Re: Voice Certification [7:53165]
John Huston wrote: 1.) What is good self study material for the Deploying Quality of Service in Enterprise Networks Exam (DQOS 9E0-601) test? If you want a book that corresponds closely to the official exam blueprint, get the Q book (qcfbook.pdf): http://cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/index.htm http://cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/qcfbook.pdf The other book, the one by Vegesna, seems to be popular, but for topic-by-topic coverage of the blueprint, there's nothing better than the Q book. -- TT Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53186t=53165 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access-list Help [7:53185]
Hi, You need to create an ACL to include the dial pool, then permit it to access the server. Thanks, Msava -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Parameswaran S Sent: Thursday, September 12, 2002 9:03 AM To: [EMAIL PROTECTED] Subject: Access-list Help [7:53185] Hi Group, I have a situation where i need to put some access list for my dial up users logging into my network. I want them give access to only one server in my network.And all other can be blocked. can someone help me to do this? thanks in advance. Paramesh - Do you Yahoo!? Yahoo! News - Today's headlines Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53187t=53185 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access-list Help [7:53185]
Hi Param, Create an ACL and apply to the group-async interface configured for dial up users. It should work. regards Silju Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53188t=53185 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE security Lab [7:53159]
I dont think you will have to do any configurations on Unix in CCIE Security Lab. The applications are already running on servers. You have to configure routers, PIX in order for these applications to work. Maybe somebody else can give more details. regards Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53189t=53159 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX to PIX ISAKMP Policy ... [7:53082]
How do I apply two different crypto maps to the same interface ??? I have two crypto maps ... bmw and ferarri . However, if I apply the bmw crypto map to the oustside interface this removes the ferarri crypto map from the outside interface .. and vice versa ... Regards Paul ... - Original Message - From: Mark W. Odette II To: Sent: Thursday, September 12, 2002 6:52 AM Subject: RE: PIX to PIX ISAKMP Policy ... [7:53082] Heed the warning... That little tip came a little too late for me a while back and it bit me in the butt hard. I had to wait until the next morning to get someone at the remote location to give the PIX the ol' 'boot. -Mark -Original Message- From: David Armstrong [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 11, 2002 8:55 AM To: [EMAIL PROTECTED] Subject: Re: PIX to PIX ISAKMP Policy ... [7:53082] Paul, You can have the same isakmp policy and the same crypto ipsec transform-set for all of your ipsec vpn's but will need to define a new crypto map and access-list. Remember to run isakmp disable outside BEFORE making configuration changes to your interface or you could lock up the PIX. David Armstrong Paul wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi .. I have setup site to site from a 506 to a 515 this all works fine ... I now want to set up another site site from a 501 to the same 515 ... When doing so ... can I use the same ISAKMP policy that I already created on the 515 PIX ??? If so ... do I just add another 'ISAKMP key address' line ??? I guess that I would have to create another 'crypto ipsec transform-set' !! Has anyone done anything similiar to this Regards Paul ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53190t=53082 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access-list Help [7:53185]
thanks all for your input..it is working.. paramesh Silju Pillai wrote:Hi Param, Create an ACL and apply to the group-async interface configured for dial up users. It should work. regards Silju Do you Yahoo!? Yahoo! News - Today's headlines Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53191t=53185 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: bandwith restriction [7:53066]
The access-list defines the group of IP addresses, and the rate-limit limit the bandwidth for all the IPs in that ACL (The aggregate), meaning that if you have defined 4 IPs in that ACL, one of the IPs could reach the BW limit if the other don't transmit. I have used rate-limit for such scenarios many times and it worked fine, the only point was defining the BURST SIZE so that the client could reach its maximum limit. If the Busrt Size is not defined well and you create a limit of 1 Mbps, the client might not even reach 900 Kbps. On my experience, Rate-limit treats the whole ACL and all IPs defined in that ACL as one entity, I don't get what you mean by the amount of bandwidth specified in the statement will be given on a case-by-case basis. HTH Hamid sisco wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... buy sitara network box! great graphical bandwidth usage per ip address and you can even restrict the application ports like kazaa,ftp s vermill wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hamid Ali Asgari wrote: Create an access-list and include all the IP addresses of that group in that access-list. Use rate-limit on the interface to limit the BW for that access-list Does rate-limiting work like that? I thought that if the condition is met (i.e. the address is within the range specified in the ACL), the amount of bandwidth specified in the statement will be given on a case-by-case basis. Or does it truly divide the bandwidth amongst all who are allowed by the ACL? We once tried to simulate the throughput of a DS3 by creating a policy for rate-limiting on a 100 Mbps ethernet. Unfortunately, the machine running ttcp to generate the dummy traffic couldn't sustain 45 Mbps. I think they ultimately went with two machines, which resulted in more than 45 Mbps of traffic but less than 90 Mbps. I seem to recall that the policy ended up allowing *each* machine up to 45 Mbps - but I could be wrong. Unfortunately, the engineer responsible for that experiment has left for greener pastures. Anyone refresh my memory? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53192t=53066 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: The Origin of Echos and Echo Replies [7:53148]
What if you reduce clockrate and ping both local interface and remote interface And measure the latency. If the local ping takes twice the time as the remote ping then Haakon Claassen EMEA - IT Transport Services -WAN Cisco Systems De Kleetlaan 6b - Pegasus Park B-1831 Diegem (Belgium) -Original Message- From: Marty Adkins [mailto:[EMAIL PROTECTED]] Sent: donderdag 12 september 2002 6:19 To: [EMAIL PROTECTED] Subject: Re: The Origin of Echos and Echo Replies [7:53148] Priscilla Oppenheimer wrote: Interesting test. I think I understand it. ;-) Where are the debugs being run, by the way? The local router that is pinging or the router at the other end? It looks like they are on the local router doing the pings? Try running them on the other router. Be sure to turn fast switching off on the other router. Regardless, what you are seeing makes sense considering this (unbelievable but true ;-) discovery that pings to a local serial interface go out across the serial link and bounce back from the router on the other end of the link. So the subinterface on the other end of the link better be up, eh? Here's another interesting test with a point-to-point WAN link (or PVC). Address the two ends as 10.0.0.1/24 and 10.0.0.2/24. 1) Ping the neighbor's IP -- typical echo echo-reply. Note the RTT. 2) Ping the local serial IP -- packet is forwarded over to the neighbor, which routes it back. Initiating router receives and replies to its own ping. That reply is forwarded to the neighbor which forwards it back. Double the normal round trip time. 3) Now the teaser... what happens if you ping 10.0.0.3? Enable debug ip icmp on both routers and observe. :-) - Marty Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53193t=53148 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ITS router not loading firmware image into 7960 phone [7:53194]
Hi Tom, This is not an answer to ur question per se, but I cant help but notice the snip below in ur output log: *Mar 1 00:00:19.771: %SYS-5-RESTART: System restarted -- Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-IS-M), Version 12.2(11)T, RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Thu 01-Aug-02 17:50 by ccai *Mar 1 00:00:19.771: %SNMP-5-COLDSTART: SNMP agent on host its-router is undergoing a cold start -- I have that 122-11.T image but when I loaded on my 3600, it was rebooting due to a software forced crash. I had to revert to 122-4.T even though I really need the native ITS feature set. Did u have any such issue with the image on ur 2600? And how did u resolve it? TIA From: Tom Scott Reply-To: Tom Scott To: [EMAIL PROTECTED] Subject: ITS router not loading firmware image into 7960 phone [7:53141] Date: Wed, 11 Sep 2002 20:31:38 GMT Does anyone have experience with ITS (native IOS Telephony Service)? If so, please take a look at the log at: http://vedatel.com/Misc/its-config-public.txt We are configuring only one phone at this point in time. All we want to do is to get the phone to downgrade from the firmware it was using in a CallManager environment to the firmware supported by the ITS image running in our 2600 router. The 2600 is running this IOS: c2600-is-mz.122-11.T.bin. The image we want to load into the 7960 is: P004G302.bin. See the commands under the telephony-service command in the log for our configuration of these goals. Our problem is that the old firmware image is not replaced by the P004G302 image. Does anyone have experience with this kind of problem and a solution to it? -- TT to _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53194t=53194 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Certification Digest V2 #2246 (I am out of the [7:53195]
I will be out of the office September 10th - 16th. If this is network related emergency please contact the help desk and they will route your issue to the appropriate destination. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53195t=53195 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: The Origin of Echos and Echo Replies [7:53148]
- Original Message - From: Priscilla Oppenheimer To: Sent: 11 September 2002 6:45 pm Subject: RE: The Origin of Echos and Echo Replies [7:53148] To be absolutely sure I would want to use a serial protocol analyzer, but alas, those are too expensive for the self-employed. But I'm 99% convinced by the testing that I did. I'm wondering if there are any obstacles to using the following strategy to avoid the usually traumatic financial consequences associated with the serial protocol analyzer option: 1: apply strict acls permitting only the test traffic to the remote router's serial interface 2: clear all counters 3: generate traffic 4: review the interface statistics (something like show int s | i received|input) for evidence that the packets traversed the wire. Priscilla I know this has been discussed in the past but I didn't find anything in the archives that exactly answers my question. It kinda makes sense that a local serial interface will encapsulate an echo packet that it receives and put it on the wire (it only knows how to encapsulate in one direction and de-encapsulate in the other). It makes sense that the distant-end router will return it, based on the destination IP in the packet. What I'm a little fuzzy on is why CCO says that the echo reply must also be sent accross the WAN and be returned by the distant end router. If it were the interface itself that had to generate the echo reply, I guess the same logic as before would apply. But does the router or the interface actually generate the reply? If it isn't the interface itself, it seems the router would simply generate a reply back towards the source IP (the ethernet interface - which is essentially itself). Is it required that an ICMP packet actually be given life on a hardware interface and thus the one-directional encapsulation issue comes back into play again? Or am I just really confused about it all? Thanks all, Scott Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53196t=53148 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MPLS [7:53197]
Hi=20 =20 1)Can anyone explain to me the concept of the routing bit when using superbackbone OSPF What loops are prevented this way? =20 2)does anyone have examples of native cell mode MPLS using ls1010 (without VPN) just the cloud =20 =20 regs =20 =20 =20 Haakon Claassen EMEA - IT Transport Services - WAN =20 De Kleetlaan 6b - Pegasus Park B-1831 Diegem (Belgium) =20 =20 [GroupStudy.com removed an attachment of type image/gif which had a name of image001.gif] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53197t=53197 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
cisco 2509 not booting [7:53198]
Hi friends, I have a cisco 2509. It is not booting up. As I power it on the following output is given in the hyper terminal System Bootstrap, Version 4.14(9.1), SOFTWARE Copyright (c) 1986-1994 by cisco Systems Bad memory - unable to write low core I am new to this error. After this the router gets stuck. Nothing else is coming down after this. kindly help me Thanks in advance Binoy Thanks, Binoy K L Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53198t=53198 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NTP - Server/Client Mode [7:53199]
Hi, Does someone has experience with NTP Server/Client and authentication. From the theory I saw the guidelines that recommend configuring authentication. From the practice I saw that in Server/Client mode the authentication do not work. No mather what the md5 key authentication is, the server/client routers get synchronized. Thanks in Advanced, Alaerte Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53199t=53199 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: POP3 - IMAP relay agent [7:53200]
Folks I need a quick solution to do the following. It probably is a tough one for most folks here, but any suggestions/assistance will be appreciated. Please send replay to [EMAIL PROTECTED] Basically I need a relay agent that monitors POP3 server and pulls all messages and redirect to IMAP servers(Excange 2000). Here is what I have.. Scenario: Avaya Intuity Audix POP3 server receives fax messages and stores them in POP3 mailboxes. These POP3 accounts need to be forwarded to an exchange server to be accessed via Outlook XP and/or OWA. The 750 DID numbers point to 750 POP3 accounts within the Intuity. The Intuity is not capable of forwarding email to a different address. The users will access email via Outlook XP and OWA and want all mail in a single mailbox. The Intuity was in place, paid for and working prior to this project, therefore less expensive than installing an additional BisCon type fax server. Hypothetical Solution: The hope is for a relay/gateway device which will routinely login to the POP3 server for each of the 750 accounts and forward the messages to the 750 exchange accounts. Future Administration: Because the PBX's DID numbers will be permanently mapped to the Intuity POP3 accounts, the administration would therefore be in adjusting the forwards within the relay/gateway to send to the new user's email account as things change. Note: The exchange 2000 server is located across a WAN. The 750 users are on brand new PCs which are being installed now (150 out of 750 completed). Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53200t=53200 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN Client PreConfig [7:53201]
Anyone know where I could get some step by step pre-configuration setups for a Cisco 3000 VPN Client? Looked around on Cisco, dint seem to find anything... Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53201t=53201 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN Client PreConfig [7:53202]
Anyone know where I could get some step by step pre-configuration setups for a Cisco 3000 VPN Client? Looked around on Cisco, dint seem to find anything... Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53202t=53202 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Catalyst 3548 vs. 3550 [7:53172]
Try the following link. It details QOS. http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/1216ea2b/scg/swg qos.htm RJ wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... anybody knows the catalyst 3548 will offer the same QoS function as 3550? is 3548 also on the ccie lab equipment list? thanks!! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53203t=53172 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: cisco 2509 not booting [7:53198]
It sounds to me like you have bad RAM or NVRAM. Do you have a Smartnet contract on this router? I would call Cisco. Binoy K L wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi friends, I have a cisco 2509. It is not booting up. As I power it on the following output is given in the hyper terminal System Bootstrap, Version 4.14(9.1), SOFTWARE Copyright (c) 1986-1994 by cisco Systems Bad memory - unable to write low core I am new to this error. After this the router gets stuck. Nothing else is coming down after this. kindly help me Thanks in advance Binoy Thanks, Binoy K L Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53204t=53198 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Test [7:53205]
Test, Test Test This is only a test. Sorry for any inconvenience. Mike Join the worlds largest e-mail service with MSN Hotmail. Click Here Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53205t=53205 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX to PIX ISAKMP Policy ... [7:53082]
Paul, Instead of using different names for your crypto maps you can simply use the same name with different numbers pointing to different ip addresses at you remote peer: crypto ipsec transform-set VPNSET esp-des esp-sha-hmac crypto map VPNMAP 10 ipsec-isakmp crypto map VPNMAP 10 match address vpn1 crypto map VPNMAP 10 set peer 123.213.123.1 crypto map VPNMAP 10 set transform-set VPNSET crypto map VPNMAP 20 ipsec-isakmp crypto map VPNMAP 20 match address vpn2 crypto map VPNMAP 20 set peer 213.123.123.1 crypto map VPNMAP 20 set transform-set VPNSET crypto map VPNMAP 30 ipsec-isakmp crypto map VPNMAP 30 match address vpn3 crypto map VPNMAP 30 set peer 321.123.321.1 crypto map VPNMAP 30 set transform-set VPNSET crypto map VPNMAP interface outside You might also want to download the .pdf form of the PIX manual frm CCO. It's much more comprehensive than what comes with a PIX out of the box. There are some good examples of setups similar to what you're doing in there. Hope this helps. David Armstrong Paul wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... How do I apply two different crypto maps to the same interface ??? I have two crypto maps ... bmw and ferarri . However, if I apply the bmw crypto map to the oustside interface this removes the ferarri crypto map from the outside interface .. and vice versa ... Regards Paul ... - Original Message - From: Mark W. Odette II To: Sent: Thursday, September 12, 2002 6:52 AM Subject: RE: PIX to PIX ISAKMP Policy ... [7:53082] Heed the warning... That little tip came a little too late for me a while back and it bit me in the butt hard. I had to wait until the next morning to get someone at the remote location to give the PIX the ol' 'boot. -Mark -Original Message- From: David Armstrong [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 11, 2002 8:55 AM To: [EMAIL PROTECTED] Subject: Re: PIX to PIX ISAKMP Policy ... [7:53082] Paul, You can have the same isakmp policy and the same crypto ipsec transform-set for all of your ipsec vpn's but will need to define a new crypto map and access-list. Remember to run isakmp disable outside BEFORE making configuration changes to your interface or you could lock up the PIX. David Armstrong Paul wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi .. I have setup site to site from a 506 to a 515 this all works fine ... I now want to set up another site site from a 501 to the same 515 ... When doing so ... can I use the same ISAKMP policy that I already created on the 515 PIX ??? If so ... do I just add another 'ISAKMP key address' line ??? I guess that I would have to create another 'crypto ipsec transform-set' !! Has anyone done anything similiar to this Regards Paul ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53206t=53082 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: POP3 - IMAP relay agent [7:53200]
Avaya is the former Lucent right? They made a product that used to be called Unified Messenger that would bring it all together in one mailbox. Contact Avaya and ask them about that product. Firesox wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Folks I need a quick solution to do the following. It probably is a tough one for most folks here, but any suggestions/assistance will be appreciated. Please send replay to [EMAIL PROTECTED] Basically I need a relay agent that monitors POP3 server and pulls all messages and redirect to IMAP servers(Excange 2000). Here is what I have.. Scenario: Avaya Intuity Audix POP3 server receives fax messages and stores them in POP3 mailboxes. These POP3 accounts need to be forwarded to an exchange server to be accessed via Outlook XP and/or OWA. The 750 DID numbers point to 750 POP3 accounts within the Intuity. The Intuity is not capable of forwarding email to a different address. The users will access email via Outlook XP and OWA and want all mail in a single mailbox. The Intuity was in place, paid for and working prior to this project, therefore less expensive than installing an additional BisCon type fax server. Hypothetical Solution: The hope is for a relay/gateway device which will routinely login to the POP3 server for each of the 750 accounts and forward the messages to the 750 exchange accounts. Future Administration: Because the PBX's DID numbers will be permanently mapped to the Intuity POP3 accounts, the administration would therefore be in adjusting the forwards within the relay/gateway to send to the new user's email account as things change. Note: The exchange 2000 server is located across a WAN. The 750 users are on brand new PCs which are being installed now (150 out of 750 completed). Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53207t=53200 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Fiber cables [7:53208]
I'm in the process of connecting several 3548 switches ( located in IDFs ) via GBICs and need some long patch cables to do so. Does anyone know of a good source for extended fiber patch cables? Thanks in advance, Bob McIntire Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53208t=53208 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fiber cables [7:53208]
Try Black Box. They make them all. www.blackbox.com Robert A. McIntire wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm in the process of connecting several 3548 switches ( located in IDFs ) via GBICs and need some long patch cables to do so. Does anyone know of a good source for extended fiber patch cables? Thanks in advance, Bob McIntire Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53209t=53208 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
UDP broadcast problem [7:53210]
Chat with friends online, try MSN Messenger: Click Here Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53210t=53210 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
endpointIdentifier in RAS msg [7:53211]
Group, from debug h225asn1 we can see RAS messages and we can read endpointIdentifier. Anybody knows how is generated that string? RasMessage ::= admissionRequest :{ requestSeqNum 5928 callType pointToPoint : NULL callModel direct : NULL endpointIdentifier {619629680001} destinationInfo Thanks in advance. Teresa Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53211t=53211 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: bandwith restriction [7:53066]
Hamid Ali Asgari wrote: The access-list defines the group of IP addresses, and the rate-limit limit the bandwidth for all the IPs in that ACL (The aggregate), meaning that if you have defined 4 IPs in that ACL, one of the IPs could reach the BW limit if the other don't transmit. I have used rate-limit for such scenarios many times and it worked fine, the only point was defining the BURST SIZE so that the client could reach its maximum limit. If the Busrt Size is not defined well and you create a limit of 1 Mbps, the client might not even reach 900 Kbps. On my experience, Rate-limit treats the whole ACL and all IPs defined in that ACL as one entity, I don't get what you mean by the amount of bandwidth specified in the statement will be given on a case-by-case basis. Hamid, Thanks. I was referring to a situation where every IP that met the criteria of the ACL was allowed (up to the limit of the interface of course) the bandwidth specified in the rate-limit statement. I thought that was pretty odd (and very likely was the result of a misconfiguration somewhere or a misplaced ACL or ACL argument). Unfortunately, it's been many months ago and it wasn't my project so I don't have much in the way of particulars. I took advantage of your post to ask what the normal behavior should be since I never got around to resolving it in the lab for myself. Thanks for your reply. Scott Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53212t=53066 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
help needed in ACS [7:53213]
I have a installed a remote access to network with VPN client 3.5 through Pix (506-6.2) and they are beeing authenticated in a ACS Server (3.0). My question is, how do i prevent some users to browse or maaping drives in the network (Microsoft Windows network). thanx in advance. CCNA, CCNP CQS Cumprimentos Antero Vasconcelos Compta Network Solutions e-mail [EMAIL PROTECTED] Tel. (+351) 22 969 9940 Fax (+351) 22 969 9935 www http://www.compta.pt Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53213t=53213 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: New CCIE Lab - Anyone ??? [7:53171]
The question is.Has anyone had to use them yet in the labI heard a rumor this week in RTP -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Cisco Nuts Sent: Wednesday, September 11, 2002 10:51 PM To: [EMAIL PROTECTED] Subject: New CCIE Lab - Anyone ??? [7:53171] Hello, Has anyone taken the new CCIE Lab beginning Sept.4th? Pass or Fail? So far, no one has provided any feedback since the 4th. I have been waiting anxiously for someone to post something. Did anyone see the new 3550 switches or the old Cat 5 or both?? How about any new stuff? MPLS, IPSEC, QOS on the 3550 etc. etc. Anyone?? Sincerely. _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53214t=53171 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: help needed in ACS [7:53213]
shut down the ports that Msoft uses to do those functions in the pix... Larry Letterman Network Engineer Cisco Systems Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Antero Vasconcelos Sent: Thursday, September 12, 2002 8:18 AM To: [EMAIL PROTECTED] Subject: help needed in ACS [7:53213] I have a installed a remote access to network with VPN client 3.5 through Pix (506-6.2) and they are beeing authenticated in a ACS Server (3.0). My question is, how do i prevent some users to browse or maaping drives in the network (Microsoft Windows network). thanx in advance. CCNA, CCNP CQS Cumprimentos Antero Vasconcelos Compta Network Solutions e-mail [EMAIL PROTECTED] Tel. (+351) 22 969 9940 Fax (+351) 22 969 9935 www http://www.compta.pt Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53215t=53213 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RSM issues = Bad subnet mask [7:53216]
I am trying to configure an RSM with the addressing scheme subnetted with a /27 subnet mask, however I am getting the folowing utput. I am pretty sure that the address is valid and cannot figure out why the RSM is punking out. Any help would be appreciated. RSM(config)#ip routing RSM(config)#int vlan1 RSM(config-if)#ip address 192.168.2.1 255.255.255.224 Bad mask /27 for address 192.168.2.1 RSM(config-if)# Kevin Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53216t=53216 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RSM issues = Bad subnet mask [7:53216]
With older IOS images you need to enter the command 'ip subnet-zero' to make this work. With 12.0 and later it is the default setting. John Sparky Nelson 9/12/02 12:38:48 PM I am trying to configure an RSM with the addressing scheme subnetted with a /27 subnet mask, however I am getting the folowing utput. I am pretty sure that the address is valid and cannot figure out why the RSM is punking out. Any help would be appreciated. RSM(config)#ip routing RSM(config)#int vlan1 RSM(config-if)#ip address 192.168.2.1 255.255.255.224 Bad mask /27 for address 192.168.2.1 RSM(config-if)# Kevin Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53217t=53216 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Pix Pat and NetMeeting [7:53218]
I know that netMeeting will not work with Pat. If I add the established command to the config will it resolve the problem? established tcp 0 1731 permitto udp 0 permitfrom udp 1024-65535 established tcp 0 1503 permitto udp 0 permitfrom udp 1024-65535 established tcp 0 389 permitto udp 0 permitfrom udp 1024-65535 established tcp 0 1720 permitto udp 0 permitfrom udp 1024-65535 established tcp 0 522 permitto udp 0 permitfrom udp 1024-65535 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53218t=53218 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RSM issues = Bad subnet mask [7:53216]
Do you have ip subnet-zero in your config? -Original Message- From: Sparky Nelson [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 12, 2002 1:39 PM To: [EMAIL PROTECTED] Subject: RSM issues = Bad subnet mask [7:53216] I am trying to configure an RSM with the addressing scheme subnetted with a /27 subnet mask, however I am getting the folowing utput. I am pretty sure that the address is valid and cannot figure out why the RSM is punking out. Any help would be appreciated. RSM(config)#ip routing RSM(config)#int vlan1 RSM(config-if)#ip address 192.168.2.1 255.255.255.224 Bad mask /27 for address 192.168.2.1 RSM(config-if)# Kevin Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53219t=53216 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RSM issues = Bad subnet mask [7:53216]
Yeah, I figured it out and feel foolish. The answer was too obvious for me to see right away. Of course you always figure it out after you send your plea for help out to the public Kevin Daniel Cotts wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Do you have ip subnet-zero in your config? -Original Message- From: Sparky Nelson [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 12, 2002 1:39 PM To: [EMAIL PROTECTED] Subject: RSM issues = Bad subnet mask [7:53216] I am trying to configure an RSM with the addressing scheme subnetted with a /27 subnet mask, however I am getting the folowing utput. I am pretty sure that the address is valid and cannot figure out why the RSM is punking out. Any help would be appreciated. RSM(config)#ip routing RSM(config)#int vlan1 RSM(config-if)#ip address 192.168.2.1 255.255.255.224 Bad mask /27 for address 192.168.2.1 RSM(config-if)# Kevin Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53220t=53216 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Squid Caching Software [7:53221]
Are any of you using the Squid open source software on your own hardware? If so, are you happy with it? How does it perform in comparison to other caches you've used? Thanks, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53221t=53221 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
two T1 line to load balancing in cisco router [7:53222]
Hi all, I have two cisco 2621 router, each router connect to T1 line via serial interface. My question is: How can I configure the router, so it could perform load balancing between those two T1 lines? Can anyone give me a simple configuration or URLs? Thanks Ricky Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53222t=53222 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: 2924 reboots when I plug in a console cable [7:53135]
Are you using a DELL laptop. There is know problem with the Dell's and some Cisco devices. Check CCO for more details. From: Haakon Claassen (hclaasse) Date: 2002/09/11 Wed PM 04:14:33 EDT To: [EMAIL PROTECTED] Subject: RE: 2924 reboots when I plug in a console cable [7:53135] Never had it Configured over a hundred of these devices the field Using w2k and XP with Hyperterm or terraterm regs Haakon Claassen EMEA - IT Transport Services -WAN Cisco Systems De Kleetlaan 6b - Pegasus Park B-1831 Diegem (Belgium) -Original Message- From: Jason Owens [mailto:[EMAIL PROTECTED]] Sent: woensdag 11 september 2002 21:51 To: [EMAIL PROTECTED] Subject: 2924 reboots when I plug in a console cable [7:53135] When I plug in a console cable to some of my 2924's they reboot (My coworker is convinced that it is Win2000 sending out a probe because of plug-and-play). I have only seen this on the 2924 and it doesn't happen on all of the ones I have. Has this happened to anyone else? I have been unable to find anything about this on the Cisco web site. Here is a sh ver from one of the switches this has happened on: Cisco Internetwork Operating System Software IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5)XU, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2000 by cisco Systems, Inc. Compiled Mon 03-Apr-00 16:37 by swati Image text-base: 0x3000, data-base: 0x00301398 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53223t=53135 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: two T1 line to load balancing in cisco router [7:53222]
See this link - (watch wrap) http://www.cisco.com/warp/public/cc/pd/ifaa/pa/much/prodlit/loadb_an.htm We use cef on some 2620's to load balance across multiple T1's... Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53224t=53222 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Squid Caching Software [7:53221]
John Neiberger wrote in message Are any of you using the Squid open source software on your own hardware? If so, are you happy with it? How does it perform in comparison to other caches you've used? I like Squid. ICP multicast seems like a very intelligent way to move content around. Content encapsulation with mod_gzip is nice on the sending side, but more people need to be caching content on the receiving side!!! Cache hierarchies are very nice, but as a content provider (no names here), I can tell you that all the CDN's and cache hierarchies in the world aren't going to solve any real world problems. Cache hierachies are for end-users, not content providers. Direct interconnection and/or smart routing (BGP performance and correct operation of multi-homed networks) has been and also currently is the champion for content providers, and where they should put the most investment in. Private/Public peering is also a better cost optimization (by leaps and bounds!) for heavy content providers than CDN's or cache hierarchies. Another big responsibility for content providers (and a MUST if they want to save huge amounts of time and money) is to provide the ability for their content to be cached by end-users and Tier-2's. The book Web Caching by Duane Wessels is excellent as are the RFC's. However, this is not a networking problem, it's an HTML and coding problem. While Cisco and Akamai don't understand this at all, they seem to be pushing their products to the wrong people, IMO, and this is why their product lines are suffering. DNS content routing mechanisms (e.g. RR DNS, Cisco Boomerang, Cisco DD, Radware Global Triangulation, et al) are proving to not work (because of DNS servers caching TTL's). To put this in easier terms, content routing can be done in a few forms: * DNS mode - done by client's DNS (not direct end-user), DNS server caching avoids adminitratively set TTL's, can be bypassed by using IP or different DNS name (http://yahoo.com instead of www.yahoo.com) * HTTP-Redirect mode - browser problems, bookmarks can bypass, DNS caching can still avoid administratively set TTL's (same problems really) * Edge-Intercept - now this does avoid DNS caching, but requires access to all the end-users and network. Still has problems with multi-homed users or users attempting to use different DNS servers. * BGP + Anycast - only real method that I know to solve global reachability of services across distributed data centers. Done with IP addresses (announcing single multi-homed blocks in more than one place, with /32's reachable for single IP's throughout the internal infrastructure (since you can't announce anything greater than a /24 in the Internet routing table). Anycast addresses are injected into the IGP (could be IBGP, doesn't have to be OSPF/EIGRP/ISIS) and marked with metrics showing distance. See the following paper for more details: http://www.cisco.com/public/cons/isp/essentials/ip-anycast-cmetz-03.pdf Cisco's IOS SLB and the Catalyst 6500 CSM have a feature called Route Health Injection, or RHI, which is capable of injecting a /32 host route and pulling it out of the routing table if the server (or VIP) is not available. The most current Cisco SRND's (e.g. Enterprise Data Center Design) and Cisco Sales Positioning are now recommending the use of RHI for content routing. I believe that investments should now be going into using this technology instead of letting people like Akamai invest in secrets like this for years. Going back to caching, I think the basics can be implemented by the content providers (such as using Reverse Proxy Caching (RPC) to replace use of servers and aid against flash crowd problems, etc). What I feel is more on the Enterprise or ISP/User side is use of cache hierarchies or CDN's. The strongest caching architectures should be found in those places, as they will have the most cost optimization and performance benefits from implementing such a solution. Here's a link to the Cache Now! campaign - http://vancouver-webpages.com/CacheNow/ I am very interested on the AOL cache architecture. They seem to be the only people who have figured it out. If anyone has any details of what they use / what they do, please post or email me privately. -dre Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53225t=53221 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Squid Caching Software [7:53221]
I guess I should have been specific about our circumstances. We're replacing an older Compaq TaskSmart cache server and we want to get two of something or other, and we're having a hard time making up our minds. Today I got the bright idea that we could simply buy two Sun Netra servers and put Squid on them. Sounds like a good idea to me but I wanted to hear the opinions of other Squid users. Thanks! John dre 9/12/02 3:04:07 PM John Neiberger wrote in message Are any of you using the Squid open source software on your own hardware? If so, are you happy with it? How does it perform in comparison to other caches you've used? I like Squid. ICP multicast seems like a very intelligent way to move content around. Content encapsulation with mod_gzip is nice on the sending side, but more people need to be caching content on the receiving side!!! Cache hierarchies are very nice, but as a content provider (no names here), I can tell you that all the CDN's and cache hierarchies in the world aren't going to solve any real world problems. Cache hierachies are for end-users, not content providers. Direct interconnection and/or smart routing (BGP performance and correct operation of multi-homed networks) has been and also currently is the champion for content providers, and where they should put the most investment in. Private/Public peering is also a better cost optimization (by leaps and bounds!) for heavy content providers than CDN's or cache hierarchies. Another big responsibility for content providers (and a MUST if they want to save huge amounts of time and money) is to provide the ability for their content to be cached by end-users and Tier-2's. The book Web Caching by Duane Wessels is excellent as are the RFC's. However, this is not a networking problem, it's an HTML and coding problem. While Cisco and Akamai don't understand this at all, they seem to be pushing their products to the wrong people, IMO, and this is why their product lines are suffering. DNS content routing mechanisms (e.g. RR DNS, Cisco Boomerang, Cisco DD, Radware Global Triangulation, et al) are proving to not work (because of DNS servers caching TTL's). To put this in easier terms, content routing can be done in a few forms: * DNS mode - done by client's DNS (not direct end-user), DNS server caching avoids adminitratively set TTL's, can be bypassed by using IP or different DNS name (http://yahoo.com instead of www.yahoo.com) * HTTP-Redirect mode - browser problems, bookmarks can bypass, DNS caching can still avoid administratively set TTL's (same problems really) * Edge-Intercept - now this does avoid DNS caching, but requires access to all the end-users and network. Still has problems with multi-homed users or users attempting to use different DNS servers. * BGP + Anycast - only real method that I know to solve global reachability of services across distributed data centers. Done with IP addresses (announcing single multi-homed blocks in more than one place, with /32's reachable for single IP's throughout the internal infrastructure (since you can't announce anything greater than a /24 in the Internet routing table). Anycast addresses are injected into the IGP (could be IBGP, doesn't have to be OSPF/EIGRP/ISIS) and marked with metrics showing distance. See the following paper for more details: http://www.cisco.com/public/cons/isp/essentials/ip-anycast-cmetz-03.pdf Cisco's IOS SLB and the Catalyst 6500 CSM have a feature called Route Health Injection, or RHI, which is capable of injecting a /32 host route and pulling it out of the routing table if the server (or VIP) is not available. The most current Cisco SRND's (e.g. Enterprise Data Center Design) and Cisco Sales Positioning are now recommending the use of RHI for content routing. I believe that investments should now be going into using this technology instead of letting people like Akamai invest in secrets like this for years. Going back to caching, I think the basics can be implemented by the content providers (such as using Reverse Proxy Caching (RPC) to replace use of servers and aid against flash crowd problems, etc). What I feel is more on the Enterprise or ISP/User side is use of cache hierarchies or CDN's. The strongest caching architectures should be found in those places, as they will have the most cost optimization and performance benefits from implementing such a solution. Here's a link to the Cache Now! campaign - http://vancouver-webpages.com/CacheNow/ I am very interested on the AOL cache architecture. They seem to be the only people who have figured it out. If anyone has any details of what they use / what they do, please post or email me privately. -dre Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53226t=53221 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and
Re: Help Needed to recover 5500 with bad software in New [7:53227]
I have a 5505 with supIII cards in my lab. i wont be back in the office until Monday but if you want, I can swap flash cards with you. I can send you a flash card with a valid image on it and you can send me your blank one. or you can drive down if you want probably about 2 hours or so to Bridgeport, CT. Dennis - Original Message - From: Cisco Kid To: Cc: Sent: Wednesday, September 11, 2002 1:48 PM Subject: Help Needed to recover 5500 with bad software in New England ** High Priority ** I have a Catalyst 5500 with a sup III for my home lab. Some how the software became corrupted. It now only boots into rommon. The two versions of software in the boot flash don't work. I have Rommon ver 3.2 so no I can't x-modem or tftp. The only way to recovery is to be able to copy the OS on to a flash card I bought. I have the software. Is there any one that can help me? I can use any of the routers or switches listed below. It will only take 5 minutes to do this. I am unemployed so I cant afford to buy another supervisor. I live in Providence, RI and I will pretty much travel to get this fixed. Thanks, Robert Hosford p.s. please reply to [EMAIL PROTECTED] Filesystem Class CAS5800 Dial Shelf Controller Catalyst 5000/5500 Supervisor III Module Catalyst 6000/6500 Supervisor Engine I Catalyst 6000/6500 Supervisor Engine II Cisco 7000 Route Processor Cisco 7100 Series Routers Cisco uBR7100 Series Routers Cisco 7200 Series Network Processing Engine Cisco uBR7200 Series Routers Cisco 7200VXR Series Network Services Engine 1 Cisco 7600 Series Internet Routers Cisco 1 Series Routers (ESR) Cisco uBR1 Series Routers Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53227t=53227 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Redistribution of the Default route in Eigrp - Mystifying?? [7:53228]
Hello, I am trying to redistribute a default route into my Eigrp domain by using the default-network command. This network that I specify is the serial network that connects my border router to the ISP network. It only worked the first time and has not worked again. Why, I wonder? Anyway, here are the different ways that I used to inject a default routevery interesting!! Anyone with a good explanation? Redistribution of a default route into Eigrp: On the border router : RTF# ip route 0.0.0.0 0.0.0.0 s0 ip route 0.0.0.0 0.0.0.0 s1 ip default-network 144.228.0.0 ip default-network 144.223.0.0 This injects a default route to all the other routers but only the first timeWhy? (I missed the output herewish I had copied it had I known it would not work again!) __ Again, On the border router : RTF# ip route 0.0.0.0 0.0.0.0 s0 ip route 0.0.0.0 0.0.0.0 s1 router eigrp 100 redistribute static metric 1536 2 255 1 1500 This does NOT inject a default route to the other routers...Why? __ Again, On the border router : RTF# ip route 0.0.0.0 0.0.0.0 s0 ip route 0.0.0.0 0.0.0.0 s1 router eigrp 100 network 0.0.0.0 This injects a default route into the other routers: D* 0.0.0.0/0 [90/7324160] via 212.1.22.98, 00:08:10, Serial0/0 Only a D* because network 0.0.0.0 is a part of Eigrp __ Again, On the border router : RTF# ip route 0.0.0.0 0.0.0.0 s0 ip route 0.0.0.0 0.0.0.0 s1 router eigrp 100 redistribute static route-map defaultout network 150.50.0.0 network 172.16.0.0 no auto-summary eigrp log-neighbor-changes access-list 1 permit 0.0.0.0 route-map defaultout permit 10 match ip address 1 This injects a default route into the other routers:(even without specifying the metrics)...Why? D*EX 0.0.0.0/0 [170/2716160] via 212.1.22.98, 00:04:44, Serial0/0 D*EX because a static route has been redistributed into Eigrp __ Again, On the border router : RTF# ip route 0.0.0.0 0.0.0.0 s0 ip route 0.0.0.0 0.0.0.0 s1 router eigrp 100 redistribute static network 150.50.0.0 network 172.16.0.0 no auto-summary eigrp log-neighbor-changes This also works without specifying any metrics..why? D*EX 0.0.0.0/0 [170/2716160] via 212.1.22.98, 00:01:56, Serial0/0 __ Again, On the border router : RTF# ip route 0.0.0.0 0.0.0.0 s0 ip route 0.0.0.0 0.0.0.0 s1 RTF(config)#ip default-network 144.228.0.0 RTF(config)#ip default-network 144.223.0.0 No default route injected into any router.why? __ Again, On the border router : RTF# ip route 0.0.0.0 0.0.0.0 s0 ip route 0.0.0.0 0.0.0.0 s1 router eigrp 100 redistribute static metric 1 1 1 1 1 This injects a default route into the other routers when specifying a metric of 1 1 1 1 1.Why? D*EX 0.0.0.0/0 [170/2560537856] via 212.1.22.98, 00:00:05, Serial0/0 __ Again, On the border router : RTF# ip route 0.0.0.0 0.0.0.0 s0 ip route 0.0.0.0 0.0.0.0 s1 RTF(config)#router eigrp 100 RTF(config-router)#no redi static The default route goes away on the other routerswhich is OK? __ So how does the default-network command work??? My head is hurting now!! _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53228t=53228 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
GroupStudy search engine beta [7:53229]
I have implemented a new search engine for this list and need help beta testing it. The search engine is a huge improvement over our previous engine (i.e. it works!). I have configured the engine to only index the body of the message, and not index any copied replies. Plus I added the capability to search by author and subject. Finally I added a switch that allows you to filter message replies. To access the beta engine go to http://www.groupstudy.com/cgi-bin/search The usual search engine terms apply. So a query that says BGP and OSPF will find all messages that contain BGP and OSPF. If you want to search by phrase you simply add quotes around the phrase. You may select to only search by subject or author via a radio button. Here are some advanced searches: To find all messages by Howard on BGP: Set the radio to Title Body and query: BGP Author=Berkowitz To find only replies to messages about Split Horizons: split horizons Reply=Y To search deleting replies: split horizons Reply=N I would like to thank Carlos Mendioroz for suggesting this software. Please send me any bug reports and remember I am still working on it so expect occasional down-time. Paul Borghese Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53229t=53229 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Squid Caching Software [7:53221]
As dre said squid works great. Has worked great for a long time and I don't see any reason for it to stop being good. The available tools for log analysis are broad and pretty good, better than those of the commercial vendors I've seen. The tools for content filtering on squid(though I don't advocate this so I don't try to track) are moderate and the commercial vendors seem to have done better at this. Squid has a much more visible process which makes it easier to support and you won't have to deal with vendors claiming black magic inside their box. The only headaches I've had from a deployed squid cache were from content developers who had no knowledge of caching and who's server was on the far side of a cache. Arguably they shouldn't have been writing content for that big of an audience, but a little education and guidance along with appropriate acl's make that type of problem disappear quickly. BTW, I'm also a fan of anycast when I put it in a few situations back in the mid 90s then saw other folks had been doing it in roughly similar ways, even went to work for one of them briefly. It works well too, only challenge there was finding midlevel support folks willing to wrap their minds around something a little different and in today's market that doesn't seem to be much of a challenge. Good Luck, Darrell always looking for the next big project... darrellhayaitacosnet John Neiberger wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I guess I should have been specific about our circumstances. We're replacing an older Compaq TaskSmart cache server and we want to get two of something or other, and we're having a hard time making up our minds. Today I got the bright idea that we could simply buy two Sun Netra servers and put Squid on them. Sounds like a good idea to me but I wanted to hear the opinions of other Squid users. Thanks! John dre 9/12/02 3:04:07 PM John Neiberger wrote in message Are any of you using the Squid open source software on your own hardware? If so, are you happy with it? How does it perform in comparison to other caches you've used? I like Squid. ICP multicast seems like a very intelligent way to move content around. Content encapsulation with mod_gzip is nice on the sending side, but more people need to be caching content on the receiving side!!! Cache hierarchies are very nice, but as a content provider (no names here), I can tell you that all the CDN's and cache hierarchies in the world aren't going to solve any real world problems. Cache hierachies are for end-users, not content providers. Direct interconnection and/or smart routing (BGP performance and correct operation of multi-homed networks) has been and also currently is the champion for content providers, and where they should put the most investment in. Private/Public peering is also a better cost optimization (by leaps and bounds!) for heavy content providers than CDN's or cache hierarchies. Another big responsibility for content providers (and a MUST if they want to save huge amounts of time and money) is to provide the ability for their content to be cached by end-users and Tier-2's. The book Web Caching by Duane Wessels is excellent as are the RFC's. However, this is not a networking problem, it's an HTML and coding problem. While Cisco and Akamai don't understand this at all, they seem to be pushing their products to the wrong people, IMO, and this is why their product lines are suffering. DNS content routing mechanisms (e.g. RR DNS, Cisco Boomerang, Cisco DD, Radware Global Triangulation, et al) are proving to not work (because of DNS servers caching TTL's). To put this in easier terms, content routing can be done in a few forms: * DNS mode - done by client's DNS (not direct end-user), DNS server caching avoids adminitratively set TTL's, can be bypassed by using IP or different DNS name (http://yahoo.com instead of www.yahoo.com) * HTTP-Redirect mode - browser problems, bookmarks can bypass, DNS caching can still avoid administratively set TTL's (same problems really) * Edge-Intercept - now this does avoid DNS caching, but requires access to all the end-users and network. Still has problems with multi-homed users or users attempting to use different DNS servers. * BGP + Anycast - only real method that I know to solve global reachability of services across distributed data centers. Done with IP addresses (announcing single multi-homed blocks in more than one place, with /32's reachable for single IP's throughout the internal infrastructure (since you can't announce anything greater than a /24 in the Internet routing table). Anycast addresses are injected into the IGP (could be IBGP, doesn't have to be OSPF/EIGRP/ISIS) and marked with metrics showing distance. See the following paper for more details:
ip classless and default route [7:53231]
according to many books, ip classless should be used to be able to use default route. but I just found my internet router, actually has no ip classless. which means I am using classful route lookup. And this is working fine,who can explain why note that ip address here is not real one. ! hostname xxx ! enable secret xxx ! ip subnet-zero no ip domain-lookup ip name-server x.x.x.x ! interface FastEthernet0/0 ip address 210.210.210.62 255.255.255.240 no ip directed-broadcast ! interface Serial0/0 bandwidth 64 ip unnumbered FastEthernet0/0 no ip directed-broadcast no ip mroute-cache no fair-queue ! no ip classless ip route 0.0.0.0 0.0.0.0 Serial0/0 Gateway of last resort is 0.0.0.0 to network 0.0.0.0 210.210.210.0/28 is subnetted, 1 subnets C 210.210.210.48 is directly connected, FastEthernet0/0 S* 0.0.0.0/0 is directly connected, Serial0/0 xxx# xxx#sh flash System flash directory: File Length Name/status 1 3612344 c2600-i-mz.120-3.T3 [3612408 bytes used, 4776200 available, 8388608 total] 8192K bytes of processor board System flash (Read/Write) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53231t=53231 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT sample configs [7:53042]
Thanks to everyone that helped. Derald John Huston wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The Cisco site has quite a few of them. Please refer to the URL below. http://www.cisco.com/warp/public/556/index.shtml and this URL will help you with other sample configs. http://www.cisco.com/public/technotes/serv_tips.shtml Good Luck Derald Sweatt wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am working on a project on setting up NAT. If anyone has sample configs out there. please let me know. Thanks in advance. Derald Sweatt CSX Technologies CCNA Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53232t=53042 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help Needed to recover 5500 with bad software in New [7:53233]
I just want to thank every who offered to help me with this. With the help of someone from this great group, I was able to get my switch up and running. I am now a very happy camper. Thank you all, Robert Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53233t=53233 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
How to clear access-list counters [7:53234]
Is there a way to reset access-list counters that appear when I do the following command: sh ip access-lists Thx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53234t=53234 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ip classless and default route [7:53231]
You don't need the ip classless command because your default route points to an unnumbered serial interface. If instead it pointed to an IP address that was in the same class as your local Ethernet, then you would have a problem. Here's the classic example: e0 RouterA s0 -- s0 RouterB --Internet routerA int e0 172.16.10.1 255.255.255.0 int s0 172.16.20.1 255.255.255.0 ip route 0.0.0.0 0.0.0.0 172.16.20.2 routerB int s0 172.16.20.2 255.255.255.0 That confuses Router A. Without ip classless, it thinks 172.16.0.0/16 is local. But that causes it not to be able to forward traffic to 172.16.20.2, the router on the other end of the serial link that has access to the rest of the world. Try it in a lab, if you get a chance. You'll see that in this situation, you need ip classless. Priscilla YI Zhou wrote: according to many books, ip classless should be used to be able to use default route. but I just found my internet router, actually has no ip classless. which means I am using classful route lookup. And this is working fine,who can explain why note that ip address here is not real one. ! hostname xxx ! enable secret xxx ! ip subnet-zero no ip domain-lookup ip name-server x.x.x.x ! interface FastEthernet0/0 ip address 210.210.210.62 255.255.255.240 no ip directed-broadcast ! interface Serial0/0 bandwidth 64 ip unnumbered FastEthernet0/0 no ip directed-broadcast no ip mroute-cache no fair-queue ! no ip classless ip route 0.0.0.0 0.0.0.0 Serial0/0 Gateway of last resort is 0.0.0.0 to network 0.0.0.0 210.210.210.0/28 is subnetted, 1 subnets C 210.210.210.48 is directly connected, FastEthernet0/0 S* 0.0.0.0/0 is directly connected, Serial0/0 xxx# xxx#sh flash System flash directory: File Length Name/status 1 3612344 c2600-i-mz.120-3.T3 [3612408 bytes used, 4776200 available, 8388608 total] 8192K bytes of processor board System flash (Read/Write) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53235t=53231 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE SECURITY LAB [7:53236]
Do we need to be good in unix system for the CCIE Security lab ?. Join the worlds largest e-mail service with MSN Hotmail. Click Here Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53236t=53236 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ip classless and default route [7:53231]
It will work fine for any destination other then 210.210.210.x/24 which is the classful network for your IP subnet. A better real-world internet example with no ip classless and internet connections would be, if you had a 64.x.x.x subnet on the serial and similar on LAN side. In this case, 64.0.0.0/8 is the classful range. There are many other customers that have a subnet in this classful range out there. With 'no ip classless' and a default route with nexthop of 64.x.x.x any traffic destined to a 64.x.x.x site would fail, but traffic to 210.x.x.x, 65.x.x.x, etc would work. Erick --- YI Zhou wrote: according to many books, ip classless should be used to be able to use default route. but I just found my internet router, actually has no ip classless. which means I am using classful route lookup. And this is working fine,who can explain why note that ip address here is not real one. ! hostname xxx ! enable secret xxx ! ip subnet-zero no ip domain-lookup ip name-server x.x.x.x ! interface FastEthernet0/0 ip address 210.210.210.62 255.255.255.240 no ip directed-broadcast ! interface Serial0/0 bandwidth 64 ip unnumbered FastEthernet0/0 no ip directed-broadcast no ip mroute-cache no fair-queue ! no ip classless ip route 0.0.0.0 0.0.0.0 Serial0/0 Gateway of last resort is 0.0.0.0 to network 0.0.0.0 210.210.210.0/28 is subnetted, 1 subnets C 210.210.210.48 is directly connected, FastEthernet0/0 S* 0.0.0.0/0 is directly connected, Serial0/0 xxx# xxx#sh flash System flash directory: File Length Name/status 1 3612344 c2600-i-mz.120-3.T3 [3612408 bytes used, 4776200 available, 8388608 total] 8192K bytes of processor board System flash (Read/Write) [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53238t=53231 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Default Routing in EIGRP [7:53237]
Hello group. Just a simple (but nagging) question on default routing in EIGRP. From what I've encountered in the textbooks and CCO, I have four options: 1. redistribute a static 0.0.0.0 - this I'm able to accomplish, although I will have to change IOS versions because for some reason, the default route that is installed in the neighboring routers as an external eigrp disappear after 3-5 mins. Why? I don't know. I'm rebooting the routers now. 2. ip default-network 3. default-information [allowed|in|out] 4. ip sum eigrp 1 0.0.0.0 0.0.0.0 Except for the first option I have not been successful in generating defaults into EIGRP. If anyone has a better explanation for the last three options your comments are greatly appreciated. Elmer Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53237t=53237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Default Routing in EIGRP [7:53239]
As a follow-up to my original post, a reboot reinstalled the default routes. As a word of caution, you might not want to use flash:/c2500-jk8os-l.122-1b.bin image as I've encountered too many strange results with it. Getting ready to swap it with a 12.1.xyz as I'm tired of wasting my time troubleshooting IOS features. Thank goodness for the 1-day lab format ;-$ And yes, ip sum eigrp 1 0.0.0.0 0.0.0.0 does work. Elmer Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53239t=53239 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ip classless and default route [7:53231]
Hmm, Try removing your static 0.0.0.0 and you'll see why. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 12, 2002 8:57 PM To: [EMAIL PROTECTED] Subject: ip classless and default route [7:53231] according to many books, ip classless should be used to be able to use default route. but I just found my internet router, actually has no ip classless. which means I am using classful route lookup. And this is working fine,who can explain why note that ip address here is not real one. ! hostname xxx ! enable secret xxx ! ip subnet-zero no ip domain-lookup ip name-server x.x.x.x ! interface FastEthernet0/0 ip address 210.210.210.62 255.255.255.240 no ip directed-broadcast ! interface Serial0/0 bandwidth 64 ip unnumbered FastEthernet0/0 no ip directed-broadcast no ip mroute-cache no fair-queue ! no ip classless ip route 0.0.0.0 0.0.0.0 Serial0/0 Gateway of last resort is 0.0.0.0 to network 0.0.0.0 210.210.210.0/28 is subnetted, 1 subnets C 210.210.210.48 is directly connected, FastEthernet0/0 S* 0.0.0.0/0 is directly connected, Serial0/0 xxx# xxx#sh flash System flash directory: File Length Name/status 1 3612344 c2600-i-mz.120-3.T3 [3612408 bytes used, 4776200 available, 8388608 total] 8192K bytes of processor board System flash (Read/Write) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53240t=53231 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Default Routing in EIGRP [7:53239]
Well, 12.2.1 is the first revision of 12.2 mainline code; they just released 12.2.12 so that may be better for you. Keep in mind that there is no 12.2 GD release yet. The T, X, etc trains add features so are likely to be more problem prone. Perhaps, look at 12.1 GD if you don't need any features introduced in 12.1T train or 12.2T train. Erick --- cebuano wrote: As a follow-up to my original post, a reboot reinstalled the default routes. As a word of caution, you might not want to use flash:/c2500-jk8os-l.122-1b.bin image as I've encountered too many strange results with it. Getting ready to swap it with a 12.1.xyz as I'm tired of wasting my time troubleshooting IOS features. Thank goodness for the 1-day lab format ;-$ And yes, ip sum eigrp 1 0.0.0.0 0.0.0.0 does work. Elmer __ Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53241t=53239 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco 3005 VPN Routing [7:53243]
Hi All, Have a 3005 setup to connect my branch sites. Have noticed today whilst connecting a new site, that the routing table on the 3005, was showing a strange table. The 3005 (will call tok.ra from now), is saying that the route to my remote site is via the (a 10.10.x.x network), is not via the next hop router on the remote site, but via my internet router. I adjusted this thinking that there is no way in the world, that this traffic is going via the internet path, and changed it to relect the next hop router on the other side of the tunnel. As soon as I changed this, traffic between the sites stopped. I tried every possible next hop router with my colleague in the remote site, and nothing would work. As a last resort, I changed the next hop router, as my internet router...Things started to work again. This is not right to me. To me this states that the packets destined for the remote branch, are going via the internet router and not using the VPN link, however without the VPN in place, its not possible to route to the 10.10.x.x network (unless I have it locally which I dont)... Any one have any thoughts..Is it a bug in the VPN concentrator software, again ??? Am I stupid and not seeing it (dont answer to quick on that, my windows sys admins have their own opinion there, however they cant understand why there connection to the network is so slow after calling me names, I love QoS)... John Sydney, Australia ** visit http://www.solution6.com UK Customers - http://www.solution6.co.uk * This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53243t=53243 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Linux Fetchmail monitoring tool [7:53244]
Sorry for the offline topic. I have 750 POP3 email account being fetched by Linux fetchmail and forwarded to SMTP account in Exchange. It takes a very long time to go from the top of the .fetchmailrc run control file to the bottom of the script. Anyone know of any monitoring tooling for fetchmail? Thanks in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53244t=53244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]