Re: OT - ISDN viability - WAS: Re: VPDN - ISDN problems [7:53943]

[MADMAN]

FWIW I have implemented more ISDN backup than I care to remember but
once configured and tested it works well.  I always suggest that
customers periodically test the backup, at least force tha ISDN
connection up by pinging a test loopback or something.  I had one
customer who did't want to loose their SNA sessions, via DLSW, and ISDN
backup with EIGRP converted fast enough that the SNA session stayed
active.

  Dave

Chuck's Long Road wrote:
 
 I see more complaints / problems / issues with ISDN and DDR in specific and
 in general, in real world and in test situations.
 
 Idle curiousity. Is ISDN really viable in terms of reliability for DDR
 applications?
 
 In any number of mission critical applications, I have seen major vendors,
 major enterprises,  and major service providers use manual intervention as
 the preferred means to apply dial backup.
 
 I welcome the informed comments of those who are obviously more versed in
 the topic than I am, with my limited exposure..
 
 Chuck
 
 Sujal G. Ajmera  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Hi,
 
  Enclosed ISDN CALL HISTORY of showing customers' connect time.
 
  It it disconnects within few seconds. I am 100% sure that there is no
ISDN
  problem at either end.
 
  Sometimes the connect time ranges from 5 minutes to 30 minutes.
 
  This problem happens daily.
 
  Also enclosed the error log for then customer widia saying  remote host
  closed this session . What does it mean ?
 
  Is the customer router at central location 'disconnecting' the remote
  location? Or is the link getting snapped due to network congestion?
 
  TIA,
 
  Sujal
 
 
--
 --
  
  ISDN CALL HISTORY
 
--
 --
  
  Call History contains all active calls, and a maximum of 100 inactive
 calls.
  Inactive call data will be retained for a maximum of 15 minutes.
 
--
 --
  
  CallCalling  Called   Remote  Seconds Seconds Seconds Charges
  TypeNumber   Number   NameUsedLeft Idle
  Units/Currency
 
--
 --
  
  In448210936   446616319  +.f917.6023   35
  In448210936   446616319  +.f917.6023  115
  In448210936   446616319  +.f917.6023   68
  In448210936   446616319  +.f917.6023   74
  In448210936   446616319  +.f917.6023   56
 
--
 --
  
 
 
  SRIL_CHNA#sh vpdn history failure
  Table size: 20
  Number of entries in table: 1
 
  User: [EMAIL PROTECTED], MID = 54
  NAS: test, IP address = xxx.xxx.xxx.xxx, CLID = 0
  Gateway: Information is not applicable
  Log time: 1d23h, Error repeat count: 42
  Failure type: The remote server closed this session
  Failure reason: Result 1002, Error 0
 
  [GroupStudy.com removed an attachment of type application/ms-tnef which
 had
  a name of winmail.dat]
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

You don't make the poor richer by making the rich poorer. --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53943t=53943
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: URGENT: problem with load balancing accross tw [7:53901]

[MADMAN]

Since this scenerio involves two differant ISP you will not want to do
per packet loadsharing.  But if this is the behaviour you desire you
would enable per packet/per distination loadsharing on the egress
(destination?) interface.

  Dave

Priscilla Oppenheimer wrote:
 
 Stephane Litkowski wrote:
 
  If you don't want to (or can't) use CEF, just use the command :
  no ip
  route-cache on destination interfaces to desactivate FAST
  SWITCHING.
 
 Destination interfaces or ingress interfaces? I would think you would
 disable it on the incoming interfaces to disable the automatic behavior of
 using the fast-switching cache when a packet comes in. Correct me if I'm
 wrong, please. Thanks.
 
 Priscilla
 
  NB : using CEF is more efficient than using PROCESS SWITCHING.
 
 
  Stephane
 
 
  Russell Heilling  a icrit dans le
  message de news:
  [EMAIL PROTECTED]
   afshin  wrote in message
   [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I have got two internet links from two ISPs boths of which
  are directly
connected to the lan .
I would like to set the default gateway of my clients to
  the 3660 router
  I
have on my network so that it will load balance the
  outgoing traffic
   accross
the two seperate internet links.
I though maybe two equal cost default routes would result
  in load
   balancing
between equal cost paths . but it didn't work.
Is there a command to allow load-balancing between equal
  cost static
   routes
, that I am missing ?
Policy routing is not quite what I want because the load
  will not be
  quite
balanced.
Any clues ?
  
   Default load balancing is per destination, so if you are
  testing from a
   single workstation you will always hit the same link.  To get
  a more even
   load sharing you'll want to enable per packet load sharing.
  To do this
   globally enable CEF (ip cef in global config mode), and
  then add the
   following command to the interface config on the interfaces
  connecting to
   the ISPs: ip load-sharing per-packet.
  
   Hope this helps.
  
   Russell Heilling
   http://www.ccie.org.uk/
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

You don't make the poor richer by making the rich poorer. --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53942t=53901
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: bgp no-sync [7:53920]

[MADMAN]

Well I'll be damned  I loaded 12.2.11T on a 7206 and simply did:

MADVXR(config)#router bgp 1
MADVXR(config-router)#network 1.0.0.0
MADVXR(config-router)#^Z
MADVXR#sh conf | beg router bgp
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 network 1.0.0.0
 no auto-summary

  Now can we get auto sumary disabled by default in EIGRP!?

  Dave


Steven A. Ridder wrote:
 
 Is it me, or is no-sync the default in BGP in 12.2.11T?
 
 --
 RFC 1149 Compliant
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

You don't make the poor richer by making the rich poorer. --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53944t=53920
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Any 3662 routers.. [7:53946]

[Kiran Kumar M]

Hello,

Please don't treat this as spam.

If any one have a 3662 for sell at seconds rate, please let me know. 

Regards,
Kiran




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53946t=53946
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Returned mail--look,my beautiful girl friend [7:53945]

[postmaster]

The following mail can't be sent to [EMAIL PROTECTED]:

From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: look,my beautiful girl friend
The attachment is the original mail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53945t=53945
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PCMCIA Flash [7:53866]

[Art Davis]

You'd have to use an app on your laptop that recognizes the Cisco flash
filesystem. Someone may have written this, although I personally haven't
used it.

Art Davis
CCIE #6430


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53937t=53866
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Need help with Simple BGP Solution [7:53936]

[Wayne Jang]

have a customer that wants to implement BGP at his office.  They want to
have complete redundancy, not load balancing.  They have some users coming
in from the outside for VPN and email servers.

They will be using T-1s to two separate ISPs and will use a separate router
for each ISP connection.

My questions are as follows:

Can I use just one firewall? (I could run HSRP on the two routers, firewall
would just forward to the phantom default gateway)
They currently own a Sonicwall Pro 100.  I would prefer they use a PIX, is
there any reason why they can't use the Sonic?

Do ISPs charge subcribers extra for advertising routes through the other ISP
(BGP)?

I also want to have default routes to the ISP.  I don't believe this
customer needs the added routing accuracy, if it means they will need
routers with 128 MB or ram.

Thanks

Wayne


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53936t=53936
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OT: Outlets England [7:53864]

[Pierre-Alex Guanel]

I was hoping to find an UPS or surge protector that would work with both US
and UK, but after thinking, might be easier to find something when I get
there. Thanks anyway.

Pierre-Alex


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53939t=53864
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OT - ISDN viability - WAS: Re: VPDN - ISDN problem [7:53931]

[Jenny McLeod]

Hell yeah.
We use ISDN to automatically failover.  With over 350 remote sites, it's not
uncommon to have a main link to an office fail somewhere.
With automatic failover, our users often don't even know something's
failed.  Manual intervention?  You've got to be kidding.  To tweak and tune
if necessary, sure, but to initiate failover - no way.  Been there, done
that, bad idea in our network.
Anyway, in Australia at least, it's still the most cost-effective failover
for a network like ours (lots of sites, geographically dispersed).
It has some annoyances, sure - but it's still definitely an option for me.

JMcL

Chuck's Long Road wrote:
 
 I see more complaints / problems / issues with ISDN and DDR in
 specific and
 in general, in real world and in test situations.
 
 Idle curiousity. Is ISDN really viable in terms of reliability
 for DDR
 applications?
 
 In any number of mission critical applications, I have seen
 major vendors,
 major enterprises,  and major service providers use manual
 intervention as
 the preferred means to apply dial backup.
 
 I welcome the informed comments of those who are obviously more
 versed in
 the topic than I am, with my limited exposure..
 
 Chuck
 
 [snipped]



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53940t=53931
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

origin of split horizon? [7:53938]

[Black Jack]

Can anyone here tell me how the term split horizon came to be applied to
routing protocols? Who first used the term and when?


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53938t=53938
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Certificatiom [7:53666]

[Mark Babbitt]

Make the individual go to their Test History at Cisco. This will show when
the test was
passed and I believe when it expires.

Robert Edmonds wrote:

 At my last organization, we had someone who lied about their Microsoft
 certification.  We just called the number that you would call to check your
 own status, told them what we suspected, and they verified it.  Try that.

 Kaminski, Shawn G  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Yes. The Cisco website has a section that allows you to check CCIE
status.
  You need the person's name and their CCIE # to verify it.  As for the
 CCNP,
  I haven't heard of anything to check this status.
 
  Shawn K.
 
   -Original Message-
   From: Han Chuan Alex Ang [SMTP:[EMAIL PROTECTED]]
   Sent: Thursday, September 19, 2002 9:41 PM
   To: [EMAIL PROTECTED]
   Subject: Certificatiom [7:53666]
  
   hi, everyone , is there any way to verify if it is true if a person
   claimed
   he has a CCNP or CCIE certification ?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53947t=53666
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

rsm secondary IP address [7:53948]

[sisco]

cisco gurus!
Does IOS c5rsm-jsv-mz.121-7.bin support secondary IP addressing on 5513
catalyst switch with a layer3 switch (RSM).I've configured my interface
vlan2 with a secondary IP address but I can't ping my host From the rsm nor
cannot ping the gateway (2nd IP) from the host and to Isolate the problem
I've created another interface vlan3 and port then Add the IP address as
primary address and it works fine.
Regards




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53948t=53948
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: token ring rj45 to db9 cabling [7:53860]

[Munoz, Michael]

When I made filters for my token ring routers to my 3900 I used this link as
a reference:

http://www.walshcomptech.com/ohlandl/NIC/TR-cable.html


The pins we are worried about on the 9pin D plug end are 1,5,6, and 9.
The pins on the rj45 side are 3,4,5, and 6.

9pin 1 = rj pin 5
9pin 5 = rj pin 6
9pin 6 = rj pin 4
9pin 9 = rj pin 3
Mike Munoz


-Original Message-
From: hall annie [mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 22, 2002 3:17 PM
To: [EMAIL PROTECTED]
Subject: token ring rj45 to db9 cabling [7:53860]


Okay, I give up.  I can't seem to get this to work.  I've tried various
adapters (self-done) and I'm stuck.  I have a 2502 and I don't have the
rj-45 to db9 adapter, and I need to fabricate one.  Does anyone know the
pinout colors that will work with a Cisco 2502?

I thought it was 1-red 5-black 6-green 9 -orange (on the db9 to rj45
adapter), but lately I've been thinking it might be: 1-green,5-black, 6-red,
9-orange

Or perhaps I've got a bad db9 port on my 2502?  I have a known good rj45
token ring mau/lam.  It works when it connects to servers/workstations that
have rj-45 ports on their token ring cards, but not with my home-made
rj-45 adapter for my Cisco router.

Can anyone assist?  Thanks in advance.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53949t=53860
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Just Testing [7:53950]

[[EMAIL PROTECTED]]

Just testing,

Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53950t=53950
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Certificatiom [7:53666]

Mark Babbitt wrote:
 
 Make the individual go to their Test History at Cisco. This will show when
 the test was
 passed 

and also their testing ID (often social security number in US).

I would have an issue with showing my social security number to anyone
outside of the payroll or HR department of an employer.

I think that requesting their Cisco ID and verifying their cert status
through www.cisco.com/go/certsupport (as previously mentioned) would be
a lot more appropriate.

Peter Walker




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53952t=53666
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Please Please help!!! [7:53917]

[Mark W. Odette II]

--Yes, You definitely can do this, as I have done this already to
simulate a network design in the lab before rolling it out for my
customer.  I used the 2600 as my Frame Switch and as a Router to the
Internet, pretty much simulating a network of sites connected together
via VPN connections over FR POP connections.  It was pretty awesome
pretending like I was the local telco in my lab.


Also, I haven't tried it yet, but I am pretty sure you can use 4 of the
serial ports to make a frame relay switch and then use the Ethernet
port and the remaining serial ports as an IP router giving you two
routers in one box.

-Original Message-
From: Don [mailto:[EMAIL PROTECTED]] 
Sent: Monday, September 23, 2002 1:26 PM
To: [EMAIL PROTECTED]
Subject: Re: Please Please help!!! [7:53917]

Well, an NM-4A/S is probably cheaper if your NM slot is open.  However,
it only does 128k per connection instead of the 2-8 mbits of a WIC-2T.
WIC-2T's seem to go for about $200-$250 each on ebay.  A NM-4A/S seems
to go
for about $200-$250 on ebay.  It may also depend on whether you want to
leave your NM slot open for some other card, like an Ethernet interface
or
an adapter for two more WIC cards (be careful, not all such NM's are
usable
in a 2600).  Biggest drawback is that it uses a different connector than
the
WIC-2T so you need more cables.  Personally, I have a 2600 with a
NM-4A/S, a
WIC-2A/S and a WIC-2T.  It gives me an eight port frame switch, plus I
can
use RS-232 cables for doing dial-up modem configurations.  I suppose I
could
even swap one of the WIC's for an ISDN WIC for ISDN configurations,
although
I haven't checked to see which are compatible with 2600's yet.  Also, I
haven't tried it yet, but I am pretty sure you can use 4 of the serial
ports
to make a frame relay switch and then use the Ethernet port and the
remaining serial ports as an IP router giving you two routers in one
box.
Don


H  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hello,

 I currently have a Cisco 2620.  I am just wondering what would be the
most
 economic / most cost effective way to get 4 Serial Ports in total onto
the
 2620 (so I can do 4 ports frame etc).

 I know I can get 2 x WIC-2T, but is there any other cheaper way? And
would
I
 need any special cables for them?

 Would be greatly appreciated if anyone can shed some light on this.

 Best Regards,
 H.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53941t=53917
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX questions [7:53953]

[Sim, CT (Chee Tong)]

I keep having the following log in my PIX.  It is very frequent. What is
that mean? It seems my PIX deny this connection, but actually I want to
allow it now and make it no longer log to the PIX log.  

 

106011: Deny inbound (No xlate) udp src outside:200.100.182.173/58000 dst
outside:192.168.

5.200/58000

106011: Deny inbound (No xlate) udp src outside:200.100.182.173/58000 dst
outside:192.168.

5.200/58000

106011: Deny inbound (No xlate) udp src outside:200.100.182.79/58000 dst
outside:192.168.5

.200/58001

106011: Deny inbound (No xlate) udp src outside:200.100.182.79/58000 dst
outside:192.168.5

.200/58001

 

I tried to clear it by adding the following command in the PIX config to
allow the connection to come in.  However, I still found the same log in my
PIX?  What should be the correct command?

 

conduit permit udp any range 58000 58001 any

 

 

Question2- How to show the running-config in PIX?  I found whenever I made
a change on PIX. I can't see the change when I issue sh conf command until
I do wr mem What is the router equivalent show running-config command in
PIX?

 

Thanks a lot

 


==
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en 
de afzender direct te informeren door het bericht te retourneren. 
==
The information contained in this message may be confidential 
and is intended to be exclusively for the addressee. Should you 
receive this message unintentionally, please do not use the contents 
herein and notify the sender immediately by return e-mail.


==




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53953t=53953
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

BGP AS Path Regular Expressions [7:53956]

[Stephane Litkowski]

Hi all,

I'm trying to find a regexp to match AS PATH including AS200 only, but AS200
can be contained more than one time (AS PATH prepending).
Example :
200 - Match
200 200 - Match
200 200 200 - Match
200 200 200 300 - Don't Match

I tried to use this regexp : ^(200)+$ but it doesn't work, why ?
However, the regexps : ^(200_)+$ seems to work.

Can someone explain me why the first regexp doesn't work ?

thanks.

Stephane




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53956t=53956
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Input errors on catalyst 3548 [7:53957]

[Tunde Kalejaiye]

what could be the cause of large input errors on a catalyst switch?

regards,


Tunde




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53957t=53957
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: SIP vs H323 [7:53852]

[Haakon Claassen (hclaasse)]

I am not THE expert on these matters but it comes to play in my daily
duties

SIP is more flexible then H323 and H323 is a suite of protocols for real
time traffic, SIP is far more suitable when looking at unified messaging

Have a look at SMTP and then look at SIP ... you'll see some resemblance

The security issues with SIP are sadly far greater then H323
I can fwd a good link on that


regards


 
Haakon Claassen
EMEA - IT Transport Services -WAN
 
Cisco Systems
De Kleetlaan 6b - Pegasus Park
B-1831 Diegem (Belgium)
 
 

-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] 
Sent: maandag 23 september 2002 20:45
To: [EMAIL PROTECTED]
Subject: Re: SIP vs H323 [7:53852]

In what ways was the SIP equipment better? The fact that it comes from a
www/internet IETF world, versus H.323 which comes from the ITU,
wouldn't
necessarily mean that it's better. In fact, to make a very broad
generalization, the IETF has historically been involved with data
networking
which hasn't been that concerned about quality.  Reliability is
achieved, in
general, by the sender retransmitting if there's no ACK, which doesn't
work
with voice. Quality is achieved by various hacks. ;-)

At least in the U.S., our telephone networks have always been way more
reliable and offered better quality than our data networks, which have
been
annoyingly flaky. When we pick up a phone to make a call, unless it's
Mother's Day and all circuits are busy, it simply works. Problems are
rare.
Problems accessng data on intranets and the Internet are widespread. So
it
doesnt' fit with our paradign that you would think that SIP is better
because it comes from a www/Internet world.

SIP may be better because it's always easier to do something better the
second time around. SIP is newer. H.323 is old.

Anyway, this philosophical debate probably isn't that relevant, but
things
are slow today at work. ;-)

Priscilla


Gunjan Mathur wrote:
 
 I tested one SIP equipement of vonage, and that was
 far far better then any device using H323...that's the
 reason I want to know the diff in between these two.
 What I understand is SIP model works on www/internet
 and h323 model is telephony, I believe this is the
 main reason for the quality difference.
 
 What you suggest...
 TIA
 
 --- Steven A. Ridder  wrote:
  I agree that SIP is the future, it just isn't there
  yet.  There is some SIP
  being built into Unity and CM, but until everything
  is SIP (as opposed to
  MGCP/H.323 and Skinny), it just isn't useful yet.
  
   I know that SIP is being deployed in SP networks,
  and I have implemented it
  in a Telco, but for enterprise, it's useless.  I
  can't wait til it is
  developed and more mature.
  
  
  Jason Weden  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   Ok, so SIP is nowhere near useless.  It is being
  used all over the place
  and
   will eventually replace H.323.  Telcos like Vonage
  (which uses Cisco SIP
   equipment), deltathree, and Denwa are using it for
  last mile telephony
   connectivity for residences and enterprises, and
  WorldCom, after surfacing
   from its financial issues, will be using it on its
  global network as well.
   Microsoft has built a SIP client into Windows XP
  (Microsoft Messenger) and
   SIP is very flexible and extensible and the best
  place to start is
   http://www.sipcenter.com.  PBX manufacturers like
  Mitel and Siemens have
   developed their PBX completely around SIP.
  
   To get back to Cisco (as this is a Cisco
  newsgroup), Cisco has taken the
   time and $$ to start to develop SIP functionality
  in its products despite
   the fact that it isn't need for AVVID at all. 
  Though their initial SIP
   focus is on carrier-class products (since that is
  the logical choice --
  see
   my list of companies above), my bet is that SIP
  will surface as a more
   central part of the AVVID architecture for the
  enterprise.  A good Cisco
   link is here:
  
 

http://www.cisco.com/warp/public/cc/techno/tyvdve/sip/prodlit/index.shtm
l
  
or here (which displays more enterprise
  scenarios):
  
  
 

http://cisco.com/univercd/cc/td/doc/product/voice/sipsols/biggulp/index.
htm
   Regards,
  
   Jason
 [EMAIL PROTECTED]
 
 
 __
 Do you Yahoo!?
 New DSL Internet Access from SBC  Yahoo!
 http://sbc.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53958t=53852
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Input errors on catalyst 3548 [7:53957]

[Priscilla Oppenheimer]

Tunde Kalejaiye wrote:
 
 what could be the cause of large input errors on a catalyst
 switch?

The most likely cause is a duplex mismatch. Is it just on one port? What
connects to that port? Could it be misconfigured or could the port be
misconfigured for half/full duplex? What kind of errors are they?
___

Priscilla Oppenheimer
www.troubleshootingnetworks.com
www.priscilla.com

 
 regards,
 
 
 Tunde
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53959t=53957
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP AS Path Regular Expressions [7:53956]

[Kent Yu]

Stephane,

^(200)+$  matches  200 or 200200 etc.. Of course, in case of as-path, it
will only find 200.

You want to use _ to match the space between the as-nums, so IOS will try to
match the whole as-path.

HTH
Kent
Stephane Litkowski  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi all,

 I'm trying to find a regexp to match AS PATH including AS200 only, but
AS200
 can be contained more than one time (AS PATH prepending).
 Example :
 200 - Match
 200 200 - Match
 200 200 200 - Match
 200 200 200 300 - Don't Match

 I tried to use this regexp : ^(200)+$ but it doesn't work, why ?
 However, the regexps : ^(200_)+$ seems to work.

 Can someone explain me why the first regexp doesn't work ?

 thanks.

 Stephane




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53960t=53956
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX questions [7:53953]

[Vamsi Krishna]

Hi Sim,
There is some flaw in your security policy. Pls check the =
configuration again. I am enclosing some info from CCO regarding the =
syslog message 106011:

%PIX-7-106011: Deny inbound (No xlate) chars

  Explanation   This is a connection-related message. This message =
occurs when a packet is sent to the same interface that it arrived on. =
This usually indicates that a security breach is occurring. When the PIX =
Firewall receives a packet, it tries to establish a translation slot =
based on the security policy you set with the global and conduit =
commands, and your routing policy set with the route command.=20

  Failing both policies, PIX Firewall allows the packet to flow from the =
higher priority network to a lower priority network, if it is consistent =
with the security policy. If a packet comes from a lower priority =
network and the security policy does not allow it, PIX Firewall routes =
the packet back to the same interface.

  To provide access from an interface with a higher security to a lower =
security, use the nat and global commands. For example, use the nat =
command to let inside users access outside servers, to let inside users =
access perimeter servers, and to let perimeter users access outside =
servers.

  To provide access from an interface with a lower security to higher =
security, use the static and conduit commands. For example, use the =
static and conduit commands to let outside users access inside servers, =
outside users access perimeter servers, or perimeter servers access =
inside servers.=20

  Action Fix your configuration to reflect your security policy for =
handling these attack events.=20

 In PIX the running configuration is shown by Show Config. Any changes =
made in PIX will be effective only once you write them to the memory. =
There is no such thing as startup and running configuration in PIX. To =
add to this info, PIX uses an Operating system called Finesse which is =
different from Cisco IOS.

Hope this helps.

Regards,

Vamsi



- Original Message -=20
From: Sim, CT (Chee Tong) 
To: 
Sent: Tuesday, September 24, 2002 4:49 PM
Subject: PIX questions [7:53953]


 I keep having the following log in my PIX.  It is very frequent. What =
is
 that mean? It seems my PIX deny this connection, but actually I want =
to
 allow it now and make it no longer log to the PIX log. =20
=20
 106011: Deny inbound (No xlate) udp src outside:200.100.182.173/58000 =
dst outside:192.168.5.200/58000
=20
 106011: Deny inbound (No xlate) udp src outside:200.100.182.173/58000 =
dst outside:192.168.5.200/58000
=20
 106011: Deny inbound (No xlate) udp src outside:200.100.182.79/58000 =
dst outside:192.168.5.200/58001
=20
 106011: Deny inbound (No xlate) udp src outside:200.100.182.79/58000 =
dst outside:192.168.5.200/58001
=20
 I tried to clear it by adding the following command in the PIX config =
to
 allow the connection to come in.  However, I still found the same log =
in my
 PIX?  What should be the correct command?
=20
 =20
=20
 conduit permit udp any range 58000 58001 any
=20
 =20
=20
 =20
=20
 Question2- How to show the running-config in PIX?  I found whenever =
I made
 a change on PIX. I can't see the change when I issue sh conf command =
until
 I do wr mem What is the router equivalent show running-config =
command in
 PIX?
=20
 =20
=20
 Thanks a lot
=20
 =20
=20
=20
 =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
 De informatie opgenomen in dit bericht kan vertrouwelijk zijn en=20
 is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht=20
 onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en=20
 de afzender direct te informeren door het bericht te retourneren.=20
 =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
 The information contained in this message may be confidential=20
 and is intended to be exclusively for the addressee. Should you=20
 receive this message unintentionally, please do not use the contents=20
 herein and notify the sender immediately by return e-mail.
=20
=20
 =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=20
=20
=20
=20
**Disclaimer** 
   
 
 Information contained in this E-MAIL being proprietary to Wipro Limited is
'privileged'
and 'confidential' and intended for use only by the individual or entity to
which it is
addressed. You are notified that any use, copying or dissemination of the
information
contained in the E-MAIL in any manner whatsoever is strictly 

Re: URGENT: problem with load balancing accross tw [7:53901]

[Stephane Litkowski]

I just done a test to verify ...
Fast switching cache is established based on egress interfaces.
So when a packet comes on an ingress interface (cache empty), first packet
is routed (process switched) and an entry is cached for egress Interface (sh
ip cache). If I disable fast switching on the egress interface, the entry
disappears and no more entry are cached for this interface when packet come.

For me, issuing the command no ip route-cache on an interface, disables
caching for this interface.

Stephane


Priscilla Oppenheimer  a icrit dans le message de
news: [EMAIL PROTECTED]
 Stephane Litkowski wrote:
 
  If you don't want to (or can't) use CEF, just use the command :
  no ip
  route-cache on destination interfaces to desactivate FAST
  SWITCHING.

 Destination interfaces or ingress interfaces? I would think you would
 disable it on the incoming interfaces to disable the automatic behavior of
 using the fast-switching cache when a packet comes in. Correct me if I'm
 wrong, please. Thanks.

 Priscilla


  NB : using CEF is more efficient than using PROCESS SWITCHING.
 
 
  Stephane
 
 
  Russell Heilling  a icrit dans le
  message de news:
  [EMAIL PROTECTED]
   afshin  wrote in message
   [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I have got two internet links from two ISPs boths of which
  are directly
connected to the lan .
I would like to set the default gateway of my clients to
  the 3660 router
  I
have on my network so that it will load balance the
  outgoing traffic
   accross
the two seperate internet links.
I though maybe two equal cost default routes would result
  in load
   balancing
between equal cost paths . but it didn't work.
Is there a command to allow load-balancing between equal
  cost static
   routes
, that I am missing ?
Policy routing is not quite what I want because the load
  will not be
  quite
balanced.
Any clues ?
  
   Default load balancing is per destination, so if you are
  testing from a
   single workstation you will always hit the same link.  To get
  a more even
   load sharing you'll want to enable per packet load sharing.
  To do this
   globally enable CEF (ip cef in global config mode), and
  then add the
   following command to the interface config on the interfaces
  connecting to
   the ISPs: ip load-sharing per-packet.
  
   Hope this helps.
  
   Russell Heilling
   http://www.ccie.org.uk/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53963t=53901
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP AS Path Regular Expressions [7:53956]

[Stephane Litkowski]

Kent,

As u said, ^(200)+$ will match my ASPATHs but not only ...
However, when I configure it, this expression doesn't match ASPATH prepended
like 200 200 200 (but 200 is present !). The not prepended ASPATH (200
only) is matched. I don't understand this behavior.


Kent Yu  a icrit dans le message de news:
[EMAIL PROTECTED]
 Stephane,

 ^(200)+$  matches  200 or 200200 etc.. Of course, in case of as-path, it
 will only find 200.

 You want to use _ to match the space between the as-nums, so IOS will try
to
 match the whole as-path.

 HTH
 Kent
 Stephane Litkowski  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Hi all,
 
  I'm trying to find a regexp to match AS PATH including AS200 only, but
 AS200
  can be contained more than one time (AS PATH prepending).
  Example :
  200 - Match
  200 200 - Match
  200 200 200 - Match
  200 200 200 300 - Don't Match
 
  I tried to use this regexp : ^(200)+$ but it doesn't work, why ?
  However, the regexps : ^(200_)+$ seems to work.
 
  Can someone explain me why the first regexp doesn't work ?
 
  thanks.
 
  Stephane




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53964t=53956
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCNP Population [7:53965]

[Dante Martins]

Someone have an idea how CCNP there around the world. 

CCEI it's easy. It's Cisco web page.But CCNP not.

Dante




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53965t=53965
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCNP Population! [7:53966]

[Dante Martins]

Does anybody have an idea about how many CCNP are around the world. Found
that information about CCIE at Cisco web but nothing about CCNP.


Thanks

Dante




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53966t=53966
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX questions [7:53953]

[mike greenberg]

Question 2:  write term
 Sim, CT (Chee Tong) wrote:I keep having the following log in my PIX. It
is very frequent. What is
that mean? It seems my PIX deny this connection, but actually I want to
allow it now and make it no longer log to the PIX log. 



106011: Deny inbound (No xlate) udp src outside:200.100.182.173/58000 dst
outside:192.168.

5.200/58000

106011: Deny inbound (No xlate) udp src outside:200.100.182.173/58000 dst
outside:192.168.

5.200/58000

106011: Deny inbound (No xlate) udp src outside:200.100.182.79/58000 dst
outside:192.168.5

.200/58001

106011: Deny inbound (No xlate) udp src outside:200.100.182.79/58000 dst
outside:192.168.5

.200/58001



I tried to clear it by adding the following command in the PIX config to
allow the connection to come in. However, I still found the same log in my
PIX? What should be the correct command?



conduit permit udp any range 58000 58001 any





Question2- How to show the running-config in PIX? I found whenever I made
a change on PIX. I can't see the change when I issue sh conf command until
I do wr mem What is the router equivalent show running-config command in
PIX?



Thanks a lot




==
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en 
de afzender direct te informeren door het bericht te retourneren. 
==
The information contained in this message may be confidential 
and is intended to be exclusively for the addressee. Should you 
receive this message unintentionally, please do not use the contents 
herein and notify the sender immediately by return e-mail.


==
Do you Yahoo!?
New DSL Internet Access from SBC  Yahoo!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53967t=53953
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX questions [7:53953]

[Lidiya White]

The problem here is the source and destination are outside. Why? PIX can't
redirect traffic so even if conduit is allowing this traffic, PIX won't let
it through, unless it's src outside and dst is inside. You either routing
issue here or just something is misconfigured on the PIX.

Use wr term on the PIX to view the current config.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Sim, CT (Chee Tong)
Sent: Tuesday, September 24, 2002 10:50 AM
To: [EMAIL PROTECTED]
Subject: PIX questions [7:53953]


I keep having the following log in my PIX.  It is very frequent. What is
that mean? It seems my PIX deny this connection, but actually I want to
allow it now and make it no longer log to the PIX log.



106011: Deny inbound (No xlate) udp src outside:200.100.182.173/58000 dst
outside:192.168.

5.200/58000

106011: Deny inbound (No xlate) udp src outside:200.100.182.173/58000 dst
outside:192.168.

5.200/58000

106011: Deny inbound (No xlate) udp src outside:200.100.182.79/58000 dst
outside:192.168.5

.200/58001

106011: Deny inbound (No xlate) udp src outside:200.100.182.79/58000 dst
outside:192.168.5

.200/58001



I tried to clear it by adding the following command in the PIX config to
allow the connection to come in.  However, I still found the same log in my
PIX?  What should be the correct command?



conduit permit udp any range 58000 58001 any





Question2- How to show the running-config in PIX?  I found whenever I made
a change on PIX. I can't see the change when I issue sh conf command until
I do wr mem What is the router equivalent show running-config command in
PIX?



Thanks a lot




==
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en
de afzender direct te informeren door het bericht te retourneren.
==
The information contained in this message may be confidential
and is intended to be exclusively for the addressee. Should you
receive this message unintentionally, please do not use the contents
herein and notify the sender immediately by return e-mail.


==




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53968t=53953
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: rsm secondary IP address [7:53948]

[MADMAN]

I seem to recall having to do an extended ping sourcing your secondary
address to make your test work.  That is no longer the case as I know I
can do what your trying on a 6500/MSFC2

  Dave

sisco wrote:
 
 cisco gurus!
 Does IOS c5rsm-jsv-mz.121-7.bin support secondary IP addressing on 5513
 catalyst switch with a layer3 switch (RSM).I've configured my interface
 vlan2 with a secondary IP address but I can't ping my host From the rsm nor
 cannot ping the gateway (2nd IP) from the host and to Isolate the problem
 I've created another interface vlan3 and port then Add the IP address as
 primary address and it works fine.
 Regards
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

You don't make the poor richer by making the rich poorer. --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53969t=53948
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

How can I Fill out our unused bandwidth with dummy traffic [7:53970]

[shojaee]

Dear sirs,

I'm a member of technical staff in an ISP site. We have cable connection to
the internet with 512k bandwidth.
I require to do the following:
1- Measure our maximum connection speed to internet.
2- Fill out our unused bandwidth with dummy traffic.
How can i do these? thanks for your prompt attention.

With best regards
Hassan Shojaie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53970t=53970
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE written revised [7:53972]

[Julio Godinez]

Passing score 105: First attempt 77, Second attemp (yesterday) 95 =( .
Next time you will be mine baby...




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53972t=53972
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Help needed with an extended access list [7:53971]

[Mark Walmsley]

Hi All, 

I need your help please, here's a question about extended access lists, 

I have a network address of 171.17.0.0 and I need to divide this into 1024
subnets which means I have to use a mask of 255.255.255.192.
The first usable subnet is 171.17.0.64 giving a usable range for the hosts
address's on this subnet of 171.17.0.65 - 171.17.0.126 (i think this is
correct)The ethernet interface on the router that these hosts are connected
to is 171.17.0.65. Now, I need to create an extended access list that will
deny telnet access from the hosts on the upper half of this
range(171.17.0.96-126) to a serial interface(171.17.255.65) on a router a
couple of hops away(so they can't telnet to the router).

Could someone please give me an example list of what i need to do? How do I
specify to deny only the upper half of the range with a wildcard mask? Is
that the way to do it?

Thank you 

Mark. 



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53971t=53971
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Same subnets on each side of an ATM WAN [7:53973]

[McHugh Randy]

I have an OC3 ATM WAN link that connect two LANs, but there are two
identical subnets /30 on either side of the WAN link. Has any one ever had
that type of setup and how is that possible with two identical public IP /30
subnets on either side of WAN connection?

Here are the interfaces on either side of the wan

AAAV7204#sh int fastEthernet 1/0
FastEthernet1/0 is up, line protocol is up 
  Hardware is DEC21140A, address is 0003.6cce.f01c (bia 0003.6cce.f01c)
  Description: FE from PM to WDGB
  Internet address is 205.109.29.10/30
  MTU 1500 bytes, BW 10 Kbit, DLY 100 usec, 
 reliability 255/255, txload 1/255, rxload 2/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:21, output 00:00:00, output hang never
  Last clearing of show interface counters never
  Input queue: 0/75/4/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue :0/40 (size/max)
  5 minute input rate 814000 bits/sec, 113 packets/sec
  5 minute output rate 81000 bits/sec, 79 packets/sec
 441800484 packets input, 1055724299 bytes
 Received 713 broadcasts, 0 runts, 0 giants, 2 throttles
 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
 0 watchdog
 0 input packets with dribble condition detected
 349363988 packets output, 1452170449 bytes, 0 underruns

AAAV7206#sh ip int fastEthernet 1/0
FastEthernet1/0 is up, line protocol is up
  Internet address is 205.109.29.9/30
  Broadcast address is 255.255.255.255
  Address determined by non-volatile memory
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is enabled
  IP Fast switching turbo vecto

Thank you,
Randy


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53973t=53973
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Same subnets on each side of an ATM WAN [7:53973]

[Robert Edmonds]

I read about an almost identical (if not actually identical) issue on
Cisco's website.  The solution they gave was to do NAT on one side of the
WAN link.


McHugh Randy  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I have an OC3 ATM WAN link that connect two LANs, but there are two
 identical subnets /30 on either side of the WAN link. Has any one ever had
 that type of setup and how is that possible with two identical public IP
/30
 subnets on either side of WAN connection?

 Here are the interfaces on either side of the wan

 AAAV7204#sh int fastEthernet 1/0
 FastEthernet1/0 is up, line protocol is up
   Hardware is DEC21140A, address is 0003.6cce.f01c (bia 0003.6cce.f01c)
   Description: FE from PM to WDGB
   Internet address is 205.109.29.10/30
   MTU 1500 bytes, BW 10 Kbit, DLY 100 usec,
  reliability 255/255, txload 1/255, rxload 2/255
   Encapsulation ARPA, loopback not set
   Keepalive set (10 sec)
   Full-duplex, 100Mb/s, 100BaseTX/FX
   ARP type: ARPA, ARP Timeout 04:00:00
   Last input 00:00:21, output 00:00:00, output hang never
   Last clearing of show interface counters never
   Input queue: 0/75/4/0 (size/max/drops/flushes); Total output drops: 0
   Queueing strategy: fifo
   Output queue :0/40 (size/max)
   5 minute input rate 814000 bits/sec, 113 packets/sec
   5 minute output rate 81000 bits/sec, 79 packets/sec
  441800484 packets input, 1055724299 bytes
  Received 713 broadcasts, 0 runts, 0 giants, 2 throttles
  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
  0 watchdog
  0 input packets with dribble condition detected
  349363988 packets output, 1452170449 bytes, 0 underruns

 AAAV7206#sh ip int fastEthernet 1/0
 FastEthernet1/0 is up, line protocol is up
   Internet address is 205.109.29.9/30
   Broadcast address is 255.255.255.255
   Address determined by non-volatile memory
   MTU is 1500 bytes
   Helper address is not set
   Directed broadcast forwarding is disabled
   Outgoing access list is not set
   Inbound  access list is not set
   Proxy ARP is enabled
   Security level is default
   Split horizon is enabled
   ICMP redirects are always sent
   ICMP unreachables are always sent
   ICMP mask replies are never sent
   IP fast switching is enabled
   IP fast switching on the same interface is disabled
   IP Flow switching is disabled
   IP CEF switching is enabled
   IP Fast switching turbo vecto

 Thank you,
 Randy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53974t=53973
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: PIX questions [7:53953]

[Greg Owens]

I had the same problem because of the following

172.16.64.3 is a IP address in the inside network; however, in someone turn
off 172.16.64.3 and if someone try to access the machine the routing
protocol send it to the default gateway the PIX.  However on the PIX it
knows that 172.16.0.0 is the inside addresses thus the error message u are
getting.
 
 From: Lidiya White 
 Date: 2002/09/24 Tue PM 01:38:57 EDT
 To: [EMAIL PROTECTED]
 Subject: RE: PIX questions [7:53953]
 
 The problem here is the source and destination are outside. Why? PIX can't
 redirect traffic so even if conduit is allowing this traffic, PIX won't let
 it through, unless it's src outside and dst is inside. You either routing
 issue here or just something is misconfigured on the PIX.
 
 Use wr term on the PIX to view the current config.
 
 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
 Sim, CT (Chee Tong)
 Sent: Tuesday, September 24, 2002 10:50 AM
 To: [EMAIL PROTECTED]
 Subject: PIX questions [7:53953]
 
 
 I keep having the following log in my PIX.  It is very frequent. What is
 that mean? It seems my PIX deny this connection, but actually I want to
 allow it now and make it no longer log to the PIX log.
 
 
 
 106011: Deny inbound (No xlate) udp src outside:200.100.182.173/58000 dst
 outside:192.168.
 
 5.200/58000
 
 106011: Deny inbound (No xlate) udp src outside:200.100.182.173/58000 dst
 outside:192.168.
 
 5.200/58000
 
 106011: Deny inbound (No xlate) udp src outside:200.100.182.79/58000 dst
 outside:192.168.5
 
 .200/58001
 
 106011: Deny inbound (No xlate) udp src outside:200.100.182.79/58000 dst
 outside:192.168.5
 
 .200/58001
 
 
 
 I tried to clear it by adding the following command in the PIX config to
 allow the connection to come in.  However, I still found the same log in my
 PIX?  What should be the correct command?
 
 
 
 conduit permit udp any range 58000 58001 any
 
 
 
 
 
 Question2- How to show the running-config in PIX?  I found whenever I
made
 a change on PIX. I can't see the change when I issue sh conf command
until
 I do wr mem What is the router equivalent show running-config command in
 PIX?
 
 
 
 Thanks a lot
 
 
 
 
 ==
 De informatie opgenomen in dit bericht kan vertrouwelijk zijn en
 is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
 onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en
 de afzender direct te informeren door het bericht te retourneren.
 ==
 The information contained in this message may be confidential
 and is intended to be exclusively for the addressee. Should you
 receive this message unintentionally, please do not use the contents
 herein and notify the sender immediately by return e-mail.
 
 
 ==
Greg Owens
202-398-2552




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53975t=53953
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Same subnets on each side of an ATM WAN [7:53973]

[s vermill]

It's more of a stop-gap than a long-term solution:

http://www.cisco.com/warp/public/556/3.html


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53976t=53973
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Same subnets on each side of an ATM WAN [7:53973]

[s vermill]

It's more of a stop-gap than a long-term solution:

http://www.cisco.com/warp/public/556/3.htmlMcHugh Randy wrote:
 
 I have an OC3 ATM WAN link that connect two LANs, but there are
 two identical subnets /30 on either side of the WAN link. Has
 any one ever had that type of setup and how is that possible
 with two identical public IP /30 subnets on either side of WAN
 connection?
 
 Here are the interfaces on either side of the wan
 
 AAAV7204#sh int fastEthernet 1/0
 FastEthernet1/0 is up, line protocol is up 
   Hardware is DEC21140A, address is 0003.6cce.f01c (bia
 0003.6cce.f01c)
   Description: FE from PM to WDGB
   Internet address is 205.109.29.10/30
   MTU 1500 bytes, BW 10 Kbit, DLY 100 usec, 
  reliability 255/255, txload 1/255, rxload 2/255
   Encapsulation ARPA, loopback not set
   Keepalive set (10 sec)
   Full-duplex, 100Mb/s, 100BaseTX/FX
   ARP type: ARPA, ARP Timeout 04:00:00
   Last input 00:00:21, output 00:00:00, output hang never
   Last clearing of show interface counters never
   Input queue: 0/75/4/0 (size/max/drops/flushes); Total output
 drops: 0
   Queueing strategy: fifo
   Output queue :0/40 (size/max)
   5 minute input rate 814000 bits/sec, 113 packets/sec
   5 minute output rate 81000 bits/sec, 79 packets/sec
  441800484 packets input, 1055724299 bytes
  Received 713 broadcasts, 0 runts, 0 giants, 2 throttles
  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
  0 watchdog
  0 input packets with dribble condition detected
  349363988 packets output, 1452170449 bytes, 0 underruns
 
 AAAV7206#sh ip int fastEthernet 1/0
 FastEthernet1/0 is up, line protocol is up
   Internet address is 205.109.29.9/30
   Broadcast address is 255.255.255.255
   Address determined by non-volatile memory
   MTU is 1500 bytes
   Helper address is not set
   Directed broadcast forwarding is disabled
   Outgoing access list is not set
   Inbound  access list is not set
   Proxy ARP is enabled
   Security level is default
   Split horizon is enabled
   ICMP redirects are always sent
   ICMP unreachables are always sent
   ICMP mask replies are never sent
   IP fast switching is enabled
   IP fast switching on the same interface is disabled
   IP Flow switching is disabled
   IP CEF switching is enabled
   IP Fast switching turbo vecto
 
 Thank you,
 Randy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53977t=53973
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP AS Path Regular Expressions [7:53956]

[Kent Yu]

Stephane,

 As u said, ^(200)+$ will match my ASPATHs but not only ...

I am afraid that was not what I said :)

 However, when I configure it, this expression doesn't match ASPATH
prepended
 like 200 200 200 (but 200 is present !). The not prepended ASPATH (200
 only) is matched. I don't understand this behavior.


As I said, ^(200)+$ would match 200 ONLY, we only have 2 bytes for the
as-number, 200200 will not show up in a router.

When you give IOS 200  200 200, it sees the spaces between the numbers,
^(200)+$ tells it to match some 200s without anything else in between them,
space is something.
Since you have ^ and $, it can not have anything before and after these 200s
either.
After reading the first 200, it expects the next thing is either 2 or end of
line, but it sees the space following the first 200 in 200  200 200,
that's a no-no.

Kent

 Kent Yu  a icrit dans le message de news:
 [EMAIL PROTECTED]
  Stephane,
 
  ^(200)+$  matches  200 or 200200 etc.. Of course, in case of as-path, it
  will only find 200.
 
  You want to use _ to match the space between the as-nums, so IOS will
try
 to
  match the whole as-path.
 
  HTH
  Kent
  Stephane Litkowski  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   Hi all,
  
   I'm trying to find a regexp to match AS PATH including AS200 only, but
  AS200
   can be contained more than one time (AS PATH prepending).
   Example :
   200 - Match
   200 200 - Match
   200 200 200 - Match
   200 200 200 300 - Don't Match
  
   I tried to use this regexp : ^(200)+$ but it doesn't work, why ?
   However, the regexps : ^(200_)+$ seems to work.
  
   Can someone explain me why the first regexp doesn't work ?
  
   thanks.
  
   Stephane




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53978t=53956
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Same subnets on each side of an ATM WAN [7:53973]

[MADMAN]

It's very possible to misconfigure a network!!!

 Dave

McHugh Randy wrote:
 
 I have an OC3 ATM WAN link that connect two LANs, but there are two
 identical subnets /30 on either side of the WAN link. Has any one ever had
 that type of setup and how is that possible with two identical public IP
/30
 subnets on either side of WAN connection?
 
 Here are the interfaces on either side of the wan
 
 AAAV7204#sh int fastEthernet 1/0
 FastEthernet1/0 is up, line protocol is up
   Hardware is DEC21140A, address is 0003.6cce.f01c (bia 0003.6cce.f01c)
   Description: FE from PM to WDGB
   Internet address is 205.109.29.10/30
   MTU 1500 bytes, BW 10 Kbit, DLY 100 usec,
  reliability 255/255, txload 1/255, rxload 2/255
   Encapsulation ARPA, loopback not set
   Keepalive set (10 sec)
   Full-duplex, 100Mb/s, 100BaseTX/FX
   ARP type: ARPA, ARP Timeout 04:00:00
   Last input 00:00:21, output 00:00:00, output hang never
   Last clearing of show interface counters never
   Input queue: 0/75/4/0 (size/max/drops/flushes); Total output drops: 0
   Queueing strategy: fifo
   Output queue :0/40 (size/max)
   5 minute input rate 814000 bits/sec, 113 packets/sec
   5 minute output rate 81000 bits/sec, 79 packets/sec
  441800484 packets input, 1055724299 bytes
  Received 713 broadcasts, 0 runts, 0 giants, 2 throttles
  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
  0 watchdog
  0 input packets with dribble condition detected
  349363988 packets output, 1452170449 bytes, 0 underruns
 
 AAAV7206#sh ip int fastEthernet 1/0
 FastEthernet1/0 is up, line protocol is up
   Internet address is 205.109.29.9/30
   Broadcast address is 255.255.255.255
   Address determined by non-volatile memory
   MTU is 1500 bytes
   Helper address is not set
   Directed broadcast forwarding is disabled
   Outgoing access list is not set
   Inbound  access list is not set
   Proxy ARP is enabled
   Security level is default
   Split horizon is enabled
   ICMP redirects are always sent
   ICMP unreachables are always sent
   ICMP mask replies are never sent
   IP fast switching is enabled
   IP fast switching on the same interface is disabled
   IP Flow switching is disabled
   IP CEF switching is enabled
   IP Fast switching turbo vecto
 
 Thank you,
 Randy
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

You don't make the poor richer by making the rich poorer. --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53979t=53973
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How can I Fill out our unused bandwidth with dummy traffic [7:53980]

[Chuck's Long Road]

 shojaee  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Dear sirs,
 
  I'm a member of technical staff in an ISP site. We have cable connection
 to
  the internet with 512k bandwidth.
  I require to do the following:
  1- Measure our maximum connection speed to internet.



CL: just a wild guess - 512K 





  2- Fill out our unused bandwidth with dummy traffic.



 CL: do a lot of pinging?



CL: I give up - why would you want to do this or care?






  How can i do these? thanks for your prompt attention.
 
  With best regards
  Hassan Shojaie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53980t=53980
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

4000 router console cable [7:53981]

[Black Jack]

I just acquired a 4000 router and can't get it to respond through the
console port. As usual in this case, I suspect I have a cable problem. I
thought I needed a straight through DB9-DB25 modem cable, but it doesn't
seem to work. I want to make sure I have the right cable before I start
chasing other possibilities. Is this in fact the right cable? I have
searched the archives and looked at several CCO links without a clear answer
(maybe I'm just not smart enough to understand what I'm reading :-)). What
I'd really like is something ultra-simple, like db-25 pin2 to db-9 pin3
and so on. Can anyone point that out to me? TIA.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53981t=53981
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How can I Fill out our unused bandwidth with dummy [7:53970]

[Black Jack]

You might try TCPspeed. I have used it in the past to verify CIR (at least
approximately).

http://maximized.com/freeware/tcpspeed/

shojaee wrote:
 
 Dear sirs,
 
 I'm a member of technical staff in an ISP site. We have cable
 connection to
 the internet with 512k bandwidth.
 I require to do the following:
 1- Measure our maximum connection speed to internet.
 2- Fill out our unused bandwidth with dummy traffic.
 How can i do these? thanks for your prompt attention.
 
 With best regards
 Hassan Shojaie
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53982t=53970
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OT - ISDN viability - WAS: Re: VPDN - ISDN problem [7:53983]

[Vicuna, Mark]

Where I work ISDN is primarily used for DDR since it is the most cost
effective soln in Aust - especially if you have a large number of sites
to cover as Jenny pointed out.  With that in mind, the way of thinking
being 'we only want to pay for what we use'.  There's no point in having
an fr circuit as backup for each remote/branch site.

Of course with our main core trunk links into the telco cloud we
wouldn't consider ISDN for backup.

The majority of issues regarding ISDN I have had experience over here
are with provider's equipement (we have subscription to every major
telco in aust. and only one telco [no names mentioned] seems to give us
ongoing grief with their dated equipment - lucent att - framed route
issues with ldap), and of course dialer watch :)  The current
configuration we have would fail bringing up the isdn circuit
sporadically on a watched subnet.  Resolution? changed dialer watch
group to any other number BUT 1.  Go figure.

In regards to manual intervention.. i hope not :-)I have worked for
the 2 major telco's in Aust and there's no manual intervention happening
there in context of servicing their customers.


MV

-Original Message-
From: Jenny McLeod [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 24 September 2002 9:21 AM
To: [EMAIL PROTECTED]
Subject: RE: OT - ISDN viability - WAS: Re: VPDN - ISDN problem
[7:53931]


Hell yeah.
We use ISDN to automatically failover.  With over 350 remote sites, it's
not
uncommon to have a main link to an office fail somewhere.
With automatic failover, our users often don't even know something's
failed.  Manual intervention?  You've got to be kidding.  To tweak and
tune
if necessary, sure, but to initiate failover - no way.  Been there, done
that, bad idea in our network.
Anyway, in Australia at least, it's still the most cost-effective
failover
for a network like ours (lots of sites, geographically dispersed).
It has some annoyances, sure - but it's still definitely an option for
me.

JMcL

Chuck's Long Road wrote:
 
 I see more complaints / problems / issues with ISDN and DDR in
 specific and
 in general, in real world and in test situations.
 
 Idle curiousity. Is ISDN really viable in terms of reliability
 for DDR
 applications?
 
 In any number of mission critical applications, I have seen
 major vendors,
 major enterprises,  and major service providers use manual
 intervention as
 the preferred means to apply dial backup.
 
 I welcome the informed comments of those who are obviously more
 versed in
 the topic than I am, with my limited exposure..
 
 Chuck
 
 [snipped]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53983t=53983
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE written revised [7:53972]

[Edwin Gonzalez]

Dude,

Is it really that bad?



Julio Godinez  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Passing score 105: First attempt 77, Second attemp (yesterday) 95 =( .
 Next time you will be mine baby...




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53984t=53972
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Hello....anybody home...... [7:53951]

[Juan Blanco]

Team,
Any one out there, are we alive, no messages in my inbox from this group
since yesterdayno goodvery scary..what is goin onnn

Juan Blanco

The greatest glory in living lies not in never falling,
 but in rising every time we fall .
 -- Nelson Mandela





Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53951t=53951
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX [7:53955]

[Naomi James]

I have a PIX 525 and I am doing the initial configuration.  I am trying to
telnet to it to load the 6.2 version.  I have my laptop directly connect to
the inside interface via a CAT 5 cable.  The inside interface and my laptop
are on the same network.  I also have the telnet command in the
configuration.  I am not able to telnet to the PIX.  Can anyone help?
 
 
Naomi James
Computer Services and Information Technology
Savannah State University
912-356-2509

[GroupStudy.com removed an attachment of type image/gif which had a name of
Mabelt.gif]

[GroupStudy.com removed an attachment of type image/gif which had a name of
Mabelb.gif]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53955t=53955
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 4000 router console cable [7:53981]

[Gary Jackson]

Isn't the cable to the console port of the 4000 the standard Cisco 
rollover cable ?

Regards.Gary



At 07:12 PM 9/24/02 +, you wrote:
I just acquired a 4000 router and can't get it to respond through the
console port. As usual in this case, I suspect I have a cable problem. I
thought I needed a straight through DB9-DB25 modem cable, but it doesn't
seem to work. I want to make sure I have the right cable before I start
chasing other possibilities. Is this in fact the right cable? I have
searched the archives and looked at several CCO links without a clear answer
(maybe I'm just not smart enough to understand what I'm reading :-)). What
I'd really like is something ultra-simple, like db-25 pin2 to db-9 pin3
and so on. Can anyone point that out to me? TIA.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53985t=53981
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 4000 router console cable [7:53981]

[MADMAN]

Straight thru yes but you still need to use the correct pins.  you
have the pin 2-3 correct, also 3-2 and 7-5.  On the DB25 you use 2,3 and
7, yellow, black and red.

  Dave

Black Jack wrote:
 
 I just acquired a 4000 router and can't get it to respond through the
 console port. As usual in this case, I suspect I have a cable problem. I
 thought I needed a straight through DB9-DB25 modem cable, but it doesn't
 seem to work. I want to make sure I have the right cable before I start
 chasing other possibilities. Is this in fact the right cable? I have
 searched the archives and looked at several CCO links without a clear
answer
 (maybe I'm just not smart enough to understand what I'm reading :-)). What
 I'd really like is something ultra-simple, like db-25 pin2 to db-9 pin3
 and so on. Can anyone point that out to me? TIA.
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

You don't make the poor richer by making the rich poorer. --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53986t=53981
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

HELP:Problem with Policy Mapping [7:53954]

[Pooja Thakur]

Hello All,

I am facing a very typical problem. The test set-up
includes 2 sites. There are 2 simultaneous links (one
of 64Kbps Leased Line and the other of 32Kbps VSAT
Link) between the 2 sites. What I want to achieve is
that my application (which is real-time) should go on
the 64K link while rest all traffic (like mails and
intranet) should go on the 32Kbps link. When any of
the link is down, then the affected traffic shud
switch to the other link with higher priority to the
application. I have defined access-lists and route-map
policies accordingly. I have applied the policy on the
LAN port of the router. Also, the serial ports are IP
Unumbered. I am facing the problem only when the
Leased Line is down and the traffic has to shift to
VSAT.

I have configured EIGRP on the routers. When I do a
debug, it clearly shows me the traffic is going
according to the policy map. When I give a loop on the
LL modem at one end, the line protocol as well as the
serial port goes down. On the other router, the serial
port shows me looped, the line protocol is down but
the serial port is (as all the EIA signals are up).
When I see the IP Route to the destination, there is
only one route thru the VSAT link. Now because of this
serial port up, the far-end router still pushes the
packets to this serial port (as it sees that it is up)
but end to end connectivity is not thru cos the line
protocol is down. When I manually shut down the port,
then the packet starts going thru the alternate route
and end to end connectivity is through. As soon as I
remove the shutdown, the connectivity is lost again.

Now what is bugging me is that I have tested the same
setup at one more location and it works absolutely
fine there  be it switchover from Leased Line to VSAt
or vice-versa. When the Leased Line modem is given a
loop, the serial as well as line protocol is down. The
far end serial port is looped, line protocol is down 
serial port is up (all EIA signals are up). Even then
the traffic shifts to VSAT and the connectivity still
exists. I checked the configuration of both the
set-ups line by line but no use. The only difference
in the 2 set-ups is that the problematic one is on
CISCO 2600 series while the working one is on 2500
series router.

I am attaching the config as well as the version of
the 2 different series router. I am really in a fix as
to what to do next. Please help me out.

Thanx 



__
Do you Yahoo!?
New DSL Internet Access from SBC  Yahoo!
http://sbc.yahoo.com
Router1#sh run
Building configuration...

Current configuration:
!
version 12.0
service config
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname Router1
!
logging buffered 4096 debugging
enable secret 5 $1$XFoc$D6BWEJhMx2tw2jVS927je1
!
ip subnet-zero
no ip domain-lookup
!
voice-port 1/0/0
!
voice-port 1/0/1
!
!
!
!
!
interface Ethernet0/0
 ip address 159.12.30.2 255.255.255.0 secondary
 ip address 159.12.30.1 255.255.255.0
 no ip directed-broadcast
 no ip mroute-cache
 ip policy route-map nil
 load-interval 30
 no cdp enable
!
interface Serial0/0
 description 32K SCPC Link
 bandwidth 32
 ip unnumbered Ethernet0/0
 no ip directed-broadcast
 encapsulation ppp
 no ip route-cache
 no ip mroute-cache
 load-interval 30
 priority-group 2
 compress stac
!
interface Ethernet0/1
 no ip address
 no ip directed-broadcast
 shutdown
 no cdp enable
!
interface Serial0/1
 description 64K Leased Line
 bandwidth 64
 ip unnumbered Ethernet0/0
 no ip directed-broadcast
 ip rtp reserve 16384 16000 24
 encapsulation ppp
 no ip route-cache
 ip rtp header-compression iphc-format
 ip tcp header-compression iphc-format
 no ip mroute-cache
 load-interval 30
 priority-group 2
 compress stac
!
interface Serial0/2
 no ip address
 no ip directed-broadcast
 shutdown
!
interface Serial0/3
 no ip address
 no ip directed-broadcast
 shutdown
!
router eigrp 10
 network 159.12.0.0
 no auto-summary
!
ip classless
!
access-list 110 permit ip any host 159.12.212.2
access-list 120 permit ip any host 159.12.213.6
priority-list 2 protocol ip high tcp telnet
priority-list 2 default low
route-map nil permit 10
 match ip address 110
 set interface Serial0/1
!
route-map nil permit 15
 match ip address 120
 set interface Serial0/0
!
!
line con 0
 exec-timeout 1 0
 transport input none
line aux 0
line vty 0 4
 exec-timeout 1 0
 password 7 105B191D040317
 login
!
no scheduler allocate
end

Router1#sh ver
Cisco Internetwork Operating System Software 
IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(8), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Mon 29-Nov-99 15:15 by kpma
Image text-base: 0x80008088, data-base: 0x808E63A0

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

ROuter1 uptime is 1 week, 2 days, 22 hours, 2 minutes
System restarted by power-on
System image file is flash:c2600-is-mz-120-8

cisco 2611 (MPC860) processor (revision 0x203) with 

RE: PIX [7:53955]

[Kazemian, Moe]

You may want to check if your link led is on and if you can ping the inside
interface also the ip of the laptop needs to be defined using the telnet
command.

-Original Message-
From: Naomi James [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 24, 2002 9:02 AM
To: [EMAIL PROTECTED]
Subject: PIX [7:53955]


I have a PIX 525 and I am doing the initial configuration.  I am trying to
telnet to it to load the 6.2 version.  I have my laptop directly connect to
the inside interface via a CAT 5 cable.  The inside interface and my laptop
are on the same network.  I also have the telnet command in the
configuration.  I am not able to telnet to the PIX.  Can anyone help?
 
 
Naomi James
Computer Services and Information Technology
Savannah State University
912-356-2509

[GroupStudy.com removed an attachment of type image/gif which had a name of
Mabelt.gif]

[GroupStudy.com removed an attachment of type image/gif which had a name of
Mabelb.gif]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53987t=53955
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX [7:53955]

[Robert Edmonds]

I'm not 100% sure, but I think if you want to connect to the ethernet port
you will need a crossover cable.  Why not connect to the console port to do
the initial config anyway?


Naomi James  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I have a PIX 525 and I am doing the initial configuration.  I am trying to
 telnet to it to load the 6.2 version.  I have my laptop directly connect
to
 the inside interface via a CAT 5 cable.  The inside interface and my
laptop
 are on the same network.  I also have the telnet command in the
 configuration.  I am not able to telnet to the PIX.  Can anyone help?


 Naomi James
 Computer Services and Information Technology
 Savannah State University
 912-356-2509

 [GroupStudy.com removed an attachment of type image/gif which had a name
of
 Mabelt.gif]

 [GroupStudy.com removed an attachment of type image/gif which had a name
of
 Mabelb.gif]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53988t=53955
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IPX ID [7:53989]

[Mike Martins]

Hi

Simple question, enabling IPX on a router: ipx routing x.x.x
I want to use say 2.2.2 as the router ID. Problem is after I type this
address and show run the router has taken one of the interface's Mac
addresses as the router IPX ID. Is there something I am missing here? (I am
using ver 12.1(5)T)
cheers and thanks in advance
 



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53989t=53989
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 4000 router console cable [7:53981]

[Vicuna, Mark]

the cable you need is a console rollover not straight through.  the
adapter you are using is right.

hth
mark.

-Original Message-
From: Black Jack [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, 25 September 2002 5:12 AM
To: [EMAIL PROTECTED]
Subject: 4000 router console cable [7:53981]


I just acquired a 4000 router and can't get it to respond through the
console port. As usual in this case, I suspect I have a cable problem. I
thought I needed a straight through DB9-DB25 modem cable, but it doesn't
seem to work. I want to make sure I have the right cable before I start
chasing other possibilities. Is this in fact the right cable? I have
searched the archives and looked at several CCO links without a clear
answer
(maybe I'm just not smart enough to understand what I'm reading :-)).
What
I'd really like is something ultra-simple, like db-25 pin2 to db-9
pin3
and so on. Can anyone point that out to me? TIA.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53990t=53981
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP AS Path Regular Expressions [7:53956]

[Stephane Litkowski]

Ok that's clear now !!

thank you very much for your help.

Kent Yu  a icrit dans le message de news:
[EMAIL PROTECTED]
 Stephane,

  As u said, ^(200)+$ will match my ASPATHs but not only ...

 I am afraid that was not what I said :)

  However, when I configure it, this expression doesn't match ASPATH
 prepended
  like 200 200 200 (but 200 is present !). The not prepended ASPATH (200
  only) is matched. I don't understand this behavior.
 

 As I said, ^(200)+$ would match 200 ONLY, we only have 2 bytes for the
 as-number, 200200 will not show up in a router.

 When you give IOS 200  200 200, it sees the spaces between the numbers,
 ^(200)+$ tells it to match some 200s without anything else in between
them,
 space is something.
 Since you have ^ and $, it can not have anything before and after these
200s
 either.
 After reading the first 200, it expects the next thing is either 2 or end
of
 line, but it sees the space following the first 200 in 200  200 200,
 that's a no-no.

 Kent
 
  Kent Yu  a icrit dans le message de news:
  [EMAIL PROTECTED]
   Stephane,
  
   ^(200)+$  matches  200 or 200200 etc.. Of course, in case of as-path,
it
   will only find 200.
  
   You want to use _ to match the space between the as-nums, so IOS will
 try
  to
   match the whole as-path.
  
   HTH
   Kent
   Stephane Litkowski  wrote in message
   [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Hi all,
   
I'm trying to find a regexp to match AS PATH including AS200 only,
but
   AS200
can be contained more than one time (AS PATH prepending).
Example :
200 - Match
200 200 - Match
200 200 200 - Match
200 200 200 300 - Don't Match
   
I tried to use this regexp : ^(200)+$ but it doesn't work, why ?
However, the regexps : ^(200_)+$ seems to work.
   
Can someone explain me why the first regexp doesn't work ?
   
thanks.
   
Stephane




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53992t=53956
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Input errors on catalyst 3548 [7:53957]

[AlLee]

When you use TFTP to download IOS image , please note , it is have a 
limitation!

Priscilla Oppenheimer wrote:

 Tunde Kalejaiye wrote:
 
what could be the cause of large input errors on a catalyst
switch?

 
 The most likely cause is a duplex mismatch. Is it just on one port? What
 connects to that port? Could it be misconfigured or could the port be
 misconfigured for half/full duplex? What kind of errors are they?
 ___
 
 Priscilla Oppenheimer
 www.troubleshootingnetworks.com
 www.priscilla.com
 
 
regards,


Tunde




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53994t=53957
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IPX ID [7:53989]

[Robert Edmonds]

According to the following Cisco link:

http://www.cisco.com/warp/public/473/33.html#networknumber

As with other network addresses, Novell IPX network addresses must be
unique. These addresses are represented in hexadecimal format and consist of
two parts: a network number and a node number. The IPX network number, which
is assigned by the network administrator, is 32 bits long. The node
number,which usually is the Media Access Control (MAC) address for one of
the system's network interface cards (NICs), is 48 bits long.

  a.. Network:
a.. 32bit number represented in Hex
b.. Administratively assigned
c.. Range : 0x0001 - 0xFFFE
d.. 0x = Broadcast
e.. 0xFFFE = Default route
  a.. Node:
a.. 48 bit number represented in Hex
b.. MAC address of NIC card (can be administratively assigned )
Mike Martins  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi

 Simple question, enabling IPX on a router: ipx routing x.x.x
 I want to use say 2.2.2 as the router ID. Problem is after I type this
 address and show run the router has taken one of the interface's Mac
 addresses as the router IPX ID. Is there something I am missing here? (I
am
 using ver 12.1(5)T)
 cheers and thanks in advance




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53993t=53989
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How can I Fill out our unused bandwidth with d [7:53970]

[s vermill]

Black Jack wrote:
 
 You might try TCPspeed. I have used it in the past to verify
 CIR (at least approximately).
 
 http://maximized.com/freeware/tcpspeed/
 

I've used this web site in the past (doesn't require any software to be
installed).  It seems somewhat accurate at lower speeds (T-1 and below).  I
would guess the accuracy falls off as the speeds get higher and the CPU and
other variables come into play.

http://www.pcpitstop.com/internet/Bandwidth.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53995t=53970
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IPX ID [7:53989]

[Mike Martins]

Robert
I understand all that - when I type in 'ipx routing ie 5.5.5' on another
router (with no other configs) and sh run gives me
 ipx routing 0005.0005.0005
which is what I want. 
I am asking why does it do this and is there a way around this?
I dont like IPX, but the lab beckons me...


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53996t=53989
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IPX ID [7:53989]

[Priscilla Oppenheimer]

Mike Martins wrote:
 
 Hi
 
 Simple question, enabling IPX on a router: ipx routing x.x.x
 I want to use say 2.2.2 as the router ID. 

That's not really a router ID that you're assigning. It's a node address to
use on a serial link. Are you running IPX on one of your serial links?

An IPX address consists of network.node. IPX uses the MAC address for the
node part. That works fine on Ethernet, Token Ring, and FDDI. Each such
interface has a MAC address. So when a router sends RIP or SAP or other
router-sourced packets out an Ethernet interface, for example, the
network-layer IPX addresss might be something like it is on my router,
consisting of the network number I assigned, followed by the burned-in MAC
address:

Boston#show ipx int e0
Ethernet0 is up, line protocol is up
  IPX address is 500..0c02.74c7

But a serial interface doesn't have a MAC address! So what it should use? By
default it uses the MAC address of the first Ethernet, Token Ring ,or FDDI
interface. If none of those exist, then it makes one up based on the system
clock.

If you don't want it to do that for some weird reason, than you can tell it
the MAC address to use on serial interfaces by configuring a parameter with
the ipx routing command.

Boston(config)#ipx routing 2.2.2
Boston(config)#end

Notice that it worked on my router:

Boston#show ipx int s0
Serial0 is up, line protocol is up
  IPX address is 400.0002.0002.0002 [up]

Although e0 hasn't changed:

Boston#show ipx int e0
Ethernet0 is up, line protocol is up
  IPX address is 500..0c02.74c7

The change does show up in show run on my router:

Boston#show run
Building configuration...

Current configuration:
!
version 11.0
service udp-small-servers
service tcp-small-servers
!
hostname Boston
!
enable secret 5 $1$uho5$H32khmGkZ4Vml4H/qzc0/1
enable password password
!
ipx routing 0002.0002.0002
appletalk routing
frame-relay switching
!
interface Ethernet0
 ip address 192.168.30.1 255.255.255.0
 ipx network 500
 appletalk cable-range 500-500 500.52
 appletalk zone bostonE
!
interface Ethernet1
 no ip address
 shutdown
!
interface Serial0
 ip address 192.168.40.1 255.255.255.0
 encapsulation frame-relay
 ipx network 400
 appletalk cable-range 400-400 400.203
 appletalk zone bostonS
 no fair-queue
 frame-relay map ip 192.168.40.2 100 broadcast
 frame-relay intf-type dce
!

So why would you be seeing something different is the REAL question. ;-) Are
you sure you are actually running IPX on a serial interface? Do you have a
serial interface? Are you sure you typed in 2.2.2 correctly? Do they make
you do 0002.0002.0002 in newer versions?? Are you running DECnet which
changes MAC addresses? Could they have changed the behavior in 12.1(5)T?
Someone else would have to check that. I can't afford new routers. ;-)

___

Priscilla Oppenheimer
www.troubleshootingnetworks.com
www.priscilla.com


Problem is after I
 type this address and show run the router has taken one of the
 interface's Mac addresses as the router IPX ID. Is there
 something I am missing here? (I am using ver 12.1(5)T)
 cheers and thanks in advance
  
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53997t=53989
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Token Ring fundamentals [7:53871]

[Tim Metz]

so to rephrase the original question, although there is never more than one
token on the ring, there can be more than one data/command frame...

or am I totally missing the point ;-)

Tim

Priscilla Oppenheimer  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Mike Mandulak wrote:
 
  Oops I forgot to cc my reply to the list again. but you're
  right.
 
  Here's what I sent him...
  Only one. However (there's always a however) the adapters can
  be configured
  to use ETR (early token release) which means that as soon as an
  adapter
  starts receiving a frame it can start transmitting its own data
  out the TX
  path while receiving the incoming frame. While that's not 2
  tokens, it is 2
  different frames on the wire at the same time.

 That's not really what it means, not that it matters much these days. ;-)

 With no early token release, a sending station must see its own frame come
 back before it releases a free token that someone else can grab.

 With early token release (ETR), a sending station can release a token at
the
 end of its transmission, regarless of whether it's starting to receive its
 own transmission yet. Someone else can grab the free token and turn it
into
 a frame. Hence, there can be more than one frame, as you say, but still
only
 one free token.

 It was all a bunch of marketing FUD really though. It would have to be a
 physically very large network for the ETR feature to make any difference.
On
 typical networks, the sender was already getting back its own transmission
 as it finished its transmission anyway. So it released a free token at
about
 the same time regardless if ETR was in use or not. But nobody cares any
more
 about the actual behavior. You just have to learn the theory. ;-)

 _

 Priscilla Oppenheimer
 www.troubleshootingnetworks.com
 www.priscilla.com
 
 
  - Original Message -
  From: Ken Chipps
  To:
  Sent: Sunday, September 22, 2002 9:37 PM
  Subject: Re: Token Ring fundamentals [7:53871]
 
 
   One, unless early token release is in effect. Assuming I am
  remembering
   my old Token Ring stuff right.
   Tim Metz  wrote in message
   [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
While doing some token ring reading I realized that I have
  no idea how
   many
tokens can be on the ring at one time.
   
   
   
anyone??? stupid question??
   
   
   
Tim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53998t=53871
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IPX ID [7:53989]

[Mike Martins]

Priscilla
Thanks for that. Years in IP and I am clueless about IPX. Reason why I was
using my own x.x.x was for a easy number to remember for the frame relay map
statements on opposite ends. (I looked at practise labs - that is what they
wuz using)
I am still befuddled why on one router it takes the command and on another
it does not. Maybe I typed in 2.2.2 wrong. Maybe I should try it more gently
this time.
Stuff this, I am moving onto the BGP lab tonight..


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53999t=53989
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Token Ring fundamentals [7:53871]

[Priscilla Oppenheimer]

Tim Metz wrote:
 
 so to rephrase the original question, although there is never
 more than one
 token on the ring, there can be more than one data/command
 frame...

Yes. There can be more than one frame if you use Early Token Release. It's
not likely, but it's allowed by the specifications. There's just one token
though. The token is a 3-byte symbol of authority. That's what IEEE 802.5
calls it, probably to avoid using the term frame. ;-) A sender grabs the
token and converts it do a frame, changing one bit, adding more bytes and
addressing, etc.

Why are you studying Token Ring?? Ugh. ;-)

___

Priscilla Oppenheimer
www.troubleshootingnetworks.com
www.priscilla.com


 
 or am I totally missing the point ;-)
 
 Tim
 
 Priscilla Oppenheimer  wrote in
 message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Mike Mandulak wrote:
  
   Oops I forgot to cc my reply to the list again. but you're
   right.
  
   Here's what I sent him...
   Only one. However (there's always a however) the adapters
 can
   be configured
   to use ETR (early token release) which means that as soon
 as an
   adapter
   starts receiving a frame it can start transmitting its own
 data
   out the TX
   path while receiving the incoming frame. While that's not 2
   tokens, it is 2
   different frames on the wire at the same time.
 
  That's not really what it means, not that it matters much
 these days. ;-)
 
  With no early token release, a sending station must see its
 own frame come
  back before it releases a free token that someone else can
 grab.
 
  With early token release (ETR), a sending station can release
 a token at
 the
  end of its transmission, regarless of whether it's starting
 to receive its
  own transmission yet. Someone else can grab the free token
 and turn it
 into
  a frame. Hence, there can be more than one frame, as you say,
 but still
 only
  one free token.
 
  It was all a bunch of marketing FUD really though. It would
 have to be a
  physically very large network for the ETR feature to make any
 difference.
 On
  typical networks, the sender was already getting back its own
 transmission
  as it finished its transmission anyway. So it released a free
 token at
 about
  the same time regardless if ETR was in use or not. But nobody
 cares any
 more
  about the actual behavior. You just have to learn the theory.
 ;-)
 
  _
 
  Priscilla Oppenheimer
  www.troubleshootingnetworks.com
  www.priscilla.com
  
  
   - Original Message -
   From: Ken Chipps
   To:
   Sent: Sunday, September 22, 2002 9:37 PM
   Subject: Re: Token Ring fundamentals [7:53871]
  
  
One, unless early token release is in effect. Assuming I
 am
   remembering
my old Token Ring stuff right.
Tim Metz  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 While doing some token ring reading I realized that I
 have
   no idea how
many
 tokens can be on the ring at one time.



 anyone??? stupid question??



 Tim
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54000t=53871
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IPX ID [7:53989]

[Priscilla Oppenheimer]

Mike Martins wrote:
 
 Priscilla
 Thanks for that. Years in IP and I am clueless about IPX.
 Reason why I was using my own x.x.x was for a easy number to
 remember for the frame relay map statements on opposite ends.

Oh, that makes sense.

 (I looked at practise labs - that is what they wuz using)
 I am still befuddled why on one router it takes the command and
 on another it does not. Maybe I typed in 2.2.2 wrong.

They can't both be 2.2.2, you realize, don't you? In other words, two ends
of a serial link, which would both be on the same network number, can't both
use 2.2.2, because, if they did, they would have duplicate network-layer
addresses. You probably realize that...

Are both routers running the same version of IOS? Mabye they changed
something. You never know.

 Maybe I
 should try it more gently this time.
 Stuff this, I am moving onto the BGP lab tonight..

Sounds like a plan. BGP is way more important. ;-) Let us know what you find
out with the IPX issue. though. Thanks.

___

Priscilla Oppenheimer
www.troubleshootingnetworks.com
www.priscilla.com





Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54001t=53989
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

cisco-nas-port [7:54002]

[Reza]

Hi group
I got a Cisco 1760 , with c1700-sv8y-122(11)T IOS
I just palced  4 * 2FXO modules on this unit  . and configured my radius
server ,
I have to give the VSA attribute named cisco-nas-port on all AAA phases.
at Authentication and Accounting phases , it sends this parameter but it
doesn't send it in AUTHORIZATION phase,
here is my config :

aaa authentication login h323 group radius
aaa authorization exec h323 group radius
aaa accounting connection h323 stop-only group radius

!
gw-accounting aaa
!
radius-server configure-nas
radius-server host 192.168.10.10  auth-port 1812 acct-port 1813 key 7
051A0902
radius-server authorization permit missing Service-Type
radius-server authorization default Framed-Protocol ppp
radius-server vsa send authentication


in previus IOS that I see , there were commands :  gw-accounting h323  AND
gw-accounting voip
but  here is gw-accounting aaa with some sub commands.

please help me to make it send this VSA attribute at Autorization phase ,

Thanks
Reza




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54002t=54002
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Help needed with an extended access list [7:53971]

[Carl Timm]

You could use the following list

access-list 100 deny tcp 171.17.0.96 0.0.0.31 host 171.17.255.65 eq telnet
access-list 100 permit ip any any


This would deny any address between 171.17.0.96 and 171.17.0.127 from
telneting to 171.17.255.65. All other traffic would be permited.

You will then need to create an outbound access group on the outbound
interface of the device you are trying to telnet from.

I hope this helps.

Carl Timm, CCIE #7149


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54004t=53971
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IPX ID [7:53989]

[Mike Martins]

The version of IOS I am using is about the same as the lab (how reassuring).
I used my old frame relay switch still running and spluttering 11.3
enterprise and it likes it when I type IPX routing a.a.a - do a show run and
there she is:  ipx routing 000a.000a.000a - like an old faithfull...
The question must be simple, what condition causes a router to take the
ethernet/token rings's/etc MAC address for the WAN interface, and not the
one you manually enter?
I just checked, one of the other router's that took the command was also
running 12.1(5)T.

   


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54003t=53989
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Help needed with an extended access list [7:53971]

[Mark Walmsley]

Brilliant, thanks Carl i'll try it in the morning.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54005t=53971
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT - ISDN viability - WAS: Re: VPDN - ISDN problem [7:54007]

[MADMAN]

FWIW I have implemented more ISDN backup than I care to remember but
once configured and tested it works well.  I always suggest that
customers periodically test the backup, at least force tha ISDN
connection up by pinging a test loopback or something.  I had one
customer who did't want to loose their SNA sessions, via DLSW, and ISDN
backup with EIGRP converted fast enough that the SNA session stayed
active.

  Dave



Vicuna, Mark wrote:
 
 Where I work ISDN is primarily used for DDR since it is the most cost
 effective soln in Aust - especially if you have a large number of sites
 to cover as Jenny pointed out.  With that in mind, the way of thinking
 being 'we only want to pay for what we use'.  There's no point in having
 an fr circuit as backup for each remote/branch site.
 
 Of course with our main core trunk links into the telco cloud we
 wouldn't consider ISDN for backup.
 
 The majority of issues regarding ISDN I have had experience over here
 are with provider's equipement (we have subscription to every major
 telco in aust. and only one telco [no names mentioned] seems to give us
 ongoing grief with their dated equipment - lucent att - framed route
 issues with ldap), and of course dialer watch :)  The current
 configuration we have would fail bringing up the isdn circuit
 sporadically on a watched subnet.  Resolution? changed dialer watch
 group to any other number BUT 1.  Go figure.
 
 In regards to manual intervention.. i hope not :-)I have worked for
 the 2 major telco's in Aust and there's no manual intervention happening
 there in context of servicing their customers.
 
 MV
 
 -Original Message-
 From: Jenny McLeod [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, 24 September 2002 9:21 AM
 To: [EMAIL PROTECTED]
 Subject: RE: OT - ISDN viability - WAS: Re: VPDN - ISDN problem
 [7:53931]
 
 Hell yeah.
 We use ISDN to automatically failover.  With over 350 remote sites, it's
 not
 uncommon to have a main link to an office fail somewhere.
 With automatic failover, our users often don't even know something's
 failed.  Manual intervention?  You've got to be kidding.  To tweak and
 tune
 if necessary, sure, but to initiate failover - no way.  Been there, done
 that, bad idea in our network.
 Anyway, in Australia at least, it's still the most cost-effective
 failover
 for a network like ours (lots of sites, geographically dispersed).
 It has some annoyances, sure - but it's still definitely an option for
 me.
 
 JMcL
 
 Chuck's Long Road wrote:
 
  I see more complaints / problems / issues with ISDN and DDR in
  specific and
  in general, in real world and in test situations.
 
  Idle curiousity. Is ISDN really viable in terms of reliability
  for DDR
  applications?
 
  In any number of mission critical applications, I have seen
  major vendors,
  major enterprises,  and major service providers use manual
  intervention as
  the preferred means to apply dial backup.
 
  I welcome the informed comments of those who are obviously more
  versed in
  the topic than I am, with my limited exposure..
 
  Chuck
 
  [snipped]
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

You don't make the poor richer by making the rich poorer. --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54007t=54007
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISIS [7:53839]

[nrf]

Not to answer a question with another question, but are you primarily
interested in passing the test, or are you primarily interested in actually
knowing ISIS.

If it's the former, the other poster's suggestions are good.

If it's the latter, then it's the timeless RFC1195/ISO10589 doc's.  And also
later revisions, most notably RFC2966.



Robert L. DeWees  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I took the BSCN class, but I am signed up for the BSCI exam, which I am
told
 has IS-IS. What is a good source to study the subject?

 Bobby




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54006t=53839
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

6509 IP address [7:54008]

[Abbas Ali]

I have a 6509 connected to another 6509 and also connectedto (2) 4006
switches.  I have 3 Vlans and one 1 vlan specificallyfor the Management. 
The managment subnet is 10.0.1.0.  One ofthe 6509s is acting as a root
switch as well as also doing Intervlanrouting.  Here is the issue I haveFrom
the Managment Vlan, I have assigned 10.0.1.1 to the router blade,10.0.1.2 to
the the root 6509 SC0 interface, 10.0.1.3 to another 6509 SC0interface,
10.0.1.4 to the first 4006 switch and the 10.0.1.5 to the 2nd 4006switch. 
On a root 6509 switch I have also assigned the default route tothe switches
router itself.  For exampel 0.0.0.0 to 10.0.1.1.  I can ping thisaddress
10.0.1.1 from any host, but not able to ping this address from theswitch
mode itself.  Everything is working, but I am just curious why I can't
pingthe address of the router blade from the SC0 interface itself.Regards,Ali


Changed your e-mail?  Keep your contacts!  Use this free e-mail change of
address service from Return Path.  Register now!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54008t=54008
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 4000 router console cable [7:53981]

[Steve Watson]

All the old 4000's I have use a straight through serial cable.

Steve

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, September 24, 2002 3:12 PM
To: [EMAIL PROTECTED]
Subject: 4000 router console cable [7:53981]


I just acquired a 4000 router and can't get it to respond through the
console port. As usual in this case, I suspect I have a cable problem. I
thought I needed a straight through DB9-DB25 modem cable, but it doesn't
seem to work. I want to make sure I have the right cable before I start
chasing other possibilities. Is this in fact the right cable? I have
searched the archives and looked at several CCO links without a clear
answer (maybe I'm just not smart enough to understand what I'm reading
:-)). What I'd really like is something ultra-simple, like db-25 pin2
to db-9 pin3 and so on. Can anyone point that out to me? TIA.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54010t=53981
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IPX ID [7:53989]

[Priscilla Oppenheimer]

Mike Martins wrote:
 
 The version of IOS I am using is about the same as the lab (how
 reassuring). I used my old frame relay switch still running and
 spluttering 11.3 enterprise and it likes it when I type IPX
 routing a.a.a - do a show run and there she is:  ipx routing
 000a.000a.000a - like an old faithfull...
 The question must be simple, what condition causes a router to
 take the ethernet/token rings's/etc MAC address for the WAN
 interface, and not the one you manually enter?

The question may be simple, but the answer isn't. There's no well-known
condition that causes this.

Have you compared your config to one where the problem doesn't occur? What
are you doing that's not basic IPX configuration? IPXWAN? NLSP? Anything
else weird?

Can you show us your config?

Priscilla

 I just checked, one of the other router's that took the command
 was also running 12.1(5)T.
 





Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54011t=53989
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: MCNS Exam [7:53894]

[Shawn Sousa]

I agree...I took this several months ago and did not see any CET but I did
get plenty of Config'g PIX IPSEC.  I would check with the Cisco Exam
objectives to make sure that CET is not on the exam.

Good Luck!


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54012t=53894
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: SIP vs H323 [7:53852]

[Clubb, Steven]

Can you forward that link?

Thanks,

Steve

-Original Message-
From: Haakon Claassen (hclaasse) [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 24, 2002 10:19 AM
To: [EMAIL PROTECTED]
Subject: RE: SIP vs H323 [7:53852]


I am not THE expert on these matters but it comes to play in my daily
duties

SIP is more flexible then H323 and H323 is a suite of protocols for real
time traffic, SIP is far more suitable when looking at unified messaging

Have a look at SMTP and then look at SIP ... you'll see some resemblance

The security issues with SIP are sadly far greater then H323
I can fwd a good link on that


regards


 
Haakon Claassen
EMEA - IT Transport Services -WAN
 
Cisco Systems
De Kleetlaan 6b - Pegasus Park
B-1831 Diegem (Belgium)
 
 

-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] 
Sent: maandag 23 september 2002 20:45
To: [EMAIL PROTECTED]
Subject: Re: SIP vs H323 [7:53852]

In what ways was the SIP equipment better? The fact that it comes from a
www/internet IETF world, versus H.323 which comes from the ITU,
wouldn't
necessarily mean that it's better. In fact, to make a very broad
generalization, the IETF has historically been involved with data
networking
which hasn't been that concerned about quality.  Reliability is
achieved, in
general, by the sender retransmitting if there's no ACK, which doesn't
work
with voice. Quality is achieved by various hacks. ;-)

At least in the U.S., our telephone networks have always been way more
reliable and offered better quality than our data networks, which have
been
annoyingly flaky. When we pick up a phone to make a call, unless it's
Mother's Day and all circuits are busy, it simply works. Problems are
rare.
Problems accessng data on intranets and the Internet are widespread. So
it
doesnt' fit with our paradign that you would think that SIP is better
because it comes from a www/Internet world.

SIP may be better because it's always easier to do something better the
second time around. SIP is newer. H.323 is old.

Anyway, this philosophical debate probably isn't that relevant, but
things
are slow today at work. ;-)

Priscilla


Gunjan Mathur wrote:
 
 I tested one SIP equipement of vonage, and that was
 far far better then any device using H323...that's the
 reason I want to know the diff in between these two.
 What I understand is SIP model works on www/internet
 and h323 model is telephony, I believe this is the
 main reason for the quality difference.
 
 What you suggest...
 TIA
 
 --- Steven A. Ridder  wrote:
  I agree that SIP is the future, it just isn't there
  yet.  There is some SIP
  being built into Unity and CM, but until everything
  is SIP (as opposed to
  MGCP/H.323 and Skinny), it just isn't useful yet.
  
   I know that SIP is being deployed in SP networks,
  and I have implemented it
  in a Telco, but for enterprise, it's useless.  I
  can't wait til it is
  developed and more mature.
  
  
  Jason Weden  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   Ok, so SIP is nowhere near useless.  It is being
  used all over the place
  and
   will eventually replace H.323.  Telcos like Vonage
  (which uses Cisco SIP
   equipment), deltathree, and Denwa are using it for
  last mile telephony
   connectivity for residences and enterprises, and
  WorldCom, after surfacing
   from its financial issues, will be using it on its
  global network as well.
   Microsoft has built a SIP client into Windows XP
  (Microsoft Messenger) and
   SIP is very flexible and extensible and the best
  place to start is
   http://www.sipcenter.com.  PBX manufacturers like
  Mitel and Siemens have
   developed their PBX completely around SIP.
  
   To get back to Cisco (as this is a Cisco
  newsgroup), Cisco has taken the
   time and $$ to start to develop SIP functionality
  in its products despite
   the fact that it isn't need for AVVID at all. 
  Though their initial SIP
   focus is on carrier-class products (since that is
  the logical choice --
  see
   my list of companies above), my bet is that SIP
  will surface as a more
   central part of the AVVID architecture for the
  enterprise.  A good Cisco
   link is here:
  
 

http://www.cisco.com/warp/public/cc/techno/tyvdve/sip/prodlit/index.shtm
l
  
or here (which displays more enterprise
  scenarios):
  
  
 

http://cisco.com/univercd/cc/td/doc/product/voice/sipsols/biggulp/index.
htm
   Regards,
  
   Jason
 [EMAIL PROTECTED]
 
 
 __
 Do you Yahoo!?
 New DSL Internet Access from SBC  Yahoo!
 http://sbc.yahoo.com
*
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. 

If you are not the intended recipient, any disclosure, copying, distribution

Re: 4000 router console cable [7:53981]

[Larry Letterman]

The 3 I have at home use a rollover cable...

Steve Watson wrote:

All the old 4000's I have use a straight through serial cable.

Steve

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, September 24, 2002 3:12 PM
To: [EMAIL PROTECTED]
Subject: 4000 router console cable [7:53981]


I just acquired a 4000 router and can't get it to respond through the
console port. As usual in this case, I suspect I have a cable problem. I
thought I needed a straight through DB9-DB25 modem cable, but it doesn't
seem to work. I want to make sure I have the right cable before I start
chasing other possibilities. Is this in fact the right cable? I have
searched the archives and looked at several CCO links without a clear
answer (maybe I'm just not smart enough to understand what I'm reading
:-)). What I'd really like is something ultra-simple, like db-25 pin2
to db-9 pin3 and so on. Can anyone point that out to me? TIA.
-- 

Larry Letterman
Network Engineer
Cisco Systems Inc.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54014t=53981
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IPX ID [7:53989]

[Mike Martins]

I got the IPX network going between all routers, over frame relay etc etc no
problem. On the frame-relay map statements (opposite sides) I mapped to the
IPX/MAC address that the router had elected. Everything works, no worries. I
am not doing anything different, all routers were running default IPX RIP,
now disabled and all running IPX EIGRP.
I dont know why one router accepts a manual statement and another decides it
has got its own agenda. I tried shutting down all interfaces, deleting IPX
Routing and re entering a manual x.x.x. It remains stubborn.
I will spare you the configs, unless you wanna sift through trunks and
tunnels and exiting stuff like DLSW and a few of my improvized ISDN configs.
When I started with the IPX early this evening I did not have much config on
the routers anyway.

It is just a point of interest really, someone must know the answer. 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54015t=53989
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Input errors on catalyst 3548 [7:53957]

[Charles D Hammonds]

huh? not quite clear on how tftp relates to interface errors?

charles

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
AlLee
Sent: Tuesday, September 24, 2002 1:31 PM
To: [EMAIL PROTECTED]
Subject: Re: Input errors on catalyst 3548 [7:53957]


When you use TFTP to download IOS image , please note , it is have a
limitation!

Priscilla Oppenheimer wrote:

 Tunde Kalejaiye wrote:

what could be the cause of large input errors on a catalyst
switch?


 The most likely cause is a duplex mismatch. Is it just on one port? What
 connects to that port? Could it be misconfigured or could the port be
 misconfigured for half/full duplex? What kind of errors are they?
 ___

 Priscilla Oppenheimer
 www.troubleshootingnetworks.com
 www.priscilla.com


regards,


Tunde




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54017t=53957
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

1750 and MPLS [7:54016]

[Jim Tickle]

We've pretty much exhausted the possibility that MPLS can run on a 2500
series, but I've got a couple of 1750's, and perhaps they can help fill in. 
Does anybody know if there is a version of IOS for the 1750-2v's that will
do MPLS (and perhaps voice with the same code)?

The Tickler

 



-
Do you Yahoo!?
New DSL Internet Access from SBC  Yahoo!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54016t=54016
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 1750 and MPLS [7:54016]

[Darren Ward]

Can't find it for any 1700 platforms.

IOS Feature Navigoator:
http://www.cisco.com/go/fn/

Darren Ward
(PGradCS, CCIE #8245, SCSA, CCDP, MCP)


On Wed, 25 Sep 2002, Jim Tickle wrote:

 We've pretty much exhausted the possibility that MPLS can run on a 2500
 series, but I've got a couple of 1750's, and perhaps they can help fill in.
 Does anybody know if there is a version of IOS for the 1750-2v's that will
 do MPLS (and perhaps voice with the same code)?

 The Tickler





 -
 Do you Yahoo!?
 New DSL Internet Access from SBC  Yahoo!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54018t=54016
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX [7:53955]

[Wayne Jang]

yes, make sure you have a crossover cable

Robert Edmonds  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I'm not 100% sure, but I think if you want to connect to the ethernet port
 you will need a crossover cable.  Why not connect to the console port to
do
 the initial config anyway?


 Naomi James  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  I have a PIX 525 and I am doing the initial configuration.  I am trying
to
  telnet to it to load the 6.2 version.  I have my laptop directly connect
 to
  the inside interface via a CAT 5 cable.  The inside interface and my
 laptop
  are on the same network.  I also have the telnet command in the
  configuration.  I am not able to telnet to the PIX.  Can anyone help?
 
 
  Naomi James
  Computer Services and Information Technology
  Savannah State University
  912-356-2509
 
  [GroupStudy.com removed an attachment of type image/gif which had a name
 of
  Mabelt.gif]
 
  [GroupStudy.com removed an attachment of type image/gif which had a name
 of
  Mabelb.gif]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54019t=53955
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 6509 IP address [7:54008]

[Robert]

Ali,
I have a very similar setup (6506 with the MSFC2, 4006) with my 6506 as the
core switch, root switch etc.  I am able to ping the MSFC from the switch
and vice versa.  If you can't figure it out, I would contact Cisco and see
if something is wrong.



Abbas Ali  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I have a 6509 connected to another 6509 and also connectedto (2) 4006
 switches.  I have 3 Vlans and one 1 vlan specificallyfor the Management.
 The managment subnet is 10.0.1.0.  One ofthe 6509s is acting as a root
 switch as well as also doing Intervlanrouting.  Here is the issue I
haveFrom
 the Managment Vlan, I have assigned 10.0.1.1 to the router blade,10.0.1.2
to
 the the root 6509 SC0 interface, 10.0.1.3 to another 6509 SC0interface,
 10.0.1.4 to the first 4006 switch and the 10.0.1.5 to the 2nd 4006switch.
 On a root 6509 switch I have also assigned the default route tothe
switches
 router itself.  For exampel 0.0.0.0 to 10.0.1.1.  I can ping thisaddress
 10.0.1.1 from any host, but not able to ping this address from theswitch
 mode itself.  Everything is working, but I am just curious why I can't
 pingthe address of the router blade from the SC0 interface
itself.Regards,Ali

 
 Changed your e-mail?  Keep your contacts!  Use this free e-mail change of
 address service from Return Path.  Register now!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54020t=54008
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How can I Fill out our unused bandwidth with dummy traffic [7:54021]

[Ersin Abacioglu]

Use Wan Killer from SolarWinds 2001 Engineers Edition.  This is available at
www.solarwinds.net


Ersin


-Original Message-
From: shojaee [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, September 24, 2002 2:02 PM
To: [EMAIL PROTECTED]
Subject: How can I Fill out our unused bandwidth with dummy traffic
[7:53970]

Dear sirs,

I'm a member of technical staff in an ISP site. We have cable connection to
the internet with 512k bandwidth.
I require to do the following:
1- Measure our maximum connection speed to internet.
2- Fill out our unused bandwidth with dummy traffic.
How can i do these? thanks for your prompt attention.

With best regards
Hassan Shojaie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54021t=54021
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX questions [7:53953]

[Sim, CT (Chee Tong)]

OK.. I think I roughly understand what is the problem now. Let me tell you
our pix setup.  We do a PAT for every outgoing packet so the source address
to be translated to 192.168.5.200 before leaving the external interface of
the PIX.  So when the outside party tried to make connection to
192.168.5.200, it was considered outside as the routing table of the PIX
show that the IP 192.168.5.200 should be routed out via external interface.
Sound logical? But how to solve it, if I don't want this log

106011: Deny inbound (No xlate) udp src outside:200.100.182.173/58000 dst
outside:192.168.5.200/58000

Another Question2 :)
I saw a sentence on a book that I don't understand-
The combination of the static declaration and the conduit command can allow
FTP traffic through your network.  You have allowed FTP traffic to the FTP
server with the following two lines

Static(inside,outside)192.168.1.35 10.1.1.35 netmask 255.255.255.255 0
0--(1)
Conduit permit tcp host 192.168.1.35 eq ftp any--(2)

I understand the second statement which mean it allow ftp traffic from any
outside workstations to connect to 192.168.1.35 in the inside network
But what is meaning of the first statement? What is 10.1.1.35 IP for? Why we
need this?

Thanks a lot
Sim





-Original Message-
From: Lidiya White [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, September 25, 2002 1:39 AM
To: Sim, CT (Chee Tong); [EMAIL PROTECTED]
Subject: RE: PIX questions [7:53953]

The problem here is the source and destination are outside. Why? PIX can't
redirect traffic so even if conduit is allowing this traffic, PIX won't let
it through, unless it's src outside and dst is inside. You either routing
issue here or just something is misconfigured on the PIX.

Use wr term on the PIX to view the current config.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Sim, CT (Chee Tong)
Sent: Tuesday, September 24, 2002 10:50 AM
To: [EMAIL PROTECTED]
Subject: PIX questions [7:53953]


I keep having the following log in my PIX.  It is very frequent. What is
that mean? It seems my PIX deny this connection, but actually I want to
allow it now and make it no longer log to the PIX log.



106011: Deny inbound (No xlate) udp src outside:200.100.182.173/58000 dst
outside:192.168.

5.200/58000

106011: Deny inbound (No xlate) udp src outside:200.100.182.173/58000 dst
outside:192.168.

5.200/58000

106011: Deny inbound (No xlate) udp src outside:200.100.182.79/58000 dst
outside:192.168.5

.200/58001

106011: Deny inbound (No xlate) udp src outside:200.100.182.79/58000 dst
outside:192.168.5

.200/58001



I tried to clear it by adding the following command in the PIX config to
allow the connection to come in.  However, I still found the same log in my
PIX?  What should be the correct command?



conduit permit udp any range 58000 58001 any





Question2- How to show the running-config in PIX?  I found whenever I made
a change on PIX. I can't see the change when I issue sh conf command until
I do wr mem What is the router equivalent show running-config command in
PIX?



Thanks a lot




==
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en
de afzender direct te informeren door het bericht te retourneren.
==
The information contained in this message may be confidential
and is intended to be exclusively for the addressee. Should you
receive this message unintentionally, please do not use the contents
herein and notify the sender immediately by return e-mail.


==
==
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en 
de afzender direct te informeren door het bericht te retourneren. 
==
The information contained in this message may be confidential 
and is intended to be exclusively for the addressee. Should you 
receive this message unintentionally, please do not use the contents 
herein and notify the sender immediately by return e-mail.


==




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54022t=53953
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

LAN Design [7:54023]

[Jimmy]

If i have to design network for 3 storey on a building. There are around
200-300 workstations in 2 storey each. Is it advisable to use Ethernet to
link them up. As for the other storey it is for admin purpose. The distance
is around 150m between the further storey. However it is possible to put a
switch/router at the middle for interconnect.

Cheers,
Jimmy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54023t=54023
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 4000 router console cable [7:53981]

[Tim Medley]

You need a standard cisco console cable and a cisco db25 adaptor (rj45 to
db25).

Standard cisco terminal settings apply.


tm



Tim Medley, CCNP+Voice, CCDP, CWNA
Sr. Network Architect
VoIP Group
iReadyWorld



-Original Message-
From: Black Jack [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 24, 2002 3:12 PM
To: [EMAIL PROTECTED]
Subject: 4000 router console cable [7:53981]


I just acquired a 4000 router and can't get it to respond through the
console port. As usual in this case, I suspect I have a cable problem. I
thought I needed a straight through DB9-DB25 modem cable, but it doesn't
seem to work. I want to make sure I have the right cable before I start
chasing other possibilities. Is this in fact the right cable? I have
searched the archives and looked at several CCO links without a clear answer
(maybe I'm just not smart enough to understand what I'm reading :-)). What
I'd really like is something ultra-simple, like db-25 pin2 to db-9 pin3
and so on. Can anyone point that out to me? TIA.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54024t=53981
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE written revised [7:53972]

[Tim Medley]

So is that how people without experience do it? Just keep failing the ccie
written exam until you've memorized all the questions or get lucky?

You must be single, or rich, or both. My wife has a fit when I spent $125 on
a exam I am well prepared for, let alone spend $300 on the written. And my
employer reimburses for the exam.

I guess now I know why my employer will only pay for an exam twice.

Try picking up a book and learning something, then you could pass the exam
on the first try.



Tim Medley, CCNP+Voice, CCDP, CWNA
Sr. Network Architect
VoIP Group
iReadyWorld



-Original Message-
From: Julio Godinez [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 24, 2002 2:04 PM
To: [EMAIL PROTECTED]
Subject: CCIE written revised [7:53972]


Passing score 105: First attempt 77, Second attemp (yesterday) 95 =( .
Next time you will be mine baby...




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54025t=53972
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 1750 and MPLS [7:54016]

[Oddy]

There is an experimental version of 12.0 that will run MPLS on the 2500.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Darren Ward
Sent: Tuesday, September 24, 2002 9:28 PM
To: [EMAIL PROTECTED]
Subject: Re: 1750 and MPLS [7:54016]


Can't find it for any 1700 platforms.

IOS Feature Navigoator:
http://www.cisco.com/go/fn/

Darren Ward
(PGradCS, CCIE #8245, SCSA, CCDP, MCP)


On Wed, 25 Sep 2002, Jim Tickle wrote:

 We've pretty much exhausted the possibility that MPLS can run on a 
 2500 series, but I've got a couple of 1750's, and perhaps they can 
 help fill in. Does anybody know if there is a version of IOS for the 
 1750-2v's that will do MPLS (and perhaps voice with the same code)?

 The Tickler





 -
 Do you Yahoo!?
 New DSL Internet Access from SBC  Yahoo!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54026t=54016
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IPX ID [7:53989]

[Jim Brown]

If you enter an IPX commands before you define the node address
manually, it will use the highest mac address on Ethernet interface
regardless of the node address manually entered.

To reset the router, you must remove all IPX commands, remove the ipx
routing command, and reboot the router.

The very first command after the reload should be the ipx routing 2.2.2
command, then all will be well.

-Original Message-
From: Mike Martins [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, September 24, 2002 6:07 PM
To: [EMAIL PROTECTED]
Subject: RE: IPX ID [7:53989]


I got the IPX network going between all routers, over frame relay etc
etc no
problem. On the frame-relay map statements (opposite sides) I mapped to
the
IPX/MAC address that the router had elected. Everything works, no
worries. I
am not doing anything different, all routers were running default IPX
RIP,
now disabled and all running IPX EIGRP.
I dont know why one router accepts a manual statement and another
decides it
has got its own agenda. I tried shutting down all interfaces, deleting
IPX
Routing and re entering a manual x.x.x. It remains stubborn.
I will spare you the configs, unless you wanna sift through trunks and
tunnels and exiting stuff like DLSW and a few of my improvized ISDN
configs.
When I started with the IPX early this evening I did not have much
config on
the routers anyway.

It is just a point of interest really, someone must know the answer.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54027t=53989
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IPX ID [7:53989]

[Jim Brown]

On second thought, it might just require a reload after you add the ipx
routing 2.2.2 command to force the router to use the manual address
after it has picked up an interface mac address.

-Original Message-
From: Jim Brown 
Sent: Tuesday, September 24, 2002 9:49 PM
To: 'Mike Martins'; [EMAIL PROTECTED]
Subject: RE: IPX ID [7:53989]


If you enter an IPX commands before you define the node address
manually, it will use the highest mac address on Ethernet interface
regardless of the node address manually entered.

To reset the router, you must remove all IPX commands, remove the ipx
routing command, and reboot the router.

The very first command after the reload should be the ipx routing 2.2.2
command, then all will be well.

-Original Message-
From: Mike Martins [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, September 24, 2002 6:07 PM
To: [EMAIL PROTECTED]
Subject: RE: IPX ID [7:53989]


I got the IPX network going between all routers, over frame relay etc
etc no
problem. On the frame-relay map statements (opposite sides) I mapped to
the
IPX/MAC address that the router had elected. Everything works, no
worries. I
am not doing anything different, all routers were running default IPX
RIP,
now disabled and all running IPX EIGRP.
I dont know why one router accepts a manual statement and another
decides it
has got its own agenda. I tried shutting down all interfaces, deleting
IPX
Routing and re entering a manual x.x.x. It remains stubborn.
I will spare you the configs, unless you wanna sift through trunks and
tunnels and exiting stuff like DLSW and a few of my improvized ISDN
configs.
When I started with the IPX early this evening I did not have much
config on
the routers anyway.

It is just a point of interest really, someone must know the answer.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54028t=53989
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: LAN Design [7:54023]

[Tim Medley]

If you are serious about designing this netwoek and designing ir correctly
for scalability and functionality, pick up a good network design book.

My reccomendation is Top Down Network Design, by Priscilla Openheimer. U
have two copies one at home and one at the office, I refer to this tome
quite often. Great book, excellent methodology.



Tim Medley, CCNP+Voice, CCDP, CWNA
Sr. Network Architect
VoIP Group
iReadyWorld


-Original Message-
From: Jimmy [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 24, 2002 11:01 PM
To: [EMAIL PROTECTED]
Subject: LAN Design [7:54023]


If i have to design network for 3 storey on a building. There are around
200-300 workstations in 2 storey each. Is it advisable to use Ethernet to
link them up. As for the other storey it is for admin purpose. The distance
is around 150m between the further storey. However it is possible to put a
switch/router at the middle for interconnect.

Cheers,
Jimmy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54029t=54023
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Call Back on NM-16AM [7:54030]

[Anil Kumar]

Hi,

I have a 3660 router with NM -16 AM card. 
For authentication I am using ACS2.6(3) .The ACS is mapped
to the Windows NT domain server for user name and
passwords.
I need to configure the call back on the NM-16 card. 
I have done the following configuration but the dial back
is not getting initiated.
The users are able to login, but after dial-in, the call
back is not getting initiated.

Request you to go through the same and provide valuable
suggestions.
Thanks  RegardsAnil 
!
version 12.1
service exec-callback
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
logging rate-limit console 10 except errors
aaa new-model
aaa authentication login default group radius
aaa authentication login NO_AUTHEN none
aaa authentication login no_radius enable
aaa authentication ppp default if-needed group radius local
aaa accounting network default start-stop group radius

!
username test nocallback-verify callback-dialstring 789294
callback-line 97 password X
memory-size iomem 15
ip subnet-zero
!
no ip finger
no ip domain-lookup
!
chat-script mod ABORT ERROR ABORT BUSY  ATZ OK ATDT
\T TIMEOUT 30 CONNECT \c
chat-script offhook  ATH1 OK
modemcap entry default
!
interface FastEthernet0/0
 ip address 10.1.2.2 255.255.0.0
 ip helper-address 10.1.1.6
 no ip mroute-cache
 speed auto
 full-duplex

interface Serial2/0
ip address X.X.X.X Y.Y.Y.Y
 no ip mroute-cache
!
interface Async97
 ip unnumbered FastEthernet0/0
 ip access-group 100 in
 ip helper-address 10.1.1.6
 encapsulation ppp
 ip tcp header-compression passive
 no ip mroute-cache
 dialer in-band
 dialer idle-timeout 200
 dialer wait-for-carrier-time 10
 dialer map ip 10.5.1.1 modem-script mod 789294
 dialer-group 1
 async mode interactive
 peer default ip address 10.5.1.1
 ppp callback accept
 ppp authentication pap
!
interface Async98
 bandwidth 5600
 ip unnumbered FastEthernet0/0
 ip access-group 100 in
 ip helper-address 10.1.1.6
 encapsulation ppp
 ip tcp header-compression passive
 no ip mroute-cache
 dialer in-band
 dialer idle-timeout 5000
 async mode interactive
 peer default ip address 10.5.1.2
 no fair-queue
 ppp authentication pap chap
!
interface Async99
 ip unnumbered FastEthernet0/0
 ip access-group 100 in
 ip helper-address 10.1.1.6
 encapsulation ppp
 ip tcp header-compression passive
 no ip mroute-cache
 shutdown
 dialer in-band
 dialer idle-timeout 5000
 async mode interactive
 peer default ip address 10.5.1.3
 ppp authentication pap chap
!
interface Async100
ip unnumbered FastEthernet0/0
 ip access-group 100 in
 ip helper-address 10.1.1.6
 encapsulation ppp
 ip tcp header-compression passive
 no ip mroute-cache
 shutdown
 dialer in-band
 dialer idle-timeout 5000
 dialer-group 1
 async mode interactive
 peer default ip address 10.5.1.4
 ppp authentication pap chap
!
interface Async101
 ip unnumbered FastEthernet0/0
 ip access-group 100 in
 ip helper-address 10.1.1.6
 encapsulation ppp
 ip tcp header-compression passive
 no ip mroute-cache
 shutdown
 dialer in-band
 dialer idle-timeout 5000
 async mode interactive
 peer default ip address 10.5.1.5
 ppp authentication pap chap
!
interface Async102
 ip unnumbered FastEthernet0/0
 ip access-group 100 in
 ip helper-address 10.1.1.6
 encapsulation ppp
 ip tcp header-compression passive
 no ip mroute-cache
 shutdown
 dialer in-band
 dialer idle-timeout 5000
 async mode interactive
 peer default ip address 10.5.1.6
 ppp authentication pap chap
!
interface Async103
 ip unnumbered FastEthernet0/0
 ip access-group 100 in
 ip helper-address 10.1.1.6
 encapsulation ppp
 ip tcp header-compression passive
 no ip mroute-cache
 shutdown
 dialer in-band
 dialer idle-timeout 5000
 async mode interactive
 peer default ip address 10.5.1.7
 ppp authentication pap chap
!
interface Async104
 ip unnumbered FastEthernet0/0
 ip access-group 100 in
 ip helper-address 10.1.1.6
 encapsulation ppp
 ip tcp header-compression passive
 no ip mroute-cache
 shutdown
 dialer in-band
 dialer idle-timeout 5000
 async mode interactive
 peer default ip address 10.5.1.8
 ppp authentication pap chap
!
interface Async105
 ip unnumbered FastEthernet0/0
 ip access-group 100 in
 ip helper-address 10.1.1.6
 encapsulation ppp
 ip tcp header-compression passive
 no ip mroute-cache
 dialer in-band
 dialer idle-timeout 5000
 async mode interactive
 peer default ip address 10.5.1.9
 ppp authentication pap chap
!
interface Async106
 ip unnumbered FastEthernet0/0
 ip access-group 100 in
 ip helper-address 10.1.1.6
 encapsulation ppp
 ip tcp header-compression passive
 no ip mroute-cache
 shutdown
 dialer in-band
 dialer idle-timeout 5000
 async mode interactive
 peer default ip address 10.5.1.10
 ppp authentication pap chap
!
interface Async107
 ip unnumbered FastEthernet0/0
 ip access-group 100 in
 ip helper-address 10.1.1.6
 encapsulation ppp
 ip tcp header-compression passive
 no ip mroute-cache
 shutdown
 dialer in-band
 dialer idle-timeout 5000
 async mode 

RE: 1750 and MPLS [7:54016]

[Jim Tickle]

I would love to get a copy so I could experiment.  I just want to run MPLS
on a home pod so I can do some simple configurations in preparation for the
CCIE Written.  If anybody has a copy of it somewhere, please let me know...
Thanks...
Tic
 Oddy wrote:There is an experimental version of 12.0 that will run MPLS on
the 2500.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Darren Ward
Sent: Tuesday, September 24, 2002 9:28 PM
To: [EMAIL PROTECTED]
Subject: Re: 1750 and MPLS [7:54016]


Can't find it for any 1700 platforms.

IOS Feature Navigoator:
http://www.cisco.com/go/fn/

Darren Ward
(PGradCS, CCIE #8245, SCSA, CCDP, MCP)


On Wed, 25 Sep 2002, Jim Tickle wrote:

 We've pretty much exhausted the possibility that MPLS can run on a 
 2500 series, but I've got a couple of 1750's, and perhaps they can 
 help fill in. Does anybody know if there is a version of IOS for the 
 1750-2v's that will do MPLS (and perhaps voice with the same code)?

 The Tickler





 -
 Do you Yahoo!?
 New DSL Internet Access from SBC  Yahoo!
Do you Yahoo!?
New DSL Internet Access from SBC  Yahoo!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54031t=54016
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]