RE: Multicast [7:53412]
Hi, If you have control over the TTL of the multicast packets, you can make use of the TTL threshold interface command (ip multicast ttl-threshold). For instance, set a threshold of 15 on Serial0/3. Multicast packets with a TTL lower than 15, will not be forwarded out that interface. Now ensure that packets that DO need to be forwarded out that interface, have a TTL of more than 15 when they arrive at your router. Regards Jaco -Original Message- From: router poon [mailto:[EMAIL PROTECTED]] Sent: Monday, September 16, 2002 5:37 PM To: [EMAIL PROTECTED] Subject: Multicast [7:53412] Hi, I have question on the multicast. Serial0/2 is sending the multicast to Ethernet0/0 and Serial0/3. How can I block the multicast traffic sending to Serial0/3 and only send to Ethernet0/0. I cannot tun off the ip pim dense-mode command because there is another multicast traffic sending from Serial0/3 to Ethernet0/0. Any Hints. (*, 224.0.24.10), 00:46:39/00:00:00, RP 0.0.0.0, flags: DJCL Incoming interface: Null, RPF nbr 0.0.0.0 Outgoing interface list: Serial0/3, Forward/Dense, 00:46:39/00:00:00 Serial0/2, Forward/Dense, 00:46:39/00:00:00 Ethernet0/0, Forward/Dense, 00:46:39/00:00:00 (10.1.1.2, 224.0.24.10), 00:46:39/00:02:59, flags: CLTA Incoming interface: Serial0/2, RPF nbr 11.1.1.2 Outgoing interface list: Serial0/3, Forward/Dense, 00:46:39/00:00:00 Ethernet0/0, Forward/Dense, 00:46:39/00:00:00 03:11:49: IP: s=10.1.1.1 (Serial0/2) d=224.0.24.10 (Serial0/3) len 532, mforward 03:11:49: IP: s=10.1.1.1 (Serial0/2) d=224.0.24.10 (Ethernet0/0) len 532, mforward Thanks. - Do you Yahoo!? Yahoo! News - Today's headlines Give your child an unfair advantage with M-Web Learning. To join, call 08600 32 000 or go to http://join.mweb.co.za M-Web JUST LIKE THAT Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53459t=53412 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MPLS Books [7:53255]
Depends on what you want. It is my opinion that neither is really that good. Don't get me wrong, they're OK, but they certainly aren't worthy of touching Doyle, not by a long shot. The Pepelnjak one talks a lot about VPN's but makes absolutely no mention of TE. The Alwayn one talks about TE, if briefly. Like I said, neither book is really comprehensive. And unfortunately, as you might expect with a fast-moving technology like MPLS, both books are already somewhat obsolete. The best high-level explanations of MPLS, especially MPLS VPN's, are white papers from, err, another vendor that shall remain unnamed. Silju Pillai wrote in message news:[EMAIL PROTECTED]... I would like to know which is the best book on Cisco MPLS-VPN. I saw two books on MPLS VPN Architectures of the same author in Ciscopress and amazon. Whats the difference between these two? Which one is better? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53460t=53255 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MC3810 DSP not function. [7:53461]
I have some problem about MC3810. I got 2 DSP module (2DSP and 6 DSP) to support E1 R2 Trunk. But 1 of it is not function. Please give me suggestion how to diagnostic or check it. Thanks a lot, Amnuay M. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53461t=53461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Problem with spanning on Cisco 2950 switch [7:53462]
Hi all, I have a 2950-24 switch that I have set-up monitoring (spanning) on. This is not a problem. The particular port that is the destination goes into and up down(monitor) state when the commands are enter. This is normal I assume. The local server get the necessary port information from the monitored ports. This particular port is connected to a server running some other vendors IDS system. It is also a file sharing server. Problem is that no-one can connect to the server in monitor mode. Is there a way that the port can be spanned as well as being used for file sharing?? The commands on the switch are all done in global config mode and there are very limited options I have told the client to separate the 2 services onto 2 different machines, but they are not wanting to do this. Any ideas for a workaround or should I just tell the client that it is not possible?? Thanks in advance Andrew Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53462t=53462 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
SC2200(PGW2200) alarm message [7:53463]
I have the alarm message from the Cisco SS7 Signaling gateway: nas: 2002-09-05 12:30:18.119 GMT,ALM=\M-OOS\,SEV=MN The nas is AS5300 connecting to local exchange via E1 link - the transmission channel is out of service nas:TC=1,CALL=IDLE,PST=OOS,SPAN=0 - the ss7 path is blocked ss7p:CIC=33,PST=IS,CALL=IDLE,BLK=MATE_UNAVAIL - the local exchange guy told me that he receive blocking signal from the Cisco signaling gateway. when I check the ISDN link I get the following debug: Sep 16 15:17:16.908 BKK: ISDN Se0:15 SC: TX - SABMEp c/r = 0 sapi = 0 tei = 0 Sep 16 15:17:16.916 BKK: ISDN Se0:15 SC: RX SABMEp c/r = 0 sapi = 0 tei = 0 Sep 16 15:17:21.924 BKK: ISDN Se0:15 SC: RXsh isdn nfas g 0 ISDN NFAS GROUP 0 ENTRIES: The primary D is Serial0:15. The NFAS member is Serial1:15. There are 2 total nfas members. There are 0 total available B channels. The primary D-channel is DSL 0 in state OUT OF SERVICE There is currently no backup D configured. The current active layer 2 DSL is 0. nas Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53463t=53463 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem Gatekeeper and registratio gateway [7:53420]
Let's see config for gatekeeper and unregistering gateway. Tunji From: Alfredo Pulido Reply-To: Alfredo Pulido To: [EMAIL PROTECTED] Subject: Problem Gatekeeper and registratio gateway [7:53420] Date: Mon, 16 Sep 2002 17:14:45 GMT Hello people, I have a problem when I want support AAA in my Gatekeeper. If Gatekeeper is configured without AAA, all run OK. My Hardware for the Gatekeeper is 3620, IOS 12.2(8)T5. Gateway 827. The configuration with AAA is in LOCAL, in the future they will be with RADIUS. CONFIGURATION: --- GATEKEEPER: FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53464t=53420 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem Gatekeeper and registratio gateway [7:53420]
Hello People, I don't Know because the e-mail that I sent to news groupstudy is corrupt in the news. Below is the original e-mail I wrote in my PC, and I sent to groupstudy. If you not receive the configuration gatekeeper and gateway, please you contact with me again. Thanks for all, Waiting for you answerr, Regards, -- Alfredo Pulido [EMAIL PROTECTED] Dept. Sistemas, IdecNet S.A. Juan XXIII 44 // E-35004 Las Palmas de Gran Canaria, Las Palmas // SPAIN Tel: +34 828 111 000 Fax: +34 828 111 112 http://www.idecnet.com/ -- ORIGINAL E-MAIL: Hello people, I have a problem when I want support AAA in my Gatekeeper. If Gatekeeper is configured without AAA, all run OK. My Hardware for the Gatekeeper is 3620, IOS 12.2(8)T5. Gateway 827. The configuration with AAA is in LOCAL, in the future they will be with RADIUS. CONFIGURATION: GATEKEEPER: FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
COS and not ID [7:53466]
Dear group, I've a catalyst 3550: is it possible to set cos for outgoing frame and not the VLAN ID field? I mean, I'd like to set priority and not a VLAN ID for frames coming from a specified port. Any suggestion, explanetion, will be appreciated. TP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53466t=53466 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Dialer interfaces vs. dialer maps question to ponder [7:53467]
I think you can do anything with dialer interfaces that you can do with legacy DDR, but the inverse is not true. -Original Message- From: Roberts, Larry [mailto:[EMAIL PROTECTED]] Sent: Monday, September 16, 2002 10:45 PM To: [EMAIL PROTECTED] Subject: OT: Dialer interfaces vs. dialer maps question to ponder [7:53457] OK, A Question to ponder. Can anyone think of a reason of why someone would NOT user dialer interfaces, as apposed to using legacy DDR , beside IOS support, and the political just because we want legacy DDR ? I'm just trying to reason why someone would use legacy DDR and I can't think of a reason to use it. Is there some configuration that is only supported by legacy DDR commands? Just a little late night pondering before bedtime... Thanks Larry Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53467t=53467 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
What's the Technical difference between Switch and Switching [7:53468]
Hello All, What's the Technical difference between Swich and Switching Hub. Generally we have hubs,switch and switching hub .In which situation a switching hub can be used. Can we use it instead of a switch. Regards, R.S.Sundar *** This message is proprietary to Future Software Limited (FSL) and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. FSL accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus. *** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53468t=53468 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Voice solution - help required [7:53469]
I have 2 Siemens PABX's at 2 sites as well as a 256KB line between them.I would like to make the 256K line a tie line and run only voice on the link.I require 2 routers on both sides preferably 3640's. I am not so well versed with voice modules for the Cisco.Could someone please assist with a spec for the 3640 ( eg what modules are required etc..) thanks _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53469t=53469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Concept [7:53470]
Hi, I am new in this line. Just wonder if anyone can explain the following term for me. 1. What is the purpose for CSU/DSU? (To terminate a T1) Is it use for short distance too or it is only use for long distance? 2. What about LTU, NT and TE? 3. Any one have play with RAD equipment before? Cheers, Jimmy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53470t=53470 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: What's the Technical difference between Switch and [7:53471]
I think switching hub will establish the the connection according to the line speed. If the end-end connectivity is having the 100 Mbps , hub will be changed to the 100Mbps mode regards, Saravanan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R.S.Sundar Sent: Tuesday, 17 September 2002 3:10 PM To: [EMAIL PROTECTED] Subject: What's the Technical difference between Switch and Switching [7:53468] Hello All, What's the Technical difference between Swich and Switching Hub. Generally we have hubs,switch and switching hub .In which situation a switching hub can be used. Can we use it instead of a switch. Regards, R.S.Sundar *** This message is proprietary to Future Software Limited (FSL) and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. FSL accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus. *** *** This message is proprietary to Future Software Limited (FSL) and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. FSL accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus. *** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53471t=53471 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Voice solution - help required [7:53469]
HI, Could you please clarify what interface is avilable in the EPBX?It it EM or E1 ports? Regards, Niraj R.Somaiya. - Original Message - From: Shane Stockman To: Sent: Tuesday, September 17, 2002 3:26 PM Subject: Voice solution - help required [7:53469] I have 2 Siemens PABX's at 2 sites as well as a 256KB line between them.I would like to make the 256K line a tie line and run only voice on the link.I require 2 routers on both sides preferably 3640's. I am not so well versed with voice modules for the Cisco.Could someone please assist with a spec for the 3640 ( eg what modules are required etc..) thanks _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com Nirmal Datacomm Pvt. Ltd., Mumbai, India Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53472t=53469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Multilink PPPOE on ADSL [7:53473]
Hi all, Does someone (especially in France) try to aggregate two ADSL lines using Multilink PPPoE ? Does Cisco PPPoE client support this ? Does Freebsd support this ? Does the DSLAMs (in France) support this feature ? Thanks for help, Stephane Litkowski Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53473t=53473 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multilink PPPOE on ADSL [7:53473]
I think I was wrong, the problem is not the DSLAM, but the BAS ... so does the BAS support this ? Stephane Litkowski a icrit dans le message de news: [EMAIL PROTECTED] Hi all, Does someone (especially in France) try to aggregate two ADSL lines using Multilink PPPoE ? Does Cisco PPPoE client support this ? Does Freebsd support this ? Does the DSLAMs (in France) support this feature ? Thanks for help, Stephane Litkowski Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53474t=53473 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Static route admin distance [7:53282]
I agree that it is weird that so many respected sources have this wrong, especially since it is so easy to test. Thanks to all who replied, especially Priscilla and also Sasa Milic for pointing to an earlier discussion on this issue. Maybe this latest rehash will help get the word out, and our experts will revise their books!! :-) -Jack Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53475t=53282 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: 2924 reboots when I plug in a console cabl [7:53135]
We had a ton of these devices at work that would do this exact thing. When I told some of the other engineers to be careful of it they laughed at me, until one of them plugged into the dmz switch in the middle of the day and had it reboot. Anyway I put in a tac case and of course the answer was to flash it, even after flashing it we still had the problem. I know this is going to sound stupid but what we found out is if we plug our machine in to the switch then turn the laptop on it would cause the switch to reboot. If we booted the laptop all the way up, then open up procomm plus before plugging in to the console port the switch would NOT reboot. We did this numerous times in our lab with 2900 switches. After explaining this to TAC they actually sent us replacements and we sent the others back. -Original Message- From: Ciaron Gogarty [mailto:[EMAIL PROTECTED]] Sent: Monday, September 16, 2002 11:07 AM To: [EMAIL PROTECTED] Subject: RE: RE: 2924 reboots when I plug in a console cabl [7:53135] Sorry to follow up this thread kind of late. We had a similiar problem, and one of the guys in work found out from cisco that a batch of switchs were sent out with the wrong setting's for the config-reg. Another feature... rgds, C -Original Message- From: Jason Owens To: [EMAIL PROTECTED] Sent: 13/09/02 13:25 Subject: Re: RE: 2924 reboots when I plug in a console cabl [7:53135] I actually am using a Dell laptop. I guess I'll have to look at that too. I was just going to upgrade the IOS on all of these switches. Thanks. [EMAIL PROTECTED] wrote: Are you using a DELL laptop. There is know problem with the Dell's and some Cisco devices. Check CCO for more details. From: Haakon Claassen (hclaasse) Date: 2002/09/11 Wed PM 04:14:33 EDT To: [EMAIL PROTECTED] Subject: RE: 2924 reboots when I plug in a console cable [7:53135] Never had it Configured over a hundred of these devices the field Using w2k and XP with Hyperterm or terraterm regs Haakon Claassen EMEA - IT Transport Services -WAN Cisco Systems De Kleetlaan 6b - Pegasus Park B-1831 Diegem (Belgium) -Original Message- From: Jason Owens [mailto:[EMAIL PROTECTED]] Sent: woensdag 11 september 2002 21:51 To: [EMAIL PROTECTED] Subject: 2924 reboots when I plug in a console cable [7:53135] When I plug in a console cable to some of my 2924's they reboot (My coworker is convinced that it is Win2000 sending out a probe because of plug-and-play). I have only seen this on the 2924 and it doesn't happen on all of the ones I have. Has this happened to anyone else? I have been unable to find anything about this on the Cisco web site. Here is a sh ver from one of the switches this has happened on: Cisco Internetwork Operating System Software IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5)XU, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2000 by cisco Systems, Inc. Compiled Mon 03-Apr-00 16:37 by swati Image text-base: 0x3000, data-base: 0x00301398 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53476t=53135 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: 2924 reboots when I plug in a console cabl [7:53135]
I have seen this happen quite often in the past. It is usually caused by the laptop sending a signal out the serial port upon boot up that causes the Cisco box to freak out. It has been noticed more ofter with Dell Laptops. -Original Message- From: Elijah Savage III [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 17, 2002 5:14 AM To: [EMAIL PROTECTED] Subject: RE: RE: 2924 reboots when I plug in a console cabl [7:53135] We had a ton of these devices at work that would do this exact thing. When I told some of the other engineers to be careful of it they laughed at me, until one of them plugged into the dmz switch in the middle of the day and had it reboot. Anyway I put in a tac case and of course the answer was to flash it, even after flashing it we still had the problem. I know this is going to sound stupid but what we found out is if we plug our machine in to the switch then turn the laptop on it would cause the switch to reboot. If we booted the laptop all the way up, then open up procomm plus before plugging in to the console port the switch would NOT reboot. We did this numerous times in our lab with 2900 switches. After explaining this to TAC they actually sent us replacements and we sent the others back. -Original Message- From: Ciaron Gogarty [mailto:[EMAIL PROTECTED]] Sent: Monday, September 16, 2002 11:07 AM To: [EMAIL PROTECTED] Subject: RE: RE: 2924 reboots when I plug in a console cabl [7:53135] Sorry to follow up this thread kind of late. We had a similiar problem, and one of the guys in work found out from cisco that a batch of switchs were sent out with the wrong setting's for the config-reg. Another feature... rgds, C -Original Message- From: Jason Owens To: [EMAIL PROTECTED] Sent: 13/09/02 13:25 Subject: Re: RE: 2924 reboots when I plug in a console cabl [7:53135] I actually am using a Dell laptop. I guess I'll have to look at that too. I was just going to upgrade the IOS on all of these switches. Thanks. [EMAIL PROTECTED] wrote: Are you using a DELL laptop. There is know problem with the Dell's and some Cisco devices. Check CCO for more details. From: Haakon Claassen (hclaasse) Date: 2002/09/11 Wed PM 04:14:33 EDT To: [EMAIL PROTECTED] Subject: RE: 2924 reboots when I plug in a console cable [7:53135] Never had it Configured over a hundred of these devices the field Using w2k and XP with Hyperterm or terraterm regs Haakon Claassen EMEA - IT Transport Services -WAN Cisco Systems De Kleetlaan 6b - Pegasus Park B-1831 Diegem (Belgium) -Original Message- From: Jason Owens [mailto:[EMAIL PROTECTED]] Sent: woensdag 11 september 2002 21:51 To: [EMAIL PROTECTED] Subject: 2924 reboots when I plug in a console cable [7:53135] When I plug in a console cable to some of my 2924's they reboot (My coworker is convinced that it is Win2000 sending out a probe because of plug-and-play). I have only seen this on the 2924 and it doesn't happen on all of the ones I have. Has this happened to anyone else? I have been unable to find anything about this on the Cisco web site. Here is a sh ver from one of the switches this has happened on: Cisco Internetwork Operating System Software IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5)XU, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2000 by cisco Systems, Inc. Compiled Mon 03-Apr-00 16:37 by swati Image text-base: 0x3000, data-base: 0x00301398 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53477t=53135 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX (DMZ) Nat0 Q. [7:53478]
Hey guys, had a quick question on the PIX FW. When implementing a DMZ what would be the tangible benefit of using the traditional: NAT outside to DMZ inside, create ACLs. As opposed to making a NAT 0 statement in the firewall? Either way you are going to be using ACL's on the firewall to permit/deny traffic? Either way the server that you want exposed is going to be on a different VLAN? The only thing that I can think of is if you have say, a limited # of IP's on the outside (I know we all do) but more in the range of 1 External IP and you had 5 machines on the inside, running different services (FTP, WWW, SSH) whatever, then you would need to do the traditional DMZ, and NAT back. Does putting the NAT 0 statement disable the firewall from doing fix-ups to the NAT0'ed address? I just don't see the need for the traditional way of DMZ'ing if NAT 0 is going to accomplish the same thing without all the extra configuration. Comments? Just trying to get a grip on it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53478t=53478 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Voice solution - help required [7:53469]
Shane, Niraj, In addition to the information Niraj requested, it would be helpful if you can compare the real-life situation you're dealing with the discussion of trunk managment and conditioning in the V book (pp. 571-702): HTML version: http://cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fvvfax_c entire book in one PDF file: http://cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fvvfax_c/vcfbook.pdf I'd like to know how closely the hypothetical examples in the chapters Configuring Trunk Connections and Conditioning Features and Configuring PBX Interconnectivity Features fit to your situation. -- TT Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53479t=53469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Doubt on CLID [7:53370]
Hi Fayyaz, Thanks a lot for the info. As i was going through the Cisco Site and read across Cisco RPM, by configuring RPM will it help the modules to collect the digits? Other than ISDN any other alternative meathod is there? RegardsAnil --- Fayyaz Ahmed wrote: Hi Anil, what you want to do is not possible with your current hardware. Cisco support caller ID on none of the analog modem products: neither the WIC-AM nor the NM-AM. The problem is that cisco analog modems, (WIC-1AM, WIC-2AM, NM-8AM, and NM-16AM) have no way to collect the caller ID information and pass it to IOS for processing. You can screen by phone number using ISDN using the 'dialer caller' command. The reason it works with ISDN is that the call setup message includes the caller ID information. Unfortunatly the analog modems do not support caller ID, so we will be unable to collect the digits from the switch. I guess an alternate setup for caller ID authentication would be to replace the analog modem with a NM-6DM (6 Digital modems) and a ISDN network module, which would support CLID/ANI (if presented to us by the switch.). This would allow the ISDN switch to pass caller ID to the router. Kind Regards Fayyaz -Original Message- From: Anil Kumar [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 15, 2002 1:32 PM To: [EMAIL PROTECTED] Subject: Doubt on CLID [7:53370] Hi All, I have got following network setup. Cisco 3660 router with NM-16AM card. I have got a Cisco ACS v2.6 server for the aaa function. The router is configured for the aaa for the dail in users. In order to have more security on the dail in users, i wanted to enable the CLID faclity for the authentication apart from the username password. The analog lines has been enabled with the CLID faclity by the service provider. In order to make the above work does the router needs to configured so that to pass the dialled digits to the ACS server? If so, please let me know the sample configuration / URL for the router and if any special IOS is also required for the router. The 3660 Router is having 12.1 IOS version. Requst your help on this. Thanks in Advance, Regards...Anil __ Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53480t=53370 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN Client PreConfig [7:53201]
Anyone know where I could get some step by step pre-configuration setups for a Cisco 3000 VPN Client? Looked around on Cisco, dint seem to find anything... Have a look at Preconfiguring the VPN Client for Remote Users: http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/3_6/admin_gd/vcac h2.htm HTH Bjorn This message contains information that may be privileged or confidential and is the property of the Cap Gemini Ernst Young Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53481t=53201 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Upgrading Cisco PIX Firewall [7:53403]
... Hi everybody, I4m trying to upgrade the Firewall PIX 535 (version 6.1.1 to 6.1.2) in Monitor mode. I4ve configured everything according to Cisco procedure, and I4m able to ping the tftp server. But when I issue the tftp server command, the image is not loaded. The tftp server log (Solarwinds) states that it was not able to send the image to the firewall. Does anyone have faced this kind of problem? Any suggestions would be appreciated. Regards Marcos I encountered similar problems late one evening uploading an image to a router, I tried to switch to the Cisco TFTP server, which also bugged out with an error message saying 'failed (state error)' With both servers the transfer stopped after about 5 seconds, and then timed out after about a minute. The solution in my case was to follow the advice in: http://www.cisco.com/warp/public/63/install_tftp.html#state_error Disabling logging in solarwinds did not improve the situation that night. As to the reason for the failure... I expect that to be one of those little demons that pops up friday night when you want to go for a beer with your friends but instead have to sacrifice hours in front of the routers. I did learn a lot of partitioning flash, how to get hold of spare RAM at 8 PM in the evening, quirks of tftp-servers and mss-settings in GRE-tunnels. After that the tftp-servers have behaved, and I am still partial to the possession theory until something better comes up :-) Bjorn This message contains information that may be privileged or confidential and is the property of the Cap Gemini Ernst Young Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53482t=53403 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Bridging Loops [7:53485]
Help! How can I find out for sure If I have a bridging loop. I have 5 2900 XL connected together in a chain and one port connected as a trunk to a 3550. Two VLANS Management and Systems. Performance is very slow when users are trying to connect to the network servers. Any input will be appreciated. Thanks JB Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53485t=53485 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Routing Loops [7:53483]
Help! How can I find out for sure If I have a bridging loop. I have 5 2900 XL connected together in a chain and one port connected as a trunk to a 3550. Two VLANS Management and Systems. Performance is very slow when users are trying to connect to the network servers. Any input will be appreciated. Thanks JB Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53483t=53483 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Routing Loops [7:53484]
Help! How can I find out for sure If I have a bridging loop. I have 5 2900 XL connected together in a chain and one port connected as a trunk to a 3550. Two VLANS Management and Systems. Performance is very slow when users are trying to connect to the network servers. Any input will be appreciated. Thanks JB Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53484t=53484 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Upgrading Cisco PIX Firewall [7:53403]
I have just upgraded a PIX 515 to 6.2.1 from 6.1 There was a problem in that the image stopped after 5 secs. I had to erase the flash and the reload the new image and she worked great. Andrew -Original Message- From: Loken, Bjorn [mailto:[EMAIL PROTECTED]] Sent: 17 September 2002 16:09 To: [EMAIL PROTECTED] Subject: RE: Upgrading Cisco PIX Firewall [7:53403] ... Hi everybody, I4m trying to upgrade the Firewall PIX 535 (version 6.1.1 to 6.1.2) in Monitor mode. I4ve configured everything according to Cisco procedure, and I4m able to ping the tftp server. But when I issue the tftp server command, the image is not loaded. The tftp server log (Solarwinds) states that it was not able to send the image to the firewall. Does anyone have faced this kind of problem? Any suggestions would be appreciated. Regards Marcos I encountered similar problems late one evening uploading an image to a router, I tried to switch to the Cisco TFTP server, which also bugged out with an error message saying 'failed (state error)' With both servers the transfer stopped after about 5 seconds, and then timed out after about a minute. The solution in my case was to follow the advice in: http://www.cisco.com/warp/public/63/install_tftp.html#state_error Disabling logging in solarwinds did not improve the situation that night. As to the reason for the failure... I expect that to be one of those little demons that pops up friday night when you want to go for a beer with your friends but instead have to sacrifice hours in front of the routers. I did learn a lot of partitioning flash, how to get hold of spare RAM at 8 PM in the evening, quirks of tftp-servers and mss-settings in GRE-tunnels. After that the tftp-servers have behaved, and I am still partial to the possession theory until something better comes up :-) Bjorn This message contains information that may be privileged or confidential and is the property of the Cap Gemini Ernst Young Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53486t=53403 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Bridging Loops [7:53485]
You have a mail loop degrading your performance ;-) Haakon Claassen EMEA - IT Transport Services -WAN Cisco Systems De Kleetlaan 6b - Pegasus Park B-1831 Diegem (Belgium) -Original Message- From: J B [mailto:[EMAIL PROTECTED]] Sent: dinsdag 17 september 2002 16:25 To: [EMAIL PROTECTED] Subject: Bridging Loops [7:53485] Help! How can I find out for sure If I have a bridging loop. I have 5 2900 XL connected together in a chain and one port connected as a trunk to a 3550. Two VLANS Management and Systems. Performance is very slow when users are trying to connect to the network servers. Any input will be appreciated. Thanks JB Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53487t=53485 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Bridging Loops [7:53485]
Off the cuff, I would think that debugging Spanning-Tree Events might shed some light... beyond that, look at the interface stats to see if you are experiencing any CRC, Input, Output, or other types of errors. If the trunk port between the 3550 and the 2900 is a Gig port on Fiber, you might look at changing it out for a known good Fiber cable. Just a wild guess though. In the past, when I had two 5500's trunked together for load balance/redundancy, and at one time I experienced the same issue you describe. After reviewing interface stats and client networking configs and found no errors in either, I looked to the cable... and sure enough, that was the problem. HTHs! Mark -Original Message- From: J B [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 17, 2002 9:25 AM To: [EMAIL PROTECTED] Subject: Bridging Loops [7:53485] Help! How can I find out for sure If I have a bridging loop. I have 5 2900 XL connected together in a chain and one port connected as a trunk to a 3550. Two VLANS Management and Systems. Performance is very slow when users are trying to connect to the network servers. Any input will be appreciated. Thanks JB Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53488t=53485 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MPLS Books [7:53255]
This is a learning forum, with no hard-fast rule to boycott the acknowledgement of other vendors. Even Cisco documents (to an extent) how to interconnect their equipment to competitors' equipment on CCO. So there shouldn't be a big deal. So, if you wouldn't mind, please make an addendum to your last post and tell us the name of the vendor that has these oh-so-wonderful white papers! Thanks, Mark -Original Message- From: nrf [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 17, 2002 1:18 AM To: [EMAIL PROTECTED] Subject: Re: MPLS Books [7:53255] Depends on what you want. It is my opinion that neither is really that good. Don't get me wrong, they're OK, but they certainly aren't worthy of touching Doyle, not by a long shot. The Pepelnjak one talks a lot about VPN's but makes absolutely no mention of TE. The Alwayn one talks about TE, if briefly. Like I said, neither book is really comprehensive. And unfortunately, as you might expect with a fast-moving technology like MPLS, both books are already somewhat obsolete. The best high-level explanations of MPLS, especially MPLS VPN's, are white papers from, err, another vendor that shall remain unnamed. Silju Pillai wrote in message news:[EMAIL PROTECTED]... I would like to know which is the best book on Cisco MPLS-VPN. I saw two books on MPLS VPN Architectures of the same author in Ciscopress and amazon. Whats the difference between these two? Which one is better? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53489t=53255 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Telnet session traversing PIX are timingout [7:53490]
Hi, I have telnet sessions that orginate on the internal side of a PIX to a server on the external side that are timing out (after 60 seconds). Is there a command to increase the timeout period for telnet? If there is what is the max? TIA KR _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53490t=53490 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem Gatekeeper and registratio gateway [7:53420]
Alfredo, Voice gurus I presently have aaa enabled on my gatekeeper and gateways, with a radius server for authentication, authorisation and accounting. All's kosher, no issues. Now, I imagine how useful the option: security password xyz level all and security token required-for all on the gateway and gatekeeper respectively can be if where I want CPE gateways to authenticate not only for registration but also per call. I imagine I can remove aaa for a gateway, define xyz password on the radius server for the gateway, enter above commands and have gatekeeper authenticate gateway for registration, authorize it, and send accounting info for all calls to radius server, and hence eliminate radius traffic between each gateway and radius server. So I enter on the gatekeeper security token required-for all and on the gateway security password xyz level all. I however could not register the gateway to the gatekeeper. I will appreciate pointers from anybody. TIA From: Idecnet Admin To: Tunji Suleiman Subject: Re: Problem Gatekeeper and registratio gateway [7:53420] Date: Tue, 17 Sep 2002 12:22:59 +0100 O my god you are an angel that enlightened my away, just kiding. Ok Tunji, now the registration is OK, I added new prefix to 827 how to say me. I had seen this message too %CCH323-2-GTWY_REGSTR_FAILED: Gateway [chars] failed to register with Gatekeeper [chars] even after [dec] retries . Thanks Thanks for you help Tunji, Many Regards for you and I hope you have a good day. -- Alfredo Pulido [EMAIL PROTECTED] Dept. Sistemas, IdecNet S.A. Juan XXIII 44 // E-35004 Las Palmas de Gran Canaria, Las Palmas // SPAIN Tel: +34 828 111 000 Fax: +34 828 111 112 http://www.idecnet.com/ -- - Original Message - From: Tunji Suleiman To: Sent: Tuesday, September 17, 2002 10:25 AM Subject: Re: Problem Gatekeeper and registratio gateway [7:53420] That is a new one to me, I checked on CCO, see below: %CCH323-2-GTWY_REGSTR_FAILED: Gateway [chars] failed to register with Gatekeeper [chars] even after [dec] retries Explanation: A gateway has failed to register with the gatekeeper. Recommended Action: Copy the error message exactly as it appears on the console or in the system log. Issue the show tech-support command to gather data that may help identify the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support command output, contact your Cisco technical support representative and provide the representative with the gathered information. Try this, add a prefix on the GK for the gateway pruea827, just like u did for the as5300-1. Take out the security token required-for all under gatekeeper config and security password prueba level endpoint under gateway, and see if it registers. Regards From: Idecnet Admin To: \Tunji Suleiman\ Subject: Re: Problem Gatekeeper and registratio gateway [7:53420] Date: Tue, 17 Sep 2002 09:40:03 +0100 Hello Tunji, I don't Know because the e-mail that I sent to news groupstudy is corrupt in the news. Below is the original e-mail I wrote in my PC, and I sent to groupstudy. If you not receive the configuration gatekeeper and gateway, please you contact with me again. Thanks for all, Waiting for you answerr, Regards, -- Alfredo Pulido [EMAIL PROTECTED] Dept. Sistemas, IdecNet S.A. Juan XXIII 44 // E-35004 Las Palmas de Gran Canaria, Las Palmas // SPAIN Tel: +34 828 111 000 Fax: +34 828 111 112 http://www.idecnet.com/ -- ORIGINAL E-MAIL: Hello people, I have a problem when I want support AAA in my Gatekeeper. If Gatekeeper is configured without AAA, all run OK. My Hardware for the Gatekeeper is 3620, IOS 12.2(8)T5. Gateway 827. The configuration with AAA is in LOCAL, in the future they will be with RADIUS. CONFIGURATION: GATEKEEPER: . . . aaa new-model ! ! aaa authentication login h323 local aaa authorization exec default local aaa authorization exec h323 local aaa session-id common ! username pruea827 password prueba . . ! gatekeeper zone local NetGK idecnet.com 212.64.XXX.YYY zone prefix NetGK 928.. gw-priority 10 as5300-1 security token required-for all gw-type-prefix 1#* default-technology no shutdown ! . * CONFIGURATION GATEWAY 827 . . ! interface Dialer0 ip address 212.64.xxx.zzz 255.255.255.0 encapsulation ppp dialer pool 1 ppp pap sent-username adsl password 7tt h323-gateway voip interface h323-gateway voip id NetGK ipaddr 212.64.xxx.yyy 1719 h323-gateway voip h323-id pruea827 ! dial-peer voice 1 pots destination-pattern 928112000 port 1 ! dial-peer voice 5 voip destination-pattern 928.. session
IOS upgrade/Strange services [7:53492]
I've recently upgraded one of our routers to 12.2(11)T - IP/FW/IDS/3DES. After upgrading I ran a scan against the interface, using Secure Scanner, and it came back with a lot of services running Cu-seeme, talk, tftp, rpc-nfs, rwho, etc... (about 16 total). Scanning prior to the upgrade, came back with nothing. I'm a little worried that this new image is leaving me open. Has anyone experienced this and if so how did ya fix it. Thanx, mkj ~~~ Michael Jablonski ABN AMRO Asset Management Holdings, Inc. 161 North Clark St. 9th Flr Chicago, IL 60601-2468 PH: 312.884.2996 FAX: 312.278.5550 ~~~ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53492t=53492 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Problems with suscription [7:53493]
Hi, I would like to know if you have nay problems with your service of e.mail, because I have not receive any e-mail from you since july. From any of the groupstudy suscription services. I need to continue wit the suscriiption for my Lab on next april. Thank you for your help Fernando Saldana Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53493t=53493 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
token ring [7:53494]
Is there any way to simulate Token ring on a router without having a Token ring interface in a lab environment? Thanks jake Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53494t=53494 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MPLS Books [7:53255]
Juniper's site has loads of of mpls goodness. Mark W. Odette II wrote: This is a learning forum, with no hard-fast rule to boycott the acknowledgement of other vendors. Even Cisco documents (to an extent) how to interconnect their equipment to competitors' equipment on CCO. So there shouldn't be a big deal. So, if you wouldn't mind, please make an addendum to your last post and tell us the name of the vendor that has these oh-so-wonderful white papers! Thanks, Mark -Original Message- From: nrf [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 17, 2002 1:18 AM To: [EMAIL PROTECTED] Subject: Re: MPLS Books [7:53255] Depends on what you want. It is my opinion that neither is really that good. Don't get me wrong, they're OK, but they certainly aren't worthy of touching Doyle, not by a long shot. The Pepelnjak one talks a lot about VPN's but makes absolutely no mention of TE. The Alwayn one talks about TE, if briefly. Like I said, neither book is really comprehensive. And unfortunately, as you might expect with a fast-moving technology like MPLS, both books are already somewhat obsolete. The best high-level explanations of MPLS, especially MPLS VPN's, are white papers from, err, another vendor that shall remain unnamed. Silju Pillai wrote in message news:[EMAIL PROTECTED]... I would like to know which is the best book on Cisco MPLS-VPN. I saw two books on MPLS VPN Architectures of the same author in Ciscopress and amazon. Whats the difference between these two? Which one is better? -- Chris Theiss IPG WAN Group [EMAIL PROTECTED] (312) 425-6624 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53495t=53255 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX books or training resources [7:53497]
Can anyone recommend some good resources for learning PIX? I have good Checkpoint skills etc. Also, any tips or tricks for migrating from Checkpoint to PIX? I am doing this at the moment, and tyring to match the Checkpoint rule set to the PIX ruleset is , um, entertaining. Cheers, Symon Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53497t=53497 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Port Security on 3550 [7:53446]
With port security command, but it won't help you. Anyone can connect passive sniffer to that port, and switch won't block the port since there is no incoming traffic (you will configure port to be SPAN, right ? So anyone can sniff on that port). Sasa JohnZ wrote: How do you enable port security on a 3550. I want to use a port for sniffer and want to make sure that only my laptop is able to gain access on that certain port. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53498t=53446 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco WS-C3016B lithium battery replacement? [7:53499]
I've recently acquired a Cisco WS-C3016B. Unfortunately, it appears as though the onboard battery is dead. (The error message on boot: FATAL SYSTEM ERROR: SS_RTC_Initialize: The Clock's Battery is Dead.) Is this a servicable battery I can replace? (Don't call me an idiot, but I couldn't find the battery when I opened up the case.) Or is the battery embedded in another component? -- Russ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53499t=53499 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Port Security on 3550 [7:53446]
well I think port security would still be helpful. Port security is concerned with outgoing traffic from the port not incoming. setting the security to allow only one MAC would prevent another computer from using the port. If another computer tried to use the port with the wrong MAC then the port would shut down after 90 seconds. Kevin Wigle - Original Message - From: Sasa Milic To: Sent: Tuesday, September 17, 2002 1:20 PM Subject: Re: Port Security on 3550 [7:53446] With port security command, but it won't help you. Anyone can connect passive sniffer to that port, and switch won't block the port since there is no incoming traffic (you will configure port to be SPAN, right ? So anyone can sniff on that port). Sasa JohnZ wrote: How do you enable port security on a 3550. I want to use a port for sniffer and want to make sure that only my laptop is able to gain access on that certain port. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53500t=53446 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Telnet session traversing PIX are timingout [7:53490]
I've seen this issue before with SSH timing out over a perfectly good connection without packet loss. The problem was with the MTU size being too small and the packet was getting dropped. The packet was going through a VPN tunnel through the network to a VPN concentrator. Here's an example. The telnet packet was 1435 bytes in size including all the headers. The Router maximum MTU was 1456 for example. So far so good... Looks like it should get through, correct ports are open etc.. Now the VPN encryption adds an extra 25 bytes for example ( I don't have exact numbers). Now you have a packet that is Encapsulated with encryption for a total size of 1460 bytes. Oh and what also happens is the VPN will put a DO NOT Fragment flag on the packet, because of the encryption. Whats going to happen once that packet hits the router with an MTU size of 1456? It gets dropped because the packet is too large. What happens to the telnet or SSH session, is it starts dropping packets and then times out. It doesn't receive and ACK's from the other end and thinks it is timing out. So A. Is there VPN involved? If so, could be MTU issue. B. Check the MTU size.Send some large sized pings over 1400 bytes in size with the Do not Fragment Flag. Find out if and where the MTU is set too low. C. Of course check for packet loss or extreme latency. Welp hopefully this helps from my experiences with this type of issue. Eddie Corio Inc. -Original Message- From: KM Reynolds [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 17, 2002 8:33 AM To: [EMAIL PROTECTED] Subject: Telnet session traversing PIX are timingout [7:53490] Hi, I have telnet sessions that orginate on the internal side of a PIX to a server on the external side that are timing out (after 60 seconds). Is there a command to increase the timeout period for telnet? If there is what is the max? TIA KR _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53501t=53490 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Port Security on 3550 [7:53446]
Kevin, port security works by monitoring INCOMING traffic to the switch. If source mac in incoming packets is not the one configured, port is either blocked or snmp trap is sent. And what if another computer use the port without sending any traffic (just capturing traffic, without sending anything) ? Switch won't shut it down. Sasa Kevin Wigle wrote: well I think port security would still be helpful. Port security is concerned with outgoing traffic from the port not incoming. setting the security to allow only one MAC would prevent another computer from using the port. If another computer tried to use the port with the wrong MAC then the port would shut down after 90 seconds. Kevin Wigle - Original Message - From: Sasa Milic To: Sent: Tuesday, September 17, 2002 1:20 PM Subject: Re: Port Security on 3550 [7:53446] With port security command, but it won't help you. Anyone can connect passive sniffer to that port, and switch won't block the port since there is no incoming traffic (you will configure port to be SPAN, right ? So anyone can sniff on that port). Sasa JohnZ wrote: How do you enable port security on a 3550. I want to use a port for sniffer and want to make sure that only my laptop is able to gain access on that certain port. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53502t=53446 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: token ring [7:53494]
yes, on codes from 12.0 and up you can configure a virtual-tokenrin X interface. Basically a loop back by another name but you can add source bridge commands ect. Cheers, Raul -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jake Sent: Tuesday, September 17, 2002 12:14 PM To: [EMAIL PROTECTED] Subject: token ring [7:53494] Is there any way to simulate Token ring on a router without having a Token ring interface in a lab environment? Thanks jake Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53503t=53494 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: What's the Technical difference between Switch and [7:53468]
R.S.Sundar wrote: Hello All, What's the Technical difference between Swich and Switching Hub. Generally we have hubs,switch and switching hub .In which situation a switching hub can be used. Can we use it instead of a switch. Switching hub isn't a technical term, so we can't answer the question with a technical answer. It sounds like it's specific to a particular product. So your best bet is to read the specs for that product. Cisco at one point used the term switching hub for some low-end switches that they had. They really were switches, not hubs. Each port provided dedicated bandwidth and connected just one device. The port couldn't connect a shared network or hub, just a single device. I guess Cisco used the term switching hub instead of switch because these low-end devices didn't have any fancy switching features to support VLANs, spanning tree, etc. Such a device could replace a hub and offer much higher performance, although, as mentioned, it must be placed into the topology in such a fashion that the ports connect just one device. It may support some uplink ports for connecting to other switches or shared networks. But the bottom line is that you need to read the specs for your actual product and see what the vendor means by this confusing, non-standard term switching hub. It's a shame that the vendor didn't stick to standard, technically-comprehensive terminology, which defines a switch as a data-link-layer device that offers dedicated bandwidth to each port, and a hub as a physical-layer device that offers shared bandwidth for the ports. Priscilla Regards, R.S.Sundar *** This message is proprietary to Future Software Limited (FSL) and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. FSL accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus. *** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53504t=53468 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Port Security on 3550 [7:53446]
well I guess we're mixing up directions... yes incoming from a device attached to a port on the switch. which would still help him but wouldn't be perfect. no, the port wouldn't shut down if a promiscuous mode nic was plugged in. It would receive everything. but that PC would not be able to send anything - to do so the switch would learn it's MAC - which wouldn't match and the port would shut down. But consider this... what info is passed between the switch and the NIC so that the Link light goes on? I don't know... will the switch still learn the MAC even if real traffic is not passed? Kevin Wigle - Original Message - From: Sasa Milic To: Sent: Tuesday, September 17, 2002 2:40 PM Subject: Re: Port Security on 3550 [7:53446] Kevin, port security works by monitoring INCOMING traffic to the switch. If source mac in incoming packets is not the one configured, port is either blocked or snmp trap is sent. And what if another computer use the port without sending any traffic (just capturing traffic, without sending anything) ? Switch won't shut it down. Sasa Kevin Wigle wrote: well I think port security would still be helpful. Port security is concerned with outgoing traffic from the port not incoming. setting the security to allow only one MAC would prevent another computer from using the port. If another computer tried to use the port with the wrong MAC then the port would shut down after 90 seconds. Kevin Wigle - Original Message - From: Sasa Milic To: Sent: Tuesday, September 17, 2002 1:20 PM Subject: Re: Port Security on 3550 [7:53446] With port security command, but it won't help you. Anyone can connect passive sniffer to that port, and switch won't block the port since there is no incoming traffic (you will configure port to be SPAN, right ? So anyone can sniff on that port). Sasa JohnZ wrote: How do you enable port security on a 3550. I want to use a port for sniffer and want to make sure that only my laptop is able to gain access on that certain port. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53505t=53446 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Port Security on 3550 [7:53446]
Kevin Wigle wrote: no, the port wouldn't shut down if a promiscuous mode nic was plugged in. It doesn't matter in what mode nic is working, prom or not. If nic is not sending traffic, port will stay up. but that PC would not be able to send anything Maybe owner of that PC don't want to send. That PC will be able to sniff everything, that's the point. But consider this... what info is passed between the switch and the NIC so that the Link light goes on? No MAC packets are exchanged. will the switch still learn the MAC even if real traffic is not passed? No. Regards, Sasa CCIE 8635 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53506t=53446 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Port Security on 3550 [7:53446]
Or, to expand the question further, for a Windows-based sniffer, does the Promiscuous Mode driver block even NetBIOS chatter from transmitting on the NIC plugged into the SPAN Switch Port?? I've never paid attention to data captures for that, but I think that a Windows-based Sniffer would give itself away by means of its NetBIOS broadcast to identify itself with other Windows clients. If that occurred, then I think the Port Security would come into action. Priscilla, care to comment?!?! Mark -Original Message- From: Kevin Wigle [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 17, 2002 2:25 PM To: [EMAIL PROTECTED] Subject: Re: Port Security on 3550 [7:53446] well I guess we're mixing up directions... yes incoming from a device attached to a port on the switch. which would still help him but wouldn't be perfect. no, the port wouldn't shut down if a promiscuous mode nic was plugged in. It would receive everything. but that PC would not be able to send anything - to do so the switch would learn it's MAC - which wouldn't match and the port would shut down. But consider this... what info is passed between the switch and the NIC so that the Link light goes on? I don't know... will the switch still learn the MAC even if real traffic is not passed? Kevin Wigle - Original Message - From: Sasa Milic To: Sent: Tuesday, September 17, 2002 2:40 PM Subject: Re: Port Security on 3550 [7:53446] Kevin, port security works by monitoring INCOMING traffic to the switch. If source mac in incoming packets is not the one configured, port is either blocked or snmp trap is sent. And what if another computer use the port without sending any traffic (just capturing traffic, without sending anything) ? Switch won't shut it down. Sasa Kevin Wigle wrote: well I think port security would still be helpful. Port security is concerned with outgoing traffic from the port not incoming. setting the security to allow only one MAC would prevent another computer from using the port. If another computer tried to use the port with the wrong MAC then the port would shut down after 90 seconds. Kevin Wigle - Original Message - From: Sasa Milic To: Sent: Tuesday, September 17, 2002 1:20 PM Subject: Re: Port Security on 3550 [7:53446] With port security command, but it won't help you. Anyone can connect passive sniffer to that port, and switch won't block the port since there is no incoming traffic (you will configure port to be SPAN, right ? So anyone can sniff on that port). Sasa JohnZ wrote: How do you enable port security on a 3550. I want to use a port for sniffer and want to make sure that only my laptop is able to gain access on that certain port. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53507t=53446 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IPM latency graphs [7:53508]
Folks, I have a friend that has a CiscoWorks IPM running on a LAN monitoring a couple of routers with STM-1 ATM interfaces on it (3 in one, and 2 on the other one). It monitors latency between this routers and the routers on the other end of th ATM interfaces (different routers). He's telling me that on the latency graph, it is on an average of 30ms, and sometimes the latency of an interface just bursts up to 500ms and sometimes up to 1s. This will happen on a per-interface basis, I mean, it won't happen at the same time for all the interfaces, but happens randomly between the ints. The interfaces are running on 80~100Mb each, and the router is on 20% CPU usage. The queues stays on 0 during these latency bursts. Does anybody have any idea on what can these bursts be? Once it is using RTR, it cannot be a problem on the LAN environment where the IPM sits, am I right? And the interfaces, although they are running on 100mb, they are not on 100% and there should be no latency before the interface is full, right? Any ideas? TIA Persio Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53508t=53508 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco Contract Center [7:53509]
When I try to log into the Serice contract center on Cisco.com, I get=20 =20 Exception: null StackTrace: java.lang.NullPointerException at CSA.CSAMenu.getParentItemId(CSAMenu.java, Compiled Code) at CSA.aoCSACommonData.setMenuId(aoCSACommonData.java, Compiled Code) at CSA.aoCSADispatch.getAppSpecificSettings(aoCSADispatch.java, Compiled Code) at CSA.aoCSADispatch.dynamicDispatch(aoCSADispatch.java, Compiled Code) at CSA.aoCSADisplay.getContractPage(aoCSADisplay.java, Compiled Code) at CSA.aoCSADisplay.dispatch(aoCSADisplay.java, Compiled Code) at java.lang.reflect.Method.invoke(Native Method) at CSA.aoCSADispatch.dispatchObject(aoCSADispatch.java, Compiled Code) at CSA.aoCSADispatch.dynamicDispatch(aoCSADispatch.java, Compiled Code) at CSA.aoCSADisplay.dispatch(aoCSADisplay.java, Compiled Code) at java.lang.reflect.Method.invoke(Native Method) at CSA.aoCSADispatch.dispatchObject(aoCSADispatch.java, Compiled Code) at CSA.aoCSADispatch.dynamicDispatch(aoCSADispatch.java, Compiled Code) at CSA.aoCSAMainImpl.runApplication(aoCSAMainImpl.java, Compiled Code) at CSA.uoCSADispatchImpl.action(uoCSADispatchImpl.java, Compiled Code) at CORP.uoAppTransition.action(uoAppTransition.java, Compiled Code) at CORP.uoApplicationServer.runApplication(uoApplicationServer.java, Compiled Code) at CORP.uoAppFrame.runApplicationWithEnvDecode(uoAppFrame.java, Compiled Code) at CORP.uoAppFrame.runApplicationWithBinEnv(uoAppFrame.java, Compiled Code) at CORP.uoCCFRequest.run(uoCCFRequest.java, Compiled Code) at CORP.CCFThread.run(CCFThread.java, Compiled Code) at java.lang.Thread.run(Thread.java, Compiled Code)=20 =20 Does anyone else have problems with this? I have contracts, but I add them and nothing happens. Very frustrating. I can't update my Pix because without the contract entries, I can't get to the software center. I tried emailing the address, got no response. I think they need to hire some new programmers at Cisco. And this is supposed to be the NEW SCC? Also after you log in, click on help, you get a Page not found. This is a disgrace. =20 [GroupStudy.com removed an attachment of type image/gif which had a name of image001.gif] [GroupStudy.com removed an attachment of type image/gif which had a name of image002.gif] [GroupStudy.com removed an attachment of type image/gif which had a name of image003.gif] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53509t=53509 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
hide networks in OSPF [7:53510]
hi, is it possible to hide networks in ospf? i have a network in area 2 and it should stay there, should not ne visible in areo 0 and all the other areas. is there a way to do it? i know, it doesnt really fit in how ospf works, but who knows. can someone point me to the feature if there is any? thanks a lot -bis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53510t=53510 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Site To Site VPN b/w PIX 515 and Open BSD [7:53511]
All- Any one knows to configure site to site VPN over IPSEC tunnel b/w PIX 515 and OpenBSD. Thanks -- Curious MCSE, CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53511t=53511 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hide networks in OSPF [7:53510]
You may want take a look at this: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122 t/122t11/ft11at3f.htm#xtocid1 HTHs Kent bi.s wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... hi, is it possible to hide networks in ospf? i have a network in area 2 and it should stay there, should not ne visible in areo 0 and all the other areas. is there a way to do it? i know, it doesnt really fit in how ospf works, but who knows. can someone point me to the feature if there is any? thanks a lot -bis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53512t=53510 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
EIGRP authentication. [7:53513]
If Router A and Router B are connected using serial interface, both of them are running EIGRP. On Router A, I have configure ip authentication mode eigrp AS# md5 and ip authentication key-chain eigrp AS# under interface configuration mode, also configure the key chain, key-string under global configuration mode. On Router B, I didn't nothing with EIGRP authentication. Router A and B suppose should not be able to set up neighbour relationship, but now Router A and Router can see each other while running show ip eigrp neighbour, the subnet information of Router A also appear in Router B routing table, and vice versa. Any configuration commands I missed? What debug command I can use to verify the authentication is working or not? Thank you for your input! E.D. __ Post your ad for free now! http://personals.yahoo.ca Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53513t=53513 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CSIDS [7:53514]
Good afternoon. I wonder if any one has done the CSIDS cisco exam, and can tell me how hard is it, and it's passing score. Thank you Nuno Ventura Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53514t=53514 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX Access-list host to host [7:53515]
Hi, Can some one tell me if it's possible to give full access host to host without specifing a port. Basically what I would like to do is open up temporarily complete access between a host on the outside and one on the inside. I have searched the CCO and havn't found any thing that tells me it's possible. Thanks, Shawn Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53515t=53515 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Jumbo Frames On 6509 help... [7:53516]
Hello all, I have 2 win2k servers with 3com 3C996 Gigabit Cards attached to a cisco 6509 with a WS-X6408-GBIC 8 port gigabit module. I have turned off trunking and channeling on the two ports on my 6509 and I have enabled jumbo frames which is supposed to set the mtu size to 9216. They are also in their own vlan and the mtu in the vlan is set to 9216 as well. On the 3com cards themselves, when I try to raise the mtu above the standard 1500, I get Giants on my switch. It is like the 6509 is not really allowing packets over the 1500 mtu size even though the jumbo frames are enabled. Any ideas? Here is the show port jumbo command which verifies that my 2 ports are enabled for jumbo frames. 6509 (enable) show port jumbo Jumbo frames MTU size is 9216 bytes. Jumbo frames enabled on port(s) 9/2-3. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53516t=53516 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: EIGRP authentication. [7:53513]
Configuration basically correct on router A side. Can you try a 'clear ip eigrp nei' and see what happen? I have experience I have to apply this config in router twice to get it work. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53517t=53513 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: hide networks in OSPF [7:53510]
I remember when do area range command, we have a no-advertise option. this may help. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53518t=53510 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MPLS for 2500 [7:53353]
Definitely yes with PPP - a new NCP (MPLSCP) provides indication that the frame is an MPLS frame instead of an IP or IPX frame. MPLS is treated as just another network layer protocol. Not sure about HDLC though. Richard Larkin -Original Message- From: Tom Scott [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 17 September 2002 4:41 AM To: [EMAIL PROTECTED] Subject: Re: MPLS for 2500 [7:53353] MPLS'ers, Assuming you find the IOS that supports MPLS on the 2500 or 2600, is it possible then to set up a little MPLS cloud with HDLC or PPP links connecting the routers? Alternatively, we have used the MPLS routers as access devices to connect to a FR cloud (ATM too but we don't have the ATM switches yet). But we'd like to just use three or four inexpensive 2500/2600 routers with HDLC/PPP serial links as the cloud. Can it be done? -- TT Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53519t=53353 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EIGRP authentication. [7:53513]
clear ip eigrp nei doesn't work for me. Router A and B can still see each other and send the routing update. Looks like this problem only exist when Router A and B is already running EIGRP and you want to add the authentication later. When I configure the Router A with authentication from the very beginning, the authentication works properly. E.D. - Original Message - From: ccie fan Newsgroups: groupstudy.cisco Sent: September 17, 2002 7:38 PM Subject: RE: EIGRP authentication. [7:53513] Configuration basically correct on router A side. Can you try a 'clear ip eigrp nei' and see what happen? I have experience I have to apply this config in router twice to get it work. __ Post your free ad now! http://personals.yahoo.ca Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53520t=53513 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multicast quesion.. [7:53449]
Hi Paul, To configure a router to be an Auto-RP use the following command: Router(config)# ip pim send-rp-announce scope This should be applied on both R1 R2 in your scenario. To configure a router a RP mapping agent (R4 in your scenario) use: Router(config)#ip pim send-rp-discovery scope Routers configured as Auto-RP advertises Cisco-RP-Announce at 224.0.1.39 while routers configured as RP mapping agents listens on this IP and sends inturn the RP-to-group mappings in an auto-RP RP discovery message to the well known Cisco-RP-Discovery 224.0.1.40 PIM DRs listen to 224.0.1.40 to determine which RP to use. Kindly let us know if this will work out or not as I am not that strong with Multicast and it happens for me to be studying it now so I looked for the commands but never tried it myself. Regards, Yasser From: Casey, Paul (6822) Can someone help me with the following.. Its from a lab I am working on.. R1 and R2 should dynamically become RP's for 236.1.1.17 and 236.1.8.90 R4 should be capable of assigning RP's for these groups. But should not be able to become an RP itself.. Can someone help me to do this.. Kind regards. Paul. -- Sent from my BlackBerry Wireless Handheld This E-mail is from O2. The E-mail and any files transmitted with it are confidential and may also be privileged and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised direct or indirect dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received the E-mail in error please notify [EMAIL PROTECTED] or telephone ++ 353 1 6095000. * misconduct and Nondisclosure violations to [EMAIL PROTECTED] MSN Photos is the easiest way to share and print your photos: Click Here Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53521t=53449 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Telnet session traversing PIX are timingout [7:53490]
Eddie, There is no VPN involved. I don't think its a MTU problem. I am trying to find a similar command to the IOS Firewall's ip inspect name ... (Inspection rule for CBAC) for the PIX. I need to increase the idle timeout for the telnet application. However, I found your MTU explaination very informative. Someone mentioned to me about a VPN/MTU problem but did not go deeper into the cause. How did you resolve this MTU problem? Is there any writeups on this problem? KR From: Caballero, Eddie To: 'KM Reynolds' , [EMAIL PROTECTED] Subject: RE: Telnet session traversing PIX are timingout [7:53490] Date: Tue, 17 Sep 2002 11:26:07 -0700 I've seen this issue before with SSH timing out over a perfectly good connection without packet loss. The problem was with the MTU size being too small and the packet was getting dropped. The packet was going through a VPN tunnel through the network to a VPN concentrator. Here's an example. The telnet packet was 1435 bytes in size including all the headers. The Router maximum MTU was 1456 for example. So far so good... Looks like it should get through, correct ports are open etc.. Now the VPN encryption adds an extra 25 bytes for example ( I don't have exact numbers). Now you have a packet that is Encapsulated with encryption for a total size of 1460 bytes. Oh and what also happens is the VPN will put a DO NOT Fragment flag on the packet, because of the encryption. Whats going to happen once that packet hits the router with an MTU size of 1456? It gets dropped because the packet is too large. What happens to the telnet or SSH session, is it starts dropping packets and then times out. It doesn't receive and ACK's from the other end and thinks it is timing out. So A. Is there VPN involved? If so, could be MTU issue. B. Check the MTU size.Send some large sized pings over 1400 bytes in size with the Do not Fragment Flag. Find out if and where the MTU is set too low. C. Of course check for packet loss or extreme latency. Welp hopefully this helps from my experiences with this type of issue. Eddie Corio Inc. -Original Message- From: KM Reynolds [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 17, 2002 8:33 AM To: [EMAIL PROTECTED] Subject: Telnet session traversing PIX are timingout [7:53490] Hi, I have telnet sessions that orginate on the internal side of a PIX to a server on the external side that are timing out (after 60 seconds). Is there a command to increase the timeout period for telnet? If there is what is the max? TIA KR _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53522t=53490 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Access-list host to host [7:53515]
Access-list 101 permit ip host so.ur.ce.ip host dest.inat.ion.ip (public adrress of inside host via NAT, unless your doing NAT0 on the specific host) ... then, apply it to the outside interface. Someone correct me if I'm wrong. Mark -Original Message- From: JohnZ [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 17, 2002 5:52 PM To: [EMAIL PROTECTED] Subject: PIX Access-list host to host [7:53515] Hi, Can some one tell me if it's possible to give full access host to host without specifing a port. Basically what I would like to do is open up temporarily complete access between a host on the outside and one on the inside. I have searched the CCO and havn't found any thing that tells me it's possible. Thanks, Shawn Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53523t=53515 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MPLS for 2500 [7:53353]
If I understand this correctly, cisco routers support this RFC 3032 feature. Then the next question is, Do any Cisco routers support VoMPLS, where lines would bring analog or digital voice into voice ports and the router would translate (transcode?) the stream into bits that are encapsulated as the payload of MPLS frames in accord with MPLS Forum Implementation Agreement dated July 27, 2001? I'm not sure about the addressing and other details, but I'd just like to know if cisco routers can do this wihtout the intervention of IP packets. (And approximately what classifying, marking and queueing would the routers use on the PPP links if other traffic such as IP or IPX non-voice data were also present. But that is asking too much at this point. Maybe later.) -- TT Larkin, Richard wrote: Definitely yes with PPP - a new NCP (MPLSCP) provides indication that the frame is an MPLS frame instead of an IP or IPX frame. MPLS is treated as just another network layer protocol. Not sure about HDLC though. Richard Larkin -Original Message- From: Tom Scott [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 17 September 2002 4:41 AM To: [EMAIL PROTECTED] Subject: Re: MPLS for 2500 [7:53353] MPLS'ers, Assuming you find the IOS that supports MPLS on the 2500 or 2600, is it possible then to set up a little MPLS cloud with HDLC or PPP links connecting the routers? Alternatively, we have used the MPLS routers as access devices to connect to a FR cloud (ATM too but we don't have the ATM switches yet). But we'd like to just use three or four inexpensive 2500/2600 routers with HDLC/PPP serial links as the cloud. Can it be done? -- TT Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53524t=53353 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MPLS for 2500 [7:53353]
So has anyone actually found an IOS image for a 2500 that supports MPLS? I'd like to learn about MPLS in my home lab. I couldn't find anything in thr feature navigator. tm Tim Medley, CCNP+Voice, CCDP, CWNA Sr. Network Architect VoIP Group iReadyWorld -Original Message- From: Tom Scott [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 17, 2002 9:46 PM To: [EMAIL PROTECTED] Subject: Re: MPLS for 2500 [7:53353] If I understand this correctly, cisco routers support this RFC 3032 feature. Then the next question is, Do any Cisco routers support VoMPLS, where lines would bring analog or digital voice into voice ports and the router would translate (transcode?) the stream into bits that are encapsulated as the payload of MPLS frames in accord with MPLS Forum Implementation Agreement dated July 27, 2001? I'm not sure about the addressing and other details, but I'd just like to know if cisco routers can do this wihtout the intervention of IP packets. (And approximately what classifying, marking and queueing would the routers use on the PPP links if other traffic such as IP or IPX non-voice data were also present. But that is asking too much at this point. Maybe later.) -- TT Larkin, Richard wrote: Definitely yes with PPP - a new NCP (MPLSCP) provides indication that the frame is an MPLS frame instead of an IP or IPX frame. MPLS is treated as just another network layer protocol. Not sure about HDLC though. Richard Larkin -Original Message- From: Tom Scott [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 17 September 2002 4:41 AM To: [EMAIL PROTECTED] Subject: Re: MPLS for 2500 [7:53353] MPLS'ers, Assuming you find the IOS that supports MPLS on the 2500 or 2600, is it possible then to set up a little MPLS cloud with HDLC or PPP links connecting the routers? Alternatively, we have used the MPLS routers as access devices to connect to a FR cloud (ATM too but we don't have the ATM switches yet). But we'd like to just use three or four inexpensive 2500/2600 routers with HDLC/PPP serial links as the cloud. Can it be done? -- TT Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53525t=53353 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Feedback from Gettlabs users [7:53526]
Hi all, I would like to hear feedback regarding Gettlabs, in particular the quality (not just complexity) of the scenarios and the ease of use or online access. Feel free to respond directly. Thanks. Elmer Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53526t=53526 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Multicast quesion.. [7:53449]
I did some testing on this and Yasser is right on the money. Assign R1 to announce for the 236.1.1.0 and R2 to announce for the 236.1.8.0 networks. I can provide configs if you need, but there is not much to it. The basics for me was: Configure the interfaces between the routers and the clients for sparse-dense-mode and version 2 ( I don't know if V2 is needed ) Assign one of the routers as the RP mapping agent. You can test the config in several ways. I used the mcaster application on a lan segment. Else use the ip igmp join-group command for several of the groups. If you have the doc cd, read this. Its great IMO. http://127.0.0.1:8080/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcpt 3/1cfmulti.htm#xtocid38990 Thanks Larry -Original Message- From: YASSER ALY [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 17, 2002 7:55 PM To: [EMAIL PROTECTED] Subject: Re: Multicast quesion.. [7:53449] Hi Paul, To configure a router to be an Auto-RP use the following command: Router(config)# ip pim send-rp-announce scope This should be applied on both R1 R2 in your scenario. To configure a router a RP mapping agent (R4 in your scenario) use: Router(config)#ip pim send-rp-discovery scope Routers configured as Auto-RP advertises Cisco-RP-Announce at 224.0.1.39 while routers configured as RP mapping agents listens on this IP and sends inturn the RP-to-group mappings in an auto-RP RP discovery message to the well known Cisco-RP-Discovery 224.0.1.40 PIM DRs listen to 224.0.1.40 to determine which RP to use. Kindly let us know if this will work out or not as I am not that strong with Multicast and it happens for me to be studying it now so I looked for the commands but never tried it myself. Regards, Yasser From: Casey, Paul (6822) Can someone help me with the following.. Its from a lab I am working on.. R1 and R2 should dynamically become RP's for 236.1.1.17 and 236.1.8.90 R4 should be capable of assigning RP's for these groups. But should not be able to become an RP itself.. Can someone help me to do this.. Kind regards. Paul. -- Sent from my BlackBerry Wireless Handheld *** * This E-mail is from O2. The E-mail and any files transmitted with it are confidential and may also be privileged and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised direct or indirect dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received the E-mail in error please notify [EMAIL PROTECTED] or telephone ++ 353 1 6095000. *** ** misconduct and Nondisclosure violations to [EMAIL PROTECTED] MSN Photos is the easiest way to share and print your photos: Click Here Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53527t=53449 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Port Security on 3550 [7:53446]
not to question a CCIE but if you have a lab the sensible thing to do is to go it. and I agree with Mr. Odette not many windows products are quiet. I have a 1912 with enterprise and I configured it for: Global config mac-address-table permanent .B494.37E3 Ethernet 0/11 mac-address-table permanent 0260.8CD8.7B0E Ethernet 0/10 address-violation disable Interface config interface Ethernet 0/10 port secure port secure max-mac-count 1 ! interface Ethernet 0/11 port secure port secure max-mac-count 1 --- On port 10 is a MS-DOS client running the MS-DOS IP Client, no chatty windows overhead but still MS. On port 11 is a Win98 station. Now to be fair, I logged on to both stations before switching cables to make sure that most of the chattiness was finished. This table shows the result: Catalyst 1900 - Port Addressing Report PortAddresses --- 1 : Unaddressed 2 : Unaddressed 3 : Unaddressed 4 : Unaddressed 5 : Unaddressed 6 : Unaddressed 7 : Unaddressed 8 : Unaddressed 9 : Unaddressed 10 :Secured02-60-8C-D8-7B-0E 11 :Secured00-00-B4-94-37-E3 12 : Unaddressed AUI: Unaddressed A :Dynamic 10 Static 0 B : Unaddressed Port A is uplink to a 2924 where the servers and other stations are located. Now I simply exchange the cables, 10 for 11 and 11 for 10 and in a short time both ports are disabled. 9 : Suspended-no-linkbeat 10 : Disabled-violation 11 : Disabled-violation 12 : Suspended-no-linkbeat Now I switch the cables back and enable the ports. On the DOS station I have an old copy of FTP Lanwatch, I reboot and fire it up. I have not set a span port so all it sees are the broadcast packets but it does see them. I switch the cables again and only the Windows station causes the port to disable. Lanwatch keeps on trucking. 9 : Suspended-no-linkbeat 10 : Disabled-violation 11 : Enabled 12 : Suspended-no-linkbeat So the question remains if port security is beneficial for this application. If an unauthorized user does plug into the port, he/she must use an absolutely quiet program. (such as Lanwatch apparently) I don't know if the Unix(s) et al out there are absolutely quiet. It would be interesting to know what exactly happens when a device plugs into a port. You say that MAC frames are not exchanged. Well they don't have to be exchanged. If the device talks then the switch listens and acts accordingly. Perhaps port security won't completely deliver the required protection, but it would supply enough protection against most computers and therefore would still be usefull - or it wouldn't hurt. The best protection here would be physical security of the switch. Kevin Wigle CCDP CCNP MCSE CBE CBI - Original Message - From: Mark W. Odette II To: Sent: Tuesday, September 17, 2002 4:02 PM Subject: RE: Port Security on 3550 [7:53446] Or, to expand the question further, for a Windows-based sniffer, does the Promiscuous Mode driver block even NetBIOS chatter from transmitting on the NIC plugged into the SPAN Switch Port?? I've never paid attention to data captures for that, but I think that a Windows-based Sniffer would give itself away by means of its NetBIOS broadcast to identify itself with other Windows clients. If that occurred, then I think the Port Security would come into action. Priscilla, care to comment?!?! Mark -Original Message- From: Kevin Wigle [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 17, 2002 2:25 PM To: [EMAIL PROTECTED] Subject: Re: Port Security on 3550 [7:53446] well I guess we're mixing up directions... yes incoming from a device attached to a port on the switch. which would still help him but wouldn't be perfect. no, the port wouldn't shut down if a promiscuous mode nic was plugged in. It would receive everything. but that PC would not be able to send anything - to do so the switch would learn it's MAC - which wouldn't match and the port would shut down. But consider this... what info is passed between the switch and the NIC so that the Link light goes on? I don't know... will the switch still learn the MAC even if real traffic is not passed? Kevin Wigle - Original Message - From: Sasa Milic To: Sent: Tuesday, September 17, 2002 2:40 PM Subject: Re: Port Security on 3550 [7:53446] Kevin, port security works by monitoring INCOMING traffic to the switch. If source mac in incoming packets is not the one configured, port is either blocked or snmp trap is sent. And what if another computer use the port without sending any traffic (just capturing traffic, without sending anything) ? Switch won't shut it down. Sasa Kevin Wigle wrote: well I
RE: MPLS for 2500 [7:53353]
AFAIK no 2500 images will support MPLS, only the 2600 and above Francois -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tim Medley Sent: Wednesday, 18 September 2002 2:53 p.m. To: [EMAIL PROTECTED] Subject: RE: MPLS for 2500 [7:53353] So has anyone actually found an IOS image for a 2500 that supports MPLS? I'd like to learn about MPLS in my home lab. I couldn't find anything in thr feature navigator. tm Tim Medley, CCNP+Voice, CCDP, CWNA Sr. Network Architect VoIP Group iReadyWorld -Original Message- From: Tom Scott [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 17, 2002 9:46 PM To: [EMAIL PROTECTED] Subject: Re: MPLS for 2500 [7:53353] If I understand this correctly, cisco routers support this RFC 3032 feature. Then the next question is, Do any Cisco routers support VoMPLS, where lines would bring analog or digital voice into voice ports and the router would translate (transcode?) the stream into bits that are encapsulated as the payload of MPLS frames in accord with MPLS Forum Implementation Agreement dated July 27, 2001? I'm not sure about the addressing and other details, but I'd just like to know if cisco routers can do this wihtout the intervention of IP packets. (And approximately what classifying, marking and queueing would the routers use on the PPP links if other traffic such as IP or IPX non-voice data were also present. But that is asking too much at this point. Maybe later.) -- TT Larkin, Richard wrote: Definitely yes with PPP - a new NCP (MPLSCP) provides indication that the frame is an MPLS frame instead of an IP or IPX frame. MPLS is treated as just another network layer protocol. Not sure about HDLC though. Richard Larkin -Original Message- From: Tom Scott [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 17 September 2002 4:41 AM To: [EMAIL PROTECTED] Subject: Re: MPLS for 2500 [7:53353] MPLS'ers, Assuming you find the IOS that supports MPLS on the 2500 or 2600, is it possible then to set up a little MPLS cloud with HDLC or PPP links connecting the routers? Alternatively, we have used the MPLS routers as access devices to connect to a FR cloud (ATM too but we don't have the ATM switches yet). But we'd like to just use three or four inexpensive 2500/2600 routers with HDLC/PPP serial links as the cloud. Can it be done? -- TT Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53530t=53353 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What's the Technical difference between Switch and [7:53531]
Hi guys, Priscillia is correct. Yeah all marketing gimic's from different vendors. Either the device is a switch or it is a hub or a bridge. It cant be a combination. Hub is a hub = same broadcast domain and same collision domain. Switch is a switch = same broadcast domain but each port is a different collision domain. Hope that answers. Chaoo, Cisco_Maniac Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... R.S.Sundar wrote: Hello All, What's the Technical difference between Swich and Switching Hub. Generally we have hubs,switch and switching hub .In which situation a switching hub can be used. Can we use it instead of a switch. Switching hub isn't a technical term, so we can't answer the question with a technical answer. It sounds like it's specific to a particular product. So your best bet is to read the specs for that product. Cisco at one point used the term switching hub for some low-end switches that they had. They really were switches, not hubs. Each port provided dedicated bandwidth and connected just one device. The port couldn't connect a shared network or hub, just a single device. I guess Cisco used the term switching hub instead of switch because these low-end devices didn't have any fancy switching features to support VLANs, spanning tree, etc. Such a device could replace a hub and offer much higher performance, although, as mentioned, it must be placed into the topology in such a fashion that the ports connect just one device. It may support some uplink ports for connecting to other switches or shared networks. But the bottom line is that you need to read the specs for your actual product and see what the vendor means by this confusing, non-standard term switching hub. It's a shame that the vendor didn't stick to standard, technically-comprehensive terminology, which defines a switch as a data-link-layer device that offers dedicated bandwidth to each port, and a hub as a physical-layer device that offers shared bandwidth for the ports. Priscilla Regards, R.S.Sundar *** This message is proprietary to Future Software Limited (FSL) and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. FSL accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus. *** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53531t=53531 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Doubt on CLID [7:53370]
Hi Fayyaz, Thanks a lot for the information which u have given. While going through the Cisco Site, I was reading about Cisco RPM.Will Cisco RPM help or any one has tried the same? By upgrading the Cisco IOS will i be able to collect the digits on the Analog Modems with the help og Cisco RPM? Is there any other alternative meathod with the same setup. RegardsAnil --- Fayyaz Ahmed wrote: Hi Anil, what you want to do is not possible with your current hardware. Cisco support caller ID on none of the analog modem products: neither the WIC-AM nor the NM-AM. The problem is that cisco analog modems, (WIC-1AM, WIC-2AM, NM-8AM, and NM-16AM) have no way to collect the caller ID information and pass it to IOS for processing. You can screen by phone number using ISDN using the 'dialer caller' command. The reason it works with ISDN is that the call setup message includes the caller ID information. Unfortunatly the analog modems do not support caller ID, so we will be unable to collect the digits from the switch. I guess an alternate setup for caller ID authentication would be to replace the analog modem with a NM-6DM (6 Digital modems) and a ISDN network module, which would support CLID/ANI (if presented to us by the switch.). This would allow the ISDN switch to pass caller ID to the router. Kind Regards Fayyaz -Original Message- From: Anil Kumar [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 15, 2002 1:32 PM To: [EMAIL PROTECTED] Subject: Doubt on CLID [7:53370] Hi All, I have got following network setup. Cisco 3660 router with NM-16AM card. I have got a Cisco ACS v2.6 server for the aaa function. The router is configured for the aaa for the dail in users. In order to have more security on the dail in users, i wanted to enable the CLID faclity for the authentication apart from the username password. The analog lines has been enabled with the CLID faclity by the service provider. In order to make the above work does the router needs to configured so that to pass the dialled digits to the ACS server? If so, please let me know the sample configuration / URL for the router and if any special IOS is also required for the router. The 3660 Router is having 12.1 IOS version. Requst your help on this. Thanks in Advance, Regards...Anil __ Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com [EMAIL PROTECTED] = Thanks Regards V Anil Kumar __ Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53532t=53370 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EIGRP authentication. [7:53513]
Maybe this is wrong...and not the best thing to do in a production network...but would a clear ip route * do the trick? I think the problem is that the routes already exist in the routing table...clearing the neighbor relationship may not have an effect. I may be off base...please correct me if that is the case. Dain. enginedrive2002 wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... If Router A and Router B are connected using serial interface, both of them are running EIGRP. On Router A, I have configure ip authentication mode eigrp AS# md5 and ip authentication key-chain eigrp AS# under interface configuration mode, also configure the key chain, key-string under global configuration mode. On Router B, I didn't nothing with EIGRP authentication. Router A and B suppose should not be able to set up neighbour relationship, but now Router A and Router can see each other while running show ip eigrp neighbour, the subnet information of Router A also appear in Router B routing table, and vice versa. Any configuration commands I missed? What debug command I can use to verify the authentication is working or not? Thank you for your input! E.D. __ Post your ad for free now! http://personals.yahoo.ca Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53533t=53513 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Telnet session traversing PIX are timingout [7:53490]
What happens if you telnet from the pix to the external host...does it timeout then? Dain KM Reynolds wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, I have telnet sessions that orginate on the internal side of a PIX to a server on the external side that are timing out (after 60 seconds). Is there a command to increase the timeout period for telnet? If there is what is the max? TIA KR _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53534t=53490 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2500 memory question [7:53528]
People, Any advise for my problem is welcome : I have an 2501 with a 4MB DRAM module that works fine. Yesterday, I got 3 differents 8MB DRAM modules and I tried to upgrade it, but when it boots, it shows me only 4MB DRAM. I tried change the first module but, the other two gave me the same symptom. Anyone know something to help me? thanks a lot, leo Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53528t=53528 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]