'ip ospf mtu-ignore' that makes > > ospf ignore the mtu at the interface for neighbor > > establishment. This may be a dumb question but since > > all the neighbors have to be on the same media to > > establish wouldn't the mtus be the same. Obviously > > there is not always the case or they wouldn't have the > > mtu-ignore command. > > > > Ben > > > > __ > > Yahoo! - We Remember > > 9-11: A tribute to the more than 3,000 lives lost > > http://dir.remember.yahoo.com/tribute > > > > > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53057&t=53047 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Switch Fabric? [7:52992]
At 10:06 PM + 9/10/02, Priscilla Oppenheimer wrote: >Mann, Chris wrote: >> >> Can someone please explain what is meant by a switch fabric? Or >> what is > >It's just a fancy term for switch architecture. It's a good term, though, >because it helps answer the incessant question about the difference between >a bridge and a switch. The older bridges had a simple bus and could only >forward one frame at a time across the bus. Switches have a much more >complicated switch fabric. Think of like a plaid or checkered fabric versus >a linear line. In technical terms, switches use architectures such as >crossbar, crosspoint, star-wired point-to-point, and so on. These >architectures allow many frames to be forwarded at one time. We had a good >discussion about this in the past. You may be able to find some good info in >the archives. From the standpoint of a router/switch designer, I'd be more specific. Any such device that aims for significant performance separates the control and forwarding planes. The control plane usually has a general-purpose (albeit RISC) processor that handles routing protocols, command lines, SNMP, statistics, etc. The forwarding plane includes the input and output interfaces plus the fabric among them. Since there may be quite a bit of processing on the interfaces (especially the input), and the fabric may be intelligent enough to do multicast replication, failover, and the like, it's worth differentiating between interface and fabric logic. > > means to have blades in your Catalyst switch that are fabric >> enabled? > >Sounds like some marketing drones took the generic term and used it for >something specific. ;-) > >Priscilla Agreed -- although some fabrics are modular (e.g., the 7200 has three 200 Mbps busses bridged together). Fabric enabling _might_ relate to how much of the bandwidth to which interfaces connect. With pretty much off-the-shelf chipsets, you can get 2.4, 4.8, or 10 Gbps fabric paths, and greater throughput with parallelism. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53056&t=52992 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP Exam Questionaire [7:53055]
I just passed the new routing exam (640-603) and had the same questionaire at the beginning of the test. It asks you to rate your area of expertise in each of the test objectives. Does anyone know if this has any impact on what questions pop up during the exam ? Thanks - Joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Rajesh Kumar Sent: Tuesday, September 10, 2002 6:20 AM To: [EMAIL PROTECTED] Subject: New CCIE written exam. [7:53005] Hi all, Took the new version of CCIE written exam. The exam consists of 180 min and 150 questions. The passing score is 105. But my score was only 67. :-( Lot of questions in IS-IS, Mcast and QoS. Lot of scenario based questions as well. Most of them were "choose the best answer" only a few were "multiple choice questions" and they specify how many are the best answers. 2 questions were on PVLANs, None in WLAN, couple of them in TR, Enet and FDDI stuff. Before taking the test, there is a small survey to be taken online. One of the questions in the survey is you need to select the technologies that you have worked on. I suspect most of the questions are based on the technology that you selected. Time shouldn't be a problem because you have more than a minute for a question You still can revisit marked questions at the end of the test. All the best for everybody who is right now preparing for this and if you need more specifics about the exam, email me - I will try to answer to the best I can that I have from my memory. Thanks, rajesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53055&t=53055 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Newby ipsec question. [7:53028]
The way I understand it, once a dynamic crypto map is "activated" (the dynamic client connects), a route is added to its dynamic table of reachable subnets. The route to the remote lan is only active when the dynamic vpn client establishes a connection and completes both phases of tunnel setup. This being said, no, you don't have to create a static route to the remote lan on the central router. The next question would then be: If running a Routing protocol such as RIP or EIGRP, do you need to include those remote lan subnets in the AS definition?? I could be wrong, but I'm pretty sure this is correct. As I've never done this before, anybody, please feel free to correct me :) Mark --- jdr wrote: > Hello, > I'm sorry for ask this stupid question, but I can't > find a answer > > > I'm working on this scenario: > > LAN-to-LAN ipsec conections, hub and spoke topology. > A central site with a 7100 router,10 remote sites > with 806 routers (ADSL or > cable connections). > > > 1.1.1.0-- (7100 Router)- 11.1.1.1 --- INTERNET > -- X.X.X.X > (806 Router)-- 2.2.2.0 > > | > > | > > - > - Y.Y.Y.Y (806 Router)-- 2.2.3.0 > > > My problem is that the 806 public IPs are dynamic > and it can change every > time that the 806 router restart. > > If the remote site IPs are dynamic, how do I can > route the traffic from the > central site to the branch ofices? > > I can configure the central router to accept dynamic > connections with a > preshared Key (for example), but Idon't know > configure the central site to > reach the private LANs of the remotes sites after > the connections are up. > > The CISCO examples always use a route to the remote > LAN through the public > IP (X.X.X.X) of the remote sites, but I can't use it > on this scenario > because it could change . > > > Thank you for your help and your patience (as I tell > you it was a stupid > question). > > > > Juan [EMAIL PROTECTED] __ Yahoo! - We Remember 9-11: A tribute to the more than 3,000 lives lost http://dir.remember.yahoo.com/tribute Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53054&t=53028 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF MTU [7:53047]
OSPF routers that don't agree on the MTU can get stuck in the EXSTART phase and never succesfully exchange their database description (DBD) packets, thus never becoming fully adjacent. Neither router should have the MTU set to bigger than the maximum as specified by the relevant standards for the data link in use, but one of the routers could be set with an MTU that is smaller than the max allowed. This router might be unable to receive full-sized DBD packets from its neighbor. One fix is just to make sure the routers do agree on the MTU. But what if the other router is Brand X router and doesn't support such a change? In that case, you might want to use this new "ip ospf mtu-ignore" command. Here's what Cisco says: "Cisco IOS ® Software Release 12.0(3) introduced interface MTU mismatch detection. This detection involves OSPF advertising the interface MTU in the DBD packets, which is in accordance with the OSPF RFC 2178, appendix G.9. When a router receives a DBD packet advertising a MTU larger than the router can receive, the router ignores the DBD packet and the neighbor state remains in exstart. This prevents an adjacency from forming. To fix this problem, make sure the MTU are the same on both ends of a link. In Cisco IOS Software 12.1(3), the interface-level ip ospf mtu-ignore command was introduced to turn off the MTU mismatch detection; however, this is only needed in rare instances." See this URL for the full story: http://www.cisco.com/warp/public/104/12.html Priscilla Oppenheimer Hello Goodbye wrote: > > There is a command 'ip ospf mtu-ignore' that makes > ospf ignore the mtu at the interface for neighbor > establishment. This may be a dumb question but since > all the neighbors have to be on the same media to > establish wouldn't the mtus be the same. Obviously > there is not always the case or they wouldn't have the > mtu-ignore command. > > Ben > > __ > Yahoo! - We Remember > 9-11: A tribute to the more than 3,000 lives lost > http://dir.remember.yahoo.com/tribute > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53053&t=53047 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DNS Behind the firewall [7:53016]
As am I!
As Larry said, if the access-list is not taking any hits, the DNS server
is fine; the public address clients should be checked (maybe clear their
Arp cache or reboot them after verifying their DNS Client configuration.
My reply was based upon the fact that the OP eluded to Internet/Public
Address hosts trying to resolve hosts at his domain-dot-whatever. This
is the reason for my expounding on DNS configuration for a Single DNS
box serving both inside and outside hosts. For public address/internet
clients that need to resolve internet hosts... just configure their
workstation to point to a valid DNS Resolver host. In this case, the OP
should point his Internet Clients/Public Address clients to the PUBLIC
IP of his DNS Server or to a DNS Server on the Public Internet.
Winblows and wanna-be Winblows (ahem, Linux) works the same way for
DNS... and why would you want to allow TCP 53 if you host your own DNS.
That usually is interpreted as a security risk, unless you specify what
hosts are allowed to have copies of your zone.
-Mark
-Original Message-
From: Roberts, Larry [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 10, 2002 5:29 PM
To: [EMAIL PROTECTED]
Subject: RE: DNS Behind the firewall [7:53016]
So am I:
If the access-list is not taking any hits, the problem is not with the
DNS
server.
Thanks
Larry
-Original Message-
From: mike greenberg [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 10, 2002 4:52 PM
To: [EMAIL PROTECTED]
Subject: Re: DNS Behind the firewall [7:53016]
I am amazed at some of the responses that people posted here (not the
person
who posted the original question).
1) If you are running DNS server on Microsoft Winblows, sorry I can't
help
you,
2) If you running it on Unix/Linux platform, be sure to look at the
/etc/named.conf
configuration file. Make sure you change the IP address in this file
to
reflect
the new Private VLAN IP. For example:
options {
directory "/var/named";
listen-on port 53 { 172.17.1.254; };
};
I assume that you NATed this 172.17.1.254 to a public IP address and
allow both
TCP and UDP port 53 access to this machine (TCP for zone transfer and
UDP
for
DNS querry).
Restart your named daemon. If you use Linux like I am, do "service
named
restart" and bind will restart. Look for error in the
/var/log/messages
file to check
if there are errors with named.
I have the same exact configuration that you have and it works just
fine.
If you run DNS on Linux, send me your named.conf configuration and I
can
help
you
Curious wrote:I am Permitting UDP / TCP port 53 on my access list on
Outside Interface. Clients from the Internal LAN are able to resolve
names
but Internet Clients or Client on External or public LAN can not resolve
DNS
name, one thing i also noticed, Hit counter for access-list entry for
DNS
server was 0, although there was correct entry in translation table and
there was no typing mistake in access-list.
--
Curious
MCSE, CCNP
""Mark W. Odette II"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Be sure you have the permit statement for DNS(53) applied to the
> outside interface via access-list. Unless you put the DNS server in a
> DMZ, you shouldn't really need access-lists applied to the inside
> interface IMO.
>
> Whether or not you have a web server that is also running on the same
> machine as DNS, or a mail server, you will need to make sure you put a
> public address A record for said server in your DNS zone along with
> however you choose to resolve the WWW/SMTP/POP3 Server on the
> inside or implement the alias command on the PIX to have the PIX
> auto-magically modify inside DNS requests to the public-addressed host
> so that you resolve to its private address.
>
> Caveat to the alias command though is that with it in place, you can
> only use the PIX PDM in Monitor mode- PDM doesn't support Alias
> statements... You'd think Cisco would change that in the next update
> to the PDM. HINT HINT Cisco!!?!? :)
>
>
> Hope that helps.
>
> Mark
>
> -Original Message-
> From: Curious [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 10, 2002 2:06 PM
> To: [EMAIL PROTECTED]
> Subject: DNS Behind the firewall [7:53016]
>
> My Company's DNS server resides on our External LAN (our Public LAN),
> yesterday we move it to our Private LAN (Behind our PIX 515), and
> Nated its Public IP address with its new Private IP Address in the
> Firewall and Open
> Port 53.
> After all that move and settings we were able to resolve domain names
> from
> Private LAN but not from Public Lan or Internet.
> Please let me know if some one has any idea Y...?
>
>
>
> Curious
>
> MCSE, CCNP
Yahoo! - We Remember
9-11: A tribute to the more than 3,000 lives lost
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53050&t=53016
--
FAQ, list archives, and su
test account [7:53048]
test account Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53048&t=53048 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF MTU [7:53047]
There is a command 'ip ospf mtu-ignore' that makes ospf ignore the mtu at the interface for neighbor establishment. This may be a dumb question but since all the neighbors have to be on the same media to establish wouldn't the mtus be the same. Obviously there is not always the case or they wouldn't have the mtu-ignore command. Ben __ Yahoo! - We Remember 9-11: A tribute to the more than 3,000 lives lost http://dir.remember.yahoo.com/tribute Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53047&t=53047 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: A HUB can work in Full-duplex mode? [7:52973]
Ken Diliberto wrote: > > But can the internal switch in a 10/100 hub work in full > duplex??? What is an "internal switch in a hub?" Is that another case of a marketing term? ;-) I've never heard of the term. If it's really a hub, then it's just a repeater. Full duplex has no meaning in this contect. Keep in mind that no self-respecting Ethernet guru EVER used the terms half-duplex or full-duplex when talking about Ethernet until a few years ago. Ethernet was plainly and simply CSMA/CD. (MA stands for multiple access, and is of course not full duplex.) Hubs come from this environment. Nobody used the term "switch fabric" or "hub fabric" or "internal switch" either. ;-) A hub was a dumb physical-layer repeater that did the things I mentioned below, (with a few data-link-layer jobs thrown in to ensure collision detection works correctly for the end hosts in a network extended with repeaters/hubs.) Priscilla > > (Don't know why I decided to ask that question other than to > cause > trouble...) > > Ken the Trouble Maker > > >>> "Priscilla Oppenheimer" 09/10/02 > 03:18PM > >>> > r34rv13wm1rr0r wrote: > > > > No. The collision domain on a hub is shared throughout > causing > > each port to > > listen before transmitting. > > No is correct. A hub can't be configured for full-duplex. If it > can be, > it's > been misnamed. It's really a switch. But the explanation is not > correct. A > hub port doesn't listen before sending. It doesn't do MAC > data-link-layer > tasks. It simply forward bits that come in one port out all > other > ports. On > a proper-sized network, the sending end hosts will still be > monitoring > their > transmission, notice any collisions, and retransmit. > [snip] > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53046&t=52973 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: A HUB can work in Full-duplex mode? [7:52973]
But can the internal switch in a 10/100 hub work in full duplex??? (Don't know why I decided to ask that question other than to cause trouble...) Ken the Trouble Maker >>> "Priscilla Oppenheimer" 09/10/02 03:18PM >>> r34rv13wm1rr0r wrote: > > No. The collision domain on a hub is shared throughout causing > each port to > listen before transmitting. No is correct. A hub can't be configured for full-duplex. If it can be, it's been misnamed. It's really a switch. But the explanation is not correct. A hub port doesn't listen before sending. It doesn't do MAC data-link-layer tasks. It simply forward bits that come in one port out all other ports. On a proper-sized network, the sending end hosts will still be monitoring their transmission, notice any collisions, and retransmit. [snip] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53045&t=52973 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Switch Fabric? [7:52992]
My understanding of "fabric enabled" is the blade is able to take advantage of the extra switching bandwidth. Seems silly that you'd make a card for the 6500 that isn't able to take advantage of all available switching performance. Although, the fabric enabled blades do cost somewhat more... >>> "Priscilla Oppenheimer" 09/10/02 03:06PM >>> [snip] > means to have blades in your Catalyst switch that are fabric > enabled? Sounds like some marketing drones took the generic term and used it for something specific. ;-) [snip] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53044&t=52992 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Newby ipsec question. [7:53028]
Take a look at this page: http://www.cisco.com/warp/public/707/ios_804.html Basically the one router without a set peer (the main site) will have a dynamic crypto (route) map like so. crypto dynamic-map rtpmap 10 set transform-set rtpset match address 115 crypto map rtptrans 10 ipsec-isakmp dynamic rtpmap I may be wrong but I dont think that this gets anything into the routing tables. You could probably add a static route that points to the interface where the map is. The packets would get the the router and pack their bags and get on board the crypto airplane and travel the vpn skys. I hope that helps and is true because I just made it all up. Ben --- jdr wrote: > Hello, > I'm sorry for ask this stupid question, but I can't > find a answer > > > I'm working on this scenario: > > LAN-to-LAN ipsec conections, hub and spoke topology. > A central site with a 7100 router,10 remote sites > with 806 routers (ADSL or > cable connections). > > > 1.1.1.0-- (7100 Router)- 11.1.1.1 --- INTERNET > -- X.X.X.X > (806 Router)-- 2.2.2.0 > > | > > | > > - > - Y.Y.Y.Y (806 Router)-- 2.2.3.0 > > > My problem is that the 806 public IPs are dynamic > and it can change every > time that the 806 router restart. > > If the remote site IPs are dynamic, how do I can > route the traffic from the > central site to the branch ofices? > > I can configure the central router to accept dynamic > connections with a > preshared Key (for example), but Idon't know > configure the central site to > reach the private LANs of the remotes sites after > the connections are up. > > The CISCO examples always use a route to the remote > LAN through the public > IP (X.X.X.X) of the remote sites, but I can't use it > on this scenario > because it could change . > > > Thank you for your help and your patience (as I tell > you it was a stupid > question). > > > > Juan [EMAIL PROTECTED] __ Yahoo! - We Remember 9-11: A tribute to the more than 3,000 lives lost http://dir.remember.yahoo.com/tribute Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53043&t=53028 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NAT sample configs [7:53042]
I am working on a project on setting up NAT. If anyone has sample configs out there. please let me know. Thanks in advance. Derald Sweatt CSX Technologies CCNA Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53042&t=53042 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: New CCIE written exam. [7:53005]
There's a good RIF document at http://home.attbi.com/~blaga/doingrifsv2.pdf Mark Godfrey wrote:I agree your not helping us by sharing the exact question on the test but you could open up a focus on a particular area that we all could hit on as a group. :-) Say Token Ring and RIF's thats were I need lots of work if you can believe it. I like to here that the new test is a challenge though makes me feel sorry for all those guys that have to re-certify the CCIE. hehe ya right!!! MG ""Roberts, Larry"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Just to be the first to jump In, but DON'T post the questions on this list. > This list is monitored by Cisco and rest assured that if you post a question > to this list that is real, you will most likely be contacted. > I for one didn't have any help from knowing what was on the test, and > neither did most people who have passed it. You need to learn the material, > not just regurgitate answers that you have memorized. > > I'm being much more polite that most of the replies that are likely to > follow, so please take the advice and forget that you even offered...or > asked > > > Thanks > > Larry > > > -Original Message- > From: YILMAZ ACAR [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, September 10, 2002 1:43 PM > To: [EMAIL PROTECTED] > Subject: RE: New CCIE written exam. [7:53005] > > > Rajesh; > do you have real exam questions? can you post it. > did you saw old exam questions your exam. > > Thank you > netcisco Yahoo! - We Remember 9-11: A tribute to the more than 3,000 lives lost Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53041&t=53005 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DNS Behind the firewall [7:53016]
So am I:
If the access-list is not taking any hits, the problem is not with the DNS
server.
Thanks
Larry
-Original Message-
From: mike greenberg [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 10, 2002 4:52 PM
To: [EMAIL PROTECTED]
Subject: Re: DNS Behind the firewall [7:53016]
I am amazed at some of the responses that people posted here (not the person
who posted the original question).
1) If you are running DNS server on Microsoft Winblows, sorry I can't help
you,
2) If you running it on Unix/Linux platform, be sure to look at the
/etc/named.conf
configuration file. Make sure you change the IP address in this file to
reflect
the new Private VLAN IP. For example:
options {
directory "/var/named";
listen-on port 53 { 172.17.1.254; };
};
I assume that you NATed this 172.17.1.254 to a public IP address and
allow both
TCP and UDP port 53 access to this machine (TCP for zone transfer and UDP
for
DNS querry).
Restart your named daemon. If you use Linux like I am, do "service named
restart" and bind will restart. Look for error in the /var/log/messages
file to check
if there are errors with named.
I have the same exact configuration that you have and it works just fine.
If you run DNS on Linux, send me your named.conf configuration and I can
help
you
Curious wrote:I am Permitting UDP / TCP port 53 on my access list on
Outside Interface. Clients from the Internal LAN are able to resolve names
but Internet Clients or Client on External or public LAN can not resolve DNS
name, one thing i also noticed, Hit counter for access-list entry for DNS
server was 0, although there was correct entry in translation table and
there was no typing mistake in access-list.
--
Curious
MCSE, CCNP
""Mark W. Odette II"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Be sure you have the permit statement for DNS(53) applied to the
> outside interface via access-list. Unless you put the DNS server in a
> DMZ, you shouldn't really need access-lists applied to the inside
> interface IMO.
>
> Whether or not you have a web server that is also running on the same
> machine as DNS, or a mail server, you will need to make sure you put a
> public address A record for said server in your DNS zone along with
> however you choose to resolve the WWW/SMTP/POP3 Server on the
> inside or implement the alias command on the PIX to have the PIX
> auto-magically modify inside DNS requests to the public-addressed host
> so that you resolve to its private address.
>
> Caveat to the alias command though is that with it in place, you can
> only use the PIX PDM in Monitor mode- PDM doesn't support Alias
> statements... You'd think Cisco would change that in the next update
> to the PDM. HINT HINT Cisco!!?!? :)
>
>
> Hope that helps.
>
> Mark
>
> -Original Message-
> From: Curious [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 10, 2002 2:06 PM
> To: [EMAIL PROTECTED]
> Subject: DNS Behind the firewall [7:53016]
>
> My Company's DNS server resides on our External LAN (our Public LAN),
> yesterday we move it to our Private LAN (Behind our PIX 515), and
> Nated its Public IP address with its new Private IP Address in the
> Firewall and Open
> Port 53.
> After all that move and settings we were able to resolve domain names
> from
> Private LAN but not from Public Lan or Internet.
> Please let me know if some one has any idea Y...?
>
>
>
> Curious
>
> MCSE, CCNP
Yahoo! - We Remember
9-11: A tribute to the more than 3,000 lives lost
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53040&t=53016
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: A HUB can work in Full-duplex mode? [7:52973]
r34rv13wm1rr0r wrote: > > No. The collision domain on a hub is shared throughout causing > each port to > listen before transmitting. No is correct. A hub can't be configured for full-duplex. If it can be, it's been misnamed. It's really a switch. But the explanation is not correct. A hub port doesn't listen before sending. It doesn't do MAC data-link-layer tasks. It simply forward bits that come in one port out all other ports. On a proper-sized network, the sending end hosts will still be monitoring their transmission, notice any collisions, and retransmit. In my new book, Troubleshooting Campus Networks, I have the following relevant paragraphs: "Collisions on Networks with Hubs and Switches A hub is a repeater that simplifies cabling designs, permitting a star configuration with a hub at the center, like the hub in an old hub-and-spoke wheel. Repeaters and hubs have a few other important jobs and characteristics also. Signals going through a repeater are retimed using the repeater’s timing circuitry to prevent the accumulation of signal jitter. A repeater also regenerates the signal to the proper amplitude and symmetry. Another job of a repeater is to rebuild a received preamble to avoid preambles getting shorter as they go through repeaters’ timing circuits. Repeaters also extend any fragments that have resulted from frames that collided and were cut short. The repeater extends the signal so that the total number of bits output equals 96 bits. Fragment extension ensures that short collision fragments survive a trip through a maximum-size network in the correct time frame. Stations receiving the extended fragment discard it and also defer from sending until the collision event is over. One of the most important tasks of a repeater is to enforce collisions on each connected segment. Repeaters enforce collisions by transmitting a collision-enforcement jam signal. Upon detecting a collision on one segment, a repeater transmits a collision enforcement jam signal on that segment and all other connected segments. This ensures that any station trying to send at that moment hears the collision. In this way, a repeater makes sure all stations are in the same collision domain and can react to collisions correctly. When a repeater detects a collision, it sends a 96-bit jam composed of alternating ones and zeros. Switches are replacing hubs in large campus networks. It is a common misconception that switches don’t need to know about CSMA/CD and that collisions don’t occur on switched networks. In fact, each switch port implements the CSMA/CD standard. When sending a frame, a half-duplex switch port senses carrier, defers if necessary, detects collisions, backs off, and retransmits. Whether a collision might occur or not depends on what is connected to the switched port. If a shared medium is connected to the switch, collisions may occur. Ethernet troubleshooters often wonder about cut-through switches and collisions. A cut-through switch outputs bits as soon as the destination address has been received and the destination port determined. What if there is a collision on that port? Should the switch send a collision enforcement jam on the port that received the frame so the original sender knows to try again? Or has the switch cached the frame so that it can do the retransmitting? Some troubleshooters assume that cut-through processing means that the frame was not cached. Vendor implementations may vary, but Cisco cut-through switches cache all frames, even when in cut-through mode. In this way, each port can handle CSMA/CD duties for that port and no other port. A switch retransmits if a collision occurs and does not notify the original sender in any way. Each port truly delimits a collision domain." Priscilla Oppenheimer > A switch on the other had limits > the collision > domains by port therefore allowing the host to transmit at will. > > > - Original Message - > From: "Saravanan L" > To: > Sent: Tuesday, September 10, 2002 2:59 AM > Subject: A HUB can work in Full-duplex mode? [7:52973] > > > > Just I want to know can a Hub work in full-duplex mode? > > > > Saravanan > > > *** > > This message is proprietary to Future Software Limited (FSL) > > and is intended solely for the use of the individual to whom > it > > is addressed. It may contain privileged or confidential > information > > and should not be circulated or used for any purpose other > than for > > what it is intended. > > > > If you have received this message in error, please notify the > > originator immediately. If you are not the intended recipient, > > you are notified that you are strictly prohibited from using, > > copying, altering, or disclosing the contents of this message. > > FSL accepts no responsibility for loss or damage arising from > > the use of the information transmitted by this email including > > damage from virus. > > > ***
RE: Switch Fabric? [7:52992]
Mann, Chris wrote: > > Can someone please explain what is meant by a switch fabric? Or > what is It's just a fancy term for switch architecture. It's a good term, though, because it helps answer the incessant question about the difference between a bridge and a switch. The older bridges had a simple bus and could only forward one frame at a time across the bus. Switches have a much more complicated switch fabric. Think of like a plaid or checkered fabric versus a linear line. In technical terms, switches use architectures such as crossbar, crosspoint, star-wired point-to-point, and so on. These architectures allow many frames to be forwarded at one time. We had a good discussion about this in the past. You may be able to find some good info in the archives. > means to have blades in your Catalyst switch that are fabric > enabled? Sounds like some marketing drones took the generic term and used it for something specific. ;-) Priscilla > > Thanks, > > Chris > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53038&t=52992 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: switch port 'not connect' [7:53029]
In my experience, 'notconnect' has always been a physical problem. Link lights can be deceiving. It only requires 1 of the 4 wires to give you a green light. HTH Darren At 09:27 PM 9/10/2002 +, puro prasad wrote: >HI, >port shown as 'not connect' on the 4006 switch. The LED is green on the >switch as well as on the NIC. Tried disabling and reenabling the port. No >go. What should cause this. > >GEHYD-CT-2F1Q-4006-2 (enable) sh port 5/32 >Port Name Status Vlan Level Duplex Speed Type >- -- -- -- -- -- - > > 5/32 FASTETHERNET notconnect 1 normal auto auto >10/100BaseTX > >Any suggestions >thanx + International Network Services Darren S. Crawford - CCNP, CCDP, CISSP Sr. Network Systems Consultant Northwest Region - Sacramento Office Voicemail (916) 859-5200 x310 Pager (800) 467-1467 mailto:[EMAIL PROTECTED] + Every Job is a Self-Portrait of the person Who Did It...Autograph Your Work With EXCELLENCE! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53037&t=53029 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP and subnets [7:52991]
enabled wrote: > > Is there a rule stating that addresses in a HSRP group need to > be in the > same subnet? > > For example can I have 2 devices with the following addresses: > RouterA: 10.10.10.1 > RouterB: 172.16.10.1 > HSRP address: 192.168.10.1 What problem are you trying to solve? Haven't heard that one in a while!? ;-) Why would 10.10.10.1 and 172.16.10.1 be offering redundant default gateway services to the same hosts? (Recall that HSRP provides redundancy for the end host-to-default gateway link.) An end host's default gateway must be on the same LAN (broadcast domain, IP subnet) as the end host. The end host ARPs to find the MAC address to send off-net packets to. The ARP broadcast contains the IP address of the default gateway that the host is searching. With HSRP, the active router responds with the "phantom" MAC address. Priscilla > > Thanks, > > Sam > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53036&t=52991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DNS Behind the firewall [7:53016]
I am amazed at some of the responses that people posted here (not the person
who posted the original question).
1) If you are running DNS server on Microsoft Winblows, sorry I can't help
you,
2) If you running it on Unix/Linux platform, be sure to look at the
/etc/named.conf
configuration file. Make sure you change the IP address in this file to
reflect
the new Private VLAN IP. For example:
options {
directory "/var/named";
listen-on port 53 { 172.17.1.254; };
};
I assume that you NATed this 172.17.1.254 to a public IP address and
allow both
TCP and UDP port 53 access to this machine (TCP for zone transfer and UDP
for
DNS querry).
Restart your named daemon. If you use Linux like I am, do "service named
restart" and bind will restart. Look for error in the /var/log/messages
file to check
if there are errors with named.
I have the same exact configuration that you have and it works just fine.
If you run DNS on Linux, send me your named.conf configuration and I can
help
you
Curious wrote:I am Permitting UDP / TCP port 53 on my access list on
Outside Interface.
Clients from the Internal LAN are able to resolve names but Internet Clients
or Client on External or public LAN can not resolve DNS name, one thing i
also noticed, Hit counter for access-list entry for DNS server was 0,
although there was correct entry in translation table and there was no
typing mistake in access-list.
--
Curious
MCSE, CCNP
""Mark W. Odette II"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Be sure you have the permit statement for DNS(53) applied to the outside
> interface via access-list. Unless you put the DNS server in a DMZ, you
> shouldn't really need access-lists applied to the inside interface IMO.
>
> Whether or not you have a web server that is also running on the same
> machine as DNS, or a mail server, you will need to make sure you put a
> public address A record for said server in your DNS zone along with
> however you choose to resolve the WWW/SMTP/POP3 Server on the inside
> or implement the alias command on the PIX to have the PIX auto-magically
> modify inside DNS requests to the public-addressed host so that you
> resolve to its private address.
>
> Caveat to the alias command though is that with it in place, you can
> only use the PIX PDM in Monitor mode- PDM doesn't support Alias
> statements... You'd think Cisco would change that in the next update to
> the PDM. HINT HINT Cisco!!?!? :)
>
>
> Hope that helps.
>
> Mark
>
> -Original Message-
> From: Curious [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 10, 2002 2:06 PM
> To: [EMAIL PROTECTED]
> Subject: DNS Behind the firewall [7:53016]
>
> My Company's DNS server resides on our External LAN (our Public LAN),
> yesterday we move it to our Private LAN (Behind our PIX 515), and Nated
> its
> Public IP address with its new Private IP Address in the Firewall and
> Open
> Port 53.
> After all that move and settings we were able to resolve domain names
> from
> Private LAN but not from Public Lan or Internet.
> Please let me know if some one has any idea Y...?
>
>
>
> Curious
>
> MCSE, CCNP
Yahoo! - We Remember
9-11: A tribute to the more than 3,000 lives lost
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53035&t=53016
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Upgrading 4500m router [7:53022]
4500 don't run from flash so upgrading it is the same as a 2600. Copy the image into flash, set your boot variable and reload. Dave McHugh Randy wrote: > > All > I want to perform and upgrade on a 4500m and the proceedure: > > http://www.cisco.com/warp/customer/130/sw_upgrade_proc_ram.shtml > > listed on the CCO says that you dont need to go into boot rom mode to > perform the upgrade. It just shows that you do it in regular exec priveledg > mode. And also its an example of a 2600. Does anyone have any experience > with this upgrade on a 4500m ? Can you please give me any more tips and tell > me if this proceedure on the CCO is valid? > > I am upgrade from 11.3 to 12.1. I have plenty of flash and dram for the > ugrade. > thx > Randy -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "You don't make the poor richer by making the rich poorer." --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53034&t=53022 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DNS Behind the firewall [7:53016]
O Yes! -- Curious MCSE, CCNP ""Roberts, Larry"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Does your access-list look like this: > > Access-list 100 permit udp any host a.b.c.d eq domain > > Where a.b.c.d is the EXTERNAL address ? That is what I see wrong most often. > > Thanks > > Larry > > > -Original Message- > From: Curious [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, September 10, 2002 3:41 PM > To: [EMAIL PROTECTED] > Subject: Re: DNS Behind the firewall [7:53016] > > > I am Permitting UDP / TCP port 53 on my access list on Outside Interface. > Clients from the Internal LAN are able to resolve names but Internet Clients > or Client on External or public LAN can not resolve DNS name, one thing i > also noticed, Hit counter for access-list entry for DNS server was 0, > although there was correct entry in translation table and there was no > typing mistake in access-list. > > > -- > Curious > > MCSE, CCNP > ""Mark W. Odette II"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Be sure you have the permit statement for DNS(53) applied to the > > outside interface via access-list. Unless you put the DNS server in a > > DMZ, you shouldn't really need access-lists applied to the inside > > interface IMO. > > > > Whether or not you have a web server that is also running on the same > > machine as DNS, or a mail server, you will need to make sure you put a > > public address A record for said server in your DNS zone along with > > however you choose to resolve the WWW/SMTP/POP3 Server on the > > inside or implement the alias command on the PIX to have the PIX > > auto-magically modify inside DNS requests to the public-addressed host > > so that you resolve to its private address. > > > > Caveat to the alias command though is that with it in place, you can > > only use the PIX PDM in Monitor mode- PDM doesn't support Alias > > statements... You'd think Cisco would change that in the next update > > to the PDM. HINT HINT Cisco!!?!? :) > > > > > > Hope that helps. > > > > Mark > > > > -Original Message- > > From: Curious [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, September 10, 2002 2:06 PM > > To: [EMAIL PROTECTED] > > Subject: DNS Behind the firewall [7:53016] > > > > My Company's DNS server resides on our External LAN (our Public LAN), > > yesterday we move it to our Private LAN (Behind our PIX 515), and > > Nated its Public IP address with its new Private IP Address in the > > Firewall and Open > > Port 53. > > After all that move and settings we were able to resolve domain names > > from > > Private LAN but not from Public Lan or Internet. > > Please let me know if some one has any idea Y...? > > > > > > > > Curious > > > > MCSE, CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53033&t=53016 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DNS Behind the firewall [7:53016]
Does your access-list look like this: Access-list 100 permit udp any host a.b.c.d eq domain Where a.b.c.d is the EXTERNAL address ? That is what I see wrong most often. Thanks Larry -Original Message- From: Curious [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 10, 2002 3:41 PM To: [EMAIL PROTECTED] Subject: Re: DNS Behind the firewall [7:53016] I am Permitting UDP / TCP port 53 on my access list on Outside Interface. Clients from the Internal LAN are able to resolve names but Internet Clients or Client on External or public LAN can not resolve DNS name, one thing i also noticed, Hit counter for access-list entry for DNS server was 0, although there was correct entry in translation table and there was no typing mistake in access-list. -- Curious MCSE, CCNP ""Mark W. Odette II"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Be sure you have the permit statement for DNS(53) applied to the > outside interface via access-list. Unless you put the DNS server in a > DMZ, you shouldn't really need access-lists applied to the inside > interface IMO. > > Whether or not you have a web server that is also running on the same > machine as DNS, or a mail server, you will need to make sure you put a > public address A record for said server in your DNS zone along with > however you choose to resolve the WWW/SMTP/POP3 Server on the > inside or implement the alias command on the PIX to have the PIX > auto-magically modify inside DNS requests to the public-addressed host > so that you resolve to its private address. > > Caveat to the alias command though is that with it in place, you can > only use the PIX PDM in Monitor mode- PDM doesn't support Alias > statements... You'd think Cisco would change that in the next update > to the PDM. HINT HINT Cisco!!?!? :) > > > Hope that helps. > > Mark > > -Original Message- > From: Curious [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, September 10, 2002 2:06 PM > To: [EMAIL PROTECTED] > Subject: DNS Behind the firewall [7:53016] > > My Company's DNS server resides on our External LAN (our Public LAN), > yesterday we move it to our Private LAN (Behind our PIX 515), and > Nated its Public IP address with its new Private IP Address in the > Firewall and Open > Port 53. > After all that move and settings we were able to resolve domain names > from > Private LAN but not from Public Lan or Internet. > Please let me know if some one has any idea Y...? > > > > Curious > > MCSE, CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53032&t=53016 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Duplicate packets with same SEQ #'s... [7:53024]
Where are you running this TCPdump? It seems to be somewhere on the network where it sees every packet twice. It's not just SEQ#s that are repeating, but ACKs, etc. Could the host that is running TCPdump be multihomed? Obviously, in a functioning network, it would be pretty bizarre for any LAN or host to see the same packet twice. Spanning Tree and routing protocols should ensure that this doesn't happen. But there may be situations where this is normal, for a station that is just doing network management type tasks, for example. Priscilla r34rv13wm1rr0r wrote: > > This is from a tcpdump off of one of my core switches. It > appears that it is > logging a duplicate packet with the same SEQ #. Does any one > have any idea > why this is occuring? > > Thanks, > > A > > 11:18:04.688408 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 1:65(64) ack 49 > win 8320NBT Packet (DF) > 11:18:04.688409 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 1:65(64) ack 49 > win 8320NBT Packet (DF) > > 11:18:04.688643 172.X.103.10.netbios-ssn > 172.X.15.15.1503: P > 158405518:158405625(107) ack 1210141117 win 8608NBT Packet (DF) > 11:18:04.688644 172.X.103.10.netbios-ssn > 172.X.15.15.1503: P > 0:107(107) ack > 1 win 8608NBT Packet (DF) > > 11:18:04.688645 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 65:119(54) ack > 98 win 8271NBT Packet (DF) > 11:18:04.688646 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 65:119(54) ack > 98 win 8271NBT Packet (DF) > > 11:18:04.63 X.X.6.3.http > 172.X.14.50.1123: . ack > 4294967295 win 8155 > (DF) > 11:18:04.65 X.X.6.3.http > 172.X.14.50.1123: . ack > 4294967295 win 8155 > (DF) > > 11:18:04.66 172.23.27.10.3021 > 172.X.15.10.netbios-ssn: P > 3194256684:3194256844(160) ack 95965178 win 7515NBT Packet (DF) > 11:18:04.67 172.23.27.10.3021 > 172.X.15.10.netbios-ssn: P > 0:160(160) ack > 1 win 7515NBT Packet (DF) > > 11:18:04.68 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 119:173(54) ack > 147 win 8222NBT Packet (DF) > 11:18:04.69 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 119:173(54) ack > 147 win 8222NBT Packet (DF) > > 11:18:04.688890 172.X.15.15.1503 > 172.X.103.10.netbios-ssn: P > 1:161(160) ack > 107 win 7996NBT Packet (DF) > 11:18:04.688891 172.X.15.15.1503 > 172.X.103.10.netbios-ssn: P > 1:161(160) ack > 107 win 7996NBT Packet (DF) > > 11:18:04.689183 172.X.15.10.netbios-ssn > 172.23.27.10.3021: P > 1:129(128) ack > 160 win 8138NBT Packet (DF) > 11:18:04.689185 172.X.15.10.netbios-ssn > 172.23.27.10.3021: P > 1:129(128) ack > 160 win 8138NBT Packet (DF) > > 11:18:04.689186 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 173:255(82) ack > 196 win 8173NBT Packet (DF) > 11:18:04.689187 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 173:255(82) ack > 196 win 8173NBT Packet (DF) > > 11:18:04.689188 172.X.15.151.ssh > 172.X.53.186.1219: P > 2849560709:2849560801(92) ack 2980294350 win 9648 (DF) [tos > 0x10] > 11:18:04.689189 172.X.15.151.ssh > 172.X.53.186.1219: P > 0:92(92) ack 1 win > 9648 (DF) [tos 0x10] > > 11:18:04.689192 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 255:309(54) ack > 245 win 8124NBT Packet (DF) > 11:18:04.689193 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 255:309(54) ack > 245 win 8124NBT Packet (DF) > > 11:18:04.689608 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 309:363(54) ack > 294 win 8075NBT Packet (DF) > 11:18:04.689609 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 309:363(54) ack > 294 win 8075NBT Packet (DF) > > 11:18:04.689610 172.X.243.6.printer > 172.X.240.10.723: . ack > 4096314569 win > 2144 > 11:18:04.689610 172.X.243.6.printer > 172.X.240.10.723: . ack 1 > win 2144 > > 11:18:04.689611 172.X.53.186.1219 > 172.X.15.151.ssh: P > 1:45(44) ack 92 win > 16724 (DF) > 11:18:04.689612 172.X.53.186.1219 > 172.X.15.151.ssh: P > 1:45(44) ack 92 win > 16724 (DF) > > 11:18:04.689614 172.X.61.103.1066 > 172.X.15.49.netbios-ssn: P > 294:343(49) ack > 363 win 7380NBT Packet (DF) [tos 0x4] > 11:18:04.718183 172.X.61.103.1066 > 172.X.15.49.netbios-ssn: P > 6762:6811(49) > ack 8223 win 8397NBT Packet (DF) [tos 0x4] > > 11:18:04.718187 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 8223:8287(64) > ack 6811 win 7438NBT Packet (DF) > 11:18:04.718188 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 8223:8287(64) > ack 6811 win 7438NBT Packet (DF) > > 11:18:04.718423 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 8287:8341(54) > ack 6860 win 7389NBT Packet (DF) > 11:18:04.718424 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 8287:8341(54) > ack 6860 win 7389NBT Packet (DF) > > 11:18:04.718425 172.X.240.220.6103 > 172.X.15.68.4720: . > 2920:4380(1460) ack 1 > win 16816 (DF) > 11:18:04.718586 172.X.240.220.6103 > 172.X.15.68.4720: . > 4380:5840(1460) ack 1 > win 16816 (DF) > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53031&t=53024 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.htm
switch port 'not connect' [7:53029]
HI, port shown as 'not connect' on the 4006 switch. The LED is green on the switch as well as on the NIC. Tried disabling and reenabling the port. No go. What should cause this. GEHYD-CT-2F1Q-4006-2 (enable) sh port 5/32 Port Name Status Vlan Level Duplex Speed Type - -- -- -- -- -- - 5/32 FASTETHERNET notconnect 1 normal auto auto 10/100BaseTX Any suggestions thanx Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53029&t=53029 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: New CCIE written exam. [7:53005]
I agree your not helping us by sharing the exact question on the test but you could open up a focus on a particular area that we all could hit on as a group. :-) Say Token Ring and RIF's thats were I need lots of work if you can believe it. I like to here that the new test is a challenge though makes me feel sorry for all those guys that have to re-certify the CCIE. hehe ya right!!! MG ""Roberts, Larry"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Just to be the first to jump In, but DON'T post the questions on this list. > This list is monitored by Cisco and rest assured that if you post a question > to this list that is real, you will most likely be contacted. > I for one didn't have any help from knowing what was on the test, and > neither did most people who have passed it. You need to learn the material, > not just regurgitate answers that you have memorized. > > I'm being much more polite that most of the replies that are likely to > follow, so please take the advice and forget that you even offered...or > asked > > > Thanks > > Larry > > > -Original Message- > From: YILMAZ ACAR [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, September 10, 2002 1:43 PM > To: [EMAIL PROTECTED] > Subject: RE: New CCIE written exam. [7:53005] > > > Rajesh; > do you have real exam questions? can you post it. > did you saw old exam questions your exam. > > Thank you > netcisco Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53030&t=53005 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Newby ipsec question. [7:53028]
Hello, I'm sorry for ask this stupid question, but I can't find a answer I'm working on this scenario: LAN-to-LAN ipsec conections, hub and spoke topology. A central site with a 7100 router,10 remote sites with 806 routers (ADSL or cable connections). 1.1.1.0-- (7100 Router)- 11.1.1.1 --- INTERNET -- X.X.X.X (806 Router)-- 2.2.2.0 | | - - Y.Y.Y.Y (806 Router)-- 2.2.3.0 My problem is that the 806 public IPs are dynamic and it can change every time that the 806 router restart. If the remote site IPs are dynamic, how do I can route the traffic from the central site to the branch ofices? I can configure the central router to accept dynamic connections with a preshared Key (for example), but Idon't know configure the central site to reach the private LANs of the remotes sites after the connections are up. The CISCO examples always use a route to the remote LAN through the public IP (X.X.X.X) of the remote sites, but I can't use it on this scenario because it could change . Thank you for your help and your patience (as I tell you it was a stupid question). Juan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53028&t=53028 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Duplicate packets with same SEQ #'s... [7:53024]
Have you looked at your spanning-tree? I had something similar happen to me because of a malfunctioning gig port. I would have sworn I didn't have a loop, but it ended up being a port was sending that by all appearances was blocking. We found many instances of the same packet circling through our switches by using a sniffer. r34rv13wm1rr0r wrote: > > This is from a tcpdump off of one of my core switches. It > appears that it is > logging a duplicate packet with the same SEQ #. Does any one > have any idea > why this is occuring? > > Thanks, > > A > > 11:18:04.688408 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 1:65(64) ack 49 > win 8320NBT Packet (DF) > 11:18:04.688409 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 1:65(64) ack 49 > win 8320NBT Packet (DF) > > 11:18:04.688643 172.X.103.10.netbios-ssn > 172.X.15.15.1503: P > 158405518:158405625(107) ack 1210141117 win 8608NBT Packet (DF) > 11:18:04.688644 172.X.103.10.netbios-ssn > 172.X.15.15.1503: P > 0:107(107) ack > 1 win 8608NBT Packet (DF) > > 11:18:04.688645 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 65:119(54) ack > 98 win 8271NBT Packet (DF) > 11:18:04.688646 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 65:119(54) ack > 98 win 8271NBT Packet (DF) > > 11:18:04.63 X.X.6.3.http > 172.X.14.50.1123: . ack > 4294967295 win 8155 > (DF) > 11:18:04.65 X.X.6.3.http > 172.X.14.50.1123: . ack > 4294967295 win 8155 > (DF) > > 11:18:04.66 172.23.27.10.3021 > 172.X.15.10.netbios-ssn: P > 3194256684:3194256844(160) ack 95965178 win 7515NBT Packet (DF) > 11:18:04.67 172.23.27.10.3021 > 172.X.15.10.netbios-ssn: P > 0:160(160) ack > 1 win 7515NBT Packet (DF) > > 11:18:04.68 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 119:173(54) ack > 147 win 8222NBT Packet (DF) > 11:18:04.69 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 119:173(54) ack > 147 win 8222NBT Packet (DF) > > 11:18:04.688890 172.X.15.15.1503 > 172.X.103.10.netbios-ssn: P > 1:161(160) ack > 107 win 7996NBT Packet (DF) > 11:18:04.688891 172.X.15.15.1503 > 172.X.103.10.netbios-ssn: P > 1:161(160) ack > 107 win 7996NBT Packet (DF) > > 11:18:04.689183 172.X.15.10.netbios-ssn > 172.23.27.10.3021: P > 1:129(128) ack > 160 win 8138NBT Packet (DF) > 11:18:04.689185 172.X.15.10.netbios-ssn > 172.23.27.10.3021: P > 1:129(128) ack > 160 win 8138NBT Packet (DF) > > 11:18:04.689186 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 173:255(82) ack > 196 win 8173NBT Packet (DF) > 11:18:04.689187 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 173:255(82) ack > 196 win 8173NBT Packet (DF) > > 11:18:04.689188 172.X.15.151.ssh > 172.X.53.186.1219: P > 2849560709:2849560801(92) ack 2980294350 win 9648 (DF) [tos > 0x10] > 11:18:04.689189 172.X.15.151.ssh > 172.X.53.186.1219: P > 0:92(92) ack 1 win > 9648 (DF) [tos 0x10] > > 11:18:04.689192 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 255:309(54) ack > 245 win 8124NBT Packet (DF) > 11:18:04.689193 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 255:309(54) ack > 245 win 8124NBT Packet (DF) > > 11:18:04.689608 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 309:363(54) ack > 294 win 8075NBT Packet (DF) > 11:18:04.689609 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 309:363(54) ack > 294 win 8075NBT Packet (DF) > > 11:18:04.689610 172.X.243.6.printer > 172.X.240.10.723: . ack > 4096314569 win > 2144 > 11:18:04.689610 172.X.243.6.printer > 172.X.240.10.723: . ack 1 > win 2144 > > 11:18:04.689611 172.X.53.186.1219 > 172.X.15.151.ssh: P > 1:45(44) ack 92 win > 16724 (DF) > 11:18:04.689612 172.X.53.186.1219 > 172.X.15.151.ssh: P > 1:45(44) ack 92 win > 16724 (DF) > > 11:18:04.689614 172.X.61.103.1066 > 172.X.15.49.netbios-ssn: P > 294:343(49) ack > 363 win 7380NBT Packet (DF) [tos 0x4] > 11:18:04.718183 172.X.61.103.1066 > 172.X.15.49.netbios-ssn: P > 6762:6811(49) > ack 8223 win 8397NBT Packet (DF) [tos 0x4] > > 11:18:04.718187 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 8223:8287(64) > ack 6811 win 7438NBT Packet (DF) > 11:18:04.718188 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 8223:8287(64) > ack 6811 win 7438NBT Packet (DF) > > 11:18:04.718423 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 8287:8341(54) > ack 6860 win 7389NBT Packet (DF) > 11:18:04.718424 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P > 8287:8341(54) > ack 6860 win 7389NBT Packet (DF) > > 11:18:04.718425 172.X.240.220.6103 > 172.X.15.68.4720: . > 2920:4380(1460) ack 1 > win 16816 (DF) > 11:18:04.718586 172.X.240.220.6103 > 172.X.15.68.4720: . > 4380:5840(1460) ack 1 > win 16816 (DF) > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53027&t=53024 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DNS Behind the firewall [7:53016]
I am Permitting UDP / TCP port 53 on my access list on Outside Interface. Clients from the Internal LAN are able to resolve names but Internet Clients or Client on External or public LAN can not resolve DNS name, one thing i also noticed, Hit counter for access-list entry for DNS server was 0, although there was correct entry in translation table and there was no typing mistake in access-list. -- Curious MCSE, CCNP ""Mark W. Odette II"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Be sure you have the permit statement for DNS(53) applied to the outside > interface via access-list. Unless you put the DNS server in a DMZ, you > shouldn't really need access-lists applied to the inside interface IMO. > > Whether or not you have a web server that is also running on the same > machine as DNS, or a mail server, you will need to make sure you put a > public address A record for said server in your DNS zone along with > however you choose to resolve the WWW/SMTP/POP3 Server on the inside > or implement the alias command on the PIX to have the PIX auto-magically > modify inside DNS requests to the public-addressed host so that you > resolve to its private address. > > Caveat to the alias command though is that with it in place, you can > only use the PIX PDM in Monitor mode- PDM doesn't support Alias > statements... You'd think Cisco would change that in the next update to > the PDM. HINT HINT Cisco!!?!? :) > > > Hope that helps. > > Mark > > -Original Message- > From: Curious [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, September 10, 2002 2:06 PM > To: [EMAIL PROTECTED] > Subject: DNS Behind the firewall [7:53016] > > My Company's DNS server resides on our External LAN (our Public LAN), > yesterday we move it to our Private LAN (Behind our PIX 515), and Nated > its > Public IP address with its new Private IP Address in the Firewall and > Open > Port 53. > After all that move and settings we were able to resolve domain names > from > Private LAN but not from Public Lan or Internet. > Please let me know if some one has any idea Y...? > > > > Curious > > MCSE, CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53026&t=53016 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Duplicate packets with same SEQ #'s... [7:53024]
This is from a tcpdump off of one of my core switches. It appears that it is logging a duplicate packet with the same SEQ #. Does any one have any idea why this is occuring? Thanks, A 11:18:04.688408 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 1:65(64) ack 49 win 8320NBT Packet (DF) 11:18:04.688409 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 1:65(64) ack 49 win 8320NBT Packet (DF) 11:18:04.688643 172.X.103.10.netbios-ssn > 172.X.15.15.1503: P 158405518:158405625(107) ack 1210141117 win 8608NBT Packet (DF) 11:18:04.688644 172.X.103.10.netbios-ssn > 172.X.15.15.1503: P 0:107(107) ack 1 win 8608NBT Packet (DF) 11:18:04.688645 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 65:119(54) ack 98 win 8271NBT Packet (DF) 11:18:04.688646 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 65:119(54) ack 98 win 8271NBT Packet (DF) 11:18:04.63 X.X.6.3.http > 172.X.14.50.1123: . ack 4294967295 win 8155 (DF) 11:18:04.65 X.X.6.3.http > 172.X.14.50.1123: . ack 4294967295 win 8155 (DF) 11:18:04.66 172.23.27.10.3021 > 172.X.15.10.netbios-ssn: P 3194256684:3194256844(160) ack 95965178 win 7515NBT Packet (DF) 11:18:04.67 172.23.27.10.3021 > 172.X.15.10.netbios-ssn: P 0:160(160) ack 1 win 7515NBT Packet (DF) 11:18:04.68 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 119:173(54) ack 147 win 8222NBT Packet (DF) 11:18:04.69 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 119:173(54) ack 147 win 8222NBT Packet (DF) 11:18:04.688890 172.X.15.15.1503 > 172.X.103.10.netbios-ssn: P 1:161(160) ack 107 win 7996NBT Packet (DF) 11:18:04.688891 172.X.15.15.1503 > 172.X.103.10.netbios-ssn: P 1:161(160) ack 107 win 7996NBT Packet (DF) 11:18:04.689183 172.X.15.10.netbios-ssn > 172.23.27.10.3021: P 1:129(128) ack 160 win 8138NBT Packet (DF) 11:18:04.689185 172.X.15.10.netbios-ssn > 172.23.27.10.3021: P 1:129(128) ack 160 win 8138NBT Packet (DF) 11:18:04.689186 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 173:255(82) ack 196 win 8173NBT Packet (DF) 11:18:04.689187 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 173:255(82) ack 196 win 8173NBT Packet (DF) 11:18:04.689188 172.X.15.151.ssh > 172.X.53.186.1219: P 2849560709:2849560801(92) ack 2980294350 win 9648 (DF) [tos 0x10] 11:18:04.689189 172.X.15.151.ssh > 172.X.53.186.1219: P 0:92(92) ack 1 win 9648 (DF) [tos 0x10] 11:18:04.689192 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 255:309(54) ack 245 win 8124NBT Packet (DF) 11:18:04.689193 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 255:309(54) ack 245 win 8124NBT Packet (DF) 11:18:04.689608 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 309:363(54) ack 294 win 8075NBT Packet (DF) 11:18:04.689609 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 309:363(54) ack 294 win 8075NBT Packet (DF) 11:18:04.689610 172.X.243.6.printer > 172.X.240.10.723: . ack 4096314569 win 2144 11:18:04.689610 172.X.243.6.printer > 172.X.240.10.723: . ack 1 win 2144 11:18:04.689611 172.X.53.186.1219 > 172.X.15.151.ssh: P 1:45(44) ack 92 win 16724 (DF) 11:18:04.689612 172.X.53.186.1219 > 172.X.15.151.ssh: P 1:45(44) ack 92 win 16724 (DF) 11:18:04.689614 172.X.61.103.1066 > 172.X.15.49.netbios-ssn: P 294:343(49) ack 363 win 7380NBT Packet (DF) [tos 0x4] 11:18:04.718183 172.X.61.103.1066 > 172.X.15.49.netbios-ssn: P 6762:6811(49) ack 8223 win 8397NBT Packet (DF) [tos 0x4] 11:18:04.718187 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 8223:8287(64) ack 6811 win 7438NBT Packet (DF) 11:18:04.718188 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 8223:8287(64) ack 6811 win 7438NBT Packet (DF) 11:18:04.718423 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 8287:8341(54) ack 6860 win 7389NBT Packet (DF) 11:18:04.718424 172.X.15.49.netbios-ssn > 172.X.61.103.1066: P 8287:8341(54) ack 6860 win 7389NBT Packet (DF) 11:18:04.718425 172.X.240.220.6103 > 172.X.15.68.4720: . 2920:4380(1460) ack 1 win 16816 (DF) 11:18:04.718586 172.X.240.220.6103 > 172.X.15.68.4720: . 4380:5840(1460) ack 1 win 16816 (DF) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53024&t=53024 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Upgrading 4500m router [7:53022]
All I want to perform and upgrade on a 4500m and the proceedure: http://www.cisco.com/warp/customer/130/sw_upgrade_proc_ram.shtml listed on the CCO says that you dont need to go into boot rom mode to perform the upgrade. It just shows that you do it in regular exec priveledg mode. And also its an example of a 2600. Does anyone have any experience with this upgrade on a 4500m ? Can you please give me any more tips and tell me if this proceedure on the CCO is valid? I am upgrade from 11.3 to 12.1. I have plenty of flash and dram for the ugrade. thx Randy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53022&t=53022 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DNS Behind the firewall [7:53016]
Be sure you have the permit statement for DNS(53) applied to the outside interface via access-list. Unless you put the DNS server in a DMZ, you shouldn't really need access-lists applied to the inside interface IMO. Whether or not you have a web server that is also running on the same machine as DNS, or a mail server, you will need to make sure you put a public address A record for said server in your DNS zone along with however you choose to resolve the WWW/SMTP/POP3 Server on the inside or implement the alias command on the PIX to have the PIX auto-magically modify inside DNS requests to the public-addressed host so that you resolve to its private address. Caveat to the alias command though is that with it in place, you can only use the PIX PDM in Monitor mode- PDM doesn't support Alias statements... You'd think Cisco would change that in the next update to the PDM. HINT HINT Cisco!!?!? :) Hope that helps. Mark -Original Message- From: Curious [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 10, 2002 2:06 PM To: [EMAIL PROTECTED] Subject: DNS Behind the firewall [7:53016] My Company's DNS server resides on our External LAN (our Public LAN), yesterday we move it to our Private LAN (Behind our PIX 515), and Nated its Public IP address with its new Private IP Address in the Firewall and Open Port 53. After all that move and settings we were able to resolve domain names from Private LAN but not from Public Lan or Internet. Please let me know if some one has any idea Y...? Curious MCSE, CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53023&t=53016 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DNS Behind the firewall [7:53016]
Put the foward address in the DNS table > > From: "Curious" > Date: 2002/09/10 Tue PM 03:05:40 EDT > To: [EMAIL PROTECTED] > Subject: DNS Behind the firewall [7:53016] > > My Company's DNS server resides on our External LAN (our Public LAN), > yesterday we move it to our Private LAN (Behind our PIX 515), and Nated its > Public IP address with its new Private IP Address in the Firewall and Open > Port 53. > After all that move and settings we were able to resolve domain names from > Private LAN but not from Public Lan or Internet. > Please let me know if some one has any idea Y...? > > > > Curious > > MCSE, CCNP Greg Owens 202-398-2552 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53021&t=53016 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: New CCIE written exam. [7:53005]
Just to be the first to jump In, but DON'T post the questions on this list. This list is monitored by Cisco and rest assured that if you post a question to this list that is real, you will most likely be contacted. I for one didn't have any help from knowing what was on the test, and neither did most people who have passed it. You need to learn the material, not just regurgitate answers that you have memorized. I'm being much more polite that most of the replies that are likely to follow, so please take the advice and forget that you even offered...or asked Thanks Larry -Original Message- From: YILMAZ ACAR [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 10, 2002 1:43 PM To: [EMAIL PROTECTED] Subject: RE: New CCIE written exam. [7:53005] Rajesh; do you have real exam questions? can you post it. did you saw old exam questions your exam. Thank you netcisco Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53020&t=53005 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: New CCIE written exam. [7:53005]
A friendly reminder that is against Cisco policy to post any exam questions. - Original Message - From: "YILMAZ ACAR" To: Sent: Tuesday, September 10, 2002 11:43 AM Subject: RE: New CCIE written exam. [7:53005] > Rajesh; > do you have real exam questions? can you post it. > did you saw old exam questions your exam. > > Thank you > netcisco Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53019&t=53005 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: New CCIE written exam. [7:53005]
Cheaters never prosper; shortcuts to the cert just mean you're demeaning the value of the title some of us hardworking students are sweating for. I don't speak from experience, but if I were you, I'd be mindful of the NDA - you are treading awfully close to the edge... Bill Creighton CCNP Senior System Engineer Motorola iDEN CNRC Packet Data -Original Message- From: YILMAZ ACAR [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 10, 2002 1:43 PM To: [EMAIL PROTECTED] Subject: RE: New CCIE written exam. [7:53005] Rajesh; do you have real exam questions? can you post it. did you saw old exam questions your exam. Thank you netcisco Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53018&t=53005 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
DNS Behind the firewall [7:53016]
My Company's DNS server resides on our External LAN (our Public LAN), yesterday we move it to our Private LAN (Behind our PIX 515), and Nated its Public IP address with its new Private IP Address in the Firewall and Open Port 53. After all that move and settings we were able to resolve domain names from Private LAN but not from Public Lan or Internet. Please let me know if some one has any idea Y...? Curious MCSE, CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53016&t=53016 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: New CCIE written exam. [7:53005]
Rajesh; do you have real exam questions? can you post it. did you saw old exam questions your exam. Thank you netcisco Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53014&t=53005 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP subnet Tool - Slightly off topic [7:52999]
This entire suite might be overkill for you if you only want to keep track of subnets, but Subnet List is one of the tools in it. http://solarwinds.net/Tools/Network_Discovery/SubnetList/index.htm Robert Fowler wrote: > > Good morning, > > I've been using an excel spreadsheet to track about 100+ sites > on our > network as far as subnetting etc. But we are going to be moving > to a > standardized subnetting scheme and I was wondering if anyone > had an access > database tool or other program that they would recommend for ip > subnet > tracking so you don't use duplicates ranges when adding a site > etc. Does > anyone know of a tool that will handle this? > > > > Robert Fowler > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53012&t=52999 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ADSL Link [7:52978]
Rarely is DSL used in a dedicated point-to-point manner...though it is possible on a large campus between buildings. Most ADSL connections are akin to a T1 line between you and your provider since you have, more or less, a dedicated copper run between your house/business and your service provider's DSLAM. Once it hits the edge of your service provider cloud, the copper goes into the DSLAM and out a high-speed connection (OC3, DS3, etc) to an access concentrator. From the access concentrator, it traverses the service provider's backbone this is why ADSL is more accurately described as a packet-switched connection. Since ATM is at layer 2 think of ATM connections (an example of a packet switched connection) except remember that now the ATM can traverse your copper phone lines. Finally, the traffic will hit other autonomous systems (the Internet) from your provider's backbone. Regards, Jason Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53013&t=52978 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP subnet Tool - Slightly off topic [7:52999]
solar winds network tools has a subnet tracker in it... Larry Letterman Network Engineer Cisco Systems - Original Message - From: "Robert Fowler" To: Sent: Tuesday, September 10, 2002 8:55 AM Subject: IP subnet Tool - Slightly off topic [7:52999] > Good morning, > > I've been using an excel spreadsheet to track about 100+ sites on our > network as far as subnetting etc. But we are going to be moving to a > standardized subnetting scheme and I was wondering if anyone had an access > database tool or other program that they would recommend for ip subnet > tracking so you don't use duplicates ranges when adding a site etc. Does > anyone know of a tool that will handle this? > > > > Robert Fowler Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53011&t=52999 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Anybody passed New CCIE R/S Qualification Exam [7:52862]
I failed it badly unlike the CCNP where I got close to 100% on one test. I read 2 of the newer ccie cert books (not the new cisco press one) and I also got the boson 3 test. The boson ccie 3 test has the best representation of the material but it is not a book so it only cover its test. He does have links to cisco doc but if that were easy to read nobody would sell books. Big problem is that you only learn what is in the question. For example you may learn what NBAR is but not what you do to configure it The boson test is still missing complete parts of the blueprint or covers them too lightly. Going back now and looking at the blueprint all the stuff I did not have a clue on was in their unfortuantly there is no book that has all that stuff in it. If you look at the blueprint you will find things that are only in the 12.1 code levels. Even the newest book from cisco press does not appear to have everything when you compare the blueprint and the contents. It does not even mention the QoS stuff which is a major section in the blueprint and even the sample chapter they let you look at the contents for the switching does not even cover what is refered to as SECURITY in the blueprint. It also does not cover what is refered to as mutliservies other than MPLS. This is really bad when the most current book that is supose to cover this test does not even cover the blueprint. Guess my plan is to back reread the chapters in the doyle books to try to get 100% on the routing to make up for all the stuff that is hard to get doc on. Then it a matter of tring to figure out which cisco things to read. I at least have a clue since I paid them my $300 for my education. There is one field on the test results called pratical that does not have a coresponding entry in the blueprint not sure what that is. Make sure you look at least look at all the stuff that is on the blueprint and try to find sample configs so you know what they look like. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52943&t=52862 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ADSL Link [7:52978]
Hi ADSL (assym Digital subscriber line) is used to deliver high rate data over ordinary phonelines. A new modulation technique called DMT Discrete multitone allows the hight speed ADSL facilitates the simultaneous use of normal phones ervisces ISDN and high speed transmissions ADSL can also run over future fibre cabels. Haakon Claassen EMEA - IT Transport Services -WAN Cisco Systems De Kleetlaan 6b - Pegasus Park B-1831 Diegem (Belgium) -Original Message- From: Ashok C Braganza [mailto:[EMAIL PROTECTED]] Sent: dinsdag 10 september 2002 14:29 To: [EMAIL PROTECTED] Subject: ADSL Link [7:52978] Can someone tell me What you call ADSL link? Is is it known as Dedicated line (like lease line) ? Thanks ashok Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52981&t=52978 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: why my interface keep going up and down?? [7:52917]
Could be wrong settings on the NIC connected to the switch port. Check the machine NIC settings to set to Auto-Detect for duplex and speed. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Brad Ellis Sent: Monday, September 09, 2002 11:06 AM To: [EMAIL PROTECTED] Subject: Re: why my interface keep going up and down?? [7:52917] hard code the port speed and duplex on your switch thanks, -Brad Ellis CCIE#5796 (R&S / Security) Network Learning Inc [EMAIL PROTECTED] www.optsys.net (Cisco hardware) ""Sim, CT (Chee Tong)"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi... I was checking my syslog server and found that one of the > switch's port keep changing states to up and down as shown below?? > May I know what is the cause for this? I am sure we didn't plug out > the cable at all. By the way, what is 27W5d?? > > > Sep 9 16:11:59 50.100.165.248 12051: 27w5d: %LINEPROTO-5-UPDOWN: Line > protocol on Interfa ce FastEthernet0/18, changed state to down > Sep 9 16:12:02 50.100.165.248 12052: 27w5d: %LINK-3-UPDOWN: Interface > FastEthernet0/18, c > hanged state to up > Sep 9 16:12:02 50.100.165.248 12053: 27w5d: %LINEPROTO-5-UPDOWN: Line > protocol on Interfa > ce FastEthernet0/18, changed state to up > Sep 9 16:12:20 50.100.165.248 12054: 27w5d: %LINK-3-UPDOWN: Interface > FastEthernet0/18, c > hanged state to down > Sep 9 16:12:20 50.100.165.248 12055: 27w5d: %LINEPROTO-5-UPDOWN: Line > protocol on Interfa > ce FastEthernet0/18, changed state to down > Sep 9 16:12:26 50.100.165.248 12056: 27w5d: %LINEPROTO-5-UPDOWN: Line > protocol on Interfa > ce FastEthernet0/18, changed state to up > Sep 9 16:12:30 50.100.165.248 12057: 27w5d: %LINK-3-UPDOWN: Interface > FastEthernet0/18, c > hanged state to down > Sep 9 16:12:30 50.100.165.248 12058: 27w5d: %LINEPROTO-5-UPDOWN: Line > protocol on Interfa > ce FastEthernet0/18, changed state to down > Sep 9 16:12:34 50.100.165.248 12059: 27w5d: %LINK-3-UPDOWN: Interface > FastEthernet0/18, c > hanged state to up > Sep 9 16:12:34 50.100.165.248 12060: 27w5d: %LINEPROTO-5-UPDOWN: Line > protocol on Interfa > ce FastEthernet0/18, changed state to up > > == > De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is > uitsluitend bestemd voor de geadresseerde. Indien u dit bericht > onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de > afzender direct te informeren door het bericht te retourneren. > == > The information contained in this message may be confidential and is > intended to be exclusively for the addressee. Should you receive this > message unintentionally, please do not use the contents herein and > notify the sender immediately by return e-mail. > > > == Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52950&t=52917 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCDP 3.0 - Advice?? [7:52949]
Hello, Can someone recommend a book for the CCDP 3.0 exam? I have the Cisco Press book for CID but am not sure whether this will be enough. Any recommendations on the Boson exam? Which one? Thank you for your help. Sincerely. _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52949&t=52949 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MIB strings CAT6506 [7:52995]
Did you try MRTG? >From: "[EMAIL PROTECTED]" >Reply-To: "[EMAIL PROTECTED]" >To: [EMAIL PROTECTED] >Subject: Re: MIB strings CAT6506 [7:52995] >Date: Tue, 10 Sep 2002 16:37:24 GMT > >Hi, > >One way is to use the command 'snmpwalk' from a Unix box, so you can get >the instance number you need. > >Regards, > >Alaerte > > > > > >"Mark Walmsley" @groupstudy.com em 10/09/2002 >12:42:32 > >Favor responder a "Mark Walmsley" > >Enviado Por: [EMAIL PROTECTED] > > >Para: [EMAIL PROTECTED] >cc: > >Assunto:MIB strings CAT6506 [7:52995] > > >Hi > >Does any one know what are the Mib strings to monitor the traffic (Octets) >in and out of a physical port on a Catalyst 6506 > >Using the "Show Counter 3/1" tells me but I want to use SNMP to graph the >traffic. > > >Thanks >Mark. _ Chat with friends online, try MSN Messenger: http://messenger.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53009&t=52995 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Certification Digest V2 #2242 (I am out of the [7:53008]
I will be out of the office September 10th - 16th. If this is network related emergency please contact the help desk and they will route your issue to the appropriate destination. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53008&t=53008 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MIB strings CAT6506 [7:52995]
Hi, One way is to use the command 'snmpwalk' from a Unix box, so you can get the instance number you need. Regards, Alaerte "Mark Walmsley" @groupstudy.com em 10/09/2002 12:42:32 Favor responder a "Mark Walmsley" Enviado Por: [EMAIL PROTECTED] Para: [EMAIL PROTECTED] cc: Assunto:MIB strings CAT6506 [7:52995] Hi Does any one know what are the Mib strings to monitor the traffic (Octets) in and out of a physical port on a Catalyst 6506 Using the "Show Counter 3/1" tells me but I want to use SNMP to graph the traffic. Thanks Mark. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53007&t=52995 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Internal Users ping through a PIX [7:52962]
I think that it may be more secure to just allow echo-reply back to the internal hosts. You can do this with the access-list that is on the outside interface. Assuming that you want to allow echo-reply back to users who are hidden behind a PAT address (or the hide address in checkpoint parlance) add the following line to your external access-list. access-list From-Internet permit icmp any host 1.1.1.1 echo-reply Change 1.1.1.1 to whatever your PAT address is. This also assume that you don't have any access-list on the inside interface, if you do, modify that to allow outbound echo-request. Hope this helps, C -Original Message- From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: 10/09/02 15:30 Subject: RE: Internal Users ping through a PIX [7:52962] You need to use the following global command to enable icmp: icmp permit/deny ... Here's the link for command reference: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/config/ commands.htm#xtocid33 Thanks...Nabil "I have never let my schooling interfere with my education." Lidiya White cc: Sent by: Subject: RE: Internal Users ping through a PIX [7:52962] nobody@groupstudy .com 09/09/2002 11:31 PM Please respond to Lidiya White The access-list is correct. There is something else that is going on. Use "debug icmp trace" to troubleshoot... How do you test this access-list? What are you trying to ping? -- Lidiya White -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Elijah Savage III Sent: Monday, September 09, 2002 7:33 PM To: [EMAIL PROTECTED] Subject: Internal Users ping through a PIX [7:52962] Ok guys I am on my last leg with this one I seen a ton of examples but can't seem to get it working what am I doing wrong here. All I want is my internal users to be able to ping through the firewall to the net, but external users not be able to ping. Here is the last example I used that does not work. http://www.cisco.com/warp/public/110/single-net.shtml !--- Create an access-list to allow pings out and the return packets back in. access-list 100 permit icmp any any echo-reply access-list 100 permit icmp any any time-exceeded access-list 100 permit icmp any any unreachable !--- Apply access-list 100 to the outside interface. access-group 100 in interface outside pixfirewall# sh version Cisco PIX Firewall Version 6.1(3) I appreciate your help. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53006&t=52962 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MIB strings CAT6506 [7:52995]
There are few ways to do this. You can isolate ifInOctets and ifOutOctets. I found www.mibcentral.com a good site to search by fender and keyword to find the mib OID and string you are looking for. HTH, ---Michael >From: "Mark Walmsley" >Reply-To: "Mark Walmsley" >To: [EMAIL PROTECTED] >Subject: MIB strings CAT6506 [7:52995] >Date: Tue, 10 Sep 2002 15:42:32 GMT > >Hi > >Does any one know what are the Mib strings to monitor the traffic (Octets) >in and out of a physical port on a Catalyst 6506 > >Using the "Show Counter 3/1" tells me but I want to use SNMP to graph the >traffic. > > >Thanks >Mark. _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53004&t=52995 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
New CCIE written exam. [7:53005]
Hi all, Took the new version of CCIE written exam. The exam consists of 180 min and 150 questions. The passing score is 105. But my score was only 67. :-( Lot of questions in IS-IS, Mcast and QoS. Lot of scenario based questions as well. Most of them were "choose the best answer" only a few were "multiple choice questions" and they specify how many are the best answers. 2 questions were on PVLANs, None in WLAN, couple of them in TR, Enet and FDDI stuff. Before taking the test, there is a small survey to be taken online. One of the questions in the survey is you need to select the technologies that you have worked on. I suspect most of the questions are based on the technology that you selected. Time shouldn't be a problem because you have more than a minute for a question You still can revisit marked questions at the end of the test. All the best for everybody who is right now preparing for this and if you need more specifics about the exam, email me - I will try to answer to the best I can that I have from my memory. Thanks, rajesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53005&t=53005 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pinging serial interfaces [7:53001]
In order to ping a local frame interface, you have to map the local ip to the DLCI. HTH, Scott ""Casey, Paul (6822)"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Sometimes I don't seem to be able to ping my own serial interfaces on a > router, yet I can ping the remote end.. > This often happens on frame relay . In the labs I am working on. > > I never thought about it 2 much because all the requirments were met. Though > now a requirment has come up to make sure you can ping you own serial > interface.. > > Can some tell me what I am doing wrong. I must be leaving something out > here.. > > Kind regards. > Paul. > -- > Sent from my BlackBerry Wireless Handheld > > > > > This E-mail is from O2. The E-mail and any files > transmitted with it are confidential and may also be privileged and intended > solely for the use of the individual or entity to whom they are addressed. > Any unauthorised direct or indirect dissemination, distribution or copying > of this message and any attachments is strictly prohibited. If you have > received the E-mail in error please notify [EMAIL PROTECTED] or > telephone ++ 353 1 6095000. > > * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53003&t=53001 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Switch Fabric? [7:52992]
I saw this on CCO this past week looking for bachplane speed on the 6500's. I found this http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/k6kfy_wp.htm An Excerpt from the page: The Catalyst 6500 and the Switch Fabric Module (SFM) provide a 256-Gbps switching system with forwarding rates over 100 million pps. The SFM uses the connectors on the left side of the Catalyst 6500 chassis. Note that because these connectors are not in the Catalyst 6000, this chassis cannot use the SFM. The SFM uses a 256-Gbps crossbar switching fabric to interconnect the line cards on the switch. Figure 5 is a logical diagram of the SFM. The SFM can best be thought of as a 16-port "switch," with the ports actually connecting to the line cards. In the Catalyst 6500, each slot in the chassis receives two crossbar ports, and each port is clocked at 8 Gbps (the actual bandwidth is 16 Gbps because there is one 8-Gbps path for transmitting into the crossbar and 8 Gbps for transmitting out of the crossbar). The fabric-enabled modules connect to one of the ports on the crossbar, providing 8-Gbps access into the switching fabric. The fabric-only line cards attach to both ports per slot into the crossbar, allowing them 16 Gbps of connectivity. The Catalyst 6500 SFM uses overspeed to eliminate congestion and head-of-line blocking. Overspeed is a concept by which the internal "paths" within the crossbar fabric are clocked at a speed faster than the input rates into the crossbar. This allows packets to be switched out of the source module through the fabric to the output line card at high data rates. The SFM uses 3x overspeed, meaning that each internal trace is clocked at 24 Gbps relative to the input rate, which is clocked at 8 Gbps. HTH, ---Michael >From: "Mann, Chris" >Reply-To: "Mann, Chris" >To: [EMAIL PROTECTED] >Subject: Switch Fabric? [7:52992] >Date: Tue, 10 Sep 2002 15:07:32 GMT > >Can someone please explain what is meant by a switch fabric? Or what is >means to have blades in your Catalyst switch that are fabric enabled? > >Thanks, > >Chris _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53002&t=52992 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Pinging serial interfaces [7:53001]
Sometimes I don't seem to be able to ping my own serial interfaces on a router, yet I can ping the remote end.. This often happens on frame relay . In the labs I am working on. I never thought about it 2 much because all the requirments were met. Though now a requirment has come up to make sure you can ping you own serial interface.. Can some tell me what I am doing wrong. I must be leaving something out here.. Kind regards. Paul. -- Sent from my BlackBerry Wireless Handheld This E-mail is from O2. The E-mail and any files transmitted with it are confidential and may also be privileged and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised direct or indirect dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received the E-mail in error please notify [EMAIL PROTECTED] or telephone ++ 353 1 6095000. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53001&t=53001 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: GRE [7:52997]
Try the link below... It has more information than you'll need but should be helpful. There are just a few basic commands needed to set it up. I just finished implementing GRE (along with IPSec etc) so if you have any questions I'd be glad to answer them. http://www.cisco.com/warp/public/707/ipsec_gre.shtml (EIGRP + GRE + IPSEC) -Original Message- From: Casey, Paul (6822) [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 10, 2002 11:49 AM To: [EMAIL PROTECTED] Subject: GRE [7:52997] I have also been looking for a guide to gre tunneling, though on CCO everything seems to be with ipsec or tunneling desktop protocols. I am just looking to tunnel ip, and looking for a basic guide to start with.. Anyone know where to pick up this information.. Any help appreciated Kind regards Paul. -- Sent from my BlackBerry Wireless Handheld This E-mail is from O2. The E-mail and any files transmitted with it are confidential and may also be privileged and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised direct or indirect dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received the E-mail in error please notify [EMAIL PROTECTED] or telephone ++ 353 1 6095000. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53000&t=52997 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IP subnet Tool - Slightly off topic [7:52999]
Good morning, I've been using an excel spreadsheet to track about 100+ sites on our network as far as subnetting etc. But we are going to be moving to a standardized subnetting scheme and I was wondering if anyone had an access database tool or other program that they would recommend for ip subnet tracking so you don't use duplicates ranges when adding a site etc. Does anyone know of a tool that will handle this? Robert Fowler Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52999&t=52999 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP/OSPF Synchronization [7:52980]
Inline At 01:16 PM 9/10/2002 +, Karl Brusen wrote: >Can anyone point me towards a resource that describes in detail what it >takes for BGP to consider a route synchronized when it learned it through >IGP OSPF? My study partner and I are struggling understanding how it works. >All of our resources provide only general information with statements like, >"a route must be learned by IGP before BGP will consider it synchronized". >Merely learning a route from IGP is apparently not good enough. There must >be other, more specific requirements. How does route-reflection affect >BGP/OSPF synchronization? These technologies are not designed to work together. Who knows if the BGP synch code even works. I fully expect the systest folks at Cisco who do regression testing have far better things to test (CEF comes to mind) than obsolete, fully deprecated behavior as used in broken network designs. When building your "lab" network, use one of these scaling tools or the other. In the real world, turn off synchronization. If Cisco chooses to test scenarios of this nature then shame on them. There are far more relevant design complexities that one should entertain oneself with. For what its worth, the CCIE-LAB archives are riddled with discussion on this topic. >Specifically, we are working on a lab with three routers running BGP. They >are in the same AS (IBGP). They are not fully meshed one is acting as a >router reflector for the other two. One of the RR clients has a loopback >injected into BGP by redistribute connected. All three routers are also >running OSPF and have an IGP route to the same network being injected into >BGP. The route is synchronized on the router it is injected into and on the >route reflector, but it isn't synchronized on the other route reflector >client. We are aware of how BGP and OSPF router IDs can prevent >synchronization, so we have specified the same router IDs for BGP and OSPF. > >What is interesting is that if we point a static route from the problem >route-reflector client to the BGP route "next hop", BGP synchs. Due to the >network topology and modifications of the ad distance, the problem router >also has a route learned from EIGRP but is not normally in the IP routing >table. When we shut down an interface so that the EIGRP route is placed in >the IP routing table, BGP synchs. >We are very confused. There is something about how BGP synchs with OSPF >that we just don't understand. Any insight from the group will be greatly >appreciated. > >Thanks, > > >Karl Brusen Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52998&t=52980 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
GRE [7:52997]
I have also been looking for a guide to gre tunneling, though on CCO everything seems to be with ipsec or tunneling desktop protocols. I am just looking to tunnel ip, and looking for a basic guide to start with.. Anyone know where to pick up this information.. Any help appreciated Kind regards Paul. -- Sent from my BlackBerry Wireless Handheld This E-mail is from O2. The E-mail and any files transmitted with it are confidential and may also be privileged and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised direct or indirect dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received the E-mail in error please notify [EMAIL PROTECTED] or telephone ++ 353 1 6095000. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52997&t=52997 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP and subnets [7:52991]
HSRP is used when two or more routers share interfaces on the same LAN subnet. The LAN interface IP addresses and the HSRP addresses must all be in the same subnet unless you're purposefully trying to create some bizarre behavior. John >>> "enabled" 9/10/02 8:59:30 AM >>> Is there a rule stating that addresses in a HSRP group need to be in the same subnet? For example can I have 2 devices with the following addresses: RouterA: 10.10.10.1 RouterB: 172.16.10.1 HSRP address: 192.168.10.1 Thanks, Sam Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52996&t=52991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MIB strings CAT6506 [7:52995]
Hi Does any one know what are the Mib strings to monitor the traffic (Octets) in and out of a physical port on a Catalyst 6506 Using the "Show Counter 3/1" tells me but I want to use SNMP to graph the traffic. Thanks Mark. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52995&t=52995 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP/OSPF Synchronization [7:52980]
Karl, I have compiled an article on BGP and BGP synchronization and it is posted on my website. http://www.networkking.net I believe it is the easiest way BGP and BGP synchronization can be explained. HTH Bernard > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > Karl Brusen > Sent: Tuesday, September 10, 2002 6:16 AM > To: [EMAIL PROTECTED] > Subject: BGP/OSPF Synchronization [7:52980] > > Can anyone point me towards a resource that describes in detail what it > takes for BGP to consider a route synchronized when it learned it through > IGP OSPF? My study partner and I are struggling understanding how it > works. > All of our resources provide only general information with statements > like, > "a route must be learned by IGP before BGP will consider it synchronized". > Merely learning a route from IGP is apparently not good enough. There > must > be other, more specific requirements. How does route-reflection affect > BGP/OSPF synchronization? > > Specifically, we are working on a lab with three routers running BGP. > They > are in the same AS (IBGP). They are not fully meshed one is acting as a > router reflector for the other two. One of the RR clients has a loopback > injected into BGP by redistribute connected. All three routers are also > running OSPF and have an IGP route to the same network being injected into > BGP. The route is synchronized on the router it is injected into and on > the > route reflector, but it isn't synchronized on the other route reflector > client. We are aware of how BGP and OSPF router IDs can prevent > synchronization, so we have specified the same router IDs for BGP and > OSPF. > > What is interesting is that if we point a static route from the problem > route-reflector client to the BGP route "next hop", BGP synchs. Due to > the > network topology and modifications of the ad distance, the problem router > also has a route learned from EIGRP but is not normally in the IP routing > table. When we shut down an interface so that the EIGRP route is placed > in > the IP routing table, BGP synchs. > > We are very confused. There is something about how BGP synchs with OSPF > that we just don't understand. Any insight from the group will be greatly > appreciated. > > Thanks, > > > Karl Brusen Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52994&t=52980 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Internal Users ping through a PIX [7:52962]
"icmp" command on the PIX allows/denies pinging interfaces of the PIX itself. It has nothing to do with pining through the PIX... -- Lidiya White -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, September 10, 2002 9:31 AM To: [EMAIL PROTECTED] Subject: RE: Internal Users ping through a PIX [7:52962] You need to use the following global command to enable icmp: icmp permit/deny ... Here's the link for command reference: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/config/comm ands.htm#xtocid33 Thanks...Nabil "I have never let my schooling interfere with my education." Lidiya White cc: Sent by: Subject: RE: Internal Users ping through a PIX [7:52962] nobody@groupstudy .com 09/09/2002 11:31 PM Please respond to Lidiya White The access-list is correct. There is something else that is going on. Use "debug icmp trace" to troubleshoot... How do you test this access-list? What are you trying to ping? -- Lidiya White -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Elijah Savage III Sent: Monday, September 09, 2002 7:33 PM To: [EMAIL PROTECTED] Subject: Internal Users ping through a PIX [7:52962] Ok guys I am on my last leg with this one I seen a ton of examples but can't seem to get it working what am I doing wrong here. All I want is my internal users to be able to ping through the firewall to the net, but external users not be able to ping. Here is the last example I used that does not work. http://www.cisco.com/warp/public/110/single-net.shtml !--- Create an access-list to allow pings out and the return packets back in. access-list 100 permit icmp any any echo-reply access-list 100 permit icmp any any time-exceeded access-list 100 permit icmp any any unreachable !--- Apply access-list 100 to the outside interface. access-group 100 in interface outside pixfirewall# sh version Cisco PIX Firewall Version 6.1(3) I appreciate your help. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52993&t=52962 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Switch Fabric? [7:52992]
Can someone please explain what is meant by a switch fabric? Or what is means to have blades in your Catalyst switch that are fabric enabled? Thanks, Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52992&t=52992 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
HSRP and subnets [7:52991]
Is there a rule stating that addresses in a HSRP group need to be in the same subnet? For example can I have 2 devices with the following addresses: RouterA: 10.10.10.1 RouterB: 172.16.10.1 HSRP address: 192.168.10.1 Thanks, Sam Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52991&t=52991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: GRE Tunneling over Frame Relay [7:52971]
"Implementing Cisco VPNs" by Adam Quiggle ISBN 0072130482 Published by McGraw-Hill. Has a good section on GRE tunnels. > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, September 10, 2002 2:45 AM > To: [EMAIL PROTECTED] > Subject: GRE Tunneling over Frame Relay [7:52971] > > > Hi group, > > GRE tunnels (without IPSec) among three sites are required > for carring PIM > Sparse Mode, EIGRP, NTP etc through public network. Someone > told me that to > do so BGP has to be used as well. However, from CCO > documentation site I > couldn't find out how to do it without IPSec, also I didn't > find out why GRE > tunneling requires BGP for the purpose above. > > I didn't go across GRE tunneling before. Would anyone who did > it before > please give me a hint on this topic? Or any book that you > would recommend? > > Thanks in advance. > > Tony Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52990&t=52971 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Multiple ISDN dialups - 256k channel - advise need [7:52989]
Hi, This is exactly what I was after. Many thanks!!! -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED]] Sent: 10 September 2002 16:22 To: [EMAIL PROTECTED] Subject: Re: Multiple ISDN dialups - 256k channel - advise need [7:52985] Yes you can do this, I have in the past, here is a snippet of the config: interface BRI3/0 description ISDN CKT#__ ISDN backup to bandwidth 128 no ip address ip load-sharing per-packet encapsulation ppp dialer pool-member 1 isdn switch-type basic-ni isdn spid1 x xxx isdn spid2 x xxx no fair-queue ppp authentication chap ! interface BRI3/1 description ISDN CKT#__ ISDN backup to bandwidth 128 no ip address ip load-sharing per-packet encapsulation ppp dialer pool-member 1 isdn switch-type basic-ni isdn spid1 x xxx isdn spid2 x xxx no fair-queue ppp authentication chap ! interface BRI3/2 description ISDN CKT#__ ISDN backup to bandwidth 128 no ip address ip load-sharing per-packet encapsulation ppp no ip mroute-cache dialer pool-member 1 isdn switch-type basic-ni isdn spid1 xx xxx isdn spid2 xx xxx no fair-queue ppp authentication chap ! interface BRI3/3 no ip address shutdown isdn switch-type basic-ni ! interface Dialer1 ip address 10.100.200.1 255.255.255.0 ip load-sharing per-packet encapsulation ppp no ip mroute-cache dialer remote-name Router12 dialer pool 1 dialer idle-timeout 60 dialer string 158 dialer string 159 dialer string 156 dialer string 157 dialer string 154 dialer string 155 dialer load-threshold 3 either dialer max-call 6 dialer-group 1 ipx network FBEEF ppp authentication chap ppp multilink Dave Jenny McLeod wrote: > > I haven't actually done this in production, but at various times when > testing, I have noticed that if you have multiple dialer strings on the one > dialer interface, the first string will be dialled, and then if that fails, > the second string will be dialled, and so on. > I suspect that what you want to do would work, although I doubt it would > load balance between the two numbers - I think it would normally dial the > first number, and only dial the second number if the first one failed (or is > engaged?) > > Hope that helps, > JMcL > > Andrew Larkins wrote: > > > > Hi all, > > > > I am just testing the theory here to see if this is possible. > > > > I have a remote site with 2x ISDN BRI and a central site with > > 2x ISDN BRI. > > These BRI's are backing up a dedicated 256k point to point link. > > I have dialer interfaces created on both sites with the > > physical BRI's being > > members of dialer pools. ISDN backup works great. > > > > Question: > > I need to add a second BRI to this group. I assign the > > interface to the > > dialer pool. Each of these BRI's on the central site have > > different ISDN > > telephone numbers. > > > > In order to get ALL these channels (4x 64k) dialed up in the > > event of a > > failure, can I add another dialer string to the remote site > > dialer > > interface?? If so will it load balance ???. > > The other alternative I have is that the Telco can assign both > > numbers to a > > hunt group, but I do not really want to have this right now. > > > > I have left out the ppp multilink and dialer load threshold > > commands on > > purpose. > > > > Current confis below. > > > > Central site: > > interface BRI3/0 > > no ip address > > dialer pool-member 1 > > isdn switch-type basic-net3 > > ! > > interface BRI3/1 > > no ip address > > dialer pool-member 1 > > isdn switch-type basic-net3 > > ! > > interface Dialer1 > > description ISDN Backup > > bandwidth 56 > > ip address 1.1.1.1 255.255.255.252 > > ip nat inside > > encapsulation ppp > > dialer pool 1 > > dialer remote-name xx > > dialer-group 1 > > ppp authentication chap > > end > > > > > > Remote site: > > interface BRI0/0 > > no ip address > > dialer pool-member 1 > > isdn switch-type basic-net3 > > > > New isdn still to be added but the concept remains the same as > > above > > > > interface Dialer1 > > description ISDN Backup > > bandwidth 56 > > ip address 1.1.1.2 255.255.255.252 > > encapsulation ppp > > dialer pool 1 > > dialer remote-name y > > dialer string 222 (not the real one) > > dialer string 333 (is this correct???) > > dialer-group 1 > > ppp authentication chap > > > > Thanks in advance > > > > Andrew -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "You don't make the poor richer by making the rich poorer." --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52989&t=52989 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Internal Users ping through a PIX [7:52962]
You need to use the following global command to enable icmp: icmp permit/deny ... Here's the link for command reference: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/config/commands.htm#xtocid33 Thanks...Nabil "I have never let my schooling interfere with my education." Lidiya White cc: Sent by: Subject: RE: Internal Users ping through a PIX [7:52962] nobody@groupstudy .com 09/09/2002 11:31 PM Please respond to Lidiya White The access-list is correct. There is something else that is going on. Use "debug icmp trace" to troubleshoot... How do you test this access-list? What are you trying to ping? -- Lidiya White -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Elijah Savage III Sent: Monday, September 09, 2002 7:33 PM To: [EMAIL PROTECTED] Subject: Internal Users ping through a PIX [7:52962] Ok guys I am on my last leg with this one I seen a ton of examples but can't seem to get it working what am I doing wrong here. All I want is my internal users to be able to ping through the firewall to the net, but external users not be able to ping. Here is the last example I used that does not work. http://www.cisco.com/warp/public/110/single-net.shtml !--- Create an access-list to allow pings out and the return packets back in. access-list 100 permit icmp any any echo-reply access-list 100 permit icmp any any time-exceeded access-list 100 permit icmp any any unreachable !--- Apply access-list 100 to the outside interface. access-group 100 in interface outside pixfirewall# sh version Cisco PIX Firewall Version 6.1(3) I appreciate your help. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52988&t=52962 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 7204vxr port adaptor [7:52974]
There is no controller, isn't this just the equivalent of a PA-4T+ on this side of the pond?? Dave Patrick Donlon wrote: > > Hi All > > I'm configuring a 7204vxr to back up a leased line, I've inserted a port > adaptor card with 4E1 interfaces (PA-4E1G). I loaded a new version of IOS > that supported the interface, 12.1(1a)T1, so that the router now recognises > the card. > > I'm trying to configure the interface for ISDN/E1 and I can't enter the > controller command to config the D channel. Looks like an unsupported > feature I thought so I've double checked and the features for isdn/dial all > seem to be supported by the IP version. I hope that I'm missing some very > simple and can avoid a reload, here's the show version, any ideas thanks > > Pat > > #sh ver > Cisco Internetwork Operating System Software > IOS (tm) 7200 Software (C7200-IS-M), Version 12.1(1a)T1, RELEASE SOFTWARE > (fc1) > Copyright (c) 1986-2000 by cisco Systems, Inc. > Compiled Sat 01-Apr-00 02:20 by ccai > Image text-base: 0x60008900, data-base: 0x61526000 > > ROM: System Bootstrap, Version 12.2(1r) [dchih 1r], RELEASE SOFTWARE (fc1) > BOOTFLASH: 7200 Software (C7200-BOOT-M), Version 12.0(13)S, EARLY DEPLOYMENT > RELEASE SOFTWARE (fc1) > > RouterX uptime is 2 days, 1 hour, 35 minutes > System returned to ROM by reload at 10:03:55 MEST1 Sun Sep 8 2002 > System restarted at 10:02:17 MEST1 Sun Sep 8 2002 > System image file is "nmp:/c7200-is-mz.121-1a.T1.bin" > > cisco 7204VXR (NPE225) processor (revision A) with 122880K/8192K bytes of > memory. > Processor board ID 23673112 > R527x CPU at 262Mhz, Implementation 40, Rev 10.0, 2048KB L2 Cache > 4 slot VXR midplane, Version 2.3 > > Last reset from power-on > G.703/E1 software, Version 1.0. > G.703/JT2 software, Version 1.0. > Bridging software. > X.25 software, Version 3.0.0. > 2 FastEthernet/IEEE 802.3 interface(s) > 6 Serial network interface(s) > 125K bytes of non-volatile configuration memory. > > 46976K bytes of ATA PCMCIA card at slot 0 (Sector size 512 bytes). > 4096K bytes of Flash internal SIMM (Sector size 256K). > Configuration register is 0x102 -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "You don't make the poor richer by making the rich poorer." --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52987&t=52974 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Logging Synchronous Command on a 5000 Switch [7:52986]
What command on a 5000 series switch is equivalent to the "logging synchronous" command on a router? Thanks, Kevin Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52986&t=52986 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multiple ISDN dialups - 256k channel - advise need [7:52985]
Yes you can do this, I have in the past, here is a snippet of the config: interface BRI3/0 description ISDN CKT#__ ISDN backup to bandwidth 128 no ip address ip load-sharing per-packet encapsulation ppp dialer pool-member 1 isdn switch-type basic-ni isdn spid1 x xxx isdn spid2 x xxx no fair-queue ppp authentication chap ! interface BRI3/1 description ISDN CKT#__ ISDN backup to bandwidth 128 no ip address ip load-sharing per-packet encapsulation ppp dialer pool-member 1 isdn switch-type basic-ni isdn spid1 x xxx isdn spid2 x xxx no fair-queue ppp authentication chap ! interface BRI3/2 description ISDN CKT#__ ISDN backup to bandwidth 128 no ip address ip load-sharing per-packet encapsulation ppp no ip mroute-cache dialer pool-member 1 isdn switch-type basic-ni isdn spid1 xx xxx isdn spid2 xx xxx no fair-queue ppp authentication chap ! interface BRI3/3 no ip address shutdown isdn switch-type basic-ni ! interface Dialer1 ip address 10.100.200.1 255.255.255.0 ip load-sharing per-packet encapsulation ppp no ip mroute-cache dialer remote-name Router12 dialer pool 1 dialer idle-timeout 60 dialer string 158 dialer string 159 dialer string 156 dialer string 157 dialer string 154 dialer string 155 dialer load-threshold 3 either dialer max-call 6 dialer-group 1 ipx network FBEEF ppp authentication chap ppp multilink Dave Jenny McLeod wrote: > > I haven't actually done this in production, but at various times when > testing, I have noticed that if you have multiple dialer strings on the one > dialer interface, the first string will be dialled, and then if that fails, > the second string will be dialled, and so on. > I suspect that what you want to do would work, although I doubt it would > load balance between the two numbers - I think it would normally dial the > first number, and only dial the second number if the first one failed (or is > engaged?) > > Hope that helps, > JMcL > > Andrew Larkins wrote: > > > > Hi all, > > > > I am just testing the theory here to see if this is possible. > > > > I have a remote site with 2x ISDN BRI and a central site with > > 2x ISDN BRI. > > These BRI's are backing up a dedicated 256k point to point link. > > I have dialer interfaces created on both sites with the > > physical BRI's being > > members of dialer pools. ISDN backup works great. > > > > Question: > > I need to add a second BRI to this group. I assign the > > interface to the > > dialer pool. Each of these BRI's on the central site have > > different ISDN > > telephone numbers. > > > > In order to get ALL these channels (4x 64k) dialed up in the > > event of a > > failure, can I add another dialer string to the remote site > > dialer > > interface?? If so will it load balance ???. > > The other alternative I have is that the Telco can assign both > > numbers to a > > hunt group, but I do not really want to have this right now. > > > > I have left out the ppp multilink and dialer load threshold > > commands on > > purpose. > > > > Current confis below. > > > > Central site: > > interface BRI3/0 > > no ip address > > dialer pool-member 1 > > isdn switch-type basic-net3 > > ! > > interface BRI3/1 > > no ip address > > dialer pool-member 1 > > isdn switch-type basic-net3 > > ! > > interface Dialer1 > > description ISDN Backup > > bandwidth 56 > > ip address 1.1.1.1 255.255.255.252 > > ip nat inside > > encapsulation ppp > > dialer pool 1 > > dialer remote-name xx > > dialer-group 1 > > ppp authentication chap > > end > > > > > > Remote site: > > interface BRI0/0 > > no ip address > > dialer pool-member 1 > > isdn switch-type basic-net3 > > > > New isdn still to be added but the concept remains the same as > > above > > > > interface Dialer1 > > description ISDN Backup > > bandwidth 56 > > ip address 1.1.1.2 255.255.255.252 > > encapsulation ppp > > dialer pool 1 > > dialer remote-name y > > dialer string 222 (not the real one) > > dialer string 333 (is this correct???) > > dialer-group 1 > > ppp authentication chap > > > > Thanks in advance > > > > Andrew -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "You don't make the poor richer by making the rich poorer." --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52985&t=52985 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF Partitioned areas [7:52955]
At 10:35 PM 9/9/2002 +, [EMAIL PROTECTED] wrote: >Greetings guys, > > >Is it possible to find out if an area is partitioned by using OSPF >commands? Generally lack of reachability or broken adjacencies would be the only indication. Routers themselves do not have any understanding of what the topology _should_ look like, only what the LSDB tells them it is. This is really the realm of network management software which generally knows what the topology should look like and can alert you when things happen that causes the real and desired to become unequal. >Thanks...Nabil > >"I have never let my schooling interfere with my education." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52984&t=52955 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Sales Expert Exam [7:52972]
All the information for the Cisco Sales exams are on the Partner E-Learning Site (PEC). There are web based learning courses there covering the sales exams. If you don't have access to PEC, then you probabally do not need to take the sales exams as they are for reseller certification. tm Tim Medley, CCNP+Voice, CCDP, CWNA Sr. Network Architect VoIP Group iReadyWorld -Original Message- From: Chernooki Sergei [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 10, 2002 3:54 AM To: [EMAIL PROTECTED] Subject: Sales Expert Exam [7:52972] Dear coleagues, Please recommend a study guide to prepare for the Sales Expert Exam. Some topics of it confuse me because I am a technician myself. So I need a reading to get prepared to pass the exam. Thank you. Best regards, Sergei A. Chernooki Telecommunications Engineer, CCNA NPP Belsoft, Inc 18 Moskovskaja str. office 548, 220007 Minsk Republic of Belarus phone: (375 (0)17) 222, ext.435, 2281321 fax: (375 (0)17) 2228058, mob. +375-(0)29-653-55-03. E-mail: [EMAIL PROTECTED] ICQ: 50242822 WWW: http://www.belsoft.by Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52983&t=52972 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 4507 [7:52942]
The real funny thing is that this morning I was on Cisco Forums (http://forum.cisco.com/eforum/servlet/NetProf?page=main) and under Coming soon on the bottom right hand corner of the page was 'Troubleshooting Catalyst 4500 Switches'. Seems like they really want to push this switch... Sorry Jason, I have scoured the Cisco Web Site and even talked to a friend of mine in Texas TAC and both of us couldnt find a piece of documentation on the web site other than in the configurator and now on the Cisco Forum page. ---Michael - The Cisco Golfer >From: "Jason Owens" >Reply-To: "Jason Owens" >To: [EMAIL PROTECTED] >Subject: Re: Cisco 4507 [7:52942] >Date: Tue, 10 Sep 2002 12:09:00 GMT > >I am having trouble finding information on this. Do you have a link? > >MADMAN wrote: > > > > It kinda seems like a little 6500. I don't know that it will > > be too > > bug riddled though, nothing radically new here just some of the > > features > > of it's big brother. > > > > Question is how do I justify getting one in the lab!! > > > > Dave > > > > Michael Greenbaum wrote: > > > > > > I was playing around on the Configurator this morning pricing > > out a design I > > > am doing and saw Cisco is now offering the 4507R. Its a 7 > > Slot 4006 set for > > > Redundant Supe's. Looked wild but I am going to wait on > > sticking it in my > > > designs until they work out the bugs... > > > > > > Any thoughts? > > > > > > ---Michael > > > > > > > > _ > > > Send and receive Hotmail on your mobile device: > > http://mobile.msn.com > > -- > > David Madland > > CCIE# 2016 > > Sr. Network Engineer > > Qwest Communications > > 612-664-3367 > > > > "You don't make the poor richer by making the rich poorer." > > --Winston > > Churchill _ Chat with friends online, try MSN Messenger: http://messenger.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52982&t=52942 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP/OSPF Synchronization [7:52980]
Can anyone point me towards a resource that describes in detail what it takes for BGP to consider a route synchronized when it learned it through IGP OSPF? My study partner and I are struggling understanding how it works. All of our resources provide only general information with statements like, "a route must be learned by IGP before BGP will consider it synchronized". Merely learning a route from IGP is apparently not good enough. There must be other, more specific requirements. How does route-reflection affect BGP/OSPF synchronization? Specifically, we are working on a lab with three routers running BGP. They are in the same AS (IBGP). They are not fully meshed one is acting as a router reflector for the other two. One of the RR clients has a loopback injected into BGP by redistribute connected. All three routers are also running OSPF and have an IGP route to the same network being injected into BGP. The route is synchronized on the router it is injected into and on the route reflector, but it isn't synchronized on the other route reflector client. We are aware of how BGP and OSPF router IDs can prevent synchronization, so we have specified the same router IDs for BGP and OSPF. What is interesting is that if we point a static route from the problem route-reflector client to the BGP route "next hop", BGP synchs. Due to the network topology and modifications of the ad distance, the problem router also has a route learned from EIGRP but is not normally in the IP routing table. When we shut down an interface so that the EIGRP route is placed in the IP routing table, BGP synchs. We are very confused. There is something about how BGP synchs with OSPF that we just don't understand. Any insight from the group will be greatly appreciated. Thanks, Karl Brusen Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52980&t=52980 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: A HUB can work in Full-duplex mode? [7:52973]
No. The collision domain on a hub is shared throughout causing each port to listen before transmitting. A switch on the other had limits the collision domains by port therefore allowing the host to transmit at will. - Original Message - From: "Saravanan L" To: Sent: Tuesday, September 10, 2002 2:59 AM Subject: A HUB can work in Full-duplex mode? [7:52973] > Just I want to know can a Hub work in full-duplex mode? > > Saravanan > *** > This message is proprietary to Future Software Limited (FSL) > and is intended solely for the use of the individual to whom it > is addressed. It may contain privileged or confidential information > and should not be circulated or used for any purpose other than for > what it is intended. > > If you have received this message in error, please notify the > originator immediately. If you are not the intended recipient, > you are notified that you are strictly prohibited from using, > copying, altering, or disclosing the contents of this message. > FSL accepts no responsibility for loss or damage arising from > the use of the information transmitted by this email including > damage from virus. > *** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52979&t=52973 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ADSL Link [7:52978]
Can someone tell me What you call ADSL link? Is is it known as Dedicated line (like lease line) ? Thanks ashok Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52978&t=52978 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 4507 [7:52942]
I am having trouble finding information on this. Do you have a link? MADMAN wrote: > > It kinda seems like a little 6500. I don't know that it will > be too > bug riddled though, nothing radically new here just some of the > features > of it's big brother. > > Question is how do I justify getting one in the lab!! > > Dave > > Michael Greenbaum wrote: > > > > I was playing around on the Configurator this morning pricing > out a design I > > am doing and saw Cisco is now offering the 4507R. Its a 7 > Slot 4006 set for > > Redundant Supe's. Looked wild but I am going to wait on > sticking it in my > > designs until they work out the bugs... > > > > Any thoughts? > > > > ---Michael > > > > > _ > > Send and receive Hotmail on your mobile device: > http://mobile.msn.com > -- > David Madland > CCIE# 2016 > Sr. Network Engineer > Qwest Communications > 612-664-3367 > > "You don't make the poor richer by making the rich poorer." > --Winston > Churchill > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52977&t=52942 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Reserving Bandwidth for a subnet [7:52935]
Assuming that you want ti guarantee the bandwidth for the customer in congestions, use 'Priority Queing'. HTH Hamid > Hi, I would like to ask everybody what mechanism you suggest in order > to reserve a fixed amount of bandwidth within a serial interface? > I was checking class and policy maps and I also notice de bandwidth and > priority commands but I would like to ask anyone who has done this > configuration before. The scenario is, we have a customer with subnet > x.x.x.x/24 and I need to reserve a fixed bandwidth to this customer and > have it available even in times of severe congestion, and if there's > availablity give them certain burst. > In advanced, I wanna thank anybody who shares ideas, best regards ... > > Silvio from Nicaragua > Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52976&t=52935 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF Partitioned areas [7:52955]
Hi, You could use 'show ip ospf border-routers' to see if there is ABR and/or ASBR on your network. So, go to those routers to see about other areas. Regards, Alaerte "[EMAIL PROTECTED]" @groupstudy.com em 09/09/2002 19:35:51 Favor responder a "[EMAIL PROTECTED]" Enviado Por: [EMAIL PROTECTED] Para: [EMAIL PROTECTED] cc: Assunto:OSPF Partitioned areas [7:52955] Greetings guys, Is it possible to find out if an area is partitioned by using OSPF commands? Thanks...Nabil "I have never let my schooling interfere with my education." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52975&t=52955 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
7204vxr port adaptor [7:52974]
Hi All I'm configuring a 7204vxr to back up a leased line, I've inserted a port adaptor card with 4E1 interfaces (PA-4E1G). I loaded a new version of IOS that supported the interface, 12.1(1a)T1, so that the router now recognises the card. I'm trying to configure the interface for ISDN/E1 and I can't enter the controller command to config the D channel. Looks like an unsupported feature I thought so I've double checked and the features for isdn/dial all seem to be supported by the IP version. I hope that I'm missing some very simple and can avoid a reload, here's the show version, any ideas thanks Pat #sh ver Cisco Internetwork Operating System Software IOS (tm) 7200 Software (C7200-IS-M), Version 12.1(1a)T1, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2000 by cisco Systems, Inc. Compiled Sat 01-Apr-00 02:20 by ccai Image text-base: 0x60008900, data-base: 0x61526000 ROM: System Bootstrap, Version 12.2(1r) [dchih 1r], RELEASE SOFTWARE (fc1) BOOTFLASH: 7200 Software (C7200-BOOT-M), Version 12.0(13)S, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) RouterX uptime is 2 days, 1 hour, 35 minutes System returned to ROM by reload at 10:03:55 MEST1 Sun Sep 8 2002 System restarted at 10:02:17 MEST1 Sun Sep 8 2002 System image file is "nmp:/c7200-is-mz.121-1a.T1.bin" cisco 7204VXR (NPE225) processor (revision A) with 122880K/8192K bytes of memory. Processor board ID 23673112 R527x CPU at 262Mhz, Implementation 40, Rev 10.0, 2048KB L2 Cache 4 slot VXR midplane, Version 2.3 Last reset from power-on G.703/E1 software, Version 1.0. G.703/JT2 software, Version 1.0. Bridging software. X.25 software, Version 3.0.0. 2 FastEthernet/IEEE 802.3 interface(s) 6 Serial network interface(s) 125K bytes of non-volatile configuration memory. 46976K bytes of ATA PCMCIA card at slot 0 (Sector size 512 bytes). 4096K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x102 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52974&t=52974 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
A HUB can work in Full-duplex mode? [7:52973]
Just I want to know can a Hub work in full-duplex mode? Saravanan *** This message is proprietary to Future Software Limited (FSL) and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. FSL accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus. *** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52973&t=52973 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Sales Expert Exam [7:52972]
Dear coleagues, Please recommend a study guide to prepare for the Sales Expert Exam. Some topics of it confuse me because I am a technician myself. So I need a reading to get prepared to pass the exam. Thank you. Best regards, Sergei A. Chernooki Telecommunications Engineer, CCNA NPP Belsoft, Inc 18 Moskovskaja str. office 548, 220007 Minsk Republic of Belarus phone: (375 (0)17) 222, ext.435, 2281321 fax: (375 (0)17) 2228058, mob. +375-(0)29-653-55-03. E-mail: [EMAIL PROTECTED] ICQ: 50242822 WWW: http://www.belsoft.by Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52972&t=52972 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
GRE Tunneling over Frame Relay [7:52971]
Hi group, GRE tunnels (without IPSec) among three sites are required for carring PIM Sparse Mode, EIGRP, NTP etc through public network. Someone told me that to do so BGP has to be used as well. However, from CCO documentation site I couldn't find out how to do it without IPSec, also I didn't find out why GRE tunneling requires BGP for the purpose above. I didn't go across GRE tunneling before. Would anyone who did it before please give me a hint on this topic? Or any book that you would recommend? Thanks in advance. Tony __ The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52971&t=52971 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
