Re: OT - ISDN viability - WAS: Re: VPDN - ISDN problems [7:53943]
FWIW I have implemented more ISDN backup than I care to remember but once configured and tested it works well. I always suggest that customers periodically test the backup, at least force tha ISDN connection up by pinging a test loopback or something. I had one customer who did't want to loose their SNA sessions, via DLSW, and ISDN backup with EIGRP converted fast enough that the SNA session stayed active. Dave Chuck's Long Road wrote: I see more complaints / problems / issues with ISDN and DDR in specific and in general, in real world and in test situations. Idle curiousity. Is ISDN really viable in terms of reliability for DDR applications? In any number of mission critical applications, I have seen major vendors, major enterprises, and major service providers use manual intervention as the preferred means to apply dial backup. I welcome the informed comments of those who are obviously more versed in the topic than I am, with my limited exposure.. Chuck Sujal G. Ajmera wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Enclosed ISDN CALL HISTORY of showing customers' connect time. It it disconnects within few seconds. I am 100% sure that there is no ISDN problem at either end. Sometimes the connect time ranges from 5 minutes to 30 minutes. This problem happens daily. Also enclosed the error log for then customer widia saying remote host closed this session . What does it mean ? Is the customer router at central location 'disconnecting' the remote location? Or is the link getting snapped due to network congestion? TIA, Sujal -- -- ISDN CALL HISTORY -- -- Call History contains all active calls, and a maximum of 100 inactive calls. Inactive call data will be retained for a maximum of 15 minutes. -- -- CallCalling Called Remote Seconds Seconds Seconds Charges TypeNumber Number NameUsedLeft Idle Units/Currency -- -- In448210936 446616319 +.f917.6023 35 In448210936 446616319 +.f917.6023 115 In448210936 446616319 +.f917.6023 68 In448210936 446616319 +.f917.6023 74 In448210936 446616319 +.f917.6023 56 -- -- SRIL_CHNA#sh vpdn history failure Table size: 20 Number of entries in table: 1 User: [EMAIL PROTECTED], MID = 54 NAS: test, IP address = xxx.xxx.xxx.xxx, CLID = 0 Gateway: Information is not applicable Log time: 1d23h, Error repeat count: 42 Failure type: The remote server closed this session Failure reason: Result 1002, Error 0 [GroupStudy.com removed an attachment of type application/ms-tnef which had a name of winmail.dat] -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53943t=53943 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: URGENT: problem with load balancing accross tw [7:53901]
Since this scenerio involves two differant ISP you will not want to do per packet loadsharing. But if this is the behaviour you desire you would enable per packet/per distination loadsharing on the egress (destination?) interface. Dave Priscilla Oppenheimer wrote: Stephane Litkowski wrote: If you don't want to (or can't) use CEF, just use the command : no ip route-cache on destination interfaces to desactivate FAST SWITCHING. Destination interfaces or ingress interfaces? I would think you would disable it on the incoming interfaces to disable the automatic behavior of using the fast-switching cache when a packet comes in. Correct me if I'm wrong, please. Thanks. Priscilla NB : using CEF is more efficient than using PROCESS SWITCHING. Stephane Russell Heilling a icrit dans le message de news: [EMAIL PROTECTED] afshin wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have got two internet links from two ISPs boths of which are directly connected to the lan . I would like to set the default gateway of my clients to the 3660 router I have on my network so that it will load balance the outgoing traffic accross the two seperate internet links. I though maybe two equal cost default routes would result in load balancing between equal cost paths . but it didn't work. Is there a command to allow load-balancing between equal cost static routes , that I am missing ? Policy routing is not quite what I want because the load will not be quite balanced. Any clues ? Default load balancing is per destination, so if you are testing from a single workstation you will always hit the same link. To get a more even load sharing you'll want to enable per packet load sharing. To do this globally enable CEF (ip cef in global config mode), and then add the following command to the interface config on the interfaces connecting to the ISPs: ip load-sharing per-packet. Hope this helps. Russell Heilling http://www.ccie.org.uk/ -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53942t=53901 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: bgp no-sync [7:53920]
Well I'll be damned I loaded 12.2.11T on a 7206 and simply did: MADVXR(config)#router bgp 1 MADVXR(config-router)#network 1.0.0.0 MADVXR(config-router)#^Z MADVXR#sh conf | beg router bgp router bgp 1 no synchronization bgp log-neighbor-changes network 1.0.0.0 no auto-summary Now can we get auto sumary disabled by default in EIGRP!? Dave Steven A. Ridder wrote: Is it me, or is no-sync the default in BGP in 12.2.11T? -- RFC 1149 Compliant -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53944t=53920 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Any 3662 routers.. [7:53946]
Hello, Please don't treat this as spam. If any one have a 3662 for sell at seconds rate, please let me know. Regards, Kiran Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53946t=53946 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Returned mail--look,my beautiful girl friend [7:53945]
The following mail can't be sent to [EMAIL PROTECTED]: From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: look,my beautiful girl friend The attachment is the original mail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53945t=53945 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PCMCIA Flash [7:53866]
You'd have to use an app on your laptop that recognizes the Cisco flash filesystem. Someone may have written this, although I personally haven't used it. Art Davis CCIE #6430 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53937t=53866 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Need help with Simple BGP Solution [7:53936]
have a customer that wants to implement BGP at his office. They want to have complete redundancy, not load balancing. They have some users coming in from the outside for VPN and email servers. They will be using T-1s to two separate ISPs and will use a separate router for each ISP connection. My questions are as follows: Can I use just one firewall? (I could run HSRP on the two routers, firewall would just forward to the phantom default gateway) They currently own a Sonicwall Pro 100. I would prefer they use a PIX, is there any reason why they can't use the Sonic? Do ISPs charge subcribers extra for advertising routes through the other ISP (BGP)? I also want to have default routes to the ISP. I don't believe this customer needs the added routing accuracy, if it means they will need routers with 128 MB or ram. Thanks Wayne Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53936t=53936 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OT: Outlets England [7:53864]
I was hoping to find an UPS or surge protector that would work with both US and UK, but after thinking, might be easier to find something when I get there. Thanks anyway. Pierre-Alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53939t=53864 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OT - ISDN viability - WAS: Re: VPDN - ISDN problem [7:53931]
Hell yeah. We use ISDN to automatically failover. With over 350 remote sites, it's not uncommon to have a main link to an office fail somewhere. With automatic failover, our users often don't even know something's failed. Manual intervention? You've got to be kidding. To tweak and tune if necessary, sure, but to initiate failover - no way. Been there, done that, bad idea in our network. Anyway, in Australia at least, it's still the most cost-effective failover for a network like ours (lots of sites, geographically dispersed). It has some annoyances, sure - but it's still definitely an option for me. JMcL Chuck's Long Road wrote: I see more complaints / problems / issues with ISDN and DDR in specific and in general, in real world and in test situations. Idle curiousity. Is ISDN really viable in terms of reliability for DDR applications? In any number of mission critical applications, I have seen major vendors, major enterprises, and major service providers use manual intervention as the preferred means to apply dial backup. I welcome the informed comments of those who are obviously more versed in the topic than I am, with my limited exposure.. Chuck [snipped] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53940t=53931 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
origin of split horizon? [7:53938]
Can anyone here tell me how the term split horizon came to be applied to routing protocols? Who first used the term and when? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53938t=53938 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Certificatiom [7:53666]
Make the individual go to their Test History at Cisco. This will show when the test was passed and I believe when it expires. Robert Edmonds wrote: At my last organization, we had someone who lied about their Microsoft certification. We just called the number that you would call to check your own status, told them what we suspected, and they verified it. Try that. Kaminski, Shawn G wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Yes. The Cisco website has a section that allows you to check CCIE status. You need the person's name and their CCIE # to verify it. As for the CCNP, I haven't heard of anything to check this status. Shawn K. -Original Message- From: Han Chuan Alex Ang [SMTP:[EMAIL PROTECTED]] Sent: Thursday, September 19, 2002 9:41 PM To: [EMAIL PROTECTED] Subject: Certificatiom [7:53666] hi, everyone , is there any way to verify if it is true if a person claimed he has a CCNP or CCIE certification ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53947t=53666 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
rsm secondary IP address [7:53948]
cisco gurus! Does IOS c5rsm-jsv-mz.121-7.bin support secondary IP addressing on 5513 catalyst switch with a layer3 switch (RSM).I've configured my interface vlan2 with a secondary IP address but I can't ping my host From the rsm nor cannot ping the gateway (2nd IP) from the host and to Isolate the problem I've created another interface vlan3 and port then Add the IP address as primary address and it works fine. Regards Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53948t=53948 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: token ring rj45 to db9 cabling [7:53860]
When I made filters for my token ring routers to my 3900 I used this link as a reference: http://www.walshcomptech.com/ohlandl/NIC/TR-cable.html The pins we are worried about on the 9pin D plug end are 1,5,6, and 9. The pins on the rj45 side are 3,4,5, and 6. 9pin 1 = rj pin 5 9pin 5 = rj pin 6 9pin 6 = rj pin 4 9pin 9 = rj pin 3 Mike Munoz -Original Message- From: hall annie [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 22, 2002 3:17 PM To: [EMAIL PROTECTED] Subject: token ring rj45 to db9 cabling [7:53860] Okay, I give up. I can't seem to get this to work. I've tried various adapters (self-done) and I'm stuck. I have a 2502 and I don't have the rj-45 to db9 adapter, and I need to fabricate one. Does anyone know the pinout colors that will work with a Cisco 2502? I thought it was 1-red 5-black 6-green 9 -orange (on the db9 to rj45 adapter), but lately I've been thinking it might be: 1-green,5-black, 6-red, 9-orange Or perhaps I've got a bad db9 port on my 2502? I have a known good rj45 token ring mau/lam. It works when it connects to servers/workstations that have rj-45 ports on their token ring cards, but not with my home-made rj-45 adapter for my Cisco router. Can anyone assist? Thanks in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53949t=53860 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Just Testing [7:53950]
Just testing, Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53950t=53950 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Certificatiom [7:53666]
Mark Babbitt wrote: Make the individual go to their Test History at Cisco. This will show when the test was passed and also their testing ID (often social security number in US). I would have an issue with showing my social security number to anyone outside of the payroll or HR department of an employer. I think that requesting their Cisco ID and verifying their cert status through www.cisco.com/go/certsupport (as previously mentioned) would be a lot more appropriate. Peter Walker Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53952t=53666 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Please Please help!!! [7:53917]
--Yes, You definitely can do this, as I have done this already to simulate a network design in the lab before rolling it out for my customer. I used the 2600 as my Frame Switch and as a Router to the Internet, pretty much simulating a network of sites connected together via VPN connections over FR POP connections. It was pretty awesome pretending like I was the local telco in my lab. Also, I haven't tried it yet, but I am pretty sure you can use 4 of the serial ports to make a frame relay switch and then use the Ethernet port and the remaining serial ports as an IP router giving you two routers in one box. -Original Message- From: Don [mailto:[EMAIL PROTECTED]] Sent: Monday, September 23, 2002 1:26 PM To: [EMAIL PROTECTED] Subject: Re: Please Please help!!! [7:53917] Well, an NM-4A/S is probably cheaper if your NM slot is open. However, it only does 128k per connection instead of the 2-8 mbits of a WIC-2T. WIC-2T's seem to go for about $200-$250 each on ebay. A NM-4A/S seems to go for about $200-$250 on ebay. It may also depend on whether you want to leave your NM slot open for some other card, like an Ethernet interface or an adapter for two more WIC cards (be careful, not all such NM's are usable in a 2600). Biggest drawback is that it uses a different connector than the WIC-2T so you need more cables. Personally, I have a 2600 with a NM-4A/S, a WIC-2A/S and a WIC-2T. It gives me an eight port frame switch, plus I can use RS-232 cables for doing dial-up modem configurations. I suppose I could even swap one of the WIC's for an ISDN WIC for ISDN configurations, although I haven't checked to see which are compatible with 2600's yet. Also, I haven't tried it yet, but I am pretty sure you can use 4 of the serial ports to make a frame relay switch and then use the Ethernet port and the remaining serial ports as an IP router giving you two routers in one box. Don H wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello, I currently have a Cisco 2620. I am just wondering what would be the most economic / most cost effective way to get 4 Serial Ports in total onto the 2620 (so I can do 4 ports frame etc). I know I can get 2 x WIC-2T, but is there any other cheaper way? And would I need any special cables for them? Would be greatly appreciated if anyone can shed some light on this. Best Regards, H. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53941t=53917 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX questions [7:53953]
I keep having the following log in my PIX. It is very frequent. What is that mean? It seems my PIX deny this connection, but actually I want to allow it now and make it no longer log to the PIX log. 106011: Deny inbound (No xlate) udp src outside:200.100.182.173/58000 dst outside:192.168. 5.200/58000 106011: Deny inbound (No xlate) udp src outside:200.100.182.173/58000 dst outside:192.168. 5.200/58000 106011: Deny inbound (No xlate) udp src outside:200.100.182.79/58000 dst outside:192.168.5 .200/58001 106011: Deny inbound (No xlate) udp src outside:200.100.182.79/58000 dst outside:192.168.5 .200/58001 I tried to clear it by adding the following command in the PIX config to allow the connection to come in. However, I still found the same log in my PIX? What should be the correct command? conduit permit udp any range 58000 58001 any Question2- How to show the running-config in PIX? I found whenever I made a change on PIX. I can't see the change when I issue sh conf command until I do wr mem What is the router equivalent show running-config command in PIX? Thanks a lot == De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. == The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. == Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53953t=53953 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP AS Path Regular Expressions [7:53956]
Hi all, I'm trying to find a regexp to match AS PATH including AS200 only, but AS200 can be contained more than one time (AS PATH prepending). Example : 200 - Match 200 200 - Match 200 200 200 - Match 200 200 200 300 - Don't Match I tried to use this regexp : ^(200)+$ but it doesn't work, why ? However, the regexps : ^(200_)+$ seems to work. Can someone explain me why the first regexp doesn't work ? thanks. Stephane Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53956t=53956 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Input errors on catalyst 3548 [7:53957]
what could be the cause of large input errors on a catalyst switch? regards, Tunde Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53957t=53957 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: SIP vs H323 [7:53852]
I am not THE expert on these matters but it comes to play in my daily duties SIP is more flexible then H323 and H323 is a suite of protocols for real time traffic, SIP is far more suitable when looking at unified messaging Have a look at SMTP and then look at SIP ... you'll see some resemblance The security issues with SIP are sadly far greater then H323 I can fwd a good link on that regards Haakon Claassen EMEA - IT Transport Services -WAN Cisco Systems De Kleetlaan 6b - Pegasus Park B-1831 Diegem (Belgium) -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: maandag 23 september 2002 20:45 To: [EMAIL PROTECTED] Subject: Re: SIP vs H323 [7:53852] In what ways was the SIP equipment better? The fact that it comes from a www/internet IETF world, versus H.323 which comes from the ITU, wouldn't necessarily mean that it's better. In fact, to make a very broad generalization, the IETF has historically been involved with data networking which hasn't been that concerned about quality. Reliability is achieved, in general, by the sender retransmitting if there's no ACK, which doesn't work with voice. Quality is achieved by various hacks. ;-) At least in the U.S., our telephone networks have always been way more reliable and offered better quality than our data networks, which have been annoyingly flaky. When we pick up a phone to make a call, unless it's Mother's Day and all circuits are busy, it simply works. Problems are rare. Problems accessng data on intranets and the Internet are widespread. So it doesnt' fit with our paradign that you would think that SIP is better because it comes from a www/Internet world. SIP may be better because it's always easier to do something better the second time around. SIP is newer. H.323 is old. Anyway, this philosophical debate probably isn't that relevant, but things are slow today at work. ;-) Priscilla Gunjan Mathur wrote: I tested one SIP equipement of vonage, and that was far far better then any device using H323...that's the reason I want to know the diff in between these two. What I understand is SIP model works on www/internet and h323 model is telephony, I believe this is the main reason for the quality difference. What you suggest... TIA --- Steven A. Ridder wrote: I agree that SIP is the future, it just isn't there yet. There is some SIP being built into Unity and CM, but until everything is SIP (as opposed to MGCP/H.323 and Skinny), it just isn't useful yet. I know that SIP is being deployed in SP networks, and I have implemented it in a Telco, but for enterprise, it's useless. I can't wait til it is developed and more mature. Jason Weden wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Ok, so SIP is nowhere near useless. It is being used all over the place and will eventually replace H.323. Telcos like Vonage (which uses Cisco SIP equipment), deltathree, and Denwa are using it for last mile telephony connectivity for residences and enterprises, and WorldCom, after surfacing from its financial issues, will be using it on its global network as well. Microsoft has built a SIP client into Windows XP (Microsoft Messenger) and SIP is very flexible and extensible and the best place to start is http://www.sipcenter.com. PBX manufacturers like Mitel and Siemens have developed their PBX completely around SIP. To get back to Cisco (as this is a Cisco newsgroup), Cisco has taken the time and $$ to start to develop SIP functionality in its products despite the fact that it isn't need for AVVID at all. Though their initial SIP focus is on carrier-class products (since that is the logical choice -- see my list of companies above), my bet is that SIP will surface as a more central part of the AVVID architecture for the enterprise. A good Cisco link is here: http://www.cisco.com/warp/public/cc/techno/tyvdve/sip/prodlit/index.shtm l or here (which displays more enterprise scenarios): http://cisco.com/univercd/cc/td/doc/product/voice/sipsols/biggulp/index. htm Regards, Jason [EMAIL PROTECTED] __ Do you Yahoo!? New DSL Internet Access from SBC Yahoo! http://sbc.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53958t=53852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Input errors on catalyst 3548 [7:53957]
Tunde Kalejaiye wrote: what could be the cause of large input errors on a catalyst switch? The most likely cause is a duplex mismatch. Is it just on one port? What connects to that port? Could it be misconfigured or could the port be misconfigured for half/full duplex? What kind of errors are they? ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com regards, Tunde Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53959t=53957 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP AS Path Regular Expressions [7:53956]
Stephane, ^(200)+$ matches 200 or 200200 etc.. Of course, in case of as-path, it will only find 200. You want to use _ to match the space between the as-nums, so IOS will try to match the whole as-path. HTH Kent Stephane Litkowski wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, I'm trying to find a regexp to match AS PATH including AS200 only, but AS200 can be contained more than one time (AS PATH prepending). Example : 200 - Match 200 200 - Match 200 200 200 - Match 200 200 200 300 - Don't Match I tried to use this regexp : ^(200)+$ but it doesn't work, why ? However, the regexps : ^(200_)+$ seems to work. Can someone explain me why the first regexp doesn't work ? thanks. Stephane Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53960t=53956 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX questions [7:53953]
Hi Sim, There is some flaw in your security policy. Pls check the = configuration again. I am enclosing some info from CCO regarding the = syslog message 106011: %PIX-7-106011: Deny inbound (No xlate) chars Explanation This is a connection-related message. This message = occurs when a packet is sent to the same interface that it arrived on. = This usually indicates that a security breach is occurring. When the PIX = Firewall receives a packet, it tries to establish a translation slot = based on the security policy you set with the global and conduit = commands, and your routing policy set with the route command.=20 Failing both policies, PIX Firewall allows the packet to flow from the = higher priority network to a lower priority network, if it is consistent = with the security policy. If a packet comes from a lower priority = network and the security policy does not allow it, PIX Firewall routes = the packet back to the same interface. To provide access from an interface with a higher security to a lower = security, use the nat and global commands. For example, use the nat = command to let inside users access outside servers, to let inside users = access perimeter servers, and to let perimeter users access outside = servers. To provide access from an interface with a lower security to higher = security, use the static and conduit commands. For example, use the = static and conduit commands to let outside users access inside servers, = outside users access perimeter servers, or perimeter servers access = inside servers.=20 Action Fix your configuration to reflect your security policy for = handling these attack events.=20 In PIX the running configuration is shown by Show Config. Any changes = made in PIX will be effective only once you write them to the memory. = There is no such thing as startup and running configuration in PIX. To = add to this info, PIX uses an Operating system called Finesse which is = different from Cisco IOS. Hope this helps. Regards, Vamsi - Original Message -=20 From: Sim, CT (Chee Tong) To: Sent: Tuesday, September 24, 2002 4:49 PM Subject: PIX questions [7:53953] I keep having the following log in my PIX. It is very frequent. What = is that mean? It seems my PIX deny this connection, but actually I want = to allow it now and make it no longer log to the PIX log. =20 =20 106011: Deny inbound (No xlate) udp src outside:200.100.182.173/58000 = dst outside:192.168.5.200/58000 =20 106011: Deny inbound (No xlate) udp src outside:200.100.182.173/58000 = dst outside:192.168.5.200/58000 =20 106011: Deny inbound (No xlate) udp src outside:200.100.182.79/58000 = dst outside:192.168.5.200/58001 =20 106011: Deny inbound (No xlate) udp src outside:200.100.182.79/58000 = dst outside:192.168.5.200/58001 =20 I tried to clear it by adding the following command in the PIX config = to allow the connection to come in. However, I still found the same log = in my PIX? What should be the correct command? =20 =20 =20 conduit permit udp any range 58000 58001 any =20 =20 =20 =20 =20 Question2- How to show the running-config in PIX? I found whenever = I made a change on PIX. I can't see the change when I issue sh conf command = until I do wr mem What is the router equivalent show running-config = command in PIX? =20 =20 =20 Thanks a lot =20 =20 =20 =20 = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D De informatie opgenomen in dit bericht kan vertrouwelijk zijn en=20 is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht=20 onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en=20 de afzender direct te informeren door het bericht te retourneren.=20 = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D The information contained in this message may be confidential=20 and is intended to be exclusively for the addressee. Should you=20 receive this message unintentionally, please do not use the contents=20 herein and notify the sender immediately by return e-mail. =20 =20 = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 =20 =20 =20 **Disclaimer** Information contained in this E-MAIL being proprietary to Wipro Limited is 'privileged' and 'confidential' and intended for use only by the individual or entity to which it is addressed. You are notified that any use, copying or dissemination of the information contained in the E-MAIL in any manner whatsoever is strictly
Re: URGENT: problem with load balancing accross tw [7:53901]
I just done a test to verify ... Fast switching cache is established based on egress interfaces. So when a packet comes on an ingress interface (cache empty), first packet is routed (process switched) and an entry is cached for egress Interface (sh ip cache). If I disable fast switching on the egress interface, the entry disappears and no more entry are cached for this interface when packet come. For me, issuing the command no ip route-cache on an interface, disables caching for this interface. Stephane Priscilla Oppenheimer a icrit dans le message de news: [EMAIL PROTECTED] Stephane Litkowski wrote: If you don't want to (or can't) use CEF, just use the command : no ip route-cache on destination interfaces to desactivate FAST SWITCHING. Destination interfaces or ingress interfaces? I would think you would disable it on the incoming interfaces to disable the automatic behavior of using the fast-switching cache when a packet comes in. Correct me if I'm wrong, please. Thanks. Priscilla NB : using CEF is more efficient than using PROCESS SWITCHING. Stephane Russell Heilling a icrit dans le message de news: [EMAIL PROTECTED] afshin wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have got two internet links from two ISPs boths of which are directly connected to the lan . I would like to set the default gateway of my clients to the 3660 router I have on my network so that it will load balance the outgoing traffic accross the two seperate internet links. I though maybe two equal cost default routes would result in load balancing between equal cost paths . but it didn't work. Is there a command to allow load-balancing between equal cost static routes , that I am missing ? Policy routing is not quite what I want because the load will not be quite balanced. Any clues ? Default load balancing is per destination, so if you are testing from a single workstation you will always hit the same link. To get a more even load sharing you'll want to enable per packet load sharing. To do this globally enable CEF (ip cef in global config mode), and then add the following command to the interface config on the interfaces connecting to the ISPs: ip load-sharing per-packet. Hope this helps. Russell Heilling http://www.ccie.org.uk/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53963t=53901 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP AS Path Regular Expressions [7:53956]
Kent, As u said, ^(200)+$ will match my ASPATHs but not only ... However, when I configure it, this expression doesn't match ASPATH prepended like 200 200 200 (but 200 is present !). The not prepended ASPATH (200 only) is matched. I don't understand this behavior. Kent Yu a icrit dans le message de news: [EMAIL PROTECTED] Stephane, ^(200)+$ matches 200 or 200200 etc.. Of course, in case of as-path, it will only find 200. You want to use _ to match the space between the as-nums, so IOS will try to match the whole as-path. HTH Kent Stephane Litkowski wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, I'm trying to find a regexp to match AS PATH including AS200 only, but AS200 can be contained more than one time (AS PATH prepending). Example : 200 - Match 200 200 - Match 200 200 200 - Match 200 200 200 300 - Don't Match I tried to use this regexp : ^(200)+$ but it doesn't work, why ? However, the regexps : ^(200_)+$ seems to work. Can someone explain me why the first regexp doesn't work ? thanks. Stephane Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53964t=53956 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP Population [7:53965]
Someone have an idea how CCNP there around the world. CCEI it's easy. It's Cisco web page.But CCNP not. Dante Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53965t=53965 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP Population! [7:53966]
Does anybody have an idea about how many CCNP are around the world. Found that information about CCIE at Cisco web but nothing about CCNP. Thanks Dante Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53966t=53966 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX questions [7:53953]
Question 2: write term Sim, CT (Chee Tong) wrote:I keep having the following log in my PIX. It is very frequent. What is that mean? It seems my PIX deny this connection, but actually I want to allow it now and make it no longer log to the PIX log. 106011: Deny inbound (No xlate) udp src outside:200.100.182.173/58000 dst outside:192.168. 5.200/58000 106011: Deny inbound (No xlate) udp src outside:200.100.182.173/58000 dst outside:192.168. 5.200/58000 106011: Deny inbound (No xlate) udp src outside:200.100.182.79/58000 dst outside:192.168.5 .200/58001 106011: Deny inbound (No xlate) udp src outside:200.100.182.79/58000 dst outside:192.168.5 .200/58001 I tried to clear it by adding the following command in the PIX config to allow the connection to come in. However, I still found the same log in my PIX? What should be the correct command? conduit permit udp any range 58000 58001 any Question2- How to show the running-config in PIX? I found whenever I made a change on PIX. I can't see the change when I issue sh conf command until I do wr mem What is the router equivalent show running-config command in PIX? Thanks a lot == De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. == The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. == Do you Yahoo!? New DSL Internet Access from SBC Yahoo! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53967t=53953 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX questions [7:53953]
The problem here is the source and destination are outside. Why? PIX can't redirect traffic so even if conduit is allowing this traffic, PIX won't let it through, unless it's src outside and dst is inside. You either routing issue here or just something is misconfigured on the PIX. Use wr term on the PIX to view the current config. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sim, CT (Chee Tong) Sent: Tuesday, September 24, 2002 10:50 AM To: [EMAIL PROTECTED] Subject: PIX questions [7:53953] I keep having the following log in my PIX. It is very frequent. What is that mean? It seems my PIX deny this connection, but actually I want to allow it now and make it no longer log to the PIX log. 106011: Deny inbound (No xlate) udp src outside:200.100.182.173/58000 dst outside:192.168. 5.200/58000 106011: Deny inbound (No xlate) udp src outside:200.100.182.173/58000 dst outside:192.168. 5.200/58000 106011: Deny inbound (No xlate) udp src outside:200.100.182.79/58000 dst outside:192.168.5 .200/58001 106011: Deny inbound (No xlate) udp src outside:200.100.182.79/58000 dst outside:192.168.5 .200/58001 I tried to clear it by adding the following command in the PIX config to allow the connection to come in. However, I still found the same log in my PIX? What should be the correct command? conduit permit udp any range 58000 58001 any Question2- How to show the running-config in PIX? I found whenever I made a change on PIX. I can't see the change when I issue sh conf command until I do wr mem What is the router equivalent show running-config command in PIX? Thanks a lot == De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. == The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. == Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53968t=53953 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: rsm secondary IP address [7:53948]
I seem to recall having to do an extended ping sourcing your secondary address to make your test work. That is no longer the case as I know I can do what your trying on a 6500/MSFC2 Dave sisco wrote: cisco gurus! Does IOS c5rsm-jsv-mz.121-7.bin support secondary IP addressing on 5513 catalyst switch with a layer3 switch (RSM).I've configured my interface vlan2 with a secondary IP address but I can't ping my host From the rsm nor cannot ping the gateway (2nd IP) from the host and to Isolate the problem I've created another interface vlan3 and port then Add the IP address as primary address and it works fine. Regards -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53969t=53948 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
How can I Fill out our unused bandwidth with dummy traffic [7:53970]
Dear sirs, I'm a member of technical staff in an ISP site. We have cable connection to the internet with 512k bandwidth. I require to do the following: 1- Measure our maximum connection speed to internet. 2- Fill out our unused bandwidth with dummy traffic. How can i do these? thanks for your prompt attention. With best regards Hassan Shojaie Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53970t=53970 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE written revised [7:53972]
Passing score 105: First attempt 77, Second attemp (yesterday) 95 =( . Next time you will be mine baby... Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53972t=53972 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Help needed with an extended access list [7:53971]
Hi All, I need your help please, here's a question about extended access lists, I have a network address of 171.17.0.0 and I need to divide this into 1024 subnets which means I have to use a mask of 255.255.255.192. The first usable subnet is 171.17.0.64 giving a usable range for the hosts address's on this subnet of 171.17.0.65 - 171.17.0.126 (i think this is correct)The ethernet interface on the router that these hosts are connected to is 171.17.0.65. Now, I need to create an extended access list that will deny telnet access from the hosts on the upper half of this range(171.17.0.96-126) to a serial interface(171.17.255.65) on a router a couple of hops away(so they can't telnet to the router). Could someone please give me an example list of what i need to do? How do I specify to deny only the upper half of the range with a wildcard mask? Is that the way to do it? Thank you Mark. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53971t=53971 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Same subnets on each side of an ATM WAN [7:53973]
I have an OC3 ATM WAN link that connect two LANs, but there are two identical subnets /30 on either side of the WAN link. Has any one ever had that type of setup and how is that possible with two identical public IP /30 subnets on either side of WAN connection? Here are the interfaces on either side of the wan AAAV7204#sh int fastEthernet 1/0 FastEthernet1/0 is up, line protocol is up Hardware is DEC21140A, address is 0003.6cce.f01c (bia 0003.6cce.f01c) Description: FE from PM to WDGB Internet address is 205.109.29.10/30 MTU 1500 bytes, BW 10 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 2/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, 100BaseTX/FX ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:21, output 00:00:00, output hang never Last clearing of show interface counters never Input queue: 0/75/4/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue :0/40 (size/max) 5 minute input rate 814000 bits/sec, 113 packets/sec 5 minute output rate 81000 bits/sec, 79 packets/sec 441800484 packets input, 1055724299 bytes Received 713 broadcasts, 0 runts, 0 giants, 2 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog 0 input packets with dribble condition detected 349363988 packets output, 1452170449 bytes, 0 underruns AAAV7206#sh ip int fastEthernet 1/0 FastEthernet1/0 is up, line protocol is up Internet address is 205.109.29.9/30 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP Flow switching is disabled IP CEF switching is enabled IP Fast switching turbo vecto Thank you, Randy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53973t=53973 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Same subnets on each side of an ATM WAN [7:53973]
I read about an almost identical (if not actually identical) issue on Cisco's website. The solution they gave was to do NAT on one side of the WAN link. McHugh Randy wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have an OC3 ATM WAN link that connect two LANs, but there are two identical subnets /30 on either side of the WAN link. Has any one ever had that type of setup and how is that possible with two identical public IP /30 subnets on either side of WAN connection? Here are the interfaces on either side of the wan AAAV7204#sh int fastEthernet 1/0 FastEthernet1/0 is up, line protocol is up Hardware is DEC21140A, address is 0003.6cce.f01c (bia 0003.6cce.f01c) Description: FE from PM to WDGB Internet address is 205.109.29.10/30 MTU 1500 bytes, BW 10 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 2/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, 100BaseTX/FX ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:21, output 00:00:00, output hang never Last clearing of show interface counters never Input queue: 0/75/4/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue :0/40 (size/max) 5 minute input rate 814000 bits/sec, 113 packets/sec 5 minute output rate 81000 bits/sec, 79 packets/sec 441800484 packets input, 1055724299 bytes Received 713 broadcasts, 0 runts, 0 giants, 2 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog 0 input packets with dribble condition detected 349363988 packets output, 1452170449 bytes, 0 underruns AAAV7206#sh ip int fastEthernet 1/0 FastEthernet1/0 is up, line protocol is up Internet address is 205.109.29.9/30 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP Flow switching is disabled IP CEF switching is enabled IP Fast switching turbo vecto Thank you, Randy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53974t=53973 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: PIX questions [7:53953]
I had the same problem because of the following 172.16.64.3 is a IP address in the inside network; however, in someone turn off 172.16.64.3 and if someone try to access the machine the routing protocol send it to the default gateway the PIX. However on the PIX it knows that 172.16.0.0 is the inside addresses thus the error message u are getting. From: Lidiya White Date: 2002/09/24 Tue PM 01:38:57 EDT To: [EMAIL PROTECTED] Subject: RE: PIX questions [7:53953] The problem here is the source and destination are outside. Why? PIX can't redirect traffic so even if conduit is allowing this traffic, PIX won't let it through, unless it's src outside and dst is inside. You either routing issue here or just something is misconfigured on the PIX. Use wr term on the PIX to view the current config. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sim, CT (Chee Tong) Sent: Tuesday, September 24, 2002 10:50 AM To: [EMAIL PROTECTED] Subject: PIX questions [7:53953] I keep having the following log in my PIX. It is very frequent. What is that mean? It seems my PIX deny this connection, but actually I want to allow it now and make it no longer log to the PIX log. 106011: Deny inbound (No xlate) udp src outside:200.100.182.173/58000 dst outside:192.168. 5.200/58000 106011: Deny inbound (No xlate) udp src outside:200.100.182.173/58000 dst outside:192.168. 5.200/58000 106011: Deny inbound (No xlate) udp src outside:200.100.182.79/58000 dst outside:192.168.5 .200/58001 106011: Deny inbound (No xlate) udp src outside:200.100.182.79/58000 dst outside:192.168.5 .200/58001 I tried to clear it by adding the following command in the PIX config to allow the connection to come in. However, I still found the same log in my PIX? What should be the correct command? conduit permit udp any range 58000 58001 any Question2- How to show the running-config in PIX? I found whenever I made a change on PIX. I can't see the change when I issue sh conf command until I do wr mem What is the router equivalent show running-config command in PIX? Thanks a lot == De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. == The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. == Greg Owens 202-398-2552 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53975t=53953 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Same subnets on each side of an ATM WAN [7:53973]
It's more of a stop-gap than a long-term solution: http://www.cisco.com/warp/public/556/3.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53976t=53973 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Same subnets on each side of an ATM WAN [7:53973]
It's more of a stop-gap than a long-term solution: http://www.cisco.com/warp/public/556/3.htmlMcHugh Randy wrote: I have an OC3 ATM WAN link that connect two LANs, but there are two identical subnets /30 on either side of the WAN link. Has any one ever had that type of setup and how is that possible with two identical public IP /30 subnets on either side of WAN connection? Here are the interfaces on either side of the wan AAAV7204#sh int fastEthernet 1/0 FastEthernet1/0 is up, line protocol is up Hardware is DEC21140A, address is 0003.6cce.f01c (bia 0003.6cce.f01c) Description: FE from PM to WDGB Internet address is 205.109.29.10/30 MTU 1500 bytes, BW 10 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 2/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, 100BaseTX/FX ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:21, output 00:00:00, output hang never Last clearing of show interface counters never Input queue: 0/75/4/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue :0/40 (size/max) 5 minute input rate 814000 bits/sec, 113 packets/sec 5 minute output rate 81000 bits/sec, 79 packets/sec 441800484 packets input, 1055724299 bytes Received 713 broadcasts, 0 runts, 0 giants, 2 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog 0 input packets with dribble condition detected 349363988 packets output, 1452170449 bytes, 0 underruns AAAV7206#sh ip int fastEthernet 1/0 FastEthernet1/0 is up, line protocol is up Internet address is 205.109.29.9/30 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP Flow switching is disabled IP CEF switching is enabled IP Fast switching turbo vecto Thank you, Randy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53977t=53973 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP AS Path Regular Expressions [7:53956]
Stephane, As u said, ^(200)+$ will match my ASPATHs but not only ... I am afraid that was not what I said :) However, when I configure it, this expression doesn't match ASPATH prepended like 200 200 200 (but 200 is present !). The not prepended ASPATH (200 only) is matched. I don't understand this behavior. As I said, ^(200)+$ would match 200 ONLY, we only have 2 bytes for the as-number, 200200 will not show up in a router. When you give IOS 200 200 200, it sees the spaces between the numbers, ^(200)+$ tells it to match some 200s without anything else in between them, space is something. Since you have ^ and $, it can not have anything before and after these 200s either. After reading the first 200, it expects the next thing is either 2 or end of line, but it sees the space following the first 200 in 200 200 200, that's a no-no. Kent Kent Yu a icrit dans le message de news: [EMAIL PROTECTED] Stephane, ^(200)+$ matches 200 or 200200 etc.. Of course, in case of as-path, it will only find 200. You want to use _ to match the space between the as-nums, so IOS will try to match the whole as-path. HTH Kent Stephane Litkowski wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, I'm trying to find a regexp to match AS PATH including AS200 only, but AS200 can be contained more than one time (AS PATH prepending). Example : 200 - Match 200 200 - Match 200 200 200 - Match 200 200 200 300 - Don't Match I tried to use this regexp : ^(200)+$ but it doesn't work, why ? However, the regexps : ^(200_)+$ seems to work. Can someone explain me why the first regexp doesn't work ? thanks. Stephane Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53978t=53956 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Same subnets on each side of an ATM WAN [7:53973]
It's very possible to misconfigure a network!!! Dave McHugh Randy wrote: I have an OC3 ATM WAN link that connect two LANs, but there are two identical subnets /30 on either side of the WAN link. Has any one ever had that type of setup and how is that possible with two identical public IP /30 subnets on either side of WAN connection? Here are the interfaces on either side of the wan AAAV7204#sh int fastEthernet 1/0 FastEthernet1/0 is up, line protocol is up Hardware is DEC21140A, address is 0003.6cce.f01c (bia 0003.6cce.f01c) Description: FE from PM to WDGB Internet address is 205.109.29.10/30 MTU 1500 bytes, BW 10 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 2/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, 100BaseTX/FX ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:21, output 00:00:00, output hang never Last clearing of show interface counters never Input queue: 0/75/4/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue :0/40 (size/max) 5 minute input rate 814000 bits/sec, 113 packets/sec 5 minute output rate 81000 bits/sec, 79 packets/sec 441800484 packets input, 1055724299 bytes Received 713 broadcasts, 0 runts, 0 giants, 2 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog 0 input packets with dribble condition detected 349363988 packets output, 1452170449 bytes, 0 underruns AAAV7206#sh ip int fastEthernet 1/0 FastEthernet1/0 is up, line protocol is up Internet address is 205.109.29.9/30 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP Flow switching is disabled IP CEF switching is enabled IP Fast switching turbo vecto Thank you, Randy -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53979t=53973 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How can I Fill out our unused bandwidth with dummy traffic [7:53980]
shojaee wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear sirs, I'm a member of technical staff in an ISP site. We have cable connection to the internet with 512k bandwidth. I require to do the following: 1- Measure our maximum connection speed to internet. CL: just a wild guess - 512K 2- Fill out our unused bandwidth with dummy traffic. CL: do a lot of pinging? CL: I give up - why would you want to do this or care? How can i do these? thanks for your prompt attention. With best regards Hassan Shojaie Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53980t=53980 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
4000 router console cable [7:53981]
I just acquired a 4000 router and can't get it to respond through the console port. As usual in this case, I suspect I have a cable problem. I thought I needed a straight through DB9-DB25 modem cable, but it doesn't seem to work. I want to make sure I have the right cable before I start chasing other possibilities. Is this in fact the right cable? I have searched the archives and looked at several CCO links without a clear answer (maybe I'm just not smart enough to understand what I'm reading :-)). What I'd really like is something ultra-simple, like db-25 pin2 to db-9 pin3 and so on. Can anyone point that out to me? TIA. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53981t=53981 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How can I Fill out our unused bandwidth with dummy [7:53970]
You might try TCPspeed. I have used it in the past to verify CIR (at least approximately). http://maximized.com/freeware/tcpspeed/ shojaee wrote: Dear sirs, I'm a member of technical staff in an ISP site. We have cable connection to the internet with 512k bandwidth. I require to do the following: 1- Measure our maximum connection speed to internet. 2- Fill out our unused bandwidth with dummy traffic. How can i do these? thanks for your prompt attention. With best regards Hassan Shojaie Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53982t=53970 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OT - ISDN viability - WAS: Re: VPDN - ISDN problem [7:53983]
Where I work ISDN is primarily used for DDR since it is the most cost effective soln in Aust - especially if you have a large number of sites to cover as Jenny pointed out. With that in mind, the way of thinking being 'we only want to pay for what we use'. There's no point in having an fr circuit as backup for each remote/branch site. Of course with our main core trunk links into the telco cloud we wouldn't consider ISDN for backup. The majority of issues regarding ISDN I have had experience over here are with provider's equipement (we have subscription to every major telco in aust. and only one telco [no names mentioned] seems to give us ongoing grief with their dated equipment - lucent att - framed route issues with ldap), and of course dialer watch :) The current configuration we have would fail bringing up the isdn circuit sporadically on a watched subnet. Resolution? changed dialer watch group to any other number BUT 1. Go figure. In regards to manual intervention.. i hope not :-)I have worked for the 2 major telco's in Aust and there's no manual intervention happening there in context of servicing their customers. MV -Original Message- From: Jenny McLeod [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 24 September 2002 9:21 AM To: [EMAIL PROTECTED] Subject: RE: OT - ISDN viability - WAS: Re: VPDN - ISDN problem [7:53931] Hell yeah. We use ISDN to automatically failover. With over 350 remote sites, it's not uncommon to have a main link to an office fail somewhere. With automatic failover, our users often don't even know something's failed. Manual intervention? You've got to be kidding. To tweak and tune if necessary, sure, but to initiate failover - no way. Been there, done that, bad idea in our network. Anyway, in Australia at least, it's still the most cost-effective failover for a network like ours (lots of sites, geographically dispersed). It has some annoyances, sure - but it's still definitely an option for me. JMcL Chuck's Long Road wrote: I see more complaints / problems / issues with ISDN and DDR in specific and in general, in real world and in test situations. Idle curiousity. Is ISDN really viable in terms of reliability for DDR applications? In any number of mission critical applications, I have seen major vendors, major enterprises, and major service providers use manual intervention as the preferred means to apply dial backup. I welcome the informed comments of those who are obviously more versed in the topic than I am, with my limited exposure.. Chuck [snipped] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53983t=53983 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE written revised [7:53972]
Dude, Is it really that bad? Julio Godinez wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Passing score 105: First attempt 77, Second attemp (yesterday) 95 =( . Next time you will be mine baby... Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53984t=53972 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Hello....anybody home...... [7:53951]
Team, Any one out there, are we alive, no messages in my inbox from this group since yesterdayno goodvery scary..what is goin onnn Juan Blanco The greatest glory in living lies not in never falling, but in rising every time we fall . -- Nelson Mandela Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53951t=53951 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX [7:53955]
I have a PIX 525 and I am doing the initial configuration. I am trying to telnet to it to load the 6.2 version. I have my laptop directly connect to the inside interface via a CAT 5 cable. The inside interface and my laptop are on the same network. I also have the telnet command in the configuration. I am not able to telnet to the PIX. Can anyone help? Naomi James Computer Services and Information Technology Savannah State University 912-356-2509 [GroupStudy.com removed an attachment of type image/gif which had a name of Mabelt.gif] [GroupStudy.com removed an attachment of type image/gif which had a name of Mabelb.gif] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53955t=53955 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 4000 router console cable [7:53981]
Isn't the cable to the console port of the 4000 the standard Cisco rollover cable ? Regards.Gary At 07:12 PM 9/24/02 +, you wrote: I just acquired a 4000 router and can't get it to respond through the console port. As usual in this case, I suspect I have a cable problem. I thought I needed a straight through DB9-DB25 modem cable, but it doesn't seem to work. I want to make sure I have the right cable before I start chasing other possibilities. Is this in fact the right cable? I have searched the archives and looked at several CCO links without a clear answer (maybe I'm just not smart enough to understand what I'm reading :-)). What I'd really like is something ultra-simple, like db-25 pin2 to db-9 pin3 and so on. Can anyone point that out to me? TIA. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53985t=53981 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 4000 router console cable [7:53981]
Straight thru yes but you still need to use the correct pins. you have the pin 2-3 correct, also 3-2 and 7-5. On the DB25 you use 2,3 and 7, yellow, black and red. Dave Black Jack wrote: I just acquired a 4000 router and can't get it to respond through the console port. As usual in this case, I suspect I have a cable problem. I thought I needed a straight through DB9-DB25 modem cable, but it doesn't seem to work. I want to make sure I have the right cable before I start chasing other possibilities. Is this in fact the right cable? I have searched the archives and looked at several CCO links without a clear answer (maybe I'm just not smart enough to understand what I'm reading :-)). What I'd really like is something ultra-simple, like db-25 pin2 to db-9 pin3 and so on. Can anyone point that out to me? TIA. -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53986t=53981 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
HELP:Problem with Policy Mapping [7:53954]
Hello All, I am facing a very typical problem. The test set-up includes 2 sites. There are 2 simultaneous links (one of 64Kbps Leased Line and the other of 32Kbps VSAT Link) between the 2 sites. What I want to achieve is that my application (which is real-time) should go on the 64K link while rest all traffic (like mails and intranet) should go on the 32Kbps link. When any of the link is down, then the affected traffic shud switch to the other link with higher priority to the application. I have defined access-lists and route-map policies accordingly. I have applied the policy on the LAN port of the router. Also, the serial ports are IP Unumbered. I am facing the problem only when the Leased Line is down and the traffic has to shift to VSAT. I have configured EIGRP on the routers. When I do a debug, it clearly shows me the traffic is going according to the policy map. When I give a loop on the LL modem at one end, the line protocol as well as the serial port goes down. On the other router, the serial port shows me looped, the line protocol is down but the serial port is (as all the EIA signals are up). When I see the IP Route to the destination, there is only one route thru the VSAT link. Now because of this serial port up, the far-end router still pushes the packets to this serial port (as it sees that it is up) but end to end connectivity is not thru cos the line protocol is down. When I manually shut down the port, then the packet starts going thru the alternate route and end to end connectivity is through. As soon as I remove the shutdown, the connectivity is lost again. Now what is bugging me is that I have tested the same setup at one more location and it works absolutely fine there be it switchover from Leased Line to VSAt or vice-versa. When the Leased Line modem is given a loop, the serial as well as line protocol is down. The far end serial port is looped, line protocol is down serial port is up (all EIA signals are up). Even then the traffic shifts to VSAT and the connectivity still exists. I checked the configuration of both the set-ups line by line but no use. The only difference in the 2 set-ups is that the problematic one is on CISCO 2600 series while the working one is on 2500 series router. I am attaching the config as well as the version of the 2 different series router. I am really in a fix as to what to do next. Please help me out. Thanx __ Do you Yahoo!? New DSL Internet Access from SBC Yahoo! http://sbc.yahoo.com Router1#sh run Building configuration... Current configuration: ! version 12.0 service config service timestamps debug datetime service timestamps log datetime service password-encryption ! hostname Router1 ! logging buffered 4096 debugging enable secret 5 $1$XFoc$D6BWEJhMx2tw2jVS927je1 ! ip subnet-zero no ip domain-lookup ! voice-port 1/0/0 ! voice-port 1/0/1 ! ! ! ! ! interface Ethernet0/0 ip address 159.12.30.2 255.255.255.0 secondary ip address 159.12.30.1 255.255.255.0 no ip directed-broadcast no ip mroute-cache ip policy route-map nil load-interval 30 no cdp enable ! interface Serial0/0 description 32K SCPC Link bandwidth 32 ip unnumbered Ethernet0/0 no ip directed-broadcast encapsulation ppp no ip route-cache no ip mroute-cache load-interval 30 priority-group 2 compress stac ! interface Ethernet0/1 no ip address no ip directed-broadcast shutdown no cdp enable ! interface Serial0/1 description 64K Leased Line bandwidth 64 ip unnumbered Ethernet0/0 no ip directed-broadcast ip rtp reserve 16384 16000 24 encapsulation ppp no ip route-cache ip rtp header-compression iphc-format ip tcp header-compression iphc-format no ip mroute-cache load-interval 30 priority-group 2 compress stac ! interface Serial0/2 no ip address no ip directed-broadcast shutdown ! interface Serial0/3 no ip address no ip directed-broadcast shutdown ! router eigrp 10 network 159.12.0.0 no auto-summary ! ip classless ! access-list 110 permit ip any host 159.12.212.2 access-list 120 permit ip any host 159.12.213.6 priority-list 2 protocol ip high tcp telnet priority-list 2 default low route-map nil permit 10 match ip address 110 set interface Serial0/1 ! route-map nil permit 15 match ip address 120 set interface Serial0/0 ! ! line con 0 exec-timeout 1 0 transport input none line aux 0 line vty 0 4 exec-timeout 1 0 password 7 105B191D040317 login ! no scheduler allocate end Router1#sh ver Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(8), RELEASE SOFTWARE (fc1) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Mon 29-Nov-99 15:15 by kpma Image text-base: 0x80008088, data-base: 0x808E63A0 ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) ROuter1 uptime is 1 week, 2 days, 22 hours, 2 minutes System restarted by power-on System image file is flash:c2600-is-mz-120-8 cisco 2611 (MPC860) processor (revision 0x203) with
RE: PIX [7:53955]
You may want to check if your link led is on and if you can ping the inside interface also the ip of the laptop needs to be defined using the telnet command. -Original Message- From: Naomi James [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 24, 2002 9:02 AM To: [EMAIL PROTECTED] Subject: PIX [7:53955] I have a PIX 525 and I am doing the initial configuration. I am trying to telnet to it to load the 6.2 version. I have my laptop directly connect to the inside interface via a CAT 5 cable. The inside interface and my laptop are on the same network. I also have the telnet command in the configuration. I am not able to telnet to the PIX. Can anyone help? Naomi James Computer Services and Information Technology Savannah State University 912-356-2509 [GroupStudy.com removed an attachment of type image/gif which had a name of Mabelt.gif] [GroupStudy.com removed an attachment of type image/gif which had a name of Mabelb.gif] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53987t=53955 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX [7:53955]
I'm not 100% sure, but I think if you want to connect to the ethernet port you will need a crossover cable. Why not connect to the console port to do the initial config anyway? Naomi James wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a PIX 525 and I am doing the initial configuration. I am trying to telnet to it to load the 6.2 version. I have my laptop directly connect to the inside interface via a CAT 5 cable. The inside interface and my laptop are on the same network. I also have the telnet command in the configuration. I am not able to telnet to the PIX. Can anyone help? Naomi James Computer Services and Information Technology Savannah State University 912-356-2509 [GroupStudy.com removed an attachment of type image/gif which had a name of Mabelt.gif] [GroupStudy.com removed an attachment of type image/gif which had a name of Mabelb.gif] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53988t=53955 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IPX ID [7:53989]
Hi Simple question, enabling IPX on a router: ipx routing x.x.x I want to use say 2.2.2 as the router ID. Problem is after I type this address and show run the router has taken one of the interface's Mac addresses as the router IPX ID. Is there something I am missing here? (I am using ver 12.1(5)T) cheers and thanks in advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53989t=53989 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 4000 router console cable [7:53981]
the cable you need is a console rollover not straight through. the adapter you are using is right. hth mark. -Original Message- From: Black Jack [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 25 September 2002 5:12 AM To: [EMAIL PROTECTED] Subject: 4000 router console cable [7:53981] I just acquired a 4000 router and can't get it to respond through the console port. As usual in this case, I suspect I have a cable problem. I thought I needed a straight through DB9-DB25 modem cable, but it doesn't seem to work. I want to make sure I have the right cable before I start chasing other possibilities. Is this in fact the right cable? I have searched the archives and looked at several CCO links without a clear answer (maybe I'm just not smart enough to understand what I'm reading :-)). What I'd really like is something ultra-simple, like db-25 pin2 to db-9 pin3 and so on. Can anyone point that out to me? TIA. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53990t=53981 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP AS Path Regular Expressions [7:53956]
Ok that's clear now !! thank you very much for your help. Kent Yu a icrit dans le message de news: [EMAIL PROTECTED] Stephane, As u said, ^(200)+$ will match my ASPATHs but not only ... I am afraid that was not what I said :) However, when I configure it, this expression doesn't match ASPATH prepended like 200 200 200 (but 200 is present !). The not prepended ASPATH (200 only) is matched. I don't understand this behavior. As I said, ^(200)+$ would match 200 ONLY, we only have 2 bytes for the as-number, 200200 will not show up in a router. When you give IOS 200 200 200, it sees the spaces between the numbers, ^(200)+$ tells it to match some 200s without anything else in between them, space is something. Since you have ^ and $, it can not have anything before and after these 200s either. After reading the first 200, it expects the next thing is either 2 or end of line, but it sees the space following the first 200 in 200 200 200, that's a no-no. Kent Kent Yu a icrit dans le message de news: [EMAIL PROTECTED] Stephane, ^(200)+$ matches 200 or 200200 etc.. Of course, in case of as-path, it will only find 200. You want to use _ to match the space between the as-nums, so IOS will try to match the whole as-path. HTH Kent Stephane Litkowski wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, I'm trying to find a regexp to match AS PATH including AS200 only, but AS200 can be contained more than one time (AS PATH prepending). Example : 200 - Match 200 200 - Match 200 200 200 - Match 200 200 200 300 - Don't Match I tried to use this regexp : ^(200)+$ but it doesn't work, why ? However, the regexps : ^(200_)+$ seems to work. Can someone explain me why the first regexp doesn't work ? thanks. Stephane Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53992t=53956 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Input errors on catalyst 3548 [7:53957]
When you use TFTP to download IOS image , please note , it is have a limitation! Priscilla Oppenheimer wrote: Tunde Kalejaiye wrote: what could be the cause of large input errors on a catalyst switch? The most likely cause is a duplex mismatch. Is it just on one port? What connects to that port? Could it be misconfigured or could the port be misconfigured for half/full duplex? What kind of errors are they? ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com regards, Tunde Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53994t=53957 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPX ID [7:53989]
According to the following Cisco link: http://www.cisco.com/warp/public/473/33.html#networknumber As with other network addresses, Novell IPX network addresses must be unique. These addresses are represented in hexadecimal format and consist of two parts: a network number and a node number. The IPX network number, which is assigned by the network administrator, is 32 bits long. The node number,which usually is the Media Access Control (MAC) address for one of the system's network interface cards (NICs), is 48 bits long. a.. Network: a.. 32bit number represented in Hex b.. Administratively assigned c.. Range : 0x0001 - 0xFFFE d.. 0x = Broadcast e.. 0xFFFE = Default route a.. Node: a.. 48 bit number represented in Hex b.. MAC address of NIC card (can be administratively assigned ) Mike Martins wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Simple question, enabling IPX on a router: ipx routing x.x.x I want to use say 2.2.2 as the router ID. Problem is after I type this address and show run the router has taken one of the interface's Mac addresses as the router IPX ID. Is there something I am missing here? (I am using ver 12.1(5)T) cheers and thanks in advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53993t=53989 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How can I Fill out our unused bandwidth with d [7:53970]
Black Jack wrote: You might try TCPspeed. I have used it in the past to verify CIR (at least approximately). http://maximized.com/freeware/tcpspeed/ I've used this web site in the past (doesn't require any software to be installed). It seems somewhat accurate at lower speeds (T-1 and below). I would guess the accuracy falls off as the speeds get higher and the CPU and other variables come into play. http://www.pcpitstop.com/internet/Bandwidth.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53995t=53970 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPX ID [7:53989]
Robert I understand all that - when I type in 'ipx routing ie 5.5.5' on another router (with no other configs) and sh run gives me ipx routing 0005.0005.0005 which is what I want. I am asking why does it do this and is there a way around this? I dont like IPX, but the lab beckons me... Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53996t=53989 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPX ID [7:53989]
Mike Martins wrote: Hi Simple question, enabling IPX on a router: ipx routing x.x.x I want to use say 2.2.2 as the router ID. That's not really a router ID that you're assigning. It's a node address to use on a serial link. Are you running IPX on one of your serial links? An IPX address consists of network.node. IPX uses the MAC address for the node part. That works fine on Ethernet, Token Ring, and FDDI. Each such interface has a MAC address. So when a router sends RIP or SAP or other router-sourced packets out an Ethernet interface, for example, the network-layer IPX addresss might be something like it is on my router, consisting of the network number I assigned, followed by the burned-in MAC address: Boston#show ipx int e0 Ethernet0 is up, line protocol is up IPX address is 500..0c02.74c7 But a serial interface doesn't have a MAC address! So what it should use? By default it uses the MAC address of the first Ethernet, Token Ring ,or FDDI interface. If none of those exist, then it makes one up based on the system clock. If you don't want it to do that for some weird reason, than you can tell it the MAC address to use on serial interfaces by configuring a parameter with the ipx routing command. Boston(config)#ipx routing 2.2.2 Boston(config)#end Notice that it worked on my router: Boston#show ipx int s0 Serial0 is up, line protocol is up IPX address is 400.0002.0002.0002 [up] Although e0 hasn't changed: Boston#show ipx int e0 Ethernet0 is up, line protocol is up IPX address is 500..0c02.74c7 The change does show up in show run on my router: Boston#show run Building configuration... Current configuration: ! version 11.0 service udp-small-servers service tcp-small-servers ! hostname Boston ! enable secret 5 $1$uho5$H32khmGkZ4Vml4H/qzc0/1 enable password password ! ipx routing 0002.0002.0002 appletalk routing frame-relay switching ! interface Ethernet0 ip address 192.168.30.1 255.255.255.0 ipx network 500 appletalk cable-range 500-500 500.52 appletalk zone bostonE ! interface Ethernet1 no ip address shutdown ! interface Serial0 ip address 192.168.40.1 255.255.255.0 encapsulation frame-relay ipx network 400 appletalk cable-range 400-400 400.203 appletalk zone bostonS no fair-queue frame-relay map ip 192.168.40.2 100 broadcast frame-relay intf-type dce ! So why would you be seeing something different is the REAL question. ;-) Are you sure you are actually running IPX on a serial interface? Do you have a serial interface? Are you sure you typed in 2.2.2 correctly? Do they make you do 0002.0002.0002 in newer versions?? Are you running DECnet which changes MAC addresses? Could they have changed the behavior in 12.1(5)T? Someone else would have to check that. I can't afford new routers. ;-) ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Problem is after I type this address and show run the router has taken one of the interface's Mac addresses as the router IPX ID. Is there something I am missing here? (I am using ver 12.1(5)T) cheers and thanks in advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53997t=53989 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Token Ring fundamentals [7:53871]
so to rephrase the original question, although there is never more than one token on the ring, there can be more than one data/command frame... or am I totally missing the point ;-) Tim Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Mike Mandulak wrote: Oops I forgot to cc my reply to the list again. but you're right. Here's what I sent him... Only one. However (there's always a however) the adapters can be configured to use ETR (early token release) which means that as soon as an adapter starts receiving a frame it can start transmitting its own data out the TX path while receiving the incoming frame. While that's not 2 tokens, it is 2 different frames on the wire at the same time. That's not really what it means, not that it matters much these days. ;-) With no early token release, a sending station must see its own frame come back before it releases a free token that someone else can grab. With early token release (ETR), a sending station can release a token at the end of its transmission, regarless of whether it's starting to receive its own transmission yet. Someone else can grab the free token and turn it into a frame. Hence, there can be more than one frame, as you say, but still only one free token. It was all a bunch of marketing FUD really though. It would have to be a physically very large network for the ETR feature to make any difference. On typical networks, the sender was already getting back its own transmission as it finished its transmission anyway. So it released a free token at about the same time regardless if ETR was in use or not. But nobody cares any more about the actual behavior. You just have to learn the theory. ;-) _ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com - Original Message - From: Ken Chipps To: Sent: Sunday, September 22, 2002 9:37 PM Subject: Re: Token Ring fundamentals [7:53871] One, unless early token release is in effect. Assuming I am remembering my old Token Ring stuff right. Tim Metz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... While doing some token ring reading I realized that I have no idea how many tokens can be on the ring at one time. anyone??? stupid question?? Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53998t=53871 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPX ID [7:53989]
Priscilla Thanks for that. Years in IP and I am clueless about IPX. Reason why I was using my own x.x.x was for a easy number to remember for the frame relay map statements on opposite ends. (I looked at practise labs - that is what they wuz using) I am still befuddled why on one router it takes the command and on another it does not. Maybe I typed in 2.2.2 wrong. Maybe I should try it more gently this time. Stuff this, I am moving onto the BGP lab tonight.. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53999t=53989 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Token Ring fundamentals [7:53871]
Tim Metz wrote: so to rephrase the original question, although there is never more than one token on the ring, there can be more than one data/command frame... Yes. There can be more than one frame if you use Early Token Release. It's not likely, but it's allowed by the specifications. There's just one token though. The token is a 3-byte symbol of authority. That's what IEEE 802.5 calls it, probably to avoid using the term frame. ;-) A sender grabs the token and converts it do a frame, changing one bit, adding more bytes and addressing, etc. Why are you studying Token Ring?? Ugh. ;-) ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com or am I totally missing the point ;-) Tim Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Mike Mandulak wrote: Oops I forgot to cc my reply to the list again. but you're right. Here's what I sent him... Only one. However (there's always a however) the adapters can be configured to use ETR (early token release) which means that as soon as an adapter starts receiving a frame it can start transmitting its own data out the TX path while receiving the incoming frame. While that's not 2 tokens, it is 2 different frames on the wire at the same time. That's not really what it means, not that it matters much these days. ;-) With no early token release, a sending station must see its own frame come back before it releases a free token that someone else can grab. With early token release (ETR), a sending station can release a token at the end of its transmission, regarless of whether it's starting to receive its own transmission yet. Someone else can grab the free token and turn it into a frame. Hence, there can be more than one frame, as you say, but still only one free token. It was all a bunch of marketing FUD really though. It would have to be a physically very large network for the ETR feature to make any difference. On typical networks, the sender was already getting back its own transmission as it finished its transmission anyway. So it released a free token at about the same time regardless if ETR was in use or not. But nobody cares any more about the actual behavior. You just have to learn the theory. ;-) _ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com - Original Message - From: Ken Chipps To: Sent: Sunday, September 22, 2002 9:37 PM Subject: Re: Token Ring fundamentals [7:53871] One, unless early token release is in effect. Assuming I am remembering my old Token Ring stuff right. Tim Metz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... While doing some token ring reading I realized that I have no idea how many tokens can be on the ring at one time. anyone??? stupid question?? Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54000t=53871 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPX ID [7:53989]
Mike Martins wrote: Priscilla Thanks for that. Years in IP and I am clueless about IPX. Reason why I was using my own x.x.x was for a easy number to remember for the frame relay map statements on opposite ends. Oh, that makes sense. (I looked at practise labs - that is what they wuz using) I am still befuddled why on one router it takes the command and on another it does not. Maybe I typed in 2.2.2 wrong. They can't both be 2.2.2, you realize, don't you? In other words, two ends of a serial link, which would both be on the same network number, can't both use 2.2.2, because, if they did, they would have duplicate network-layer addresses. You probably realize that... Are both routers running the same version of IOS? Mabye they changed something. You never know. Maybe I should try it more gently this time. Stuff this, I am moving onto the BGP lab tonight.. Sounds like a plan. BGP is way more important. ;-) Let us know what you find out with the IPX issue. though. Thanks. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54001t=53989 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
cisco-nas-port [7:54002]
Hi group I got a Cisco 1760 , with c1700-sv8y-122(11)T IOS I just palced 4 * 2FXO modules on this unit . and configured my radius server , I have to give the VSA attribute named cisco-nas-port on all AAA phases. at Authentication and Accounting phases , it sends this parameter but it doesn't send it in AUTHORIZATION phase, here is my config : aaa authentication login h323 group radius aaa authorization exec h323 group radius aaa accounting connection h323 stop-only group radius ! gw-accounting aaa ! radius-server configure-nas radius-server host 192.168.10.10 auth-port 1812 acct-port 1813 key 7 051A0902 radius-server authorization permit missing Service-Type radius-server authorization default Framed-Protocol ppp radius-server vsa send authentication in previus IOS that I see , there were commands : gw-accounting h323 AND gw-accounting voip but here is gw-accounting aaa with some sub commands. please help me to make it send this VSA attribute at Autorization phase , Thanks Reza Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54002t=54002 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Help needed with an extended access list [7:53971]
You could use the following list access-list 100 deny tcp 171.17.0.96 0.0.0.31 host 171.17.255.65 eq telnet access-list 100 permit ip any any This would deny any address between 171.17.0.96 and 171.17.0.127 from telneting to 171.17.255.65. All other traffic would be permited. You will then need to create an outbound access group on the outbound interface of the device you are trying to telnet from. I hope this helps. Carl Timm, CCIE #7149 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54004t=53971 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPX ID [7:53989]
The version of IOS I am using is about the same as the lab (how reassuring). I used my old frame relay switch still running and spluttering 11.3 enterprise and it likes it when I type IPX routing a.a.a - do a show run and there she is: ipx routing 000a.000a.000a - like an old faithfull... The question must be simple, what condition causes a router to take the ethernet/token rings's/etc MAC address for the WAN interface, and not the one you manually enter? I just checked, one of the other router's that took the command was also running 12.1(5)T. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54003t=53989 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Help needed with an extended access list [7:53971]
Brilliant, thanks Carl i'll try it in the morning. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54005t=53971 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT - ISDN viability - WAS: Re: VPDN - ISDN problem [7:54007]
FWIW I have implemented more ISDN backup than I care to remember but once configured and tested it works well. I always suggest that customers periodically test the backup, at least force tha ISDN connection up by pinging a test loopback or something. I had one customer who did't want to loose their SNA sessions, via DLSW, and ISDN backup with EIGRP converted fast enough that the SNA session stayed active. Dave Vicuna, Mark wrote: Where I work ISDN is primarily used for DDR since it is the most cost effective soln in Aust - especially if you have a large number of sites to cover as Jenny pointed out. With that in mind, the way of thinking being 'we only want to pay for what we use'. There's no point in having an fr circuit as backup for each remote/branch site. Of course with our main core trunk links into the telco cloud we wouldn't consider ISDN for backup. The majority of issues regarding ISDN I have had experience over here are with provider's equipement (we have subscription to every major telco in aust. and only one telco [no names mentioned] seems to give us ongoing grief with their dated equipment - lucent att - framed route issues with ldap), and of course dialer watch :) The current configuration we have would fail bringing up the isdn circuit sporadically on a watched subnet. Resolution? changed dialer watch group to any other number BUT 1. Go figure. In regards to manual intervention.. i hope not :-)I have worked for the 2 major telco's in Aust and there's no manual intervention happening there in context of servicing their customers. MV -Original Message- From: Jenny McLeod [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 24 September 2002 9:21 AM To: [EMAIL PROTECTED] Subject: RE: OT - ISDN viability - WAS: Re: VPDN - ISDN problem [7:53931] Hell yeah. We use ISDN to automatically failover. With over 350 remote sites, it's not uncommon to have a main link to an office fail somewhere. With automatic failover, our users often don't even know something's failed. Manual intervention? You've got to be kidding. To tweak and tune if necessary, sure, but to initiate failover - no way. Been there, done that, bad idea in our network. Anyway, in Australia at least, it's still the most cost-effective failover for a network like ours (lots of sites, geographically dispersed). It has some annoyances, sure - but it's still definitely an option for me. JMcL Chuck's Long Road wrote: I see more complaints / problems / issues with ISDN and DDR in specific and in general, in real world and in test situations. Idle curiousity. Is ISDN really viable in terms of reliability for DDR applications? In any number of mission critical applications, I have seen major vendors, major enterprises, and major service providers use manual intervention as the preferred means to apply dial backup. I welcome the informed comments of those who are obviously more versed in the topic than I am, with my limited exposure.. Chuck [snipped] -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54007t=54007 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISIS [7:53839]
Not to answer a question with another question, but are you primarily interested in passing the test, or are you primarily interested in actually knowing ISIS. If it's the former, the other poster's suggestions are good. If it's the latter, then it's the timeless RFC1195/ISO10589 doc's. And also later revisions, most notably RFC2966. Robert L. DeWees wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I took the BSCN class, but I am signed up for the BSCI exam, which I am told has IS-IS. What is a good source to study the subject? Bobby Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54006t=53839 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
6509 IP address [7:54008]
I have a 6509 connected to another 6509 and also connectedto (2) 4006 switches. I have 3 Vlans and one 1 vlan specificallyfor the Management. The managment subnet is 10.0.1.0. One ofthe 6509s is acting as a root switch as well as also doing Intervlanrouting. Here is the issue I haveFrom the Managment Vlan, I have assigned 10.0.1.1 to the router blade,10.0.1.2 to the the root 6509 SC0 interface, 10.0.1.3 to another 6509 SC0interface, 10.0.1.4 to the first 4006 switch and the 10.0.1.5 to the 2nd 4006switch. On a root 6509 switch I have also assigned the default route tothe switches router itself. For exampel 0.0.0.0 to 10.0.1.1. I can ping thisaddress 10.0.1.1 from any host, but not able to ping this address from theswitch mode itself. Everything is working, but I am just curious why I can't pingthe address of the router blade from the SC0 interface itself.Regards,Ali Changed your e-mail? Keep your contacts! Use this free e-mail change of address service from Return Path. Register now! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54008t=54008 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 4000 router console cable [7:53981]
All the old 4000's I have use a straight through serial cable. Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 24, 2002 3:12 PM To: [EMAIL PROTECTED] Subject: 4000 router console cable [7:53981] I just acquired a 4000 router and can't get it to respond through the console port. As usual in this case, I suspect I have a cable problem. I thought I needed a straight through DB9-DB25 modem cable, but it doesn't seem to work. I want to make sure I have the right cable before I start chasing other possibilities. Is this in fact the right cable? I have searched the archives and looked at several CCO links without a clear answer (maybe I'm just not smart enough to understand what I'm reading :-)). What I'd really like is something ultra-simple, like db-25 pin2 to db-9 pin3 and so on. Can anyone point that out to me? TIA. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54010t=53981 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPX ID [7:53989]
Mike Martins wrote: The version of IOS I am using is about the same as the lab (how reassuring). I used my old frame relay switch still running and spluttering 11.3 enterprise and it likes it when I type IPX routing a.a.a - do a show run and there she is: ipx routing 000a.000a.000a - like an old faithfull... The question must be simple, what condition causes a router to take the ethernet/token rings's/etc MAC address for the WAN interface, and not the one you manually enter? The question may be simple, but the answer isn't. There's no well-known condition that causes this. Have you compared your config to one where the problem doesn't occur? What are you doing that's not basic IPX configuration? IPXWAN? NLSP? Anything else weird? Can you show us your config? Priscilla I just checked, one of the other router's that took the command was also running 12.1(5)T. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54011t=53989 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MCNS Exam [7:53894]
I agree...I took this several months ago and did not see any CET but I did get plenty of Config'g PIX IPSEC. I would check with the Cisco Exam objectives to make sure that CET is not on the exam. Good Luck! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54012t=53894 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: SIP vs H323 [7:53852]
Can you forward that link? Thanks, Steve -Original Message- From: Haakon Claassen (hclaasse) [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 24, 2002 10:19 AM To: [EMAIL PROTECTED] Subject: RE: SIP vs H323 [7:53852] I am not THE expert on these matters but it comes to play in my daily duties SIP is more flexible then H323 and H323 is a suite of protocols for real time traffic, SIP is far more suitable when looking at unified messaging Have a look at SMTP and then look at SIP ... you'll see some resemblance The security issues with SIP are sadly far greater then H323 I can fwd a good link on that regards Haakon Claassen EMEA - IT Transport Services -WAN Cisco Systems De Kleetlaan 6b - Pegasus Park B-1831 Diegem (Belgium) -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: maandag 23 september 2002 20:45 To: [EMAIL PROTECTED] Subject: Re: SIP vs H323 [7:53852] In what ways was the SIP equipment better? The fact that it comes from a www/internet IETF world, versus H.323 which comes from the ITU, wouldn't necessarily mean that it's better. In fact, to make a very broad generalization, the IETF has historically been involved with data networking which hasn't been that concerned about quality. Reliability is achieved, in general, by the sender retransmitting if there's no ACK, which doesn't work with voice. Quality is achieved by various hacks. ;-) At least in the U.S., our telephone networks have always been way more reliable and offered better quality than our data networks, which have been annoyingly flaky. When we pick up a phone to make a call, unless it's Mother's Day and all circuits are busy, it simply works. Problems are rare. Problems accessng data on intranets and the Internet are widespread. So it doesnt' fit with our paradign that you would think that SIP is better because it comes from a www/Internet world. SIP may be better because it's always easier to do something better the second time around. SIP is newer. H.323 is old. Anyway, this philosophical debate probably isn't that relevant, but things are slow today at work. ;-) Priscilla Gunjan Mathur wrote: I tested one SIP equipement of vonage, and that was far far better then any device using H323...that's the reason I want to know the diff in between these two. What I understand is SIP model works on www/internet and h323 model is telephony, I believe this is the main reason for the quality difference. What you suggest... TIA --- Steven A. Ridder wrote: I agree that SIP is the future, it just isn't there yet. There is some SIP being built into Unity and CM, but until everything is SIP (as opposed to MGCP/H.323 and Skinny), it just isn't useful yet. I know that SIP is being deployed in SP networks, and I have implemented it in a Telco, but for enterprise, it's useless. I can't wait til it is developed and more mature. Jason Weden wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Ok, so SIP is nowhere near useless. It is being used all over the place and will eventually replace H.323. Telcos like Vonage (which uses Cisco SIP equipment), deltathree, and Denwa are using it for last mile telephony connectivity for residences and enterprises, and WorldCom, after surfacing from its financial issues, will be using it on its global network as well. Microsoft has built a SIP client into Windows XP (Microsoft Messenger) and SIP is very flexible and extensible and the best place to start is http://www.sipcenter.com. PBX manufacturers like Mitel and Siemens have developed their PBX completely around SIP. To get back to Cisco (as this is a Cisco newsgroup), Cisco has taken the time and $$ to start to develop SIP functionality in its products despite the fact that it isn't need for AVVID at all. Though their initial SIP focus is on carrier-class products (since that is the logical choice -- see my list of companies above), my bet is that SIP will surface as a more central part of the AVVID architecture for the enterprise. A good Cisco link is here: http://www.cisco.com/warp/public/cc/techno/tyvdve/sip/prodlit/index.shtm l or here (which displays more enterprise scenarios): http://cisco.com/univercd/cc/td/doc/product/voice/sipsols/biggulp/index. htm Regards, Jason [EMAIL PROTECTED] __ Do you Yahoo!? New DSL Internet Access from SBC Yahoo! http://sbc.yahoo.com * The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution
Re: 4000 router console cable [7:53981]
The 3 I have at home use a rollover cable... Steve Watson wrote: All the old 4000's I have use a straight through serial cable. Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 24, 2002 3:12 PM To: [EMAIL PROTECTED] Subject: 4000 router console cable [7:53981] I just acquired a 4000 router and can't get it to respond through the console port. As usual in this case, I suspect I have a cable problem. I thought I needed a straight through DB9-DB25 modem cable, but it doesn't seem to work. I want to make sure I have the right cable before I start chasing other possibilities. Is this in fact the right cable? I have searched the archives and looked at several CCO links without a clear answer (maybe I'm just not smart enough to understand what I'm reading :-)). What I'd really like is something ultra-simple, like db-25 pin2 to db-9 pin3 and so on. Can anyone point that out to me? TIA. -- Larry Letterman Network Engineer Cisco Systems Inc. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54014t=53981 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPX ID [7:53989]
I got the IPX network going between all routers, over frame relay etc etc no problem. On the frame-relay map statements (opposite sides) I mapped to the IPX/MAC address that the router had elected. Everything works, no worries. I am not doing anything different, all routers were running default IPX RIP, now disabled and all running IPX EIGRP. I dont know why one router accepts a manual statement and another decides it has got its own agenda. I tried shutting down all interfaces, deleting IPX Routing and re entering a manual x.x.x. It remains stubborn. I will spare you the configs, unless you wanna sift through trunks and tunnels and exiting stuff like DLSW and a few of my improvized ISDN configs. When I started with the IPX early this evening I did not have much config on the routers anyway. It is just a point of interest really, someone must know the answer. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54015t=53989 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Input errors on catalyst 3548 [7:53957]
huh? not quite clear on how tftp relates to interface errors? charles -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of AlLee Sent: Tuesday, September 24, 2002 1:31 PM To: [EMAIL PROTECTED] Subject: Re: Input errors on catalyst 3548 [7:53957] When you use TFTP to download IOS image , please note , it is have a limitation! Priscilla Oppenheimer wrote: Tunde Kalejaiye wrote: what could be the cause of large input errors on a catalyst switch? The most likely cause is a duplex mismatch. Is it just on one port? What connects to that port? Could it be misconfigured or could the port be misconfigured for half/full duplex? What kind of errors are they? ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com regards, Tunde Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54017t=53957 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
1750 and MPLS [7:54016]
We've pretty much exhausted the possibility that MPLS can run on a 2500 series, but I've got a couple of 1750's, and perhaps they can help fill in. Does anybody know if there is a version of IOS for the 1750-2v's that will do MPLS (and perhaps voice with the same code)? The Tickler - Do you Yahoo!? New DSL Internet Access from SBC Yahoo! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54016t=54016 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 1750 and MPLS [7:54016]
Can't find it for any 1700 platforms. IOS Feature Navigoator: http://www.cisco.com/go/fn/ Darren Ward (PGradCS, CCIE #8245, SCSA, CCDP, MCP) On Wed, 25 Sep 2002, Jim Tickle wrote: We've pretty much exhausted the possibility that MPLS can run on a 2500 series, but I've got a couple of 1750's, and perhaps they can help fill in. Does anybody know if there is a version of IOS for the 1750-2v's that will do MPLS (and perhaps voice with the same code)? The Tickler - Do you Yahoo!? New DSL Internet Access from SBC Yahoo! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54018t=54016 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX [7:53955]
yes, make sure you have a crossover cable Robert Edmonds wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm not 100% sure, but I think if you want to connect to the ethernet port you will need a crossover cable. Why not connect to the console port to do the initial config anyway? Naomi James wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a PIX 525 and I am doing the initial configuration. I am trying to telnet to it to load the 6.2 version. I have my laptop directly connect to the inside interface via a CAT 5 cable. The inside interface and my laptop are on the same network. I also have the telnet command in the configuration. I am not able to telnet to the PIX. Can anyone help? Naomi James Computer Services and Information Technology Savannah State University 912-356-2509 [GroupStudy.com removed an attachment of type image/gif which had a name of Mabelt.gif] [GroupStudy.com removed an attachment of type image/gif which had a name of Mabelb.gif] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54019t=53955 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 6509 IP address [7:54008]
Ali, I have a very similar setup (6506 with the MSFC2, 4006) with my 6506 as the core switch, root switch etc. I am able to ping the MSFC from the switch and vice versa. If you can't figure it out, I would contact Cisco and see if something is wrong. Abbas Ali wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a 6509 connected to another 6509 and also connectedto (2) 4006 switches. I have 3 Vlans and one 1 vlan specificallyfor the Management. The managment subnet is 10.0.1.0. One ofthe 6509s is acting as a root switch as well as also doing Intervlanrouting. Here is the issue I haveFrom the Managment Vlan, I have assigned 10.0.1.1 to the router blade,10.0.1.2 to the the root 6509 SC0 interface, 10.0.1.3 to another 6509 SC0interface, 10.0.1.4 to the first 4006 switch and the 10.0.1.5 to the 2nd 4006switch. On a root 6509 switch I have also assigned the default route tothe switches router itself. For exampel 0.0.0.0 to 10.0.1.1. I can ping thisaddress 10.0.1.1 from any host, but not able to ping this address from theswitch mode itself. Everything is working, but I am just curious why I can't pingthe address of the router blade from the SC0 interface itself.Regards,Ali Changed your e-mail? Keep your contacts! Use this free e-mail change of address service from Return Path. Register now! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54020t=54008 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How can I Fill out our unused bandwidth with dummy traffic [7:54021]
Use Wan Killer from SolarWinds 2001 Engineers Edition. This is available at www.solarwinds.net Ersin -Original Message- From: shojaee [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 24, 2002 2:02 PM To: [EMAIL PROTECTED] Subject: How can I Fill out our unused bandwidth with dummy traffic [7:53970] Dear sirs, I'm a member of technical staff in an ISP site. We have cable connection to the internet with 512k bandwidth. I require to do the following: 1- Measure our maximum connection speed to internet. 2- Fill out our unused bandwidth with dummy traffic. How can i do these? thanks for your prompt attention. With best regards Hassan Shojaie Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54021t=54021 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX questions [7:53953]
OK.. I think I roughly understand what is the problem now. Let me tell you our pix setup. We do a PAT for every outgoing packet so the source address to be translated to 192.168.5.200 before leaving the external interface of the PIX. So when the outside party tried to make connection to 192.168.5.200, it was considered outside as the routing table of the PIX show that the IP 192.168.5.200 should be routed out via external interface. Sound logical? But how to solve it, if I don't want this log 106011: Deny inbound (No xlate) udp src outside:200.100.182.173/58000 dst outside:192.168.5.200/58000 Another Question2 :) I saw a sentence on a book that I don't understand- The combination of the static declaration and the conduit command can allow FTP traffic through your network. You have allowed FTP traffic to the FTP server with the following two lines Static(inside,outside)192.168.1.35 10.1.1.35 netmask 255.255.255.255 0 0--(1) Conduit permit tcp host 192.168.1.35 eq ftp any--(2) I understand the second statement which mean it allow ftp traffic from any outside workstations to connect to 192.168.1.35 in the inside network But what is meaning of the first statement? What is 10.1.1.35 IP for? Why we need this? Thanks a lot Sim -Original Message- From: Lidiya White [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 25, 2002 1:39 AM To: Sim, CT (Chee Tong); [EMAIL PROTECTED] Subject: RE: PIX questions [7:53953] The problem here is the source and destination are outside. Why? PIX can't redirect traffic so even if conduit is allowing this traffic, PIX won't let it through, unless it's src outside and dst is inside. You either routing issue here or just something is misconfigured on the PIX. Use wr term on the PIX to view the current config. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sim, CT (Chee Tong) Sent: Tuesday, September 24, 2002 10:50 AM To: [EMAIL PROTECTED] Subject: PIX questions [7:53953] I keep having the following log in my PIX. It is very frequent. What is that mean? It seems my PIX deny this connection, but actually I want to allow it now and make it no longer log to the PIX log. 106011: Deny inbound (No xlate) udp src outside:200.100.182.173/58000 dst outside:192.168. 5.200/58000 106011: Deny inbound (No xlate) udp src outside:200.100.182.173/58000 dst outside:192.168. 5.200/58000 106011: Deny inbound (No xlate) udp src outside:200.100.182.79/58000 dst outside:192.168.5 .200/58001 106011: Deny inbound (No xlate) udp src outside:200.100.182.79/58000 dst outside:192.168.5 .200/58001 I tried to clear it by adding the following command in the PIX config to allow the connection to come in. However, I still found the same log in my PIX? What should be the correct command? conduit permit udp any range 58000 58001 any Question2- How to show the running-config in PIX? I found whenever I made a change on PIX. I can't see the change when I issue sh conf command until I do wr mem What is the router equivalent show running-config command in PIX? Thanks a lot == De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. == The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. == == De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. == The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. == Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54022t=53953 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
LAN Design [7:54023]
If i have to design network for 3 storey on a building. There are around 200-300 workstations in 2 storey each. Is it advisable to use Ethernet to link them up. As for the other storey it is for admin purpose. The distance is around 150m between the further storey. However it is possible to put a switch/router at the middle for interconnect. Cheers, Jimmy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54023t=54023 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 4000 router console cable [7:53981]
You need a standard cisco console cable and a cisco db25 adaptor (rj45 to db25). Standard cisco terminal settings apply. tm Tim Medley, CCNP+Voice, CCDP, CWNA Sr. Network Architect VoIP Group iReadyWorld -Original Message- From: Black Jack [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 24, 2002 3:12 PM To: [EMAIL PROTECTED] Subject: 4000 router console cable [7:53981] I just acquired a 4000 router and can't get it to respond through the console port. As usual in this case, I suspect I have a cable problem. I thought I needed a straight through DB9-DB25 modem cable, but it doesn't seem to work. I want to make sure I have the right cable before I start chasing other possibilities. Is this in fact the right cable? I have searched the archives and looked at several CCO links without a clear answer (maybe I'm just not smart enough to understand what I'm reading :-)). What I'd really like is something ultra-simple, like db-25 pin2 to db-9 pin3 and so on. Can anyone point that out to me? TIA. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54024t=53981 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE written revised [7:53972]
So is that how people without experience do it? Just keep failing the ccie written exam until you've memorized all the questions or get lucky? You must be single, or rich, or both. My wife has a fit when I spent $125 on a exam I am well prepared for, let alone spend $300 on the written. And my employer reimburses for the exam. I guess now I know why my employer will only pay for an exam twice. Try picking up a book and learning something, then you could pass the exam on the first try. Tim Medley, CCNP+Voice, CCDP, CWNA Sr. Network Architect VoIP Group iReadyWorld -Original Message- From: Julio Godinez [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 24, 2002 2:04 PM To: [EMAIL PROTECTED] Subject: CCIE written revised [7:53972] Passing score 105: First attempt 77, Second attemp (yesterday) 95 =( . Next time you will be mine baby... Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54025t=53972 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 1750 and MPLS [7:54016]
There is an experimental version of 12.0 that will run MPLS on the 2500. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darren Ward Sent: Tuesday, September 24, 2002 9:28 PM To: [EMAIL PROTECTED] Subject: Re: 1750 and MPLS [7:54016] Can't find it for any 1700 platforms. IOS Feature Navigoator: http://www.cisco.com/go/fn/ Darren Ward (PGradCS, CCIE #8245, SCSA, CCDP, MCP) On Wed, 25 Sep 2002, Jim Tickle wrote: We've pretty much exhausted the possibility that MPLS can run on a 2500 series, but I've got a couple of 1750's, and perhaps they can help fill in. Does anybody know if there is a version of IOS for the 1750-2v's that will do MPLS (and perhaps voice with the same code)? The Tickler - Do you Yahoo!? New DSL Internet Access from SBC Yahoo! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54026t=54016 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPX ID [7:53989]
If you enter an IPX commands before you define the node address manually, it will use the highest mac address on Ethernet interface regardless of the node address manually entered. To reset the router, you must remove all IPX commands, remove the ipx routing command, and reboot the router. The very first command after the reload should be the ipx routing 2.2.2 command, then all will be well. -Original Message- From: Mike Martins [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 24, 2002 6:07 PM To: [EMAIL PROTECTED] Subject: RE: IPX ID [7:53989] I got the IPX network going between all routers, over frame relay etc etc no problem. On the frame-relay map statements (opposite sides) I mapped to the IPX/MAC address that the router had elected. Everything works, no worries. I am not doing anything different, all routers were running default IPX RIP, now disabled and all running IPX EIGRP. I dont know why one router accepts a manual statement and another decides it has got its own agenda. I tried shutting down all interfaces, deleting IPX Routing and re entering a manual x.x.x. It remains stubborn. I will spare you the configs, unless you wanna sift through trunks and tunnels and exiting stuff like DLSW and a few of my improvized ISDN configs. When I started with the IPX early this evening I did not have much config on the routers anyway. It is just a point of interest really, someone must know the answer. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54027t=53989 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPX ID [7:53989]
On second thought, it might just require a reload after you add the ipx routing 2.2.2 command to force the router to use the manual address after it has picked up an interface mac address. -Original Message- From: Jim Brown Sent: Tuesday, September 24, 2002 9:49 PM To: 'Mike Martins'; [EMAIL PROTECTED] Subject: RE: IPX ID [7:53989] If you enter an IPX commands before you define the node address manually, it will use the highest mac address on Ethernet interface regardless of the node address manually entered. To reset the router, you must remove all IPX commands, remove the ipx routing command, and reboot the router. The very first command after the reload should be the ipx routing 2.2.2 command, then all will be well. -Original Message- From: Mike Martins [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 24, 2002 6:07 PM To: [EMAIL PROTECTED] Subject: RE: IPX ID [7:53989] I got the IPX network going between all routers, over frame relay etc etc no problem. On the frame-relay map statements (opposite sides) I mapped to the IPX/MAC address that the router had elected. Everything works, no worries. I am not doing anything different, all routers were running default IPX RIP, now disabled and all running IPX EIGRP. I dont know why one router accepts a manual statement and another decides it has got its own agenda. I tried shutting down all interfaces, deleting IPX Routing and re entering a manual x.x.x. It remains stubborn. I will spare you the configs, unless you wanna sift through trunks and tunnels and exiting stuff like DLSW and a few of my improvized ISDN configs. When I started with the IPX early this evening I did not have much config on the routers anyway. It is just a point of interest really, someone must know the answer. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54028t=53989 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: LAN Design [7:54023]
If you are serious about designing this netwoek and designing ir correctly for scalability and functionality, pick up a good network design book. My reccomendation is Top Down Network Design, by Priscilla Openheimer. U have two copies one at home and one at the office, I refer to this tome quite often. Great book, excellent methodology. Tim Medley, CCNP+Voice, CCDP, CWNA Sr. Network Architect VoIP Group iReadyWorld -Original Message- From: Jimmy [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 24, 2002 11:01 PM To: [EMAIL PROTECTED] Subject: LAN Design [7:54023] If i have to design network for 3 storey on a building. There are around 200-300 workstations in 2 storey each. Is it advisable to use Ethernet to link them up. As for the other storey it is for admin purpose. The distance is around 150m between the further storey. However it is possible to put a switch/router at the middle for interconnect. Cheers, Jimmy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54029t=54023 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Call Back on NM-16AM [7:54030]
Hi, I have a 3660 router with NM -16 AM card. For authentication I am using ACS2.6(3) .The ACS is mapped to the Windows NT domain server for user name and passwords. I need to configure the call back on the NM-16 card. I have done the following configuration but the dial back is not getting initiated. The users are able to login, but after dial-in, the call back is not getting initiated. Request you to go through the same and provide valuable suggestions. Thanks RegardsAnil ! version 12.1 service exec-callback no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! logging rate-limit console 10 except errors aaa new-model aaa authentication login default group radius aaa authentication login NO_AUTHEN none aaa authentication login no_radius enable aaa authentication ppp default if-needed group radius local aaa accounting network default start-stop group radius ! username test nocallback-verify callback-dialstring 789294 callback-line 97 password X memory-size iomem 15 ip subnet-zero ! no ip finger no ip domain-lookup ! chat-script mod ABORT ERROR ABORT BUSY ATZ OK ATDT \T TIMEOUT 30 CONNECT \c chat-script offhook ATH1 OK modemcap entry default ! interface FastEthernet0/0 ip address 10.1.2.2 255.255.0.0 ip helper-address 10.1.1.6 no ip mroute-cache speed auto full-duplex interface Serial2/0 ip address X.X.X.X Y.Y.Y.Y no ip mroute-cache ! interface Async97 ip unnumbered FastEthernet0/0 ip access-group 100 in ip helper-address 10.1.1.6 encapsulation ppp ip tcp header-compression passive no ip mroute-cache dialer in-band dialer idle-timeout 200 dialer wait-for-carrier-time 10 dialer map ip 10.5.1.1 modem-script mod 789294 dialer-group 1 async mode interactive peer default ip address 10.5.1.1 ppp callback accept ppp authentication pap ! interface Async98 bandwidth 5600 ip unnumbered FastEthernet0/0 ip access-group 100 in ip helper-address 10.1.1.6 encapsulation ppp ip tcp header-compression passive no ip mroute-cache dialer in-band dialer idle-timeout 5000 async mode interactive peer default ip address 10.5.1.2 no fair-queue ppp authentication pap chap ! interface Async99 ip unnumbered FastEthernet0/0 ip access-group 100 in ip helper-address 10.1.1.6 encapsulation ppp ip tcp header-compression passive no ip mroute-cache shutdown dialer in-band dialer idle-timeout 5000 async mode interactive peer default ip address 10.5.1.3 ppp authentication pap chap ! interface Async100 ip unnumbered FastEthernet0/0 ip access-group 100 in ip helper-address 10.1.1.6 encapsulation ppp ip tcp header-compression passive no ip mroute-cache shutdown dialer in-band dialer idle-timeout 5000 dialer-group 1 async mode interactive peer default ip address 10.5.1.4 ppp authentication pap chap ! interface Async101 ip unnumbered FastEthernet0/0 ip access-group 100 in ip helper-address 10.1.1.6 encapsulation ppp ip tcp header-compression passive no ip mroute-cache shutdown dialer in-band dialer idle-timeout 5000 async mode interactive peer default ip address 10.5.1.5 ppp authentication pap chap ! interface Async102 ip unnumbered FastEthernet0/0 ip access-group 100 in ip helper-address 10.1.1.6 encapsulation ppp ip tcp header-compression passive no ip mroute-cache shutdown dialer in-band dialer idle-timeout 5000 async mode interactive peer default ip address 10.5.1.6 ppp authentication pap chap ! interface Async103 ip unnumbered FastEthernet0/0 ip access-group 100 in ip helper-address 10.1.1.6 encapsulation ppp ip tcp header-compression passive no ip mroute-cache shutdown dialer in-band dialer idle-timeout 5000 async mode interactive peer default ip address 10.5.1.7 ppp authentication pap chap ! interface Async104 ip unnumbered FastEthernet0/0 ip access-group 100 in ip helper-address 10.1.1.6 encapsulation ppp ip tcp header-compression passive no ip mroute-cache shutdown dialer in-band dialer idle-timeout 5000 async mode interactive peer default ip address 10.5.1.8 ppp authentication pap chap ! interface Async105 ip unnumbered FastEthernet0/0 ip access-group 100 in ip helper-address 10.1.1.6 encapsulation ppp ip tcp header-compression passive no ip mroute-cache dialer in-band dialer idle-timeout 5000 async mode interactive peer default ip address 10.5.1.9 ppp authentication pap chap ! interface Async106 ip unnumbered FastEthernet0/0 ip access-group 100 in ip helper-address 10.1.1.6 encapsulation ppp ip tcp header-compression passive no ip mroute-cache shutdown dialer in-band dialer idle-timeout 5000 async mode interactive peer default ip address 10.5.1.10 ppp authentication pap chap ! interface Async107 ip unnumbered FastEthernet0/0 ip access-group 100 in ip helper-address 10.1.1.6 encapsulation ppp ip tcp header-compression passive no ip mroute-cache shutdown dialer in-band dialer idle-timeout 5000 async mode
RE: 1750 and MPLS [7:54016]
I would love to get a copy so I could experiment. I just want to run MPLS on a home pod so I can do some simple configurations in preparation for the CCIE Written. If anybody has a copy of it somewhere, please let me know... Thanks... Tic Oddy wrote:There is an experimental version of 12.0 that will run MPLS on the 2500. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darren Ward Sent: Tuesday, September 24, 2002 9:28 PM To: [EMAIL PROTECTED] Subject: Re: 1750 and MPLS [7:54016] Can't find it for any 1700 platforms. IOS Feature Navigoator: http://www.cisco.com/go/fn/ Darren Ward (PGradCS, CCIE #8245, SCSA, CCDP, MCP) On Wed, 25 Sep 2002, Jim Tickle wrote: We've pretty much exhausted the possibility that MPLS can run on a 2500 series, but I've got a couple of 1750's, and perhaps they can help fill in. Does anybody know if there is a version of IOS for the 1750-2v's that will do MPLS (and perhaps voice with the same code)? The Tickler - Do you Yahoo!? New DSL Internet Access from SBC Yahoo! Do you Yahoo!? New DSL Internet Access from SBC Yahoo! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54031t=54016 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]