RE: Multicast [7:53412]

[Jaco Muller - MWeb]

Hi,

If you have control over the TTL of the multicast packets, you can make
use of the TTL threshold interface command (ip multicast ttl-threshold).
For instance, set a threshold of 15 on Serial0/3. Multicast packets with
a TTL lower than 15, will not be forwarded out that interface. Now
ensure that packets that DO need to be forwarded out that interface,
have a TTL of more than 15 when they arrive at your router.

Regards
Jaco



-Original Message-
From: router poon [mailto:[EMAIL PROTECTED]] 
Sent: Monday, September 16, 2002 5:37 PM
To: [EMAIL PROTECTED]
Subject: Multicast [7:53412]


Hi,

I have question on the multicast.

Serial0/2 is sending the multicast to Ethernet0/0 and Serial0/3. How can
I block the multicast traffic sending to Serial0/3 and only send to
Ethernet0/0.

I cannot tun off the ip pim dense-mode command because there is
another multicast traffic sending from Serial0/3 to Ethernet0/0.

Any Hints.
 

(*, 224.0.24.10), 00:46:39/00:00:00, RP 0.0.0.0, flags: DJCL
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
Serial0/3, Forward/Dense, 00:46:39/00:00:00
Serial0/2, Forward/Dense, 00:46:39/00:00:00
Ethernet0/0, Forward/Dense, 00:46:39/00:00:00

(10.1.1.2, 224.0.24.10), 00:46:39/00:02:59, flags: CLTA
  Incoming interface: Serial0/2, RPF nbr 11.1.1.2
  Outgoing interface list:
Serial0/3, Forward/Dense, 00:46:39/00:00:00
Ethernet0/0, Forward/Dense, 00:46:39/00:00:00

03:11:49: IP: s=10.1.1.1 (Serial0/2) d=224.0.24.10 (Serial0/3) len 532,
mforward
03:11:49: IP: s=10.1.1.1 (Serial0/2) d=224.0.24.10 (Ethernet0/0) len
532, mforward


Thanks.



-
Do you Yahoo!?
Yahoo! News - Today's headlines
 
Give your child an unfair advantage with M-Web Learning.  To join, call
08600 32 000 or go to http://join.mweb.co.za

M-Web  JUST LIKE THAT




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53459t=53412
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: MPLS Books [7:53255]

[nrf]

Depends on what you want.  It is my opinion that neither is really that
good.  Don't get me wrong, they're OK, but they certainly aren't worthy of
touching Doyle, not by a long shot.  The Pepelnjak one talks a lot about
VPN's but makes absolutely no mention of TE.  The Alwayn one talks about TE,
if briefly.  Like I said, neither book is really comprehensive.  And
unfortunately, as you might expect with a fast-moving technology like MPLS,
both books are already somewhat obsolete.

The best high-level explanations of MPLS, especially MPLS VPN's,  are white
papers from, err, another vendor that shall remain unnamed.


Silju Pillai  wrote in message
news:[EMAIL PROTECTED]...
 I would like to know which is the best book on Cisco MPLS-VPN. I saw two
 books on MPLS VPN Architectures of the same author in Ciscopress and
amazon.
 Whats the difference between these two? Which one is better?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53460t=53255
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

MC3810 DSP not function. [7:53461]

[Amnuay Mekchompu]

I have some problem about MC3810. I got 2 DSP module (2DSP and 6 DSP) to
support E1 R2 Trunk.
 
But 1 of it is not function. Please give me suggestion how to diagnostic
or check it.
 
Thanks a lot,
 
Amnuay M.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53461t=53461
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Problem with spanning on Cisco 2950 switch [7:53462]

[Andrew Larkins]

Hi all, 

I have a 2950-24 switch that I have set-up monitoring (spanning) on. This is
not a problem.
The particular port that is the destination goes into and  up
down(monitor) state when the commands are enter. This is normal I assume.
The local server get the necessary port information from the monitored
ports.
This particular port is connected to a server running some other vendors IDS
system. It is also a file sharing server.

Problem is that no-one can connect to the server in monitor mode. Is there a
way that the port can be spanned as well as being used for file sharing??
The commands on the switch are all done in global config mode and there are
very limited options
I have told the client to separate the 2 services onto 2 different
machines, but they are not wanting to do this.

Any ideas for a workaround or should I just tell the client that it is not
possible??

Thanks in advance

Andrew




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53462t=53462
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

SC2200(PGW2200) alarm message [7:53463]

[kobchai Tanprasert]

I have the alarm message from the Cisco SS7 Signaling gateway:

nas: 2002-09-05 12:30:18.119 GMT,ALM=\M-OOS\,SEV=MN

The nas is AS5300 connecting to local exchange via E1 link

- the transmission channel is out of service
nas:TC=1,CALL=IDLE,PST=OOS,SPAN=0
- the ss7 path is blocked
ss7p:CIC=33,PST=IS,CALL=IDLE,BLK=MATE_UNAVAIL
- the local exchange guy told me that he receive blocking signal from the
Cisco signaling gateway.
when I check the ISDN link I get the following debug:
Sep 16 15:17:16.908 BKK: ISDN Se0:15 SC: TX -  SABMEp c/r = 0 sapi = 0  tei
= 0
Sep 16 15:17:16.916 BKK: ISDN Se0:15 SC: RX   SABMEp c/r = 0 sapi = 0  tei
= 0
Sep 16 15:17:21.924 BKK: ISDN Se0:15 SC: RXsh isdn nfas g 0

 ISDN NFAS GROUP 0 ENTRIES:

 The primary D is Serial0:15.
 The NFAS member is Serial1:15.

 There are 2 total nfas members.
 There are 0 total available B channels.
 The primary D-channel is DSL 0 in state OUT OF SERVICE
 There is currently no backup D configured.
 The current active layer 2 DSL is 0.
nas




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53463t=53463
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Problem Gatekeeper and registratio gateway [7:53420]

[Tunji Suleiman]

Let's see config for gatekeeper and unregistering gateway.

Tunji


From: Alfredo Pulido 
Reply-To: Alfredo Pulido 
To: [EMAIL PROTECTED]
Subject: Problem Gatekeeper and registratio gateway [7:53420]
Date: Mon, 16 Sep 2002 17:14:45 GMT

Hello people,

 I have a problem when I want support AAA in my Gatekeeper. If 
Gatekeeper
is configured without AAA, all run OK.
 My Hardware for the Gatekeeper is 3620, IOS 12.2(8)T5.
 Gateway 827.

 The configuration with AAA is in LOCAL, in the future they will be 
with
RADIUS.

CONFIGURATION:
---
GATEKEEPER:
FAQ, list archives, and subscription info: 
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




_
Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53464t=53420
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Problem Gatekeeper and registratio gateway [7:53420]

[Alfredo Pulido]

Hello People, I don't Know because the e-mail that I sent to news groupstudy
is corrupt in the news.

Below is the original e-mail I wrote in my PC, and I sent to groupstudy.

If you not receive the configuration gatekeeper and gateway, please you
contact with me again.

Thanks for all,

Waiting for you answerr,

Regards,

--
 Alfredo Pulido   [EMAIL PROTECTED]
 Dept. Sistemas, IdecNet S.A.
 Juan XXIII 44 // E-35004 Las Palmas de Gran Canaria,
 Las Palmas // SPAIN
 Tel: +34 828 111 000   Fax: +34 828 111 112
 http://www.idecnet.com/
--


ORIGINAL E-MAIL:


Hello people,

I have a problem when I want support AAA in my Gatekeeper. If Gatekeeper
is configured without AAA, all run OK.
My Hardware for the Gatekeeper is 3620, IOS 12.2(8)T5.
Gateway 827.

The configuration with AAA is in LOCAL, in the future they will be with
RADIUS.

CONFIGURATION:


GATEKEEPER:
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

COS and not ID [7:53466]

[TP]

Dear group,
I've a catalyst 3550: is it possible to set cos for outgoing frame and not
the
VLAN ID field?
I mean, I'd like to set priority and not a VLAN ID for frames coming from a
specified port.

Any suggestion, explanetion, will be appreciated.
TP




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53466t=53466
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Dialer interfaces vs. dialer maps question to ponder [7:53467]

[Jim Brown]

I think you can do anything with dialer interfaces that you can do with
legacy DDR, but the inverse is not true.

-Original Message-
From: Roberts, Larry [mailto:[EMAIL PROTECTED]] 
Sent: Monday, September 16, 2002 10:45 PM
To: [EMAIL PROTECTED]
Subject: OT: Dialer interfaces vs. dialer maps question to ponder
[7:53457]


OK,

A Question to ponder.

Can anyone think of a reason of why someone would NOT user dialer
interfaces, as apposed to using legacy DDR , beside IOS support, and the
political just because we want legacy DDR ?

I'm just trying to reason why someone would use legacy DDR and I can't
think
of a reason to use it. Is there some configuration that is only
supported by
legacy DDR commands?

Just a little late night pondering before bedtime...

Thanks

Larry




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53467t=53467
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

What's the Technical difference between Switch and Switching [7:53468]

[R.S.Sundar]

Hello All,

What's the Technical difference between Swich and Switching Hub.

Generally we have hubs,switch and switching hub .In which situation a
switching hub can be used.

Can we use it instead of a switch.

Regards,

R.S.Sundar

***
This message is proprietary to Future Software Limited (FSL) 
and is intended solely for the use of the individual to whom it
is addressed. It may contain  privileged or confidential information 
and should not be circulated or used for any purpose other than for 
what it is intended. 

If you have received this message in error, please notify the
originator immediately. If you are not the intended recipient,
you are notified that you are strictly prohibited from using,
copying, altering, or disclosing the contents of this message. 
FSL accepts no responsibility for loss or damage arising from 
the use of the information transmitted by this email including
damage from virus.
***




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53468t=53468
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Voice solution - help required [7:53469]

[Shane Stockman]

I have 2 Siemens PABX's at 2 sites as well as a 256KB line between them.I 
would like to make the 256K line a tie line and run only voice on the link.I 
require 2 routers on both sides preferably 3640's.

I am not so well versed with voice modules for the Cisco.Could someone 
please assist with a spec for the 3640 ( eg what modules are required etc..)

thanks


_
Join the worlds largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53469t=53469
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Concept [7:53470]

[Jimmy]

Hi,
I am new in this line. Just wonder if anyone can explain the following term
for me.
1. What is the purpose for CSU/DSU? (To terminate a T1) Is it use for short
distance too or it is only use for long distance?
2. What about LTU, NT and TE?
3. Any one have play with RAD equipment before?

Cheers,
Jimmy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53470t=53470
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: What's the Technical difference between Switch and [7:53471]

[Saravanan L]

I think switching hub will establish the
the connection according to the line speed.
If the end-end connectivity is having the
100 Mbps , hub will be changed to the 100Mbps mode


regards,

Saravanan

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
R.S.Sundar
Sent: Tuesday, 17 September 2002 3:10 PM
To: [EMAIL PROTECTED]
Subject: What's the Technical difference between Switch and Switching
[7:53468]


Hello All,

What's the Technical difference between Swich and Switching Hub.

Generally we have hubs,switch and switching hub .In which situation a
switching hub can be used.

Can we use it instead of a switch.

Regards,

R.S.Sundar

***
This message is proprietary to Future Software Limited (FSL)
and is intended solely for the use of the individual to whom it
is addressed. It may contain  privileged or confidential information
and should not be circulated or used for any purpose other than for
what it is intended.

If you have received this message in error, please notify the
originator immediately. If you are not the intended recipient,
you are notified that you are strictly prohibited from using,
copying, altering, or disclosing the contents of this message.
FSL accepts no responsibility for loss or damage arising from
the use of the information transmitted by this email including
damage from virus.
***
***
This message is proprietary to Future Software Limited (FSL) 
and is intended solely for the use of the individual to whom it
is addressed. It may contain  privileged or confidential information 
and should not be circulated or used for any purpose other than for 
what it is intended. 

If you have received this message in error, please notify the
originator immediately. If you are not the intended recipient,
you are notified that you are strictly prohibited from using,
copying, altering, or disclosing the contents of this message. 
FSL accepts no responsibility for loss or damage arising from 
the use of the information transmitted by this email including
damage from virus.
***




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53471t=53471
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Voice solution - help required [7:53469]

[Niraj somaiya]

HI,
Could you please clarify what interface is avilable in the EPBX?It it EM or
E1 ports?

Regards,

Niraj R.Somaiya.


- Original Message -
From: Shane Stockman 
To: 
Sent: Tuesday, September 17, 2002 3:26 PM
Subject: Voice solution - help required [7:53469]


 I have 2 Siemens PABX's at 2 sites as well as a 256KB line between them.I
 would like to make the 256K line a tie line and run only voice on the
link.I
 require 2 routers on both sides preferably 3640's.

 I am not so well versed with voice modules for the Cisco.Could someone
 please assist with a spec for the 3640 ( eg what modules are required
etc..)

 thanks


 _
 Join the worlds largest e-mail service with MSN Hotmail.
 http://www.hotmail.com
Nirmal Datacomm Pvt. Ltd., Mumbai, India




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53472t=53469
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Multilink PPPOE on ADSL [7:53473]

[Stephane Litkowski]

Hi all,

Does someone (especially in France) try to aggregate two ADSL lines using
Multilink PPPoE ?
Does Cisco PPPoE client support this ? Does Freebsd support this ? Does the
DSLAMs (in France) support this feature ?

Thanks for help,

Stephane Litkowski




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53473t=53473
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Multilink PPPOE on ADSL [7:53473]

[Stephane Litkowski]

I think I was wrong, the problem is not the DSLAM, but the BAS ... so does
the BAS support this ?


Stephane Litkowski  a icrit dans le message de news:
[EMAIL PROTECTED]
 Hi all,

 Does someone (especially in France) try to aggregate two ADSL lines using
 Multilink PPPoE ?
 Does Cisco PPPoE client support this ? Does Freebsd support this ? Does
the
 DSLAMs (in France) support this feature ?

 Thanks for help,

 Stephane Litkowski




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53474t=53473
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Static route admin distance [7:53282]

[Black Jack]

I agree that it is weird that so many respected sources have this wrong,
especially since it is so easy to test. Thanks to all who replied,
especially Priscilla and also Sasa Milic for pointing to an earlier
discussion on this issue. Maybe this latest rehash will help get the word
out, and our experts will revise their books!! :-)
-Jack



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53475t=53282
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: 2924 reboots when I plug in a console cabl [7:53135]

[Elijah Savage III]

We had a ton of these devices at work that would do this exact thing.
When I told some of the other engineers to be careful of it they laughed
at me, until one of them plugged into the dmz switch in the middle of
the day and had it reboot. Anyway I put in a tac case and of course the
answer was to flash it, even after flashing it we still had the problem.
I know this is going to sound stupid but what we found out is if we plug
our machine in to the switch then turn the laptop on it would cause the
switch to reboot. If we booted the laptop all the way up, then open up
procomm plus before plugging in to the console port the switch would NOT
reboot. We did this numerous times in our lab with 2900 switches. After
explaining this to TAC they actually sent us replacements and we sent
the others back.

-Original Message-
From: Ciaron Gogarty [mailto:[EMAIL PROTECTED]] 
Sent: Monday, September 16, 2002 11:07 AM
To: [EMAIL PROTECTED]
Subject: RE: RE: 2924 reboots when I plug in a console cabl [7:53135]


Sorry to follow up this thread kind of late.  We had  a similiar
problem, and one of the guys in work found out from cisco that a batch
of switchs were sent out with the wrong setting's for the config-reg.
Another feature...

rgds,

C

-Original Message-
From: Jason Owens
To: [EMAIL PROTECTED]
Sent: 13/09/02 13:25
Subject: Re: RE: 2924 reboots when I plug in a console cabl [7:53135]

I actually am using a Dell laptop. I guess I'll have to look at that
too. I was just going to upgrade the IOS on all of these switches.
Thanks.

[EMAIL PROTECTED] wrote:
 
 Are you using a DELL laptop.  There is know problem with the Dell's 
 and some Cisco devices.  Check CCO for more details.
  
  From: Haakon Claassen (hclaasse)
  Date: 2002/09/11 Wed PM 04:14:33 EDT
  To: [EMAIL PROTECTED]
  Subject: RE: 2924 reboots when I plug in a console cable
 [7:53135]
  
  Never had it
  
  Configured over a hundred of these devices the field
  Using w2k and XP  with Hyperterm or terraterm
  
  regs
  
   
  Haakon Claassen
  EMEA - IT Transport Services -WAN
   
  Cisco Systems
  De Kleetlaan 6b - Pegasus Park
  B-1831 Diegem (Belgium)
   
   
  
  -Original Message-
  From: Jason Owens [mailto:[EMAIL PROTECTED]]
  Sent: woensdag 11 september 2002 21:51
  To: [EMAIL PROTECTED]
  Subject: 2924 reboots when I plug in a console cable [7:53135]
  
  When I plug in a console cable to some of my 2924's they
 reboot (My
  coworker
  is convinced that it is Win2000 sending out a probe because of 
  plug-and-play). I have only seen this on the 2924 and it
 doesn't happen
  on
  all of the ones I have. Has this happened to anyone else? I
 have been
  unable
  to find anything about this on the Cisco web site.
  
  Here is a sh ver from one of the switches this has happened
 on:
  
  Cisco Internetwork Operating System Software
  IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version
 12.0(5)XU, RELEASE
  SOFTWARE (fc1)
  Copyright (c) 1986-2000 by cisco Systems, Inc.
  Compiled Mon 03-Apr-00 16:37 by swati
  Image text-base: 0x3000, data-base: 0x00301398




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53476t=53135
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: 2924 reboots when I plug in a console cabl [7:53135]

[Roberts, Timothy]

I have seen this happen quite often in the past.  It is usually caused by
the laptop sending a signal out the serial port upon boot up that causes the
Cisco box to freak out.  It has been noticed more ofter with Dell Laptops.

-Original Message-
From: Elijah Savage III [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 17, 2002 5:14 AM
To: [EMAIL PROTECTED]
Subject: RE: RE: 2924 reboots when I plug in a console cabl [7:53135]


We had a ton of these devices at work that would do this exact thing.
When I told some of the other engineers to be careful of it they laughed
at me, until one of them plugged into the dmz switch in the middle of
the day and had it reboot. Anyway I put in a tac case and of course the
answer was to flash it, even after flashing it we still had the problem.
I know this is going to sound stupid but what we found out is if we plug
our machine in to the switch then turn the laptop on it would cause the
switch to reboot. If we booted the laptop all the way up, then open up
procomm plus before plugging in to the console port the switch would NOT
reboot. We did this numerous times in our lab with 2900 switches. After
explaining this to TAC they actually sent us replacements and we sent
the others back.

-Original Message-
From: Ciaron Gogarty [mailto:[EMAIL PROTECTED]] 
Sent: Monday, September 16, 2002 11:07 AM
To: [EMAIL PROTECTED]
Subject: RE: RE: 2924 reboots when I plug in a console cabl [7:53135]


Sorry to follow up this thread kind of late.  We had  a similiar
problem, and one of the guys in work found out from cisco that a batch
of switchs were sent out with the wrong setting's for the config-reg.
Another feature...

rgds,

C

-Original Message-
From: Jason Owens
To: [EMAIL PROTECTED]
Sent: 13/09/02 13:25
Subject: Re: RE: 2924 reboots when I plug in a console cabl [7:53135]

I actually am using a Dell laptop. I guess I'll have to look at that
too. I was just going to upgrade the IOS on all of these switches.
Thanks.

[EMAIL PROTECTED] wrote:
 
 Are you using a DELL laptop.  There is know problem with the Dell's 
 and some Cisco devices.  Check CCO for more details.
  
  From: Haakon Claassen (hclaasse)
  Date: 2002/09/11 Wed PM 04:14:33 EDT
  To: [EMAIL PROTECTED]
  Subject: RE: 2924 reboots when I plug in a console cable
 [7:53135]
  
  Never had it
  
  Configured over a hundred of these devices the field
  Using w2k and XP  with Hyperterm or terraterm
  
  regs
  
   
  Haakon Claassen
  EMEA - IT Transport Services -WAN
   
  Cisco Systems
  De Kleetlaan 6b - Pegasus Park
  B-1831 Diegem (Belgium)
   
   
  
  -Original Message-
  From: Jason Owens [mailto:[EMAIL PROTECTED]]
  Sent: woensdag 11 september 2002 21:51
  To: [EMAIL PROTECTED]
  Subject: 2924 reboots when I plug in a console cable [7:53135]
  
  When I plug in a console cable to some of my 2924's they
 reboot (My
  coworker
  is convinced that it is Win2000 sending out a probe because of 
  plug-and-play). I have only seen this on the 2924 and it
 doesn't happen
  on
  all of the ones I have. Has this happened to anyone else? I
 have been
  unable
  to find anything about this on the Cisco web site.
  
  Here is a sh ver from one of the switches this has happened
 on:
  
  Cisco Internetwork Operating System Software
  IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version
 12.0(5)XU, RELEASE
  SOFTWARE (fc1)
  Copyright (c) 1986-2000 by cisco Systems, Inc.
  Compiled Mon 03-Apr-00 16:37 by swati
  Image text-base: 0x3000, data-base: 0x00301398
Confidentiality Notice: This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53477t=53135
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX (DMZ) Nat0 Q. [7:53478]

[Richard Tufaro]

Hey guys, had a quick question on the PIX FW. 

When implementing a DMZ what would be the tangible benefit of using the
traditional:
NAT outside to DMZ inside, create ACLs. As opposed to making a NAT 0
statement in the firewall?

Either way you are going to be using ACL's on the firewall to permit/deny
traffic? Either way the server that you want exposed is going to be on a
different VLAN?

The only thing that I can think of is if you have say, a limited # of IP's
on the outside (I know we all do) but more in the range of 1 External IP and
you had 5 machines on the inside, running different services (FTP, WWW, SSH)
whatever, then you would need to do the traditional DMZ, and NAT back.

Does putting the NAT 0 statement disable the firewall from doing fix-ups to
the NAT0'ed address? I just don't see the need for the traditional way of
DMZ'ing if NAT 0 is going to accomplish the same thing without all the extra
configuration.

Comments? Just trying to get a grip on it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53478t=53478
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Voice solution - help required [7:53469]

[Tom Scott]

Shane, Niraj,

In addition to the information Niraj requested, it would be
helpful if you can compare the real-life situation you're dealing
with the discussion of trunk managment and conditioning in the V
book (pp. 571-702):

HTML version:
http://cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fvvfax_c

entire book in one PDF file:
http://cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fvvfax_c/vcfbook.pdf

I'd like to know how closely the hypothetical examples in the
chapters Configuring Trunk Connections and Conditioning Features
and Configuring PBX Interconnectivity Features fit to your
situation.

-- TT




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53479t=53469
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Doubt on CLID [7:53370]

[Anil Kumar]

Hi Fayyaz,

Thanks a lot for the info. 
As i was going through the Cisco Site and read across Cisco
RPM, by configuring RPM will it help the modules to collect
the digits?

Other than ISDN any other alternative meathod is there?


RegardsAnil 
--- Fayyaz Ahmed  wrote:
 Hi Anil,
 
 what you want to do is not possible with your current
 hardware. Cisco
 support caller ID on none of the analog modem products:
 neither the WIC-AM
 nor the NM-AM.  The problem is that cisco analog modems,
 (WIC-1AM, WIC-2AM,
 NM-8AM, and NM-16AM) have no way to collect the caller ID
 information and
 pass it to IOS for processing. 
 You can screen by phone number using ISDN using the
 'dialer caller' command.
 The reason it works with ISDN is that the call setup
 message includes the
 caller ID information. Unfortunatly the analog modems do
 not support caller
 ID, so we will be unable to collect the digits from the
 switch. 
 I guess an alternate setup for caller ID authentication
 would be to replace
 the analog modem with a NM-6DM (6 Digital modems) and a
 ISDN network module,
 which would support CLID/ANI (if presented to us by the
 switch.). This would
 allow the ISDN switch to pass caller ID to the router. 
 
 Kind Regards
 
 Fayyaz
 
 -Original Message-
 From: Anil Kumar [mailto:[EMAIL PROTECTED]]
 Sent: Sunday, September 15, 2002 1:32 PM
 To: [EMAIL PROTECTED]
 Subject: Doubt on CLID [7:53370]
 
 
 Hi All,
 
 I have got following network setup. Cisco 3660 router
 with
 NM-16AM card. I have got a Cisco ACS v2.6 server for the
 aaa function. The router is configured for the aaa for
 the
 dail in users. 
 
 In order to have more security on the dail in users, i
 wanted to enable the CLID faclity for the authentication
 apart from the username  password. The analog lines has
 been enabled with the CLID faclity by the service
 provider.
 
 In order to make the above work does the router needs to
 configured so that to pass the dialled digits to the ACS
 server?
 If so, please let me know the sample configuration / URL
 for the router and if any special IOS is also required
 for
 the router.
 
 The 3660 Router is having 12.1 IOS version. 
 
 Requst your help on this.
 
 Thanks in Advance,
 
 Regards...Anil
 
 __
 Do you Yahoo!?
 Yahoo! News - Today's headlines
 http://news.yahoo.com
[EMAIL PROTECTED]


__
Do you Yahoo!?
Yahoo! News - Today's headlines
http://news.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53480t=53370
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN Client PreConfig [7:53201]

[Loken, Bjorn]

 Anyone know where I could get some step by step 
 pre-configuration setups for
 a Cisco 3000 VPN Client? Looked around on Cisco, dint seem to 
 find anything...
 
Have a look at Preconfiguring the VPN Client for Remote Users:
http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/3_6/admin_gd/vcac
h2.htm 



HTH

Bjorn




This message contains information that may be privileged or confidential and
is the property of the Cap Gemini Ernst  Young Group. It is intended only
for the person to whom it is addressed. If you are not the intended
recipient, you are not authorized to read, print, retain, copy, disseminate,
distribute, or use this message or any part thereof. If you receive this
message in error, please notify the sender immediately and delete all copies
of this message.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53481t=53201
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Upgrading Cisco PIX Firewall [7:53403]

[Loken, Bjorn]

  ... 
  Hi everybody, 
  I4m trying to upgrade the Firewall PIX 535 (version 6.1.1 
 to 6.1.2) in 
  Monitor mode. I4ve configured everything according to Cisco 
 procedure, and
 
  I4m able to ping the tftp server. But when I issue the tftp server 
 command, 
  the image is not loaded. The tftp server log (Solarwinds) 
 states that it 
 was 
  not able to send the image to the firewall. Does anyone 
 have faced this 
 kind 
  of problem? Any suggestions would be appreciated. 
  Regards 
  Marcos 

I encountered similar problems late one evening uploading an image to a
router, I tried to switch to the Cisco TFTP server, which also bugged out
with an error message saying 'failed (state error)' 
With both servers the transfer stopped after about 5 seconds, and then timed
out after about a minute. 

The solution in my case was to follow the advice in:
http://www.cisco.com/warp/public/63/install_tftp.html#state_error

Disabling logging in solarwinds did not improve the situation that night. 

As to the reason for the failure... I expect that to be one of those little
demons that pops up friday night when you want to go for a beer with your
friends but instead have to sacrifice hours in front of the routers. I did
learn a lot of partitioning flash, how to get hold of spare RAM at 8 PM in
the evening, quirks of tftp-servers and mss-settings in GRE-tunnels. 

After that the tftp-servers have behaved, and I am still partial to the
possession theory until something better comes up :-)

Bjorn


This message contains information that may be privileged or confidential and
is the property of the Cap Gemini Ernst  Young Group. It is intended only
for the person to whom it is addressed. If you are not the intended
recipient, you are not authorized to read, print, retain, copy, disseminate,
distribute, or use this message or any part thereof. If you receive this
message in error, please notify the sender immediately and delete all copies
of this message.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53482t=53403
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Bridging Loops [7:53485]

[J B]

Help!

How can I find out for sure If I have a bridging loop.
I have 5 2900 XL connected together in a chain and one port connected as a
trunk to a 3550.
Two VLANS Management and Systems.

Performance is very slow when users are trying to connect to the network
servers.
Any input will be appreciated.

Thanks
JB


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53485t=53485
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Routing Loops [7:53483]

[J B]

Help!

How can I find out for sure If I have a bridging loop.
I have 5 2900 XL connected together in a chain and one port connected as a
trunk to a 3550.
Two VLANS Management and Systems.

Performance is very slow when users are trying to connect to the network
servers.
Any input will be appreciated.

Thanks
JB


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53483t=53483
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Routing Loops [7:53484]

[J B]

Help!

How can I find out for sure If I have a bridging loop.
I have 5 2900 XL connected together in a chain and one port connected as a
trunk to a 3550.
Two VLANS Management and Systems.

Performance is very slow when users are trying to connect to the network
servers.
Any input will be appreciated.

Thanks
JB


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53484t=53484
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Upgrading Cisco PIX Firewall [7:53403]

[Andrew Larkins]

I have just upgraded a PIX 515 to 6.2.1 from 6.1
There was a problem in that the image stopped after 5 secs. I had to erase
the flash and the reload the new image and she worked great.

Andrew

-Original Message-
From: Loken, Bjorn [mailto:[EMAIL PROTECTED]]
Sent: 17 September 2002 16:09
To: [EMAIL PROTECTED]
Subject: RE: Upgrading Cisco PIX Firewall [7:53403]


  ... 
  Hi everybody, 
  I4m trying to upgrade the Firewall PIX 535 (version 6.1.1 
 to 6.1.2) in 
  Monitor mode. I4ve configured everything according to Cisco 
 procedure, and
 
  I4m able to ping the tftp server. But when I issue the tftp server 
 command, 
  the image is not loaded. The tftp server log (Solarwinds) 
 states that it 
 was 
  not able to send the image to the firewall. Does anyone 
 have faced this 
 kind 
  of problem? Any suggestions would be appreciated. 
  Regards 
  Marcos 

I encountered similar problems late one evening uploading an image to a
router, I tried to switch to the Cisco TFTP server, which also bugged out
with an error message saying 'failed (state error)' 
With both servers the transfer stopped after about 5 seconds, and then timed
out after about a minute. 

The solution in my case was to follow the advice in:
http://www.cisco.com/warp/public/63/install_tftp.html#state_error

Disabling logging in solarwinds did not improve the situation that night. 

As to the reason for the failure... I expect that to be one of those little
demons that pops up friday night when you want to go for a beer with your
friends but instead have to sacrifice hours in front of the routers. I did
learn a lot of partitioning flash, how to get hold of spare RAM at 8 PM in
the evening, quirks of tftp-servers and mss-settings in GRE-tunnels. 

After that the tftp-servers have behaved, and I am still partial to the
possession theory until something better comes up :-)

Bjorn


This message contains information that may be privileged or confidential and
is the property of the Cap Gemini Ernst  Young Group. It is intended only
for the person to whom it is addressed. If you are not the intended
recipient, you are not authorized to read, print, retain, copy, disseminate,
distribute, or use this message or any part thereof. If you receive this
message in error, please notify the sender immediately and delete all copies
of this message.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53486t=53403
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Bridging Loops [7:53485]

[Haakon Claassen (hclaasse)]

You have a mail loop degrading your performance ;-)

 
Haakon Claassen
EMEA - IT Transport Services -WAN
 
Cisco Systems
De Kleetlaan 6b - Pegasus Park
B-1831 Diegem (Belgium)
 
 

-Original Message-
From: J B [mailto:[EMAIL PROTECTED]] 
Sent: dinsdag 17 september 2002 16:25
To: [EMAIL PROTECTED]
Subject: Bridging Loops [7:53485]

Help!

How can I find out for sure If I have a bridging loop.
I have 5 2900 XL connected together in a chain and one port connected as
a
trunk to a 3550.
Two VLANS Management and Systems.

Performance is very slow when users are trying to connect to the network
servers.
Any input will be appreciated.

Thanks
JB




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53487t=53485
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Bridging Loops [7:53485]

[Mark W. Odette II]

Off the cuff, I would think that debugging Spanning-Tree Events might
shed some light... beyond that, look at the interface stats to see if
you are experiencing any CRC, Input, Output, or other types of errors.
If the trunk port between the 3550 and the 2900 is a Gig port on Fiber,
you might look at changing it out for a known good Fiber cable.  Just a
wild guess though.

In the past, when I had two 5500's trunked together for load
balance/redundancy, and at one time I experienced the same issue you
describe.  After reviewing interface stats and client networking configs
and found no errors in either, I looked to the cable... and sure enough,
that was the problem.

HTHs!
Mark

-Original Message-
From: J B [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, September 17, 2002 9:25 AM
To: [EMAIL PROTECTED]
Subject: Bridging Loops [7:53485]

Help!

How can I find out for sure If I have a bridging loop.
I have 5 2900 XL connected together in a chain and one port connected as
a
trunk to a 3550.
Two VLANS Management and Systems.

Performance is very slow when users are trying to connect to the network
servers.
Any input will be appreciated.

Thanks
JB




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53488t=53485
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: MPLS Books [7:53255]

[Mark W. Odette II]

This is a learning forum, with no hard-fast rule to boycott the
acknowledgement of other vendors.

Even Cisco documents (to an extent) how to interconnect their equipment
to competitors' equipment on CCO.  So there shouldn't be a big deal.

So, if you wouldn't mind, please make an addendum to your last post and
tell us the name of the vendor that has these oh-so-wonderful white
papers!

Thanks,
Mark

-Original Message-
From: nrf [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, September 17, 2002 1:18 AM
To: [EMAIL PROTECTED]
Subject: Re: MPLS Books [7:53255]

Depends on what you want.  It is my opinion that neither is really that
good.  Don't get me wrong, they're OK, but they certainly aren't worthy
of
touching Doyle, not by a long shot.  The Pepelnjak one talks a lot about
VPN's but makes absolutely no mention of TE.  The Alwayn one talks about
TE,
if briefly.  Like I said, neither book is really comprehensive.  And
unfortunately, as you might expect with a fast-moving technology like
MPLS,
both books are already somewhat obsolete.

The best high-level explanations of MPLS, especially MPLS VPN's,  are
white
papers from, err, another vendor that shall remain unnamed.


Silju Pillai  wrote in message
news:[EMAIL PROTECTED]...
 I would like to know which is the best book on Cisco MPLS-VPN. I saw
two
 books on MPLS VPN Architectures of the same author in Ciscopress and
amazon.
 Whats the difference between these two? Which one is better?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53489t=53255
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Telnet session traversing PIX are timingout [7:53490]

[KM Reynolds]

Hi,

I have telnet sessions that orginate on the internal side of a PIX to a 
server on the external side that are timing out (after 60 seconds).  Is 
there a command to increase the timeout period for telnet? If there is what 
is the max?

TIA
KR



_
Join the worlds largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53490t=53490
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Problem Gatekeeper and registratio gateway [7:53420]

[Tunji Suleiman]

Alfredo, Voice gurus

I presently have aaa enabled on my gatekeeper and gateways, with a radius 
server for authentication, authorisation and accounting. All's kosher, no 
issues.

Now, I imagine how useful the option:

security password xyz level all

and

security token required-for all

on the gateway and gatekeeper respectively can be if where I want CPE 
gateways to authenticate not only for registration but also per call.

I imagine I can remove aaa for a gateway, define xyz password on the radius 
server for the gateway, enter above commands and have  gatekeeper 
authenticate gateway for registration, authorize it, and send accounting 
info for all calls to radius server, and hence eliminate radius traffic 
between each gateway and radius server.

So I enter on the gatekeeper security token required-for all and on the 
gateway security password xyz level all. I however could not register the 
gateway to the gatekeeper.

I will appreciate pointers from anybody.

TIA


From: Idecnet Admin 
To: Tunji Suleiman 
Subject: Re: Problem Gatekeeper and registratio gateway [7:53420]
Date: Tue, 17 Sep 2002 12:22:59 +0100

O my god you are an angel  that enlightened my away, just kiding.

 Ok Tunji, now the registration is OK, I added new prefix to 827 how to
say me.

I had seen this message too %CCH323-2-GTWY_REGSTR_FAILED: Gateway [chars]
failed to register with
  Gatekeeper [chars] even after [dec] retries  .

 Thanks Thanks for you help Tunji,

Many Regards for you  and I hope you have a good day.


--
  Alfredo Pulido   [EMAIL PROTECTED]
  Dept. Sistemas, IdecNet S.A.
  Juan XXIII 44 // E-35004 Las Palmas de Gran Canaria,
  Las Palmas // SPAIN
  Tel: +34 828 111 000   Fax: +34 828 111 112
  http://www.idecnet.com/
--
- Original Message -
From: Tunji Suleiman 
To: 
Sent: Tuesday, September 17, 2002 10:25 AM
Subject: Re: Problem Gatekeeper and registratio gateway [7:53420]


  That is a new one to me, I checked on CCO, see below:
 
  %CCH323-2-GTWY_REGSTR_FAILED: Gateway [chars] failed to register with
  Gatekeeper [chars] even after [dec] retries
 
  Explanation:   A gateway has failed to register with the gatekeeper.
 
  Recommended Action:   Copy the error message exactly as it appears on 
the
  console or in the system log. Issue the show tech-support command to
gather
  data that may help identify the nature of the error. If you cannot
determine
  the nature of the error from the error message text or from the show
  tech-support command output, contact your Cisco technical support
  representative and provide the representative with the gathered
information.
 
 
  Try this, add a prefix on the GK for the gateway pruea827, just like u 
did
  for the as5300-1. Take out the  security token required-for all under
  gatekeeper config and security password prueba level endpoint under
  gateway, and see if it registers.
 
  Regards
 
 
 
  From: Idecnet Admin 
  To: \Tunji Suleiman\ 
  Subject: Re: Problem Gatekeeper and registratio gateway [7:53420]
  Date: Tue, 17 Sep 2002 09:40:03 +0100
  
  Hello Tunji, I don't Know because the e-mail that I sent to news
groupstudy
  is corrupt in the news.
  
  Below is the original e-mail I wrote in my PC, and I sent to 
groupstudy.
  
  If you not receive the configuration gatekeeper and gateway, please you
  contact with me again.
  
  Thanks for all,
  
  Waiting for you answerr,
  
  Regards,
  
  --
Alfredo Pulido   [EMAIL PROTECTED]
Dept. Sistemas, IdecNet S.A.
Juan XXIII 44 // E-35004 Las Palmas de Gran Canaria,
Las Palmas // SPAIN
Tel: +34 828 111 000   Fax: +34 828 111 112
http://www.idecnet.com/
  --
  
  
  ORIGINAL E-MAIL:
  
  
  Hello people,
  
   I have a problem when I want support AAA in my Gatekeeper. If
  Gatekeeper
  is configured without AAA, all run OK.
   My Hardware for the Gatekeeper is 3620, IOS 12.2(8)T5.
   Gateway 827.
  
   The configuration with AAA is in LOCAL, in the future they will be
  with
  RADIUS.
  
  CONFIGURATION:
  
  
  GATEKEEPER:
  .
  .
  .
  aaa new-model
  !
  !
  aaa authentication login h323 local
  aaa authorization exec default local
  aaa authorization exec h323 local
  aaa session-id common
  !
  username pruea827 password prueba
  .
  .
  !
  gatekeeper
zone local NetGK idecnet.com 212.64.XXX.YYY
zone prefix NetGK 928.. gw-priority 10 as5300-1
security token required-for all
gw-type-prefix 1#* default-technology
no shutdown
  !
  .
  
  *
  CONFIGURATION GATEWAY 827
  .
  .
  !
  interface Dialer0
ip address 212.64.xxx.zzz 255.255.255.0
encapsulation ppp
dialer pool 1
ppp pap sent-username adsl password 7tt
h323-gateway voip interface
h323-gateway voip id NetGK ipaddr 212.64.xxx.yyy 1719
h323-gateway voip h323-id pruea827
  !
  dial-peer voice 1 pots
destination-pattern 928112000
port 1
  !
  dial-peer voice 5 voip
destination-pattern 928..
session 

IOS upgrade/Strange services [7:53492]

[[EMAIL PROTECTED]]

I've recently upgraded one of our routers to 12.2(11)T - IP/FW/IDS/3DES.
After upgrading I ran a scan against the interface, using Secure Scanner,
and it came back with a lot of services running  Cu-seeme, talk, tftp,
rpc-nfs, rwho, etc...  (about 16 total).  Scanning prior to the upgrade,
came back with nothing.  I'm a little worried that this new image is leaving
me open.  Has anyone experienced this and if so how did ya fix it.

Thanx,
mkj

~~~
Michael Jablonski
ABN AMRO Asset Management Holdings, Inc.
161 North Clark St.
9th Flr
Chicago, IL  60601-2468
PH: 312.884.2996 
FAX: 312.278.5550
~~~




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53492t=53492
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Problems with suscription [7:53493]

[Fer Saldaña del Castillo]

Hi,

I would like to know if you have nay problems with your service of e.mail,
because I have not receive any e-mail from you since july. From any of the
groupstudy suscription services.

I need to continue wit the suscriiption for my Lab on next april. 

Thank you for your help

Fernando Saldana




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53493t=53493
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

token ring [7:53494]

[Jake]

Is there any way to simulate Token ring on a router without having a Token
ring interface in a lab environment?

Thanks
jake




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53494t=53494
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: MPLS Books [7:53255]

[Chris Theiss]

Juniper's site has loads of of mpls goodness.

Mark W. Odette II wrote:
 This is a learning forum, with no hard-fast rule to boycott the
 acknowledgement of other vendors.
 
 Even Cisco documents (to an extent) how to interconnect their equipment
 to competitors' equipment on CCO.  So there shouldn't be a big deal.
 
 So, if you wouldn't mind, please make an addendum to your last post and
 tell us the name of the vendor that has these oh-so-wonderful white
 papers!
 
 Thanks,
 Mark
 
 -Original Message-
 From: nrf [mailto:[EMAIL PROTECTED]] 
 Sent: Tuesday, September 17, 2002 1:18 AM
 To: [EMAIL PROTECTED]
 Subject: Re: MPLS Books [7:53255]
 
 Depends on what you want.  It is my opinion that neither is really that
 good.  Don't get me wrong, they're OK, but they certainly aren't worthy
 of
 touching Doyle, not by a long shot.  The Pepelnjak one talks a lot about
 VPN's but makes absolutely no mention of TE.  The Alwayn one talks about
 TE,
 if briefly.  Like I said, neither book is really comprehensive.  And
 unfortunately, as you might expect with a fast-moving technology like
 MPLS,
 both books are already somewhat obsolete.
 
 The best high-level explanations of MPLS, especially MPLS VPN's,  are
 white
 papers from, err, another vendor that shall remain unnamed.
 
 
 Silju Pillai  wrote in message
 news:[EMAIL PROTECTED]...
 
I would like to know which is the best book on Cisco MPLS-VPN. I saw
 
 two
 
books on MPLS VPN Architectures of the same author in Ciscopress and
 
 amazon.
 
Whats the difference between these two? Which one is better?
-- 
Chris Theiss
IPG WAN Group
[EMAIL PROTECTED]
(312) 425-6624




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53495t=53255
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX books or training resources [7:53497]

[Symon Thurlow]

Can anyone recommend some good resources for learning PIX? I have good
Checkpoint skills etc.

Also, any tips or tricks for migrating from Checkpoint to PIX? I am doing
this at the moment, and tyring to match the Checkpoint rule set to the PIX
ruleset is , um, entertaining.

Cheers,

Symon




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53497t=53497
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Port Security on 3550 [7:53446]

[Sasa Milic]

With port security command, but it won't help you. Anyone
can connect passive sniffer to that port, and switch won't
block the port since there is no incoming traffic (you
will configure port to be SPAN, right ? So anyone can sniff
on that port).

Sasa


JohnZ wrote:
 
 How do you enable port security on a 3550. I want to use a port for sniffer
 and want to make sure that only my laptop is able to gain access on that
 certain port.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53498t=53446
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco WS-C3016B lithium battery replacement? [7:53499]

[Russ Kula]

I've recently acquired a Cisco WS-C3016B.  Unfortunately, it appears as
though the onboard battery is dead.  (The error message on boot: FATAL
SYSTEM ERROR: SS_RTC_Initialize: The Clock's Battery is Dead.)

Is this a servicable battery I can replace?  (Don't call me an idiot, but I
couldn't find the battery when I opened up the case.)  Or is the
battery embedded in another component?

--
Russ



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53499t=53499
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Port Security on 3550 [7:53446]

[Kevin Wigle]

well I think port security would still be helpful.  Port security is
concerned with outgoing traffic from the port not incoming.

setting the security to allow only one MAC would prevent another computer
from using the port.

If another computer tried to use the port with the wrong MAC then the port
would shut down after 90 seconds.

Kevin Wigle

- Original Message -
From: Sasa Milic 
To: 
Sent: Tuesday, September 17, 2002 1:20 PM
Subject: Re: Port Security on 3550 [7:53446]


 With port security command, but it won't help you. Anyone
 can connect passive sniffer to that port, and switch won't
 block the port since there is no incoming traffic (you
 will configure port to be SPAN, right ? So anyone can sniff
 on that port).

 Sasa


 JohnZ wrote:
 
  How do you enable port security on a 3550. I want to use a port for
sniffer
  and want to make sure that only my laptop is able to gain access on that
  certain port.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53500t=53446
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Telnet session traversing PIX are timingout [7:53490]

[Caballero, Eddie]

I've seen this issue before with SSH timing out over a perfectly good
connection without packet loss.  The problem was with the MTU size being too
small and the packet was getting dropped.  
The packet was going through a VPN tunnel through the network to a VPN
concentrator.
Here's an example.  
The telnet packet was  1435 bytes in size including all the headers.
The Router maximum MTU was  1456 for example. 
So far so good... Looks like it should get through, correct ports are open
etc..
Now the VPN encryption adds an extra  25 bytes for example ( I don't have
exact numbers).
Now you have a packet that is Encapsulated with encryption for a total size
of 1460 bytes.
Oh and what also happens is the VPN will put a DO NOT Fragment flag on the
packet, because of the encryption.
Whats going to happen once that packet hits the router with an MTU size of
1456?  
It gets dropped because the packet is too large.   What happens to the
telnet or SSH session, is it starts dropping packets and then times out.  It
doesn't receive and ACK's from the other end and thinks it is timing out.

So A.  Is there VPN involved?  If so, could be MTU issue.
   B.  Check the MTU size.Send some large sized pings over 1400 bytes in
size with the Do not Fragment Flag.  Find out if and where the MTU is set
too low.
   C.  Of course check for packet loss or extreme latency.


Welp hopefully this helps from my experiences with this type of issue.


Eddie
Corio Inc.
   



-Original Message-
From: KM Reynolds [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 17, 2002 8:33 AM
To: [EMAIL PROTECTED]
Subject: Telnet session traversing PIX are timingout [7:53490]


Hi,

I have telnet sessions that orginate on the internal side of a PIX to a 
server on the external side that are timing out (after 60 seconds).  Is 
there a command to increase the timeout period for telnet? If there is what 
is the max?

TIA
KR



_
Join the worlds largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53501t=53490
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Port Security on 3550 [7:53446]

[Sasa Milic]

Kevin,

port security works by monitoring INCOMING traffic to the switch.
If source mac in incoming packets is not the one configured, port
is either blocked or snmp trap is sent.

And what if another computer use the port without sending any
traffic (just capturing traffic, without sending anything) ?
Switch won't shut it down.

Sasa

Kevin Wigle wrote:
 
 well I think port security would still be helpful.  Port security is
 concerned with outgoing traffic from the port not incoming.
 
 setting the security to allow only one MAC would prevent another computer
 from using the port.
 
 If another computer tried to use the port with the wrong MAC then the port
 would shut down after 90 seconds.
 
 Kevin Wigle
 
 - Original Message -
 From: Sasa Milic 
 To: 
 Sent: Tuesday, September 17, 2002 1:20 PM
 Subject: Re: Port Security on 3550 [7:53446]
 
  With port security command, but it won't help you. Anyone
  can connect passive sniffer to that port, and switch won't
  block the port since there is no incoming traffic (you
  will configure port to be SPAN, right ? So anyone can sniff
  on that port).
 
  Sasa
 
 
  JohnZ wrote:
  
   How do you enable port security on a 3550. I want to use a port for
 sniffer
   and want to make sure that only my laptop is able to gain access on
that
   certain port.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53502t=53446
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: token ring [7:53494]

[Raul F. Fernandez]

yes, on codes from 12.0 and up you can configure a virtual-tokenrin X
interface. Basically a loop back by another name but you can add source
bridge commands ect.

Cheers,

Raul

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Jake
Sent: Tuesday, September 17, 2002 12:14 PM
To: [EMAIL PROTECTED]
Subject: token ring [7:53494]


Is there any way to simulate Token ring on a router without having a Token
ring interface in a lab environment?

Thanks
jake




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53503t=53494
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: What's the Technical difference between Switch and [7:53468]

[Priscilla Oppenheimer]

R.S.Sundar wrote:
 
 Hello All,
 
 What's the Technical difference between Swich and Switching Hub.
 
 Generally we have hubs,switch and switching hub .In which
 situation a
 switching hub can be used.
 
 Can we use it instead of a switch.

Switching hub isn't a technical term, so we can't answer the question with
a technical answer. It sounds like it's specific to a particular product. So
your best bet is to read the specs for that product.

Cisco at one point used the term switching hub for some low-end switches
that they had. They really were switches, not hubs. Each port provided
dedicated bandwidth and connected just one device. The port couldn't connect
a shared network or hub, just a single device. I guess Cisco used the term
switching hub instead of switch because these low-end devices didn't
have any fancy switching features to support VLANs, spanning tree, etc.

Such a device could replace a hub and offer much higher performance,
although, as mentioned, it must be placed into the topology in such a
fashion that the ports connect just one device. It may support some uplink
ports for connecting to other switches or shared networks.

But the bottom line is that you need to read the specs for your actual
product and see what the vendor means by this confusing, non-standard term
switching hub.

It's a shame that the vendor didn't stick to standard,
technically-comprehensive terminology, which defines a switch as a
data-link-layer device that offers dedicated bandwidth to each port, and a
hub as a physical-layer device that offers shared bandwidth for the ports.

Priscilla


 
 Regards,
 
 R.S.Sundar
 
 ***
 This message is proprietary to Future Software Limited (FSL) 
 and is intended solely for the use of the individual to whom it
 is addressed. It may contain  privileged or confidential
 information
 and should not be circulated or used for any purpose other than
 for
 what it is intended. 
 
 If you have received this message in error, please notify the
 originator immediately. If you are not the intended recipient,
 you are notified that you are strictly prohibited from using,
 copying, altering, or disclosing the contents of this message. 
 FSL accepts no responsibility for loss or damage arising from 
 the use of the information transmitted by this email including
 damage from virus.
 ***
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53504t=53468
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Port Security on 3550 [7:53446]

[Kevin Wigle]

well I guess we're mixing up directions...

yes incoming from a device attached to a port on the switch.

which would still help him but wouldn't be perfect.

no, the port wouldn't shut down if a promiscuous mode nic was plugged in.
It would receive everything.

but that PC would not be able to send anything - to do so the switch would
learn it's MAC - which
wouldn't match and the port would shut down.

But consider this... what info is passed between the switch and the NIC
so that the Link light goes on?
I don't know... will the switch still learn the MAC even if real traffic
is not passed?

Kevin Wigle

- Original Message -
From: Sasa Milic 
To: 
Sent: Tuesday, September 17, 2002 2:40 PM
Subject: Re: Port Security on 3550 [7:53446]


 Kevin,

 port security works by monitoring INCOMING traffic to the switch.
 If source mac in incoming packets is not the one configured, port
 is either blocked or snmp trap is sent.

 And what if another computer use the port without sending any
 traffic (just capturing traffic, without sending anything) ?
 Switch won't shut it down.

 Sasa

 Kevin Wigle wrote:
 
  well I think port security would still be helpful.  Port security is
  concerned with outgoing traffic from the port not incoming.
 
  setting the security to allow only one MAC would prevent another
computer
  from using the port.
 
  If another computer tried to use the port with the wrong MAC then the
port
  would shut down after 90 seconds.
 
  Kevin Wigle
 
  - Original Message -
  From: Sasa Milic
  To:
  Sent: Tuesday, September 17, 2002 1:20 PM
  Subject: Re: Port Security on 3550 [7:53446]
 
   With port security command, but it won't help you. Anyone
   can connect passive sniffer to that port, and switch won't
   block the port since there is no incoming traffic (you
   will configure port to be SPAN, right ? So anyone can sniff
   on that port).
  
   Sasa
  
  
   JohnZ wrote:
   
How do you enable port security on a 3550. I want to use a port for
  sniffer
and want to make sure that only my laptop is able to gain access on
 that
certain port.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53505t=53446
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Port Security on 3550 [7:53446]

[Sasa Milic]

Kevin Wigle wrote:
 
 no, the port wouldn't shut down if a promiscuous mode nic was plugged in.

It doesn't matter in what mode nic is working, prom or not. If nic
is not sending traffic, port will stay up.

 but that PC would not be able to send anything

Maybe owner of that PC don't want to send. That PC will be able to sniff
everything, that's the point.

 But consider this... what info is passed between the switch and the NIC
 so that the Link light goes on?

No MAC packets are exchanged.

 will the switch still learn the MAC even if real traffic is not passed?

No.

Regards,
  Sasa
  CCIE 8635




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53506t=53446
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Port Security on 3550 [7:53446]

[Mark W. Odette II]

Or, to expand the question further, for a Windows-based sniffer, does
the Promiscuous Mode driver block even NetBIOS chatter from transmitting
on the NIC plugged into the SPAN Switch Port??

I've never paid attention to data captures for that, but I think that a
Windows-based Sniffer would give itself away by means of its NetBIOS
broadcast to identify itself with other Windows clients.  If that
occurred, then I think the Port Security would come into action.

Priscilla, care to comment?!?!

Mark
-Original Message-
From: Kevin Wigle [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, September 17, 2002 2:25 PM
To: [EMAIL PROTECTED]
Subject: Re: Port Security on 3550 [7:53446]

well I guess we're mixing up directions...

yes incoming from a device attached to a port on the switch.

which would still help him but wouldn't be perfect.

no, the port wouldn't shut down if a promiscuous mode nic was plugged
in.
It would receive everything.

but that PC would not be able to send anything - to do so the switch
would
learn it's MAC - which
wouldn't match and the port would shut down.

But consider this... what info is passed between the switch and the
NIC
so that the Link light goes on?
I don't know... will the switch still learn the MAC even if real
traffic
is not passed?

Kevin Wigle

- Original Message -
From: Sasa Milic 
To: 
Sent: Tuesday, September 17, 2002 2:40 PM
Subject: Re: Port Security on 3550 [7:53446]


 Kevin,

 port security works by monitoring INCOMING traffic to the switch.
 If source mac in incoming packets is not the one configured, port
 is either blocked or snmp trap is sent.

 And what if another computer use the port without sending any
 traffic (just capturing traffic, without sending anything) ?
 Switch won't shut it down.

 Sasa

 Kevin Wigle wrote:
 
  well I think port security would still be helpful.  Port security is
  concerned with outgoing traffic from the port not incoming.
 
  setting the security to allow only one MAC would prevent another
computer
  from using the port.
 
  If another computer tried to use the port with the wrong MAC then
the
port
  would shut down after 90 seconds.
 
  Kevin Wigle
 
  - Original Message -
  From: Sasa Milic
  To:
  Sent: Tuesday, September 17, 2002 1:20 PM
  Subject: Re: Port Security on 3550 [7:53446]
 
   With port security command, but it won't help you. Anyone
   can connect passive sniffer to that port, and switch won't
   block the port since there is no incoming traffic (you
   will configure port to be SPAN, right ? So anyone can sniff
   on that port).
  
   Sasa
  
  
   JohnZ wrote:
   
How do you enable port security on a 3550. I want to use a port
for
  sniffer
and want to make sure that only my laptop is able to gain access
on
 that
certain port.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53507t=53446
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IPM latency graphs [7:53508]

[Persio Pucci]

Folks,

I have a friend that has a CiscoWorks IPM running on a LAN monitoring a
couple
of routers with STM-1 ATM interfaces on it (3 in one, and 2 on the other
one).
It monitors latency between this routers and the routers on the other end of
th ATM interfaces (different routers).

He's telling me that on the latency graph, it is on an average of 30ms, and
sometimes the latency of an interface just bursts up to 500ms and sometimes
up
to 1s. This will happen on a per-interface basis, I mean, it won't happen at
the same time for all the interfaces, but happens randomly between the ints.
The interfaces are running on 80~100Mb each, and the router is on 20% CPU
usage. The queues stays on 0 during these latency bursts.

Does anybody have any idea on what can these bursts be? Once it is using RTR,
it cannot be a problem on the LAN environment where the IPM sits, am I right?
And the interfaces, although they are running on 100mb, they are not on 100%
and there should be no latency before the interface is full, right?

Any ideas?

TIA

Persio




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53508t=53508
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco Contract Center [7:53509]

[Brian Zeitz]

When I try to log into the Serice contract center on Cisco.com, I get=20

=20


Exception: null StackTrace: java.lang.NullPointerException at
CSA.CSAMenu.getParentItemId(CSAMenu.java, Compiled Code) at
CSA.aoCSACommonData.setMenuId(aoCSACommonData.java, Compiled Code) at
CSA.aoCSADispatch.getAppSpecificSettings(aoCSADispatch.java, Compiled
Code) at CSA.aoCSADispatch.dynamicDispatch(aoCSADispatch.java, Compiled
Code) at CSA.aoCSADisplay.getContractPage(aoCSADisplay.java, Compiled
Code) at CSA.aoCSADisplay.dispatch(aoCSADisplay.java, Compiled Code) at
java.lang.reflect.Method.invoke(Native Method) at
CSA.aoCSADispatch.dispatchObject(aoCSADispatch.java, Compiled Code) at
CSA.aoCSADispatch.dynamicDispatch(aoCSADispatch.java, Compiled Code) at
CSA.aoCSADisplay.dispatch(aoCSADisplay.java, Compiled Code) at
java.lang.reflect.Method.invoke(Native Method) at
CSA.aoCSADispatch.dispatchObject(aoCSADispatch.java, Compiled Code) at
CSA.aoCSADispatch.dynamicDispatch(aoCSADispatch.java, Compiled Code) at
CSA.aoCSAMainImpl.runApplication(aoCSAMainImpl.java, Compiled Code) at
CSA.uoCSADispatchImpl.action(uoCSADispatchImpl.java, Compiled Code) at
CORP.uoAppTransition.action(uoAppTransition.java, Compiled Code) at
CORP.uoApplicationServer.runApplication(uoApplicationServer.java,
Compiled Code) at
CORP.uoAppFrame.runApplicationWithEnvDecode(uoAppFrame.java, Compiled
Code) at CORP.uoAppFrame.runApplicationWithBinEnv(uoAppFrame.java,
Compiled Code) at CORP.uoCCFRequest.run(uoCCFRequest.java, Compiled
Code) at CORP.CCFThread.run(CCFThread.java, Compiled Code) at
java.lang.Thread.run(Thread.java, Compiled Code)=20

=20

Does anyone else have problems with this? I have contracts, but I add
them and nothing happens. Very frustrating. I can't update my Pix
because without the contract entries, I can't get to the software
center. I tried emailing the address, got no response. I think they need
to hire some new programmers at Cisco. And this is supposed to be the
NEW SCC? Also after you log in, click on help, you get a Page not
found. This is a disgrace.








=20

[GroupStudy.com removed an attachment of type image/gif which had a name of
image001.gif]

[GroupStudy.com removed an attachment of type image/gif which had a name of
image002.gif]

[GroupStudy.com removed an attachment of type image/gif which had a name of
image003.gif]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53509t=53509
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

hide networks in OSPF [7:53510]

[bi.s]

hi,

is it possible to hide networks in ospf?
i have a network in area 2 and it should stay there, should not ne 
visible in areo 0 and all the other areas.
is there a way to do it? i know, it doesnt really fit in how ospf works, 
but who knows.

can someone point me to the feature if there is any?

thanks a lot
-bis




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53510t=53510
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Site To Site VPN b/w PIX 515 and Open BSD [7:53511]

[Curious]

All-
Any one knows to configure site to site VPN over IPSEC tunnel b/w PIX 515
and OpenBSD.

Thanks


--
Curious

MCSE, CCNP




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53511t=53511
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: hide networks in OSPF [7:53510]

[Kent Yu]

You may want take a look at this:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122
t/122t11/ft11at3f.htm#xtocid1


HTHs
Kent

bi.s  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 hi,

 is it possible to hide networks in ospf?
 i have a network in area 2 and it should stay there, should not ne
 visible in areo 0 and all the other areas.
 is there a way to do it? i know, it doesnt really fit in how ospf works,
 but who knows.

 can someone point me to the feature if there is any?

 thanks a lot
 -bis




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53512t=53510
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

EIGRP authentication. [7:53513]

[enginedrive2002]

If Router A and Router B are connected using serial interface, both of them
are running EIGRP.

On Router A, I have configure ip authentication mode eigrp AS# md5 and ip
authentication key-chain eigrp AS#  under interface
configuration mode, also configure the key chain, key-string under
global configuration mode.

On Router B, I didn't nothing with EIGRP authentication. Router A and B
suppose should not be able to set up neighbour relationship, but now Router
A and Router can see each other while running show ip eigrp neighbour, the
subnet information of Router A also appear in Router B routing table, and
vice versa.

Any configuration commands I missed? What debug command I can use to verify
the authentication is working or not?

Thank you for your input!


E.D.



__ 
Post your ad for free now! http://personals.yahoo.ca




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53513t=53513
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CSIDS [7:53514]

[Nuno]

Good afternoon.

  I wonder if any one has done the CSIDS cisco exam, and can tell me how
hard is it, and it's passing score.

Thank you

  Nuno Ventura




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53514t=53514
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX Access-list host to host [7:53515]

[JohnZ]

Hi,
Can some one tell me if it's possible to give full access host to host
without specifing a port. Basically what I would like to do is open up
temporarily complete access between a host on the outside and one on the
inside. I have searched the CCO and havn't found any thing that tells me
it's possible.
Thanks,
Shawn




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53515t=53515
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Jumbo Frames On 6509 help... [7:53516]

[David Titov]

Hello all,

I have 2 win2k servers with 3com 3C996 Gigabit Cards attached to a cisco 6509
with a WS-X6408-GBIC 8 port gigabit module.  I have turned off trunking and
channeling on the two ports on my 6509 and I have enabled jumbo frames which
is supposed to set the mtu size to 9216.  They are also in their own vlan and
the mtu in the vlan is set to 9216 as well.  On the 3com cards themselves,
when I try to raise the mtu above the standard 1500, I get Giants on my
switch.  It is like the 6509 is not really allowing packets over the 1500 mtu
size even though the jumbo frames are enabled.  Any ideas?  Here is the show
port jumbo command which verifies that my 2 ports are enabled for jumbo
frames.

6509 (enable) show port jumbo
Jumbo frames MTU size is 9216 bytes.
Jumbo frames enabled on port(s) 9/2-3.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53516t=53516
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: EIGRP authentication. [7:53513]

[ccie fan]

Configuration basically correct on router A side.
Can you try a 'clear ip eigrp nei' and see what happen?

I have experience I have to apply this config in router twice to get it work.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53517t=53513
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: hide networks in OSPF [7:53510]

[ccie fan]

I remember when do area range command, we have a no-advertise option.
this may help.



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53518t=53510
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: MPLS for 2500 [7:53353]

[Larkin, Richard]

Definitely yes with PPP - a new NCP (MPLSCP) provides indication that the
frame is an MPLS frame instead of an IP or IPX frame. MPLS is treated as
just another network layer protocol.

Not sure about HDLC though.

Richard Larkin

-Original Message-
From: Tom Scott [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, 17 September 2002 4:41 AM
To: [EMAIL PROTECTED]
Subject: Re: MPLS for 2500 [7:53353]


MPLS'ers,

Assuming you find the IOS that supports MPLS on the 2500
or 2600, is it possible then to set up a little MPLS cloud
with HDLC or PPP links connecting the routers?

Alternatively, we have used the MPLS routers as access
devices to connect to a FR cloud (ATM too but we don't have
the ATM switches yet). But we'd like to just use three or
four inexpensive 2500/2600 routers with HDLC/PPP serial
links as the cloud. Can it be done?

-- TT




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53519t=53353
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: EIGRP authentication. [7:53513]

[enginedrive2002]

clear ip eigrp nei doesn't work for me. Router A and B can still see each
other and send the routing update. Looks like this problem only exist when
Router A and B is already running EIGRP and you want to add the
authentication later.

When I configure the Router A with authentication from the very beginning,
the authentication works properly.

E.D.

- Original Message -
From: ccie fan 
Newsgroups: groupstudy.cisco
Sent: September 17, 2002 7:38 PM
Subject: RE: EIGRP authentication. [7:53513]


 Configuration basically correct on router A side.
 Can you try a 'clear ip eigrp nei' and see what happen?

 I have experience I have to apply this config in router twice to get it
work.
__ 
Post your free ad now! http://personals.yahoo.ca




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53520t=53513
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Multicast quesion.. [7:53449]

[YASSER ALY]

Hi Paul,

 To configure a router to be an Auto-RP use the following command:

Router(config)# ip pim send-rp-announce 
 scope 

 This should be applied on both R1  R2 in your scenario.

 

 To configure a router a RP mapping agent (R4 in your scenario) use:

Router(config)#ip pim send-rp-discovery scope 

 

Routers configured as Auto-RP advertises Cisco-RP-Announce at 224.0.1.39
while routers configured as RP mapping agents listens on this IP and
sends inturn the RP-to-group mappings in an auto-RP RP discovery message
to the well known Cisco-RP-Discovery 224.0.1.40

PIM DRs listen to 224.0.1.40 to determine which RP to use.

Kindly let us know if this will work out or not as I am not that strong
with Multicast and it happens for me to be studying it now so I looked
for the commands but never tried it myself.

Regards,

Yasser

From: Casey, Paul (6822)  Can someone help me with the following..
Its from a lab I am working on..  R1 and R2 should dynamically become
RP's for 236.1.1.17 and 236.1.8.90  R4 should be capable of assigning
RP's for these groups. But should not be able to become an RP itself.. 
Can someone help me to do this..  Kind regards. Paul.
-- Sent from my BlackBerry Wireless Handheld 


 This E-mail is from O2. The E-mail and any files transmitted with it
are confidential and may also be privileged and intended solely for the
use of the individual or entity to whom they are addressed. Any
unauthorised direct or indirect dissemination, distribution or copying
of this message and any attachments is strictly prohibited. If you have
received the E-mail in error please notify [EMAIL PROTECTED] or 
telephone ++ 353 1 6095000. 
*
misconduct and Nondisclosure violations to [EMAIL PROTECTED]



MSN Photos is the easiest way to share and print your photos: Click Here




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53521t=53449
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Telnet session traversing PIX are timingout [7:53490]

[KM Reynolds]

Eddie,

There is no VPN involved. I don't think its a MTU problem.  I am trying to 
find a similar command to the IOS Firewall's ip inspect name ... 
(Inspection rule for CBAC) for the PIX.  I need to increase the idle timeout 
for the telnet application.

However, I found your MTU explaination very informative.  Someone mentioned 
to me about a VPN/MTU problem but did not go deeper into the cause.  How did 
you resolve this MTU problem?  Is there any writeups on this problem?

KR


From: Caballero, Eddie 
To: 'KM Reynolds' , [EMAIL PROTECTED]
Subject: RE: Telnet session traversing PIX are timingout [7:53490]
Date: Tue, 17 Sep 2002 11:26:07 -0700

I've seen this issue before with SSH timing out over a perfectly good
connection without packet loss.  The problem was with the MTU size being 
too
small and the packet was getting dropped.
The packet was going through a VPN tunnel through the network to a VPN
concentrator.
Here's an example.
The telnet packet was  1435 bytes in size including all the headers.
The Router maximum MTU was  1456 for example.
So far so good... Looks like it should get through, correct ports are open
etc..
Now the VPN encryption adds an extra  25 bytes for example ( I don't have
exact numbers).
Now you have a packet that is Encapsulated with encryption for a total size
of 1460 bytes.
Oh and what also happens is the VPN will put a DO NOT Fragment flag on the
packet, because of the encryption.
Whats going to happen once that packet hits the router with an MTU size of
1456?
It gets dropped because the packet is too large.   What happens to the
telnet or SSH session, is it starts dropping packets and then times out.  
It
doesn't receive and ACK's from the other end and thinks it is timing out.

So A.  Is there VPN involved?  If so, could be MTU issue.
B.  Check the MTU size.Send some large sized pings over 1400 bytes 
in
size with the Do not Fragment Flag.  Find out if and where the MTU is set
too low.
C.  Of course check for packet loss or extreme latency.


Welp hopefully this helps from my experiences with this type of issue.


Eddie
Corio Inc.




-Original Message-
From: KM Reynolds [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 17, 2002 8:33 AM
To: [EMAIL PROTECTED]
Subject: Telnet session traversing PIX are timingout [7:53490]


Hi,

I have telnet sessions that orginate on the internal side of a PIX to a
server on the external side that are timing out (after 60 seconds).  Is
there a command to increase the timeout period for telnet? If there is what
is the max?

TIA
KR



_
Join the worlds largest e-mail service with MSN Hotmail.
http://www.hotmail.com
_
Join the worlds largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53522t=53490
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX Access-list host to host [7:53515]

[Mark W. Odette II]

Access-list 101 permit ip host so.ur.ce.ip host dest.inat.ion.ip (public
adrress of inside host via NAT, unless your doing NAT0 on the specific
host)

... then, apply it to the outside interface.

Someone correct me if I'm wrong.

Mark

-Original Message-
From: JohnZ [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, September 17, 2002 5:52 PM
To: [EMAIL PROTECTED]
Subject: PIX Access-list host to host [7:53515]

Hi,
Can some one tell me if it's possible to give full access host to host
without specifing a port. Basically what I would like to do is open up
temporarily complete access between a host on the outside and one on the
inside. I have searched the CCO and havn't found any thing that tells me
it's possible.
Thanks,
Shawn




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53523t=53515
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: MPLS for 2500 [7:53353]

[Tom Scott]

If I understand this correctly, cisco routers support this RFC 3032 feature.
Then the next question is, Do any Cisco routers support VoMPLS, where lines
would bring analog or digital voice into voice ports and the router would
translate (transcode?) the stream into bits that are encapsulated as the
payload of MPLS frames in accord with MPLS Forum Implementation Agreement
dated
July 27, 2001? I'm not sure about the addressing and other details, but I'd
just like to know if cisco routers can do this wihtout the intervention of IP
packets. (And approximately what classifying, marking and queueing would the
routers use on the PPP links if other traffic such as IP or IPX non-voice
data
were also present. But that is asking too much at this point. Maybe later.)

-- TT

Larkin, Richard wrote:

 Definitely yes with PPP - a new NCP (MPLSCP) provides indication that the
 frame is an MPLS frame instead of an IP or IPX frame. MPLS is treated as
 just another network layer protocol.
 
 Not sure about HDLC though.
 
 Richard Larkin
 
 -Original Message-
 From: Tom Scott [mailto:[EMAIL PROTECTED]] 
 Sent: Tuesday, 17 September 2002 4:41 AM
 To: [EMAIL PROTECTED]
 Subject: Re: MPLS for 2500 [7:53353]
 
 
 MPLS'ers,
 
 Assuming you find the IOS that supports MPLS on the 2500
 or 2600, is it possible then to set up a little MPLS cloud
 with HDLC or PPP links connecting the routers?
 
 Alternatively, we have used the MPLS routers as access
 devices to connect to a FR cloud (ATM too but we don't have
 the ATM switches yet). But we'd like to just use three or
 four inexpensive 2500/2600 routers with HDLC/PPP serial
 links as the cloud. Can it be done?
 
 -- TT




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53524t=53353
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: MPLS for 2500 [7:53353]

[Tim Medley]

So has anyone actually found an IOS image for a 2500 that supports MPLS? I'd
like to learn about MPLS in my home lab. I couldn't find anything in thr
feature navigator.

tm



Tim Medley, CCNP+Voice, CCDP, CWNA
Sr. Network Architect
VoIP Group
iReadyWorld
 


-Original Message-
From: Tom Scott [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 17, 2002 9:46 PM
To: [EMAIL PROTECTED]
Subject: Re: MPLS for 2500 [7:53353]


If I understand this correctly, cisco routers support this RFC 3032 feature.
Then the next question is, Do any Cisco routers support VoMPLS, where lines
would bring analog or digital voice into voice ports and the router would
translate (transcode?) the stream into bits that are encapsulated as the
payload of MPLS frames in accord with MPLS Forum Implementation Agreement
dated
July 27, 2001? I'm not sure about the addressing and other details, but I'd
just like to know if cisco routers can do this wihtout the intervention of IP
packets. (And approximately what classifying, marking and queueing would the
routers use on the PPP links if other traffic such as IP or IPX non-voice
data
were also present. But that is asking too much at this point. Maybe later.)

-- TT

Larkin, Richard wrote:

 Definitely yes with PPP - a new NCP (MPLSCP) provides indication that the
 frame is an MPLS frame instead of an IP or IPX frame. MPLS is treated as
 just another network layer protocol.
 
 Not sure about HDLC though.
 
 Richard Larkin
 
 -Original Message-
 From: Tom Scott [mailto:[EMAIL PROTECTED]] 
 Sent: Tuesday, 17 September 2002 4:41 AM
 To: [EMAIL PROTECTED]
 Subject: Re: MPLS for 2500 [7:53353]
 
 
 MPLS'ers,
 
 Assuming you find the IOS that supports MPLS on the 2500
 or 2600, is it possible then to set up a little MPLS cloud
 with HDLC or PPP links connecting the routers?
 
 Alternatively, we have used the MPLS routers as access
 devices to connect to a FR cloud (ATM too but we don't have
 the ATM switches yet). But we'd like to just use three or
 four inexpensive 2500/2600 routers with HDLC/PPP serial
 links as the cloud. Can it be done?
 
 -- TT




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53525t=53353
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Feedback from Gettlabs users [7:53526]

[cebuano]

Hi all,
I would like to hear feedback regarding Gettlabs, in particular the
quality (not just complexity) of the scenarios and the ease of use or
online access.
Feel free to respond directly. Thanks.
 
Elmer




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53526t=53526
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Multicast quesion.. [7:53449]

[Roberts, Larry]

I did some testing on this and Yasser is right on the money.
Assign R1 to announce for the 236.1.1.0 and R2 to announce for the 236.1.8.0
networks.
I can provide configs if you need, but there is not much to it. 
The basics for me was:
Configure the interfaces between the routers and the clients for
sparse-dense-mode and version 2 ( I don't know if V2 is needed )
Assign one of the routers as the RP mapping agent.

You can test the config in several ways. I used the mcaster application on a
lan segment.
Else use the ip igmp join-group command for several of the groups.

If you have the doc cd, read this. Its great IMO.

http://127.0.0.1:8080/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcpt
3/1cfmulti.htm#xtocid38990

Thanks

Larry
 

-Original Message-
From: YASSER ALY [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, September 17, 2002 7:55 PM
To: [EMAIL PROTECTED]
Subject: Re: Multicast quesion.. [7:53449]


Hi Paul,

 To configure a router to be an Auto-RP use the following command:

Router(config)# ip pim send-rp-announce 
 scope 

 This should be applied on both R1  R2 in your scenario.

 

 To configure a router a RP mapping agent (R4 in your scenario) use:

Router(config)#ip pim send-rp-discovery scope 

 

Routers configured as Auto-RP advertises Cisco-RP-Announce at 224.0.1.39
while routers configured as RP mapping agents listens on this IP and sends
inturn the RP-to-group mappings in an auto-RP RP discovery message to the
well known Cisco-RP-Discovery 224.0.1.40

PIM DRs listen to 224.0.1.40 to determine which RP to use.

Kindly let us know if this will work out or not as I am not that strong with
Multicast and it happens for me to be studying it now so I looked for the
commands but never tried it myself.

Regards,

Yasser

From: Casey, Paul (6822)  Can someone help me with the following..
Its from a lab I am working on..  R1 and R2 should dynamically become RP's
for 236.1.1.17 and 236.1.8.90  R4 should be capable of assigning RP's for
these groups. But should not be able to become an RP itself.. 
Can someone help me to do this..  Kind regards. Paul.
-- Sent from my BlackBerry Wireless Handheld 

***
*
 This E-mail is from O2. The E-mail and any files transmitted with it
are confidential and may also be privileged and intended solely for the use
of the individual or entity to whom they are addressed. Any unauthorised
direct or indirect dissemination, distribution or copying
of this message and any attachments is strictly prohibited. If you have 
received the E-mail in error please notify [EMAIL PROTECTED] or 
telephone ++ 353 1 6095000. 
***
**
misconduct and Nondisclosure violations to [EMAIL PROTECTED]



MSN Photos is the easiest way to share and print your photos: Click Here




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53527t=53449
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Port Security on 3550 [7:53446]

[Kevin Wigle]

not to question a CCIE but if you have a lab the sensible thing to do is to
go it.

and I agree with Mr. Odette not many windows products are quiet.

I have a 1912 with enterprise and I configured it for:

Global config
mac-address-table permanent .B494.37E3 Ethernet 0/11
mac-address-table permanent 0260.8CD8.7B0E Ethernet 0/10
address-violation disable

Interface config
interface Ethernet 0/10
  port secure
  port secure max-mac-count 1
!
interface Ethernet 0/11
  port secure
  port secure max-mac-count 1

---

On port 10 is a MS-DOS client running the MS-DOS IP Client, no chatty
windows overhead but still MS.
On port 11 is a Win98 station.

Now to be fair, I logged on to both stations before switching cables to make
sure that most of the chattiness
was finished.

This table shows the result:


 Catalyst 1900 - Port Addressing Report

PortAddresses
---
 1  :   Unaddressed
 2  :   Unaddressed
 3  :   Unaddressed
 4  :   Unaddressed
 5  :   Unaddressed
 6  :   Unaddressed
 7  :   Unaddressed
 8  :   Unaddressed
 9  :   Unaddressed
 10 :Secured02-60-8C-D8-7B-0E
 11 :Secured00-00-B4-94-37-E3
 12 :   Unaddressed

 AUI:   Unaddressed
 A  :Dynamic 10 Static 0
 B  :   Unaddressed

Port A is uplink to a 2924 where the servers and other stations are located.

Now I simply exchange the cables, 10 for 11 and 11 for 10 and in a short
time both ports are disabled.

9  : Suspended-no-linkbeat
 10 : Disabled-violation
 11 : Disabled-violation
 12 : Suspended-no-linkbeat

Now I switch the cables back and enable the ports.

On the DOS station I have an old copy of FTP Lanwatch, I reboot and fire it
up.  I have not set a span port so all it sees
are the broadcast packets but it does see them.

I switch the cables again and only the Windows station causes the port to
disable.  Lanwatch keeps on trucking.

9  : Suspended-no-linkbeat
 10 : Disabled-violation
 11 : Enabled
 12 : Suspended-no-linkbeat

So the question remains if port security is beneficial for this application.
If an unauthorized user does plug into the
port, he/she must use an absolutely quiet program. (such as Lanwatch
apparently)

I don't know if the Unix(s) et al out there are absolutely quiet.

It would be interesting to know what exactly happens when a device plugs
into a port.  You say that MAC frames are not exchanged.
Well they don't have to be exchanged.  If the device talks then the switch
listens and acts accordingly.

Perhaps port security won't completely deliver the required protection, but
it would supply enough protection against most
computers and therefore would still be usefull - or it wouldn't hurt.  The
best protection here would be physical security
of the switch.

Kevin Wigle
CCDP CCNP MCSE CBE CBI

- Original Message -
From: Mark W. Odette II 
To: 
Sent: Tuesday, September 17, 2002 4:02 PM
Subject: RE: Port Security on 3550 [7:53446]


 Or, to expand the question further, for a Windows-based sniffer, does
 the Promiscuous Mode driver block even NetBIOS chatter from transmitting
 on the NIC plugged into the SPAN Switch Port??

 I've never paid attention to data captures for that, but I think that a
 Windows-based Sniffer would give itself away by means of its NetBIOS
 broadcast to identify itself with other Windows clients.  If that
 occurred, then I think the Port Security would come into action.

 Priscilla, care to comment?!?!

 Mark
 -Original Message-
 From: Kevin Wigle [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, September 17, 2002 2:25 PM
 To: [EMAIL PROTECTED]
 Subject: Re: Port Security on 3550 [7:53446]

 well I guess we're mixing up directions...

 yes incoming from a device attached to a port on the switch.

 which would still help him but wouldn't be perfect.

 no, the port wouldn't shut down if a promiscuous mode nic was plugged
 in.
 It would receive everything.

 but that PC would not be able to send anything - to do so the switch
 would
 learn it's MAC - which
 wouldn't match and the port would shut down.

 But consider this... what info is passed between the switch and the
 NIC
 so that the Link light goes on?
 I don't know... will the switch still learn the MAC even if real
 traffic
 is not passed?

 Kevin Wigle

 - Original Message -
 From: Sasa Milic
 To:
 Sent: Tuesday, September 17, 2002 2:40 PM
 Subject: Re: Port Security on 3550 [7:53446]


  Kevin,
 
  port security works by monitoring INCOMING traffic to the switch.
  If source mac in incoming packets is not the one configured, port
  is either blocked or snmp trap is sent.
 
  And what if another computer use the port without sending any
  traffic (just capturing traffic, without sending anything) ?
  Switch won't shut it down.
 
  Sasa
 
  Kevin Wigle wrote:
  
   well I 

RE: MPLS for 2500 [7:53353]

[[EMAIL PROTECTED]]

AFAIK no 2500 images will support MPLS, only the 2600 and above

Francois

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Tim Medley
Sent: Wednesday, 18 September 2002 2:53 p.m.
To: [EMAIL PROTECTED]
Subject: RE: MPLS for 2500 [7:53353]


So has anyone actually found an IOS image for a 2500 that supports MPLS? I'd
like to learn about MPLS in my home lab. I couldn't find anything in thr
feature navigator.

tm



Tim Medley, CCNP+Voice, CCDP, CWNA
Sr. Network Architect
VoIP Group
iReadyWorld



-Original Message-
From: Tom Scott [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 17, 2002 9:46 PM
To: [EMAIL PROTECTED]
Subject: Re: MPLS for 2500 [7:53353]


If I understand this correctly, cisco routers support this RFC 3032 feature.
Then the next question is, Do any Cisco routers support VoMPLS, where lines
would bring analog or digital voice into voice ports and the router would
translate (transcode?) the stream into bits that are encapsulated as the
payload of MPLS frames in accord with MPLS Forum Implementation Agreement
dated
July 27, 2001? I'm not sure about the addressing and other details, but I'd
just like to know if cisco routers can do this wihtout the intervention of
IP
packets. (And approximately what classifying, marking and queueing would the
routers use on the PPP links if other traffic such as IP or IPX non-voice
data
were also present. But that is asking too much at this point. Maybe later.)

-- TT

Larkin, Richard wrote:

 Definitely yes with PPP - a new NCP (MPLSCP) provides indication that the
 frame is an MPLS frame instead of an IP or IPX frame. MPLS is treated as
 just another network layer protocol.

 Not sure about HDLC though.

 Richard Larkin

 -Original Message-
 From: Tom Scott [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, 17 September 2002 4:41 AM
 To: [EMAIL PROTECTED]
 Subject: Re: MPLS for 2500 [7:53353]


 MPLS'ers,

 Assuming you find the IOS that supports MPLS on the 2500
 or 2600, is it possible then to set up a little MPLS cloud
 with HDLC or PPP links connecting the routers?

 Alternatively, we have used the MPLS routers as access
 devices to connect to a FR cloud (ATM too but we don't have
 the ATM switches yet). But we'd like to just use three or
 four inexpensive 2500/2600 routers with HDLC/PPP serial
 links as the cloud. Can it be done?

 -- TT




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53530t=53353
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: What's the Technical difference between Switch and [7:53531]

[Cisco_Maniac]

Hi guys,

Priscillia is correct. Yeah all marketing gimic's from different vendors.
Either the device is a switch or it is a hub or a bridge. It cant be a
combination.

Hub is a hub = same broadcast domain and same collision domain.

Switch is a switch = same broadcast domain but each port is a different
collision domain.

Hope that answers.
Chaoo,
Cisco_Maniac

Priscilla Oppenheimer  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 R.S.Sundar wrote:
 
  Hello All,
 
  What's the Technical difference between Swich and Switching Hub.
 
  Generally we have hubs,switch and switching hub .In which
  situation a
  switching hub can be used.
 
  Can we use it instead of a switch.

 Switching hub isn't a technical term, so we can't answer the question
with
 a technical answer. It sounds like it's specific to a particular product.
So
 your best bet is to read the specs for that product.

 Cisco at one point used the term switching hub for some low-end switches
 that they had. They really were switches, not hubs. Each port provided
 dedicated bandwidth and connected just one device. The port couldn't
connect
 a shared network or hub, just a single device. I guess Cisco used the term
 switching hub instead of switch because these low-end devices didn't
 have any fancy switching features to support VLANs, spanning tree, etc.

 Such a device could replace a hub and offer much higher performance,
 although, as mentioned, it must be placed into the topology in such a
 fashion that the ports connect just one device. It may support some uplink
 ports for connecting to other switches or shared networks.

 But the bottom line is that you need to read the specs for your actual
 product and see what the vendor means by this confusing, non-standard term
 switching hub.

 It's a shame that the vendor didn't stick to standard,
 technically-comprehensive terminology, which defines a switch as a
 data-link-layer device that offers dedicated bandwidth to each port, and a
 hub as a physical-layer device that offers shared bandwidth for the ports.

 Priscilla


 
  Regards,
 
  R.S.Sundar
 
 
***
  This message is proprietary to Future Software Limited (FSL)
  and is intended solely for the use of the individual to whom it
  is addressed. It may contain  privileged or confidential
  information
  and should not be circulated or used for any purpose other than
  for
  what it is intended.
 
  If you have received this message in error, please notify the
  originator immediately. If you are not the intended recipient,
  you are notified that you are strictly prohibited from using,
  copying, altering, or disclosing the contents of this message.
  FSL accepts no responsibility for loss or damage arising from
  the use of the information transmitted by this email including
  damage from virus.
 
***




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53531t=53531
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Doubt on CLID [7:53370]

[Anil Kumar]

Hi Fayyaz,

Thanks a lot for the information which u have given.

While going through the Cisco Site, I was reading about
Cisco RPM.Will Cisco RPM help or any one has tried the
same? 
By upgrading the Cisco IOS will i be able to collect the
digits on the Analog Modems with the help og Cisco RPM? 

Is there any other alternative meathod with the same setup.

RegardsAnil 
--- Fayyaz Ahmed  wrote:
 Hi Anil,
 
 what you want to do is not possible with your current
 hardware. Cisco
 support caller ID on none of the analog modem products:
 neither the WIC-AM
 nor the NM-AM.  The problem is that cisco analog modems,
 (WIC-1AM, WIC-2AM,
 NM-8AM, and NM-16AM) have no way to collect the caller ID
 information and
 pass it to IOS for processing. 
 You can screen by phone number using ISDN using the
 'dialer caller' command.
 The reason it works with ISDN is that the call setup
 message includes the
 caller ID information. Unfortunatly the analog modems do
 not support caller
 ID, so we will be unable to collect the digits from the
 switch. 
 I guess an alternate setup for caller ID authentication
 would be to replace
 the analog modem with a NM-6DM (6 Digital modems) and a
 ISDN network module,
 which would support CLID/ANI (if presented to us by the
 switch.). This would
 allow the ISDN switch to pass caller ID to the router. 
 
 Kind Regards
 
 Fayyaz
 
 -Original Message-
 From: Anil Kumar [mailto:[EMAIL PROTECTED]]
 Sent: Sunday, September 15, 2002 1:32 PM
 To: [EMAIL PROTECTED]
 Subject: Doubt on CLID [7:53370]
 
 
 Hi All,
 
 I have got following network setup. Cisco 3660 router
 with
 NM-16AM card. I have got a Cisco ACS v2.6 server for the
 aaa function. The router is configured for the aaa for
 the
 dail in users. 
 
 In order to have more security on the dail in users, i
 wanted to enable the CLID faclity for the authentication
 apart from the username  password. The analog lines has
 been enabled with the CLID faclity by the service
 provider.
 
 In order to make the above work does the router needs to
 configured so that to pass the dialled digits to the ACS
 server?
 If so, please let me know the sample configuration / URL
 for the router and if any special IOS is also required
 for
 the router.
 
 The 3660 Router is having 12.1 IOS version. 
 
 Requst your help on this.
 
 Thanks in Advance,
 
 Regards...Anil
 
 __
 Do you Yahoo!?
 Yahoo! News - Today's headlines
 http://news.yahoo.com
[EMAIL PROTECTED]


=
Thanks  Regards

V Anil Kumar

__
Do you Yahoo!?
Yahoo! News - Today's headlines
http://news.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53532t=53370
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: EIGRP authentication. [7:53513]

[Dain Deutschman]

Maybe this is wrong...and not the best thing to do in a production
network...but would a clear ip route * do the trick? I think the problem
is that the routes already exist in the routing table...clearing the
neighbor relationship may not have an effect. I may be off base...please
correct me if that is the case. Dain.

enginedrive2002  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 If Router A and Router B are connected using serial interface, both of
them
 are running EIGRP.

 On Router A, I have configure ip authentication mode eigrp AS# md5 and
ip
 authentication key-chain eigrp AS#  under interface
 configuration mode, also configure the key chain, key-string under
 global configuration mode.

 On Router B, I didn't nothing with EIGRP authentication. Router A and B
 suppose should not be able to set up neighbour relationship, but now
Router
 A and Router can see each other while running show ip eigrp neighbour,
the
 subnet information of Router A also appear in Router B routing table, and
 vice versa.

 Any configuration commands I missed? What debug command I can use to
verify
 the authentication is working or not?

 Thank you for your input!


 E.D.



 __
 Post your ad for free now! http://personals.yahoo.ca




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53533t=53513
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Telnet session traversing PIX are timingout [7:53490]

[Dain Deutschman]

What happens if you telnet from the pix to the external host...does it
timeout then?

Dain
KM Reynolds  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi,

 I have telnet sessions that orginate on the internal side of a PIX to a
 server on the external side that are timing out (after 60 seconds).  Is
 there a command to increase the timeout period for telnet? If there is
what
 is the max?

 TIA
 KR



 _
 Join the worlds largest e-mail service with MSN Hotmail.
 http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53534t=53490
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

2500 memory question [7:53528]

[Leonardo Rocha]

People,
 
Any advise for my problem is welcome :
 
I have an 2501 with a 4MB DRAM module that works fine. Yesterday, I got 3
differents 8MB DRAM modules and I tried to upgrade it, but when it boots, it
shows me only 4MB DRAM.
I tried change the first module but, the other two gave me the same symptom.
Anyone know something to help me?
 
thanks a lot,
 
leo




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53528t=53528
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]