Strange behaviour for 2600 tftpdnld - anyone else has similar [7:54856]
Hi all, I was upgrading some 2600's yesterday with new flash and DRAM. The router boots up into rommon mode correctly. All the TFTP variables are then set and the code uploaded. Problem is that when the code is finished I get an error about invalid checksum. Downloaded some new code and same results. Eventually, through sheer frustration I tried IOS 11.3 IP only. This worked. I then reloaded the router for the new code to take effect. I was now able to upload the IOS 12.2.12 that I was originally trying. Worked perfectly. Routers are 100% stable. Anyone else have problems like this?? Andrew Larkins BCom, CCNP, CCDP Bytes Technology Networks A Division of the Bytes Technology Group A Member of the Altron Group www.btgroup.co.za visit the press office @ www.itweb.co.za/office/bytes Tel : +27 11 800 9336 Fax : +27 11 800 9496 Mobile : +27 83 656 7214 Email : [EMAIL PROTECTED] OR [EMAIL PROTECTED] This e-mail and its attachments may contain information that is confidential and that may be subject to legal privilege and copyright. If you are not the intended recipient you may not peruse, use, disclose, distribute, copy or retain this message. If you have received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and return and thereafter destroy the original message. Please note that e-mails are subject to viruses, data corruption, delay, interception and unauthorised amendment, and that the sender does not accept liability for any damages that may be incurred as a result of communication by e-mail. No employee or intermediary is authorised to conclude a binding agreement on behalf of the sender by e-mail without express written confirmation by a duly authorised representative of the sender. By transmitting this e-mail message over the Internet the sender does not intend to allow the contents hereof to become part of the public domain, and the confidential nature of the contents shall not be altered or diminished from by such transmission. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54856t=54856 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to dial in power up home lab?? [7:54768]
Gaz wrote: I use Windows XP remote desktop to a home PC and connect to everything else from there. Bit of a strange set-up, but I use Internet Connection sharing on the XP box and all the routers sit behind that. I suppose the security may not be wonderful?? No it isnt unless you have put some work into the security of this machine. but to be honest I don't care. The XP machine can be re-built in minutes (ish). It can once you realised it has been cracked. How quickly do you think you can spot that it has happened? Are you also volunteering your time and money to fix any systems that are attacked from your machine? Peter Walker PS. Sorry if I seem a bit harsh, but the fact is that in my experience most 'attacks' that I have experienced originate from poorly secured machines that people have foolishly placed on the net. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54857t=54768 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNA,CCNP CCIE stuff for trade [7:54858]
Hello everybody, I have the Sybex CCNA Virtual Lab e-trainer,CCNA Ebook,CCNP,CCIE,CCDA,cisco press EBook, Cisco Etrainer PPT,lots more.It retails but I am very flexible and willing to trade if you need any of those items. Good luck to everyone. Sandip Banerjee CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54858t=54858 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNA,CCNP,CCIE stuffs for sale [7:54859]
Hello everybody, I have the Sybex CCNA Virtual Lab e-trainer,CCNA Ebook,CCNP,CCIE,CCDA,cisco press EBook, Cisco Etrainer PPTs,lots more.It retails but I am very flexible and willing to trade if you need any of those items. Good luck to everyone.Contact [EMAIL PROTECTED] Sandip Banerjee CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54859t=54859 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Fluke one touch Network assistant and RCS SafeNet software [7:54860]
Hi... Recently we found that LAN is getting slower and I used Fluke One Touch Network Assistant to check the health of network. And it gave me the following. Utilization 1% Error 0 % Collision 0% Broadcast 80 % IP 48% Station 250 % Do you think the fluke output indicate that our network got problem? The broadcast portion is quite high and I tried to find out which pc contribute to the broadcast, it gave me PC-A 6% PC-B 6 PC-C 6% PC-D 6% PC-E 6% PC-F 6% PC-G 6% PC-H 6% PC-I 6% All the PC that listed are installed with RCS software, when we uninstalled RCS from the PC, the PC's broadcast will be gone. Why RCS caused the broadcast, I am not sure whether it is the cause of our network slowness or not. Any idea? Thanks in advanced Sim == De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. == The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. == Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54860t=54860 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BVI at OC3 speed [7:54828]
Hi Dave, Just a brief comment to make on implementing BVI on Cisco Routers. From what I have experienced in the past, BVI does indeed actually eat up quite a lot of Router CPU. One thing that I would really suggest is to look into using RBE instead of BVI. This will definetely result in less CPU processing, and make a solution potentially more scalable. That is if this fits into your architecture. Just a thought. Regards, Brian. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54861t=54828 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Strange behaviour for 2600 tftpdnld - anyone else has [7:54862]
What tftp server are you using? I have run into the same problem, but only when I was using an older tftp daemon on a SunOS box. Try running a tftp server on your machine and directly connecting to the router with a crossover and see if there is any change. Andrew Cook Andrew Larkins wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, I was upgrading some 2600's yesterday with new flash and DRAM. The router boots up into rommon mode correctly. All the TFTP variables are then set and the code uploaded. Problem is that when the code is finished I get an error about invalid checksum. Downloaded some new code and same results. Eventually, through sheer frustration I tried IOS 11.3 IP only. This worked. I then reloaded the router for the new code to take effect. I was now able to upload the IOS 12.2.12 that I was originally trying. Worked perfectly. Routers are 100% stable. Anyone else have problems like this?? Andrew Larkins BCom, CCNP, CCDP Bytes Technology Networks A Division of the Bytes Technology Group A Member of the Altron Group www.btgroup.co.za visit the press office @ www.itweb.co.za/office/bytes Tel : +27 11 800 9336 Fax : +27 11 800 9496 Mobile : +27 83 656 7214 Email : [EMAIL PROTECTED] OR [EMAIL PROTECTED] This e-mail and its attachments may contain information that is confidential and that may be subject to legal privilege and copyright. If you are not the intended recipient you may not peruse, use, disclose, distribute, copy or retain this message. If you have received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and return and thereafter destroy the original message. Please note that e-mails are subject to viruses, data corruption, delay, interception and unauthorised amendment, and that the sender does not accept liability for any damages that may be incurred as a result of communication by e-mail. No employee or intermediary is authorised to conclude a binding agreement on behalf of the sender by e-mail without express written confirmation by a duly authorised representative of the sender. By transmitting this e-mail message over the Internet the sender does not intend to allow the contents hereof to become part of the public domain, and the confidential nature of the contents shall not be altered or diminished from by such transmission. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54862t=54862 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Three 24 Gbps Switching Engines at 18 Mpps (Layer2)!?! [7:54863]
i think they're two different processes. the PPS is the direct amount of calculations it can do and the GBPS would be the bandwidth. so if you had 18Mpps and 24GBPS, and you tried to switch 18M packets all of MTU (1500) it would be 1800 * 1500 = 270 or 27GBPS so you exceed the bandwidth that the sup card could handle, so with the higher bandwidth the SUP can handle the same amount of packets but of larger sizes. this is how i see it and i hope it's correct. if not please let me know. steve -Original Message- From: Newell Ryan D SrA 18 CS/SCBT To: [EMAIL PROTECTED] Sent: 10/4/02 7:17 AM Subject: Three 24 Gbps Switching Engines at 18 Mpps (Layer2)!?! [7:54833] What does this mean. I was looking at table 21-112. The difference between supervisor engine I and supervisor engine II is that the I has 24 Gbps switching engine and the II has three 24 Gbps. Yet the pps remains the same(18Mpps). Is there a direct correlation between the switching fabric and the switching throughput. If there is reading online that would be great. Here is the link I was referring to. http://www.cisco.com/univercd/cc/td/doc/pcat/ca4000.htm Ryan Newell Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54863t=54863 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Period to take ccnp tests [7:54848]
I had that question same question when I was working on my CCNP. Per Cisco, I was allowed to mix the 50x and 60x exams. I would think the situation would be the same for future test upgrades. -Original Message- From: Leonardo Rocha [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 03, 2002 10:47 PM To: [EMAIL PROTECTED] Subject: Period to take ccnp tests [7:54848] Guys, if one take a ccnp exam today, is there a time limit to take the other 3 exams or else the exam gets invalid? Can someone help me? tks a lot, leo Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54864t=54848 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CiscoWorks2000 and snmp problems [7:54865]
hi, i am interested if there is someone using cw2k and has c7200 vxr with npe-400. do you have problems with snmp on the routers? on other routers? it looks like there is a problem with snmp causing high cpu on routers and bringing the network down. has someone this problems? how did you solve them? ios upgrading doesnt help and the cisco case was closed without a fix. is snmp-server view cutdown an option (http://www.cisco.com/warp/public/477/SNMP/ipsnmphighcpu.shtml). any experiences with that? thanks -bis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54865t=54865 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Extended Vlan across Wan [7:54866]
Hi Guys, Could you give me your opinion about the following ? What is the best technology nowadays to extend Vlans across a ATM Wan backbone ? -- __ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup Free price comparison tool gives you the best prices and cash back! http://www.bestbuyfinder.com/download.htm Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54866t=54866 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT [7:54838]
Well if you must you can try NAT on a stick: http://www.cisco.com/warp/public/556/nat-on-stick.html Had a customer that wanted to do this last week. Tried it in the lab but couldn't get it to work though I was sure the config was correct. After talking with a few Cisco engineers we found out you had to disable multicast globally and then it worked. Of coarse I couldn't find that documented anywhere:( If I were you though when on the inside set your IP address appropriately!!! dave Joe Middleton wrote: Hi All, I am trying to set up NAT on a cisco 2600 router. Everything seems to be working except that I can not access resources on the inside using there public IP address from the inside. From the internet the router translates the public addresses to private addresses, but from the inside I have to use the private address to access any resource. How can I get the router to translate requests that originate from the inside? Any help would be greatly appreciated. Thanks. -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54867t=54838 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CiscoWorks2000 and snmp problems [7:54865]
Yes that URL is exactly what I sent to a customer many months ago when they had the same problem. SNMP would request the whole routing table, they are receiving the whole Internet routing table, which caused their 7200 CPU utilization to max out. There should be no reason the grab this table via SNMP so cutdown will help you if this is similiar to your scenerio. Dave bi.s wrote: hi, i am interested if there is someone using cw2k and has c7200 vxr with npe-400. do you have problems with snmp on the routers? on other routers? it looks like there is a problem with snmp causing high cpu on routers and bringing the network down. has someone this problems? how did you solve them? ios upgrading doesnt help and the cisco case was closed without a fix. is snmp-server view cutdown an option (http://www.cisco.com/warp/public/477/SNMP/ipsnmphighcpu.shtml). any experiences with that? thanks -bis -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54868t=54865 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CiscoWorks2000 and snmp problems [7:54865]
I had the same problem before...it had to do with ATA flash disk and ciscoFlashMIB check here for the work around. http://www.cisco.com/warp/public/477/SNMP/ipsnmphighcpu.shtml - Original Message - From: bi.s To: Sent: Friday, October 04, 2002 2:25 PM Subject: CiscoWorks2000 and snmp problems [7:54865] hi, i am interested if there is someone using cw2k and has c7200 vxr with npe-400. do you have problems with snmp on the routers? on other routers? it looks like there is a problem with snmp causing high cpu on routers and bringing the network down. has someone this problems? how did you solve them? ios upgrading doesnt help and the cisco case was closed without a fix. is snmp-server view cutdown an option (http://www.cisco.com/warp/public/477/SNMP/ipsnmphighcpu.shtml). any experiences with that? thanks -bis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54869t=54865 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CiscoWorks2000 and snmp problems [7:54865]
I had a similar problem but with our cat 5500's. The CPU would spike to 95% utilization every couple of minutes. Before I get into what we did, try going under Resource Manager Essentials = Administration = Change Polling options = choose the 7000 series routers and try to manipulate some of the polling options. If this doesn't work. See if this is caused by Device Fault Manager. Go to Server Configuration = Administration = Stop Process = shutdown DFM Server and DFM Broker and see if that resolved anything. If all else fails, reopen the case with Cisco. Hopefully you will get a more experienced tech this time. Ersin -Original Message- From: bi.s [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 9:25 AM To: [EMAIL PROTECTED] Subject:CiscoWorks2000 and snmp problems [7:54865] hi, i am interested if there is someone using cw2k and has c7200 vxr with npe-400. do you have problems with snmp on the routers? on other routers? it looks like there is a problem with snmp causing high cpu on routers and bringing the network down. has someone this problems? how did you solve them? ios upgrading doesnt help and the cisco case was closed without a fix. is snmp-server view cutdown an option (http://www.cisco.com/warp/public/477/SNMP/ipsnmphighcpu.shtml). any experiences with that? thanks -bis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54870t=54865 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Strange behaviour for 2600 tftpdnld - anyone else has [7:54871]
I encountered something similar with IOS 12.1.10 enterprise on the 2500 series. I reported it to Cisco and posted something on the list here a month or two back. There is a bug in some of the 12.1 codes. Andrew Larkins wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, I was upgrading some 2600's yesterday with new flash and DRAM. The router boots up into rommon mode correctly. All the TFTP variables are then set and the code uploaded. Problem is that when the code is finished I get an error about invalid checksum. Downloaded some new code and same results. Eventually, through sheer frustration I tried IOS 11.3 IP only. This worked. I then reloaded the router for the new code to take effect. I was now able to upload the IOS 12.2.12 that I was originally trying. Worked perfectly. Routers are 100% stable. Anyone else have problems like this?? Andrew Larkins BCom, CCNP, CCDP Bytes Technology Networks A Division of the Bytes Technology Group A Member of the Altron Group www.btgroup.co.za visit the press office @ www.itweb.co.za/office/bytes Tel : +27 11 800 9336 Fax : +27 11 800 9496 Mobile : +27 83 656 7214 Email : [EMAIL PROTECTED] OR [EMAIL PROTECTED] This e-mail and its attachments may contain information that is confidential and that may be subject to legal privilege and copyright. If you are not the intended recipient you may not peruse, use, disclose, distribute, copy or retain this message. If you have received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and return and thereafter destroy the original message. Please note that e-mails are subject to viruses, data corruption, delay, interception and unauthorised amendment, and that the sender does not accept liability for any damages that may be incurred as a result of communication by e-mail. No employee or intermediary is authorised to conclude a binding agreement on behalf of the sender by e-mail without express written confirmation by a duly authorised representative of the sender. By transmitting this e-mail message over the Internet the sender does not intend to allow the contents hereof to become part of the public domain, and the confidential nature of the contents shall not be altered or diminished from by such transmission. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54871t=54871 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF for ISPs [7:54540]
At 03:07 PM 9/30/2002 +, Russell Heilling wrote: Say, for example, that a customer has a small block of IP's and a distribution router knows where that block is, via a connected route, like a /30 on a serial link. But later down the line the customer requests an additional block of 64 IP addresses, what is the best way to send this block to the customer? Do I need to run OSPF on the customer equipment? If the customer router is not running OSPF, how do the routers know how to get to this destination? I assume via static routing??? Easiest way to do this without running OSPF on the CPE is to put a static route on the router at your end of the link, and redistribute the static route into OSPF. I like this, but put the static in BGP with some neato communities on it. How are you getting the /30 into OSPF at the moment? If you are using a network statement make sure that you have set the customer interface as passive - the last thing you want is a customer tinkering with the router and injecting bad routes into your network. Alternatively you could redistribute connected routes into OSPF, removing the need for the network statement. -- Russell Heilling http://www.ccie.org.uk/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54872t=54540 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF for ISPs [7:54540]
At 04:05 PM 9/30/2002 +, Chris Headings wrote: Great... So it looks like I would then use the redistribute static subnets as well as the redistribute connected subnets command within the OSPF process to make sure ALL ospf enabled routers would know how to reach that specifc, statically routed/connected, destination? This would work, but if you are really designing an ISP, don't clutter up your IGP topology with a bunch of type 5's that are challenging to effectively constrain. Put these customer prefixes in BGP and put together a nice community based routing policy to control your BGP prefixes. Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54873t=54540 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: unusual BGP question. [7:54429]
you're right MED is used for outgoing routing decisions, but... 1.as a optional nontransit path-atribute, it's only important for the neighboring AS. as such, it determines the neighboring AS outgoing decisions, not our own AS ones. e.g if you change MEDs in our routing updates, it causes change only in your neighbors. 2.what the previous posting meant, is modifying the MEDs in the updates, we are getting /at R3? from R1 and R2. As doing that, you can force your outgoing policy, without modifying/as in the original posting terms/ as-path /prepending/ or local-pref change. -rado Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54874t=54429 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX Confusion [7:54875]
I have a PIX 501 and get a single IP from my ISP. I would like to set up an FTP conduit, but on port 5051. I can't find any docs on how to do this. When I play around it it states that I have to change my NAT rules too. I still want all inside users access outside. Any info or links are appreciated. NetEng Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54875t=54875 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MPLS Vs EIGRP [7:54507]
At 06:04 PM 9/30/2002 +, Priscilla Oppenheimer wrote: I have an even more fundamental question. ;-) Why does MPLS need a routing protocol at all? Obviously, the forwarding of traffic doesn't use it. Forwarding is based on the labels. Is it for the label distribution component? Couldn't that be done with manual configuration? Static label assignment is tremendously onerous. Keep in mind that without a control plane that has some topological awareness, you'd need to configure label in/out relationships on every transit router in your network, per LSP. Try that with 5000 LSPs :) I'd rather do 5-10 in a low security prison myself. Pete Priscilla nrf wrote: Chuck's Long Road wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... hey, friends, I'm always interested in learning something I didn't know before. not claiming to know a whole lot about MPLS, but in terms of operation, MPLS operates on top of a routing protocol, any routing protocol, correct? Requires that CEF is enabled, at least in the Cisco world, but any old routing protocol is fair game as the transport piece, correct? So to me, the question would become one of the relative merits of any routing protocol, without the MPLS issue clouding it. I would think, but what do I know? I got an even more fundamental question - why does MPLS require IP at all? At the risk of starting a religious way, it's not called Internet Protocol Label Switching, it's Multi-protocol label switching. MPLS has effectively become a feature of IP, as opposed to a generalized control-plane mechanism for which is what it was originally intended. I suppose there are always the issue of interoperability. I would certainly appreciate the wisdom of the folks on this group. Chuck Kohli, Jaspreet wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am looking for a comparative design question: Why a large corporation should or should not use MPLS over EIGRP . Any useful links will be greatly appreciated . Thanks as always Jaspreet _ Consultant Andrew NZ Inc Box 50 691, Porirua Wellington 6230, New Zealand Phone +64 4 238 0723 Fax +64 4 238 0701 e-mail [EMAIL PROTECTED] WARNING: The contents of this e-mail and any attached files may contain information that is legally privileged and/or confidential to the named recipient. This information is not to be used by any other person and/or organisation. The views expressed in this document do not necessarily reflect those of Andrew NZ Inc If you have received this e-mail and any attached files in error please notify the sender by reply e-mail and destroy your copy of this message. Thank you. -- -- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any unauthorized use of this email is prohibited. -- -- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54876t=54507 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF for ISPs [7:54540]
At 07:12 PM 9/30/2002 +, MADMAN wrote: Interesting. I don't work for an ISP bt have worked with many and I have only ran into one that ran an IGP with it's customers and I was suprised. My ancedotal evidence suggests that the vast majority either run BGP or statics to announce customer networks. I know there are plenty of ISP engineers out there and can confirm/rip my conjecture ;) Dave Best practises would dictate the use of static or a distance vector variant IGP for customer connections. The lack of import filtering capability in Link State protocols presents a very dangerous situation for the ISP. In general, ISP's are very paranoid about customers (and peers/providers alike) and take all means necessary to protect themselves from misbehaving external peers (IP peers in this general case) BGP naturally provides the most policy rich tool set for those applications where static routing will not suffice. I find RIP to be a comfortable variant for those multihomed customers who simply will not turn up BGP, though I'd still prefer to have the BGP discussion one last time with them prior to doing using it. Of course, linking one's main IGP to a customers is a really silly idea which I think everyone grasps ;) Mike Bernico wrote: I'm not sure I'm in complete agreement. The network I work for has several distribution routers that contain around 1000 T1 speed customers. If we were to static route each of their networks it would add about 1000 to 1500 lines of router configuration to the router. That would definately add to our maintenance and provisioning work and make troubleshooting harder on our techs. While I agree statics are probably the most stable way, I'm not sure it's necessarily the best way to aggrigate high volumes of customers. We currently use EIGRP at the edge with the stub command, OSPF or IS-IS would work just as well. Regardless, we would never let our IGP, that extends to the CE router, touch their IGP. About 98% of our customers are not BGP customers though. YMMV Mike --- Mike Bernico [EMAIL PROTECTED] Illinois Century Network http://www.illinois.net (217) 557-6555 -Original Message- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 11:37 AM To: [EMAIL PROTECTED] Subject: Re: OSPF for ISPs [7:54540] At 2:58 PM + 9/30/02, Don wrote: Rather than run OSPF to customers, it is generally much better to have them use a default route to the ISP and for the ISP to run static routes to the customer. OSPF to the customer is a huge land mine for the ISP and should be avoided in almost every case. Don I agree completely with Don that an ISP _never_ should link its IGP to that of the customer. Don't fall into the trap of assuming that BGP needs a full routing table or will consume excessive resources. I remain confused why a default route wouldn't serve, unless there are multiple connections between the ISP and customer. By send the block to the customer, do you mean the block is in the customer's space? You could certainly use a second static route, which can be generated automatically as part of your address assignment (see my NANOG presentation, http://www.nanog.org/mtg-9811/ppt/berk/index.htm). If that's not appropriate, have the customer announce his two blocks to you with BGP and receive default from your BGP. Chris Headings wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Good morning all. I was wondering if someone could lend me a little help about engineering OSPF in the backbone for an ISP network. I just had a couple of questions and hopefully someone can give me some guidance.or even some CCO links with some specific examples or better yet any material anywhere. Say, for example, that a customer has a small block of IP's and a distribution router knows where that block is, via a connected route, like a /30 on a serial link. But later down the line the customer requests an additional block of 64 IP addresses, what is the best way to send this block to the customer? Do I need to run OSPF on the customer equipment? If the customer router is not running OSPF, how do the routers know how to get to this destination? I assume via static routing??? Thanks as always. Chris -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54877t=54540 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and
RE: VPN Issue [7:54702]
It would be great if anyone could give me some insights into if it´s posible to use the 2610 or a PIX to do what I was talking about Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54878t=54702 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Routing based on port number [7:54879]
Greetings all, What features on the IOS can I use to route based on the port number. NBAR is one of the services that comes to mind, are there any other services that allow me to accomplish that? Thanks...Nabil I have never let my schooling interfere with my education. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54879t=54879 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Switch MAC filter [7:54880]
Is there a way on a 6509 to filter a port from seeing a traffic from a cetain MAC when the two hosts are on the same VLAN. The problem is one host keeps broadcasting NTP updates every 40 secs and the Pix SYSLOG is contantly logging it. Since the NTP host does not go through the firewall I was wondering if I could block the MAC address all together at the port the Pix is plugged into. Thanks.. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54880t=54880 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Extended Vlan across Wan [7:54866]
I'm surprised Howard hasn't chimed in yet, this is definitely a what problem are you trying to solve sort of case... More details please. Personally, I don't believe VLANs should extend outside a building (even with Dark Fibre); but perhaps you have requirements that would justify this... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of gladston vidali Sent: Friday, October 04, 2002 9:05 AM To: [EMAIL PROTECTED] Subject: Extended Vlan across Wan [7:54866] Hi Guys, Could you give me your opinion about the following ? What is the best technology nowadays to extend Vlans across a ATM Wan backbone ? -- __ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup Free price comparison tool gives you the best prices and cash back! http://www.bestbuyfinder.com/download.htm Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54881t=54866 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Routing based on port number [7:54879]
policy routing come to mind. use an extended access-list to identify traffic by tcp port, set up your route map so that identified traffic is sent either to an interface or an ip next-hop, then set up the policy inbound on the interface where the traffic originates. -- www.chuckslongroad.info like my web site? take the survey! wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Greetings all, What features on the IOS can I use to route based on the port number. NBAR is one of the services that comes to mind, are there any other services that allow me to accomplish that? Thanks...Nabil I have never let my schooling interfere with my education. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54882t=54879 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: InterVLAN routing [7:54583]
If all of your networks fall into a single router, what does your routing protocol do anyway? At 11:14 PM 9/30/2002 +, you wrote: Just thinking what are the best practices to route between vlans. We have 6 vlans at work, the main reason for multiple vlans is to minimize the impact of Broadcasts. We are running eigrp on the RSM/cat5500. Is this how most people configure it out there ? Also we are planning to add a seperate vlan for Voice and I wonder how would that be impacted with EIGRP running on the RSM. Thanks for any insights or suggestions. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54883t=54583 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MPLS Vs EIGRP [7:54507]
Peter van Oene wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... At 06:04 PM 9/30/2002 +, Priscilla Oppenheimer wrote: I have an even more fundamental question. ;-) Why does MPLS need a routing protocol at all? Obviously, the forwarding of traffic doesn't use it. Forwarding is based on the labels. Is it for the label distribution component? Couldn't that be done with manual configuration? Static label assignment is tremendously onerous. Keep in mind that without a control plane that has some topological awareness, you'd need to configure label in/out relationships on every transit router in your network, per LSP. Try that with 5000 LSPs :) I'd rather do 5-10 in a low security prison myself. I disagree - I don't believe you need inherent topological awareness at all, at least not in an routing protocol that is inherent to the systems in question. Let me explain. When I said why couldn't LSP's just be implemented manually, I was opening the door to an LSP being a perfect drop-in replacement to today's ATM PVC's. Hey - ATM PVC's today are configured manually in the sense that there is usually an overarching piece of management software that the engineers use to build and rebuild all the PVC's and nobody seems to have a problem with that, and this obviates the need for PNNI or any other kind of dynamic topology calculation mechanism within the system itself. MPLS could do the same thing - it could provide the hooks for which companies could build management software to build permanent LSP's, as opposed to being forced to dance the IP tune even if they don't want to. What I'm saying is this. MPLS, in my eyes, seemed to offer a powerful management 'virtualization mechanism' for creating paths. Ideally, MPLS would remain generalized such that implementers could use a wide variety of ways to create LSP's, and could mix and match these ways as they see fit. But not anymore, MPLS is handcuffed to IP, and I think this IP-only obsession will slow the implementation of MPLS. Let's face it, IP, is on the whole, unprofitable for the provider. So in this financial day and age, it's not surprising that providers aren't exactly going to rush to implement any technology that is IP-centric. They will still adopt it because IP is the key to future profitability, but the implementation will be unnecessarily slowed. Pete Priscilla nrf wrote: Chuck's Long Road wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... hey, friends, I'm always interested in learning something I didn't know before. not claiming to know a whole lot about MPLS, but in terms of operation, MPLS operates on top of a routing protocol, any routing protocol, correct? Requires that CEF is enabled, at least in the Cisco world, but any old routing protocol is fair game as the transport piece, correct? So to me, the question would become one of the relative merits of any routing protocol, without the MPLS issue clouding it. I would think, but what do I know? I got an even more fundamental question - why does MPLS require IP at all? At the risk of starting a religious way, it's not called Internet Protocol Label Switching, it's Multi-protocol label switching. MPLS has effectively become a feature of IP, as opposed to a generalized control-plane mechanism for which is what it was originally intended. I suppose there are always the issue of interoperability. I would certainly appreciate the wisdom of the folks on this group. Chuck Kohli, Jaspreet wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am looking for a comparative design question: Why a large corporation should or should not use MPLS over EIGRP . Any useful links will be greatly appreciated . Thanks as always Jaspreet _ Consultant Andrew NZ Inc Box 50 691, Porirua Wellington 6230, New Zealand Phone +64 4 238 0723 Fax +64 4 238 0701 e-mail [EMAIL PROTECTED] WARNING: The contents of this e-mail and any attached files may contain information that is legally privileged and/or confidential to the named recipient. This information is not to be used by any other person and/or organisation. The views expressed in this document do not necessarily reflect those of Andrew NZ Inc If you have received this e-mail and any attached files in error please notify the sender by reply e-mail and destroy your copy of this message. Thank you. -- -- This message is for the designated recipient only and may contain privileged,
Re: PIX Confusion [7:54875]
From Cisco's website: You can use the fixup command to change the default port assignments or to enable or disable application inspection for the following protocols and applications: a.. FTP b.. H.323 c.. HTTP d.. ILS e.. RSH f.. RTSP g.. SIP h.. SKINNY (SCCP) i.. SMTP j.. SQL*Net The basic syntax for the fixup command is as follows: [no] fixup protocol [protocol] [port] http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/config/fixu p.htm#xtocid2 The command would be fixup protocol ftp 5051 And as far as changing your NAT statements, I believe as long as you use the keyword ftp in your commands, it will adjust to the port number change. NetEng wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a PIX 501 and get a single IP from my ISP. I would like to set up an FTP conduit, but on port 5051. I can't find any docs on how to do this. When I play around it it states that I have to change my NAT rules too. I still want all inside users access outside. Any info or links are appreciated. NetEng Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54886t=54875 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Routing based on port number [7:54879]
I'd consider using Policy-Based Routing. This would allow you to classify traffic based on port number using access lists and then make routing decisions from class-based rules. HTH, John [EMAIL PROTECTED] 10/4/02 10:02:11 AM Greetings all, What features on the IOS can I use to route based on the port number. NBAR is one of the services that comes to mind, are there any other services that allow me to accomplish that? Thanks...Nabil I have never let my schooling interfere with my education. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54888t=54879 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NAT [7:54838]
Hi Paul, With this command, will you be able to let's say ftp to the outside IP and get forwarded to the ftp ports of the internal ip? Daren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Paul Msava Sent: Thursday, October 03, 2002 7:28 PM To: [EMAIL PROTECTED] Subject: RE: NAT [7:54838] Hi, ip nat inside source static private public ip ./Msava -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Joe Middleton Sent: Friday, October 04, 2002 3:23 AM To: [EMAIL PROTECTED] Subject: NAT [7:54838] Hi All, I am trying to set up NAT on a cisco 2600 router. Everything seems to be working except that I can not access resources on the inside using there public IP address from the inside. From the internet the router translates the public addresses to private addresses, but from the inside I have to use the private address to access any resource. How can I get the router to translate requests that originate from the inside? Any help would be greatly appreciated. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54889t=54838 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MPLS Vs EIGRP [7:54507]
At 03:12 AM 10/1/2002 +, nrf wrote: I've been involved in Formal International Standards Bodies, where the Camel was developed as a functional specification for a Mouse. The market and the world are far faster than the carriers would like it to be. Here I must disagree. The fact is the traditional carriers basically are the market, in the sense that they are the ones with money to spend. It doesn't really matter if the standards bodies come up with all sorts of cool and funky technologies if nobody implements them. The only providers who are really in a position to implement much of anything these days are the traditional carriers because they are the only ones who actually have money (practically all of the pure Internet service-providers are bleeding red ink everywhere). And those traditional carriers are only going to implement something to the degree that it is profitable to do so. Fully agree here, however want to add that many RBOC/ILEC types are looking not solely at new revenue generation based upon new technology, but rather to maximize profits on existing revenue. In this context, decreasing the amount of transport networks required to support a variety of services tends to make sense which is a point that I believe you've made as well, but I wanted to reiterate. (been blackholed from mailing lists for a few days and suffered severe withdrawal) Which is why I am concerned for the future of MPLS. In its original conception, MPLS offered the promise for a generalized control-plane that could potentially span all the gear that a carrier has to run. A Grand Unified Theory of networking, if you will. I'm not sure how far back your time line dates with respect to the original conception. For me, MPLS and its ancestors have generally fallen under the loose theme of providing cell like switching performance or low over VC's for IP. The most direct ancestor, Tag Switching, was entirely targeted at IP as far as I recall. Now, it has become IP-centric, and Internet-centric in particular (i.e. the involvement of the IETF).But the fact of the matter is that IP services in general, and the Internet in particular, are still highly unprofitable for the carriers. Untold billions have been spent on carrier Internet infrastructure with nary a hope of ever getting a semi-reasonable return on investment. The Internet has become a godsend to the consumer but a financial nightmare for the carriers. Many service providers do derive profit from IP transit services particularly in the commercial space. Most tend to loose money on residential services with DSL being the biggest contributor. I expect most carries lose 10-15 US dollars a month per DSL subscriber. However, as you say, many of those same characters derive profit from frame/ATM based VPN offerings albeit those offering historically haven't been referred to as VPN to my memory. Building out networks that support the profitable growth and maintenance of the traditional frame /ATM VPN (or more aptly virtual leased line) while at the same time providing IP transport for IP data and other more value add services makes a good deal of sense. Which is why I believe that any new carrier-style technology that is directed towards the Internet will achieve unnecessarily slow adoption by the carriers. Now don't get me wrong, MPLS will be adopted, the real question is how quickly. If much of the work on MPLS is done mostly on IP and Internet features, and not on the more traditional telco features, this will slow the adoption of MPLS. Traditional carriers are not exactly champing at the bit to spend money adopting new Internet technology now that financial sanity has returned to the fold (notice how so many carriers are cancelling or slowing their Internet buildouts?). I would suggest that MPLS is widely adopted in a variety of spaces. MPLS for traffic engineering had a good market in areas where fiber capacity wasn't as flush as it happens to be in the US (EMEA comes to mind here). MPLS for ATM transport (pseudo-wire encap like) has a pretty strong deployment in some very large networks providing a high speed, core for legacy ISP ATM networks. MPLS L3 VPN's would seem to be more and more widely deployed and as the L2 variants work themselves out in the IETF will likely see similarly wide adaptation based upon my observations (though I'm no luminary :) MPLS L2vpn as a replacement for traditional ATM/Frame networks makes a great deal of sense on paper and offers a pretty reasonable migration path and I've found many RBOC type customers very interested in talking about it. When I worked for a primarily carrier-oriented vendor, there were deep emotions that they could make IP go away with: (1) Ubiquitous fiber (2) Apparently manually provisioned MPLS, since they equated the topology to something of equal complexity and hierarchy to what you can do in
RE: OSPF for ISPs [7:54540]
What about using default routes at the customer sites? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Peter van Oene Sent: Friday, October 04, 2002 5:17 AM To: [EMAIL PROTECTED] Subject: Re: OSPF for ISPs [7:54540] At 07:12 PM 9/30/2002 +, MADMAN wrote: Interesting. I don't work for an ISP bt have worked with many and I have only ran into one that ran an IGP with it's customers and I was suprised. My ancedotal evidence suggests that the vast majority either run BGP or statics to announce customer networks. I know there are plenty of ISP engineers out there and can confirm/rip my conjecture ;) Dave Best practises would dictate the use of static or a distance vector variant IGP for customer connections. The lack of import filtering capability in Link State protocols presents a very dangerous situation for the ISP. In general, ISP's are very paranoid about customers (and peers/providers alike) and take all means necessary to protect themselves from misbehaving external peers (IP peers in this general case) BGP naturally provides the most policy rich tool set for those applications where static routing will not suffice. I find RIP to be a comfortable variant for those multihomed customers who simply will not turn up BGP, though I'd still prefer to have the BGP discussion one last time with them prior to doing using it. Of course, linking one's main IGP to a customers is a really silly idea which I think everyone grasps ;) Mike Bernico wrote: I'm not sure I'm in complete agreement. The network I work for has several distribution routers that contain around 1000 T1 speed customers. If we were to static route each of their networks it would add about 1000 to 1500 lines of router configuration to the router. That would definately add to our maintenance and provisioning work and make troubleshooting harder on our techs. While I agree statics are probably the most stable way, I'm not sure it's necessarily the best way to aggrigate high volumes of customers. We currently use EIGRP at the edge with the stub command, OSPF or IS-IS would work just as well. Regardless, we would never let our IGP, that extends to the CE router, touch their IGP. About 98% of our customers are not BGP customers though. YMMV Mike --- Mike Bernico [EMAIL PROTECTED] Illinois Century Network http://www.illinois.net (217) 557-6555 -Original Message- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 11:37 AM To: [EMAIL PROTECTED] Subject: Re: OSPF for ISPs [7:54540] At 2:58 PM + 9/30/02, Don wrote: Rather than run OSPF to customers, it is generally much better to have them use a default route to the ISP and for the ISP to run static routes to the customer. OSPF to the customer is a huge land mine for the ISP and should be avoided in almost every case. Don I agree completely with Don that an ISP _never_ should link its IGP to that of the customer. Don't fall into the trap of assuming that BGP needs a full routing table or will consume excessive resources. I remain confused why a default route wouldn't serve, unless there are multiple connections between the ISP and customer. By send the block to the customer, do you mean the block is in the customer's space? You could certainly use a second static route, which can be generated automatically as part of your address assignment (see my NANOG presentation, http://www.nanog.org/mtg-9811/ppt/berk/index.htm). If that's not appropriate, have the customer announce his two blocks to you with BGP and receive default from your BGP. Chris Headings wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Good morning all. I was wondering if someone could lend me a little help about engineering OSPF in the backbone for an ISP network. I just had a couple of questions and hopefully someone can give me some guidance.or even some CCO links with some specific examples or better yet any material anywhere. Say, for example, that a customer has a small block of IP's and a distribution router knows where that block is, via a connected route, like a /30 on a serial link. But later down the line the customer requests an additional block of 64 IP addresses, what is the best way to send this block to the customer? Do I need to run OSPF on the customer equipment? If the customer router is not running OSPF, how do the routers know how to get to this destination? I assume via static routing??? Thanks as always. Chris -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer
RE: Strange behaviour for 2600 tftpdnld - anyone else has [7:54892]
I just encountered this problem with 12.1 also on a 2600. The way I got it to work was by setting the TFTP_CHECKSUM variable (I think that's what it is called) to the value of 0. It worked after this. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Chuck's Long Road Sent: Friday, October 04, 2002 5:03 AM To: [EMAIL PROTECTED] Subject: Re: Strange behaviour for 2600 tftpdnld - anyone else has [7:54871] I encountered something similar with IOS 12.1.10 enterprise on the 2500 series. I reported it to Cisco and posted something on the list here a month or two back. There is a bug in some of the 12.1 codes. Andrew Larkins wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, I was upgrading some 2600's yesterday with new flash and DRAM. The router boots up into rommon mode correctly. All the TFTP variables are then set and the code uploaded. Problem is that when the code is finished I get an error about invalid checksum. Downloaded some new code and same results. Eventually, through sheer frustration I tried IOS 11.3 IP only. This worked. I then reloaded the router for the new code to take effect. I was now able to upload the IOS 12.2.12 that I was originally trying. Worked perfectly. Routers are 100% stable. Anyone else have problems like this?? Andrew Larkins BCom, CCNP, CCDP Bytes Technology Networks A Division of the Bytes Technology Group A Member of the Altron Group www.btgroup.co.za visit the press office @ www.itweb.co.za/office/bytes Tel : +27 11 800 9336 Fax : +27 11 800 9496 Mobile : +27 83 656 7214 Email : [EMAIL PROTECTED] OR [EMAIL PROTECTED] This e-mail and its attachments may contain information that is confidential and that may be subject to legal privilege and copyright. If you are not the intended recipient you may not peruse, use, disclose, distribute, copy or retain this message. If you have received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and return and thereafter destroy the original message. Please note that e-mails are subject to viruses, data corruption, delay, interception and unauthorised amendment, and that the sender does not accept liability for any damages that may be incurred as a result of communication by e-mail. No employee or intermediary is authorised to conclude a binding agreement on behalf of the sender by e-mail without express written confirmation by a duly authorised representative of the sender. By transmitting this e-mail message over the Internet the sender does not intend to allow the contents hereof to become part of the public domain, and the confidential nature of the contents shall not be altered or diminished from by such transmission. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54892t=54892 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Extended Vlan across Wan [7:54866]
Couldn't you bridge the VLAN's into an ATM 1483 bridged PVC, point to point across the WAN at both ends? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of gladston vidali Sent: Friday, October 04, 2002 4:05 AM To: [EMAIL PROTECTED] Subject: Extended Vlan across Wan [7:54866] Hi Guys, Could you give me your opinion about the following ? What is the best technology nowadays to extend Vlans across a ATM Wan backbone ? -- __ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup Free price comparison tool gives you the best prices and cash back! http://www.bestbuyfinder.com/download.htm Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54893t=54866 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Confusion [7:54875]
Try this: static (inside,outside) tcp interface ftp 192.168.1.2(or IP of your internal host) 5051 netmask 255.255.255. 255 0 0 -Original Message- From: NetEng [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 11:10 AM To: [EMAIL PROTECTED] Subject: PIX Confusion [7:54875] I have a PIX 501 and get a single IP from my ISP. I would like to set up an FTP conduit, but on port 5051. I can't find any docs on how to do this. When I play around it it states that I have to change my NAT rules too. I still want all inside users access outside. Any info or links are appreciated. NetEng Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54894t=54875 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CiscoWorks2000 and snmp problems [7:54865]
MADMAN wrote: Yes that URL is exactly what I sent to a customer many months ago when they had the same problem. SNMP would request the whole routing table, they are receiving the whole Internet routing table, which caused their 7200 CPU utilization to max out. There should be no reason the grab this table via SNMP so cutdown will help you if this is similiar to your scenerio. hi dave, thanks for your answer. did it help your customer? my problem is not really getting the routing table (i guess). this happened while trying to update the inventory. and it looks like only the c7200 are affected... but being route-reflectors this is enough... thanks for your feedback -bis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54895t=54865 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CiscoWorks2000 and snmp problems [7:54865]
Ersin Abacioglu wrote: I had a similar problem but with our cat 5500's. The CPU would spike to 95% utilization every couple of minutes. Before I get into what we did, try going under Resource Manager Essentials = Administration = Change Polling options = choose the 7000 series routers and try to manipulate some of the polling options. If this doesn't work. See if this is caused by Device Fault Manager. Go to Server Configuration = Administration = Stop Process = shutdown DFM Server and DFM Broker and see if that resolved anything. thanks ersin, i will look at it next monday. cya -bis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54896t=54865 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Extended Vlan across Wan [7:54866]
Daren Presbitero wrote: Couldn't you bridge the VLAN's into an ATM 1483 bridged PVC, point to point across the WAN at both ends? That's how I did it when I had the need. Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54897t=54866 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Extended Vlan across Wan [7:54866]
This thread brings to mind a question I've had for a while. It appears sometimes that a lot of people think ATM is difficult to understand, implement, support. Why is it that? My ( albeit limited ) exposure to ATM from the customer side is that ATM is basically every bit as easy to set up and run on your typical WAN as frame relay. Yes there are some additional bells and whistles which can become complex as you do more complex things. And obviously, complex corporate networks might make use of a lot more ATM specific features. But in general, you set up the PVC's, configure the IP address ( or enable bridging ) and do everything else pretty much the same was as you do with frame relay. Any thoughts? Chuck -- TANSTAAFL there ain't no such thing as a free lunch M.C. van den Bovenkamp wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Daren Presbitero wrote: Couldn't you bridge the VLAN's into an ATM 1483 bridged PVC, point to point across the WAN at both ends? That's how I did it when I had the need. Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54898t=54866 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Switch MAC filter [7:54880]
On 6509, you could use 'set security acl ... mac' The problem is that works only for traffic other than IP/IPX. For IP you should use 'set security acl ip ...' Regards, Alaerte r34rv13wm1rr0r @groupstudy.com em 04/10/2002 13:03:31 Favor responder a r34rv13wm1rr0r Enviado Por: [EMAIL PROTECTED] Para: [EMAIL PROTECTED] cc: Assunto:Switch MAC filter [7:54880] Is there a way on a 6509 to filter a port from seeing a traffic from a cetain MAC when the two hosts are on the same VLAN. The problem is one host keeps broadcasting NTP updates every 40 secs and the Pix SYSLOG is contantly logging it. Since the NTP host does not go through the firewall I was wondering if I could block the MAC address all together at the port the Pix is plugged into. Thanks.. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54899t=54880 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Fluke one touch Network assistant and RCS Safe [7:54887]
Blair, Philip S wrote: If you attached the Fluke to a switched port then it will only see network traffic destined to the device on that port and multicast/broadcast traffic. Very good point. If at all possible, all traffic should be analyzed. More below... It would seem than that your broadcast traffic is 0.8% of your available bandwidth, 80% of your 1% utilization. That seems reasonable, I'd look elsewhere for the problem. Broadcasts aren't using a lot of bandwidth, but they could still be a problem. On 100 Mbps Ethernet, you can have a maximum of 148,800 packets per second. Let's say we're using 1% of that (round up from 0.8%). Then we could have 1,488 broadcasts per second and still be using only 1% of the available bandwidth! That's a lot. Note the math requires that the packets be only 64 bytes each, and includes the FCS, preamble, and interframe-gap. If the packets were bigger, then there would be fewer per second, but broadcasts often are small. If you have slow PCs and/or NICs, they will indeed slow down with this level of broadcasts. A lot of networks still have the rather dangerous combination of 100 Mbps, chatty software, and PCs that are a few years old. The easiest and least expensive thing to fix, if there are problems, is probably the software or configuration of the software. Recently I saw a Windows 2000 server completely stop all its services when it got overwhelmed by broadcasts, and in this case it was only one station broadcasting. It was a station sending more frequently than once per second trying to find the non-existent server that was supposed to have the newest anti-virus updates. We were able to tell the client to stop this bad behavior, and, last I heard, the server had stopped having problems. What is this RCS software? It may have been written by software developers who have never considered the effects of their code on a network. You wouldn't believe how common that is! ;-) ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com One option if your equipment supports it would be to span the vlan traffic to a port and plug the fluke into the spanned port. Depending on you network design you still may only see a subset of your traffic. Philip -Original Message- From: Sim, CT (Chee Tong) [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 6:35 AM To: [EMAIL PROTECTED] Subject: Fluke one touch Network assistant and RCS SafeNet software [7:54860] Hi... Recently we found that LAN is getting slower and I used Fluke One Touch Network Assistant to check the health of network. And it gave me the following. Utilization 1% Error 0 % Collision 0% Broadcast 80 % IP 48% Station 250 % Do you think the fluke output indicate that our network got problem? The broadcast portion is quite high and I tried to find out which pc contribute to the broadcast, it gave me PC-A 6% PC-B 6 PC-C 6% PC-D 6% PC-E 6% PC-F 6% PC-G 6% PC-H 6% PC-I 6% All the PC that listed are installed with RCS software, when we uninstalled RCS from the PC, the PC's broadcast will be gone. Why RCS caused the broadcast, I am not sure whether it is the cause of our network slowness or not. Any idea? Thanks in advanced Sim == De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. == The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. == Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54900t=54887 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Access List Change [7:54901]
Hello all, Continuing my quest to unravel that which was left behind, I am now at the following conclusion: Europe is on subnet 172.29.30.0 U.S. is on subnet 192.168.100.0 Europe office has a 512k portal to the internet, public IP gateway being 1.2.3.4 (made up of course, is in 217.x.x.x range) U.S. public IP is 6.7.8.9 However, it has been configured for all Europe internet traffic to be routed through U.S. office (for purposes of going through a firewall, which wasn't in place anyways). This has left Europe office with effective internet speeds of 50k. Now I want them to use their own internet portal and I believe I need to reconfigure access lists to allow it. Here are my lists: ip nat inside source list 101 interface Ethernet0 overload ip kerberos source-interface any ip classless ip route profile ip route 0.0.0.0 0.0.0.0 1.2.3.4 ip route 172.29.40.0 255.255.255.0 192.168.100.15 ip http server ! access-list 100 permit ip 172.29.30.0 0.0.0.255 6.7.8.9 0.0.0.31 access-list 100 permit ip 172.29.30.0 0.0.0.255 192.168.100.0 0.0.0.255 access-list 101 deny ip 172.29.30.0 0.0.0.255 6.7.8.9 0.0.0.31 access-list 101 deny ip 172.29.30.0 0.0.0.255 192.168.100.0 0.0.0.255 access-list 101 permit ip 172.29.30.0 0.0.0.255 any interface Ethernet0 description connected to Internet ip address 1.2.3.5 255.255.255.248--- IP is one number above public gateway ip nat outside no ip route-cache no ip mroute-cache half-duplex crypto map cm-cryptomap And here's what I *think* I need to do: no ip route 0.0.0.0 0.0.0.0 1.2.3.4 ip route 172.29.30.0 255.255.255.0 1.2.3.4 access-list 100 permit ip 172.29.30.0 0.0.0.255 1.2.3.4 For the last line I would actually need to clear all access lists ( no access-list 100. is the command?) and then reenter to preserve the order? Does it sound like I'm close to what I need to do? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54901t=54901 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to dial in power up home lab?? [7:54768]
Peter Walker : CISSP, CSS1, CIP wrote: Gaz wrote: I use Windows XP remote desktop to a home PC and connect to everything else from there. Bit of a strange set-up, but I use Internet Connection sharing on the XP box and all the routers sit behind that. I suppose the security may not be wonderful?? No it isnt unless you have put some work into the security of this machine. but to be honest I don't care. The XP machine can be re-built in minutes (ish). It can once you realised it has been cracked. How quickly do you think you can spot that it has happened? Are you also volunteering your time and money to fix any systems that are attacked from your machine? Peter Walker PS. Sorry if I seem a bit harsh, but the fact is that in my experience most 'attacks' that I have experienced originate from poorly secured machines that people have foolishly placed on the net. I agree with you, Peter. Recently I was at a conference with some security gurus. They were working on a system for ISPs to automatically notice and report to each other security problems. The system required the ISP to have an automomous system number. I pointed out that some ISPs don't have such a thing. There are still quite a few small ISPs that depend on other ISPs who depend on other ISPs, etc. The gurus sort of laughted at me. But really, a lot of the attacks are going to come from Grandma's PC that Grandson forgot to secure when he set up an ISP in his bedroom. If that's a bit extreme, I would also say that a lot of attacks are going to come from compromised computers behind cable or DSL modems, where the slightly larger ISP didn't stress security enough either. That's my $0.02 anyway. Comments?? Priscilla Oppenheimer Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54902t=54768 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CiscoWorks2000 and snmp problems [7:54865]
I had this problem several weeks ago. I removed MIB ciscoEntityAssetMIB from CiscoWorks. Check out CSCdu55091 on CCO. Or you can configure the following on your routers: snmp-server view cutdown ciscoEntityAssetMIB excluded snmp-server community public view cutdown RO snmp-server community private view cutdown RW Hope this helps, Stephanie bi.s wrote:hi, i am interested if there is someone using cw2k and has c7200 vxr with npe-400. do you have problems with snmp on the routers? on other routers? it looks like there is a problem with snmp causing high cpu on routers and bringing the network down. has someone this problems? how did you solve them? ios upgrading doesnt help and the cisco case was closed without a fix. is snmp-server view cutdown an option (http://www.cisco.com/warp/public/477/SNMP/ipsnmphighcpu.shtml). any experiences with that? thanks -bis Do you Yahoo!? New DSL Internet Access from SBC Yahoo! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54890t=54865 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Fluke one touch Network assistant and RCS SafeNet software [7:54887]
If you attached the Fluke to a switched port then it will only see network traffic destined to the device on that port and multicast/broadcast traffic. It would seem than that your broadcast traffic is 0.8% of your available bandwidth, 80% of your 1% utilization. That seems reasonable, I'd look elsewhere for the problem. One option if your equipment supports it would be to span the vlan traffic to a port and plug the fluke into the spanned port. Depending on you network design you still may only see a subset of your traffic. Philip -Original Message- From: Sim, CT (Chee Tong) [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 6:35 AM To: [EMAIL PROTECTED] Subject: Fluke one touch Network assistant and RCS SafeNet software [7:54860] Hi... Recently we found that LAN is getting slower and I used Fluke One Touch Network Assistant to check the health of network. And it gave me the following. Utilization 1% Error 0 % Collision 0% Broadcast 80 % IP 48% Station 250 % Do you think the fluke output indicate that our network got problem? The broadcast portion is quite high and I tried to find out which pc contribute to the broadcast, it gave me PC-A 6% PC-B 6 PC-C 6% PC-D 6% PC-E 6% PC-F 6% PC-G 6% PC-H 6% PC-I 6% All the PC that listed are installed with RCS software, when we uninstalled RCS from the PC, the PC's broadcast will be gone. Why RCS caused the broadcast, I am not sure whether it is the cause of our network slowness or not. Any idea? Thanks in advanced Sim == De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. == The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. == Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54887t=54887 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
QDM on 7200VXR [7:54903]
Greetings all, I'm playing with QDM 2.1 on a 7200VXR with IOS 12.2(12). When I launch qdm from my browser (IE 6.0) is takes for every to complete loading, any ideas? Thanks...Nabil I have never let my schooling interfere with my education. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54903t=54903 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Neebie to list, need help [7:54904]
Hi All, I am in need of some help. Can anyone tell me what drops mean when I issue a show interface on a Cisco router? Is this something bad and if so what can I do to fix it? Serial0/0 is up, line protocol is up Hardware is DSCC4 with integrated T1 CSU/DSU Description: LINK TO UUNET MTU 1500 bytes, BW 1536 Kbit, DLY 2 usec, reliability 255/255, txload 18/255, rxload 64/255 Encapsulation FRAME-RELAY IETF, loopback not set Keepalive set (10 sec) LMI enq sent 145889, LMI stat recvd 145889, LMI upd recvd 0, DTE LMI up LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0 LMI DLCI 0 LMI type is ANSI Annex D frame relay DTE Broadcast queue 0/64, broadcasts sent/dropped 0/0, interface broadcasts 0 Last input 00:00:03, output 00:00:04, output hang never Last clearing of show interface counters 2w2d Queueing strategy: fifo Output queue 0/40, 516 drops; input queue 0/75, 999 drops 5 minute input rate 389000 bits/sec, 68 packets/sec 5 minute output rate 113000 bits/sec, 64 packets/sec 21344933 packets input, 3254757193 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 1 input errors, 0 CRC, 1 frame, 0 overrun, 0 ignored, 0 abort 27242775 packets output, 1682958597 bytes, 0 underruns 0 output errors, 0 collisions, 3 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up I am experiencing a lot of latency on the network and I am starting to troubleshoote to see what could be causing it. I noticed that on this link the inbound rate tends to spike to full line rate which may be the cause but not sure yet. Thanks. Kerpal Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54904t=54904 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF for ISPs [7:54540]
Hey Daren, For single homed customers, that makes a lot of sense. I suppose I was speaking more to the situations where a customer my want to dynamically advertise reachability to their provider(s) At 04:32 PM 10/4/2002 +, Daren Presbitero wrote: What about using default routes at the customer sites? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Peter van Oene Sent: Friday, October 04, 2002 5:17 AM To: [EMAIL PROTECTED] Subject: Re: OSPF for ISPs [7:54540] At 07:12 PM 9/30/2002 +, MADMAN wrote: Interesting. I don't work for an ISP bt have worked with many and I have only ran into one that ran an IGP with it's customers and I was suprised. My ancedotal evidence suggests that the vast majority either run BGP or statics to announce customer networks. I know there are plenty of ISP engineers out there and can confirm/rip my conjecture ;) Dave Best practises would dictate the use of static or a distance vector variant IGP for customer connections. The lack of import filtering capability in Link State protocols presents a very dangerous situation for the ISP. In general, ISP's are very paranoid about customers (and peers/providers alike) and take all means necessary to protect themselves from misbehaving external peers (IP peers in this general case) BGP naturally provides the most policy rich tool set for those applications where static routing will not suffice. I find RIP to be a comfortable variant for those multihomed customers who simply will not turn up BGP, though I'd still prefer to have the BGP discussion one last time with them prior to doing using it. Of course, linking one's main IGP to a customers is a really silly idea which I think everyone grasps ;) Mike Bernico wrote: I'm not sure I'm in complete agreement. The network I work for has several distribution routers that contain around 1000 T1 speed customers. If we were to static route each of their networks it would add about 1000 to 1500 lines of router configuration to the router. That would definately add to our maintenance and provisioning work and make troubleshooting harder on our techs. While I agree statics are probably the most stable way, I'm not sure it's necessarily the best way to aggrigate high volumes of customers. We currently use EIGRP at the edge with the stub command, OSPF or IS-IS would work just as well. Regardless, we would never let our IGP, that extends to the CE router, touch their IGP. About 98% of our customers are not BGP customers though. YMMV Mike --- Mike Bernico [EMAIL PROTECTED] Illinois Century Network http://www.illinois.net (217) 557-6555 -Original Message- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 11:37 AM To: [EMAIL PROTECTED] Subject: Re: OSPF for ISPs [7:54540] At 2:58 PM + 9/30/02, Don wrote: Rather than run OSPF to customers, it is generally much better to have them use a default route to the ISP and for the ISP to run static routes to the customer. OSPF to the customer is a huge land mine for the ISP and should be avoided in almost every case. Don I agree completely with Don that an ISP _never_ should link its IGP to that of the customer. Don't fall into the trap of assuming that BGP needs a full routing table or will consume excessive resources. I remain confused why a default route wouldn't serve, unless there are multiple connections between the ISP and customer. By send the block to the customer, do you mean the block is in the customer's space? You could certainly use a second static route, which can be generated automatically as part of your address assignment (see my NANOG presentation, http://www.nanog.org/mtg-9811/ppt/berk/index.htm). If that's not appropriate, have the customer announce his two blocks to you with BGP and receive default from your BGP. Chris Headings wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Good morning all. I was wondering if someone could lend me a little help about engineering OSPF in the backbone for an ISP network. I just had a couple of questions and hopefully someone can give me some guidance.or even some CCO links with some specific examples or better yet any material anywhere. Say, for example, that a customer has a small block of IP's and a distribution router knows where that block is, via a connected route, like a /30 on a serial link. But later down the line the customer requests an additional block of 64 IP addresses, what is the best way to send this block to the customer? Do I need to run OSPF on the customer
Re: Dual CCIE and Recertification [7:54799]
You can do it and you will get cumulative points towards a third CCIE !!! Jim Haynes wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I know if you have one CCIE and pass a second one it counts as recertifiying, however does this mean you would have to recertify both in the future by taking the written for each one, For example, Security and Rs? Jim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54906t=54799 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access List Change [7:54901]
just a quick comment or two. you are writing as if you need to do something on your routers other than change the gateway of last resort. ip route 0.0.0.0 0.0.0.0 goes where? without getting into the intricacies, if you are introducing a new firewall into the europe domain, your router should have a default route pointing to the inside address of the firewall. no other configuration is required. the firewall does all the filtering. no access lists. etc. at least not as related to firewall stuff. your router would redistribute the default route information, or not, as needed. your hosts would use the particular router as their default gateway. if you are using your router as the firewall, then I have to ask - what happens if that device is compromised - do you really want some hacker to then be in the middle of your network? -- www.chuckslongroad.info like my web site? take the survey! CTM CTM wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello all, Continuing my quest to unravel that which was left behind, I am now at the following conclusion: Europe is on subnet 172.29.30.0 U.S. is on subnet 192.168.100.0 Europe office has a 512k portal to the internet, public IP gateway being 1.2.3.4 (made up of course, is in 217.x.x.x range) U.S. public IP is 6.7.8.9 However, it has been configured for all Europe internet traffic to be routed through U.S. office (for purposes of going through a firewall, which wasn't in place anyways). This has left Europe office with effective internet speeds of Now I want them to use their own internet portal and I believe I need to reconfigure access lists to allow it. Here are my lists: ip nat inside source list 101 interface Ethernet0 overload ip kerberos source-interface any ip classless ip route profile ip route 0.0.0.0 0.0.0.0 1.2.3.4 ip route 172.29.40.0 255.255.255.0 192.168.100.15 ip http server ! access-list 100 permit ip 172.29.30.0 0.0.0.255 6.7.8.9 0.0.0.31 access-list 100 permit ip 172.29.30.0 0.0.0.255 192.168.100.0 0.0.0.255 access-list 101 deny ip 172.29.30.0 0.0.0.255 6.7.8.9 0.0.0.31 access-list 101 deny ip 172.29.30.0 0.0.0.255 192.168.100.0 0.0.0.255 access-list 101 permit ip 172.29.30.0 0.0.0.255 any interface Ethernet0 description connected to Internet ip address 1.2.3.5 255.255.255.248 gateway ip nat outside no ip route-cache no ip mroute-cache half-duplex crypto map cm-cryptomap And here's what I *think* I need to do: no ip route 0.0.0.0 0.0.0.0 1.2.3.4 ip route 172.29.30.0 255.255.255.0 1.2.3.4 access-list 100 permit ip 172.29.30.0 0.0.0.255 1.2.3.4 For the last line I would actually need to clear all access lists ( no access-list 100. is the command?) and then reenter to preserve the order? Does it sound like I'm close to what I need to do? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54907t=54901 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Neebie to list, need help [7:54904]
in line ( like the skates ) below -- Kerpal.Abdar wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi All, I am in need of some help. Can anyone tell me what drops mean when I issue a show interface on a Cisco router? Is this something bad and if so what can I do to fix it? Serial0/0 is up, line protocol is up Hardware is DSCC4 with integrated T1 CSU/DSU Description: LINK TO UUNET MTU 1500 bytes, BW 1536 Kbit, DLY 2 usec, reliability 255/255, txload 18/255, rxload 64/255 Encapsulation FRAME-RELAY IETF, loopback not set Keepalive set (10 sec) LMI enq sent 145889, LMI stat recvd 145889, LMI upd recvd 0, DTE LMI up LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0 LMI DLCI 0 LMI type is ANSI Annex D frame relay DTE Broadcast queue 0/64, broadcasts sent/dropped 0/0, interface broadcasts 0 Last input 00:00:03, output 00:00:04, output hang never Last clearing of show interface counters 2w2d Queueing strategy: fifo Output queue 0/40, 516 drops; input queue 0/75, 999 drops CL: it means that your buffers are overflowing and therefore dropping packets. not a lot. and to judge from your traffic, it's no big deal. CL: what you may want to do is issue a clear counters cokmmand, and then periodically check, and maybe keep a chart. I can't tell from the output here over how long a period of time this has been happening. 5 minute input rate 389000 bits/sec, 68 packets/sec 5 minute output rate 113000 bits/sec, 64 packets/sec 21344933 packets input, 3254757193 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 1 input errors, 0 CRC, 1 frame, 0 overrun, 0 ignored, 0 abort 27242775 packets output, 1682958597 bytes, 0 underruns 0 output errors, 0 collisions, 3 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up I am experiencing a lot of latency on the network and I am starting to troubleshoote to see what could be causing it. I noticed that on this link the inbound rate tends to spike to full line rate which may be the cause but not sure yet. Thanks. Kerpal Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54908t=54904 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ADSL Vs. SDSL [7:54909]
I have 2 Verizon DSL lines, one is 1.5M down/128k up. The second is 768k/768k up and down. They both have dynamic IPs. My question is; Are these both ADSL lines? My boss thinkins the one 768k/768k is SDSL. I dont think it is, first of all, both lines have the same modem. If the one like was ADSL, and the other was SDSL there would be a different kind of modem. Or does SDSL require a modem at all? These are both Verizon lines, but i am confused on the naming. On my order it says they are both ADSL lines. Any input would be appreciated, is my boss right, or am I right? According to verizon's website ( I don't take this as the final word however) What is the difference between DSL technologies such as SDSL, ADSL, IDSL, etc.? Most small businesses are connected to an asymmetric (ADSL) line. ADSL matches the Internet utilization of most users by providing higher downstream capacity for browsing or downloading. Symmetric DSL (SDSL) is a variation of ADSL, but provides the user with the same speed for both downstream and upstream applications. Verizon Online Business DSL portfolio of DSL speeds provides our Business customers with solutions that meet their specific Internet application needs. Ok that being said, why can i use the same modem on the ADSL line and the SDSL line. Why do they make specific modems for SDSL if they are both the same technology? Thanks, Brian Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54909t=54909 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Route-map question (urgent) [7:54910]
Greetings, Need help with a route-map question. I need to force all http traffic to go to 10.10.10.141 address, does my config below allow me to do just that? access-list extended 101 permit tcp any host 10.10.10.141 eq 80 access-list extended 101 permit ip any any route-map http_traffic permit 10 match ip address 101 int fa2/0 (10.10.10.141 address is behind this interface) ip policy route-map http_traffic Thanks...Nabil I have never let my schooling interfere with my education. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54910t=54910 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Route-map question (urgent) [7:54910]
what you have will end up sending ALL traffic to . well to nowhere, since you have no set statement. -- www.chuckslongroad.info like my web site? take the survey! wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Greetings, Need help with a route-map question. I need to force all http traffic to go to 10.10.10.141 address, does my config below allow me to do just that? access-list extended 101 permit tcp any host 10.10.10.141 eq 80 access-list extended 101 permit ip any any route-map http_traffic permit 10 match ip address 101 int fa2/0 (10.10.10.141 address is behind this interface) ip policy route-map http_traffic Thanks...Nabil I have never let my schooling interfere with my education. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54911t=54910 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CiscoWorks2000 and snmp problems [7:54865]
Yes it took care of the issue for this customer, my guess would be that SNMP is grabbing some large table it doesn't need. Dave bi.s wrote: MADMAN wrote: Yes that URL is exactly what I sent to a customer many months ago when they had the same problem. SNMP would request the whole routing table, they are receiving the whole Internet routing table, which caused their 7200 CPU utilization to max out. There should be no reason the grab this table via SNMP so cutdown will help you if this is similiar to your scenerio. hi dave, thanks for your answer. did it help your customer? my problem is not really getting the routing table (i guess). this happened while trying to update the inventory. and it looks like only the c7200 are affected... but being route-reflectors this is enough... thanks for your feedback -bis -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54912t=54865 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX Confusion [7:54875]
Still confused, I'm using access-lists Here's the example from cisco: static (inside, outside) 175.1.1.254 192.168.1.2 access-list 101 permit tcp host any host 192.168.1.2 eq ftp access-group 101 in interface outside Here's my questions: I'm using DHCP for my outside address, can I still PAT the port for FTP? How do I change the above static line to use the DHCP assigned address? NetEng NetEng wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a PIX 501 and get a single IP from my ISP. I would like to set up an FTP conduit, but on port 5051. I can't find any docs on how to do this. When I play around it it states that I have to change my NAT rules too. I still want all inside users access outside. Any info or links are appreciated. NetEng Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54913t=54875 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access List Change [7:54901]
Hi, The router was purchased along with the Cisco firewall software license. I figured to implement that? Otherwise I could put ISA on the server out there. The security concerns are duly noted, and I won't leave the office on public until addressed. That being said; to get them to use their own internet portal direct I would do a: ip route 172.29.30.0 255.255.255.0 1.2.3.4 and do a: no ip route 0.0.0.0 0.0.0.0 is that correct? BTW, and don't laugh, I put in that last route chasing down a CPU utilization issue. The router was typically at 34% utilization. Doing some research and I found that maybe packets to unclaimed addressed were looping between internal network and ISP, and that line would throw them in the bit bucket. So that was way out in left field wasn't it. I did solve the utilization issue; there was an unused ADSL module, when I had that pulled it went down to normal. Chuck's Long Road wrote: just a quick comment or two. you are writing as if you need to do something on your routers other than change the gateway of last resort. ip route 0.0.0.0 0.0.0.0 goes where? without getting into the intricacies, if you are introducing a new firewall into the europe domain, your router should have a default route pointing to the inside address of the firewall. no other configuration is required. the firewall does all the filtering. no access lists. etc. at least not as related to firewall stuff. your router would redistribute the default route information, or not, as needed. your hosts would use the particular router as their default gateway. if you are using your router as the firewall, then I have to ask - what happens if that device is compromised - do you really want some hacker to then be in the middle of your network? -- www.chuckslongroad.info like my web site? take the survey! CTM CTM wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello all, Continuing my quest to unravel that which was left behind, I am now at the following conclusion: Europe is on subnet 172.29.30.0 U.S. is on subnet 192.168.100.0 Europe office has a 512k portal to the internet, public IP gateway being 1.2.3.4 (made up of course, is in 217.x.x.x range) U.S. public IP is 6.7.8.9 However, it has been configured for all Europe internet traffic to be routed through U.S. office (for purposes of going through a firewall, which wasn't in place anyways). This has left Europe office with effective internet speeds of Now I want them to use their own internet portal and I believe I need to reconfigure access lists to allow it. Here are my lists: ip nat inside source list 101 interface Ethernet0 overload ip kerberos source-interface any ip classless ip route profile ip route 0.0.0.0 0.0.0.0 1.2.3.4 ip route 172.29.40.0 255.255.255.0 192.168.100.15 ip http server ! access-list 100 permit ip 172.29.30.0 0.0.0.255 6.7.8.9 0.0.0.31 access-list 100 permit ip 172.29.30.0 0.0.0.255 192.168.100.0 0.0.0.255 access-list 101 deny ip 172.29.30.0 0.0.0.255 6.7.8.9 0.0.0.31 access-list 101 deny ip 172.29.30.0 0.0.0.255 192.168.100.0 0.0.0.255 access-list 101 permit ip 172.29.30.0 0.0.0.255 any interface Ethernet0 description connected to Internet ip address 1.2.3.5 255.255.255.248 above public gateway ip nat outside no ip route-cache no ip mroute-cache half-duplex crypto map cm-cryptomap And here's what I *think* I need to do: no ip route 0.0.0.0 0.0.0.0 1.2.3.4 ip route 172.29.30.0 255.255.255.0 1.2.3.4 access-list 100 permit ip 172.29.30.0 0.0.0.255 1.2.3.4 For the last line I would actually need to clear all access lists ( no access-list 100. is the command?) and then reenter to preserve the order? Does it sound like I'm close to what I need to do? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54914t=54901 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Extended Vlan across Wan [7:54866]
Part of the complicated image probably harkens back to early ATM campus applications, pre 100BaseT. As you mention the configuration of ATM is very similiar to frame though you need to shape your ATM traffic assuming a non UBR PVC or your goodput will be unacceptable. For whatever reason Cisco does not take into account the ATM overhead when calculating your shaping parameters, i.e. if your shaping a 5M pipe subtract %10, police at 4.5M for aal5snap. Now LANE I think is primarily where ATM configuration/ especially troubleshooting fear comes from, just say no to LANE! If you simplt want to extend a few VLANs over your ATM and you have LANE cards and an RSM/MSFC you can bind the PVCs to the VLAN to extend a VLAN/s across ATM. Dave Chuck's Long Road wrote: This thread brings to mind a question I've had for a while. It appears sometimes that a lot of people think ATM is difficult to understand, implement, support. Why is it that? My ( albeit limited ) exposure to ATM from the customer side is that ATM is basically every bit as easy to set up and run on your typical WAN as frame relay. Yes there are some additional bells and whistles which can become complex as you do more complex things. And obviously, complex corporate networks might make use of a lot more ATM specific features. But in general, you set up the PVC's, configure the IP address ( or enable bridging ) and do everything else pretty much the same was as you do with frame relay. Any thoughts? Chuck -- TANSTAAFL there ain't no such thing as a free lunch M.C. van den Bovenkamp wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Daren Presbitero wrote: Couldn't you bridge the VLAN's into an ATM 1483 bridged PVC, point to point across the WAN at both ends? That's how I did it when I had the need. Regards, Marco. -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54915t=54866 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Route-map question (urgent) [7:54910]
The second access-lists statement says to do the action in the route map with all traffic. From what I undertood you do not want that. Greetings, Need help with a route-map question. I need to force all http traffic to go to 10.10.10.141 address, does my config below allow me to do just that? access-list extended 101 permit tcp any host 10.10.10.141 eq 80 access-list extended 101 permit ip any any route-map http_traffic permit 10 match ip address 101 int fa2/0 (10.10.10.141 address is behind this interface) ip policy route-map http_traffic Thanks...Nabil I have never let my schooling interfere with my education. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54916t=54910 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX Confusion [7:54875]
Here's my config access-list 101 permit icmp any any echo-reply access-list 101 permit icmp any any source-quench access-list 101 permit icmp any any unreachable access-list 101 permit icmp any any time-exceeded access-list 101 permit tcp any host 192.168.1.2 eq ftp access-list 101 permit tcp any host 192.168.1.2 eq www access-list 101 permit tcp any any eq www pager lines 24 interface ethernet0 10baset interface ethernet1 10full mtu outside 1500 mtu inside 1500 ip address outside dhcp setroute ip address inside 192.168.1.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) tcp interface ftp 192.168.1.2 ftp netmask 255.255.255.255 0 0 static (inside,outside) tcp interface www 192.168.1.2 www netmask 255.255.255.255 0 0 access-group 101 in interface outside I can ping OK, but cant access web or ftp from outside. NetEng wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a PIX 501 and get a single IP from my ISP. I would like to set up an FTP conduit, but on port 5051. I can't find any docs on how to do this. When I play around it it states that I have to change my NAT rules too. I still want all inside users access outside. Any info or links are appreciated. NetEng Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54918t=54875 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ADSL Vs. SDSL [7:54909]
The information afterwards is not my words. I got it off of www.examnotes.net. It was written by a guy that frequents their forums who works in the telecom industry, doing work related to WAN type installations, including DSL. Here's what he said about the subject: ADSL. Asymmetric Digital Subscriber Line. A term for one-way T1 transmission of signals to the home over the plain old, single twisted-pair wiring already going to homes. ADSL modems attach to twisted pair copper wiring. ADSL is often provisioned with greater downstream than upstream rates (hence asymmetric). These rates are dependent on the distance a user is from the central office and may vary from as high as 9 Mbps to as low as 384 Kbps. HDSL. High bit-rate Digital Subscriber Line. The oldest of the DSL technologies, HDSL continues to be used by telephone companies deploying T1 lines at 1.5 Mbps and requires two twisted pairs. IDSL. ISDN Digital Subscriber Line. IDSL provides up to 144-Kbps transfer rates in each direction and can be provisioned on any ISDN capable phone line. Unlike ADSL and other DSL technologies, IDSL can be deployed regardless of the distance the user is from the central office. RADSL. Rate Adaptive Digital Subscriber Line. Using modified ADSL software, RADSL makes it possible for modems automatically and dynamically to adjust their transmission speeds. This often allows for good data rates for customers residing greater distances from the CO. SDSL. Single-line Digital Subscriber Line or Symmetric Digital Subscriber Line. A modified HDSL software technology, SDSL is intended to provide 1.5 Mbps in both directions over a single twisted pair. However, the distance over which this can be achieved is less than 8,000 feet. VDSL. Very high-rate Digital Subscriber Line. The newest of the DSL technologies, VDSL can offer speeds up to 25 Mbps downstream and 3 Mbps upstream. Similar to SDSL, the gain in speed can be achieved only at short distances. These maximum speeds can be achieved only up to 1,000 feet. Sometimes also called broadband digital subscriber line (BDSL). xDSL. A generic term for the suite of digital subscriber line (DSL) services, where the x can be replaced with any of a number of letters. See also DSL, ADSL, HDSL, IDSL, MDSL, RADSL, SDSL, VDSL. Brian Zeitz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have 2 Verizon DSL lines, one is 1.5M down/128k up. The second is 768k/768k up and down. They both have dynamic IPs. My question is; Are these both ADSL lines? My boss thinkins the one 768k/768k is SDSL. I dont think it is, first of all, both lines have the same modem. If the one like was ADSL, and the other was SDSL there would be a different kind of modem. Or does SDSL require a modem at all? These are both Verizon lines, but i am confused on the naming. On my order it says they are both ADSL lines. Any input would be appreciated, is my boss right, or am I right? According to verizon's website ( I don't take this as the final word however) What is the difference between DSL technologies such as SDSL, ADSL, IDSL, etc.? Most small businesses are connected to an asymmetric (ADSL) line. ADSL matches the Internet utilization of most users by providing higher downstream capacity for browsing or downloading. Symmetric DSL (SDSL) is a variation of ADSL, but provides the user with the same speed for both downstream and upstream applications. Verizon Online Business DSL portfolio of DSL speeds provides our Business customers with solutions that meet their specific Internet application needs. Ok that being said, why can i use the same modem on the ADSL line and the SDSL line. Why do they make specific modems for SDSL if they are both the same technology? Thanks, Brian Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54917t=54909 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Sniffing Async/Serial Ports on the Router [7:54919]
Hi group, I am looking for a solution to monitor/sniff the traffic on Serial/Async ports. Any suggestions would be appreciated, Hamid Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54919t=54919 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Extended Vlan across Wan [7:54866]
Chuck, I agree with you. I worked for FORE Systems doing nothing but ATM to the desktop for 4 years before moving to a company with all cisco. Not much harder to understand, as long as you understand basic networking fundamentals and the fact that these are just 2 different technologies that have their place in the network. Daren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Chuck's Long Road Sent: Friday, October 04, 2002 7:28 AM To: [EMAIL PROTECTED] Subject: Re: Extended Vlan across Wan [7:54866] This thread brings to mind a question I've had for a while. It appears sometimes that a lot of people think ATM is difficult to understand, implement, support. Why is it that? My ( albeit limited ) exposure to ATM from the customer side is that ATM is basically every bit as easy to set up and run on your typical WAN as frame relay. Yes there are some additional bells and whistles which can become complex as you do more complex things. And obviously, complex corporate networks might make use of a lot more ATM specific features. But in general, you set up the PVC's, configure the IP address ( or enable bridging ) and do everything else pretty much the same was as you do with frame relay. Any thoughts? Chuck -- TANSTAAFL there ain't no such thing as a free lunch M.C. van den Bovenkamp wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Daren Presbitero wrote: Couldn't you bridge the VLAN's into an ATM 1483 bridged PVC, point to point across the WAN at both ends? That's how I did it when I had the need. Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54920t=54866 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sniffing Async/Serial Ports on the Router [7:54919]
You can use sniffer with appropiate POD to tap a Serial line (PPP, HDLC, Frame, etc). This costs $ though. Theres other vendors with similar products (agilent, etc). If your looking to monitor terminal (reverse telnet like traffic) theres a async monitor command starting with 12.2(4)T or 8T if I recall. Haven't used it myself though but you can also sniff this traffic with a ethernet sniffer as it's telnet and in the clear. --- Hamid Ali Asgari wrote: Hi group, I am looking for a solution to monitor/sniff the traffic on Serial/Async ports. Any suggestions would be appreciated, Hamid [EMAIL PROTECTED] __ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos More http://faith.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54921t=54919 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Extended Vlan across Wan [7:54866]
I think some people tend to be intimidated by ATM more than by frame relay because it is more expensive to get into a home lab and most of us are less likely to have a job configuring ATM on a regular basis than configuring frame relay on a regular basis. Yes, I know you can get ATM in your lab with 7000s and a non-Cisco switch at an almost-reasonable price, but it's still a bit much too much money, bulk and noise and power consumption. Tom Larus, CCIE #10,014 Daren Presbitero wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Chuck, I agree with you. I worked for FORE Systems doing nothing but ATM to the desktop for 4 years before moving to a company with all cisco. Not much harder to understand, as long as you understand basic networking fundamentals and the fact that these are just 2 different technologies that have their place in the network. Daren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Chuck's Long Road Sent: Friday, October 04, 2002 7:28 AM To: [EMAIL PROTECTED] Subject: Re: Extended Vlan across Wan [7:54866] This thread brings to mind a question I've had for a while. It appears sometimes that a lot of people think ATM is difficult to understand, implement, support. Why is it that? My ( albeit limited ) exposure to ATM from the customer side is that ATM is basically every bit as easy to set up and run on your typical WAN as frame relay. Yes there are some additional bells and whistles which can become complex as you do more complex things. And obviously, complex corporate networks might make use of a lot more ATM specific features. But in general, you set up the PVC's, configure the IP address ( or enable bridging ) and do everything else pretty much the same was as you do with frame relay. Any thoughts? Chuck -- TANSTAAFL there ain't no such thing as a free lunch M.C. van den Bovenkamp wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Daren Presbitero wrote: Couldn't you bridge the VLAN's into an ATM 1483 bridged PVC, point to point across the WAN at both ends? That's how I did it when I had the need. Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54922t=54866 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Neebie to list, need help [7:54904]
the tx/rx loads aren't that great and as it is a t-1 interface the amount of traffic isn't that great. the thing of interest is the interface description - link to uuwho. they have been having significant latency issues. the url may not make it but i posted it below. it describes some of their travails. we use them as well and have seen similar problems yesterday and today. nothing to troubleshoot but you do need to let your users know what is going on with the provider. here is the url http://www.matrixnetsystems.com/ea/advisories/20021003_instant_alert.jsp hope it helps. - Original Message - From: Chuck's Long Road To: Sent: Friday, October 04, 2002 3:29 PM Subject: Re: Neebie to list, need help [7:54904] in line ( like the skates ) below -- Kerpal.Abdar wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi All, I am in need of some help. Can anyone tell me what drops mean when I issue a show interface on a Cisco router? Is this something bad and if so what can I do to fix it? Serial0/0 is up, line protocol is up Hardware is DSCC4 with integrated T1 CSU/DSU Description: LINK TO UUNET MTU 1500 bytes, BW 1536 Kbit, DLY 2 usec, reliability 255/255, txload 18/255, rxload 64/255 Encapsulation FRAME-RELAY IETF, loopback not set Keepalive set (10 sec) LMI enq sent 145889, LMI stat recvd 145889, LMI upd recvd 0, DTE LMI up LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0 LMI DLCI 0 LMI type is ANSI Annex D frame relay DTE Broadcast queue 0/64, broadcasts sent/dropped 0/0, interface broadcasts 0 Last input 00:00:03, output 00:00:04, output hang never Last clearing of show interface counters 2w2d Queueing strategy: fifo Output queue 0/40, 516 drops; input queue 0/75, 999 drops CL: it means that your buffers are overflowing and therefore dropping packets. not a lot. and to judge from your traffic, it's no big deal. CL: what you may want to do is issue a clear counters cokmmand, and then periodically check, and maybe keep a chart. I can't tell from the output here over how long a period of time this has been happening. 5 minute input rate 389000 bits/sec, 68 packets/sec 5 minute output rate 113000 bits/sec, 64 packets/sec 21344933 packets input, 3254757193 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 1 input errors, 0 CRC, 1 frame, 0 overrun, 0 ignored, 0 abort 27242775 packets output, 1682958597 bytes, 0 underruns 0 output errors, 0 collisions, 3 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up I am experiencing a lot of latency on the network and I am starting to troubleshoote to see what could be causing it. I noticed that on this link the inbound rate tends to spike to full line rate which may be the cause but not sure yet. Thanks. Kerpal Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54923t=54904 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access List Change [7:54901]
I just lost a major reply that I had composed due to a computer lockup. So shorter reply this time. The static route that your European router has is correct as it is. It takes all traffic for which it doesn't have an explicit route and passes it out to the Internet. I'm assuming that the ip address 1.2.3.4 is a valid address of an interface on your European ISPs router. So all traffic to the Internet from your European office goes to their local European ISP. Look at the syntax of a static route. Destination network, netmask to determine what bits identify the network, egress port. The first 0.0.0.0 means all networks. The second 0.0.0.0 means all hosts. 1.2.3.4 seems to be your European ISP. ip route 0.0.0.0 0.0.0.0 1.2.3.4 is a good default route. If you were to use 172.29.30.0 255.255.255.0 1.2.3.4 you would be telling your router to find its LAN network out on the Internet. The router knows better. It already has that network shown as directly connected. Do a show ip route to verify. Your statement that However, it has been configured for all Europe internet traffic to be routed through U.S. office ... doesn't agree with the configuration. Access-list 100 would have to send all traffic over the VPN. It doesn't. To verify that, check the path that traffic to the Internet takes from your remote office. From the DOS Prompt of a European PC ping a web site such as Cisco. ping cisco.com. You should get a reply like 198.133.219.25. Again from the DOS Prompt do a tracert to that address. It should display the intermediate routers. I'll bet that traffic from Europe goes out that router to the local ISP. No time to repeat my lost sermon on named access-lists. Access-list 100 defines traffic that is allowed to traverse the VPN. Access-list 101 specifies that traffic bound for the VPN tunnel should not be NATed. All other traffic (to the ip nat outside interface (usually Internet)) should be NATed. For every permit statement in 100 there should be a corresponding deny in 101. 101 in addition then permits all other destinations. Here's a tutorial on access-lists http://www.nwc.com/907/907ws1.html Be extremely careful about changing access-lists in the European router. If you edit 100 you will take the VPN down. Not good if you are connected via that VPN. Telnet to the 217.x.x.x interface of the European router from your local router. Consider using the reload in command. I've mentioned it previously. Look it up in the Cisco documentation on www.cisco.com The Firewall feature set can be used on a router with NAT and with VPNs. Not trivial. It would be good to remove the ip http server line. Let us know your progress. May I suggest that you purchase a few books. You may only need a small bit of it; but Routing TCP/IP Vol 1 by Jeff Doyle is a classic. Cisco Access Lists Field Guide by Held and Hundley is quite good. It's also all on CCO - you just have to find it. Start under Service and Support and go to the TAC page. Look under each major area. Drill down just to see what's there. -Original Message- From: CTM CTM [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 3:10 PM To: [EMAIL PROTECTED] Subject: Re: Access List Change [7:54901] Hi, The router was purchased along with the Cisco firewall software license. I figured to implement that? Otherwise I could put ISA on the server out there. The security concerns are duly noted, and I won't leave the office on public until addressed. That being said; to get them to use their own internet portal direct I would do a: ip route 172.29.30.0 255.255.255.0 1.2.3.4 and do a: no ip route 0.0.0.0 0.0.0.0 is that correct? BTW, and don't laugh, I put in that last route chasing down a CPU utilization issue. The router was typically at 34% utilization. Doing some research and I found that maybe packets to unclaimed addressed were looping between internal network and ISP, and that line would throw them in the bit bucket. So that was way out in left field wasn't it. I did solve the utilization issue; there was an unused ADSL module, when I had that pulled it went down to normal. Chuck's Long Road wrote: just a quick comment or two. you are writing as if you need to do something on your routers other than change the gateway of last resort. ip route 0.0.0.0 0.0.0.0 goes where? without getting into the intricacies, if you are introducing a new firewall into the europe domain, your router should have a default route pointing to the inside address of the firewall. no other configuration is required. the firewall does all the filtering. no access lists. etc. at least not as related to firewall stuff. your router would redistribute the default route information, or not, as needed. your hosts would use the particular router as their default gateway. if you are using your router as the firewall, then I have to ask - what happens if that
Re: Extended Vlan across Wan [7:54866]
Thomas Larus wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I think some people tend to be intimidated by ATM more than by frame relay because it is more expensive to get into a home lab and most of us are less likely to have a job configuring ATM on a regular basis than configuring frame relay on a regular basis. Yes, I know you can get ATM in your lab with 7000s and a non-Cisco switch at an almost-reasonable price, but it's still a bit much too much money, bulk and noise and power consumption. CL: that's one of the downsides of my job. I'm selling a lot more ATM related things, and generally I am responsible for writing the configurations. I have no way of mocking up customer ATM networks in my own lab, so I have to rely on the basics of frame relay. well, now I know enough QoS stuff to be dangerous. ;- Tom Larus, CCIE #10,014 Daren Presbitero wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Chuck, I agree with you. I worked for FORE Systems doing nothing but ATM to the desktop for 4 years before moving to a company with all cisco. Not much harder to understand, as long as you understand basic networking fundamentals and the fact that these are just 2 different technologies that have their place in the network. Daren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Chuck's Long Road Sent: Friday, October 04, 2002 7:28 AM To: [EMAIL PROTECTED] Subject: Re: Extended Vlan across Wan [7:54866] This thread brings to mind a question I've had for a while. It appears sometimes that a lot of people think ATM is difficult to understand, implement, support. Why is it that? My ( albeit limited ) exposure to ATM from the customer side is that ATM is basically every bit as easy to set up and run on your typical WAN as fra me relay. Yes there are some additional bells and whistles which can become complex as you do more complex things. And obviously, complex corporate networks might make use of a lot more ATM specific features. But in general, you set up the PVC's, configure the IP address ( or enable bridging ) and do everything else pretty much the same was as you do with frame relay. Any thoughts? Chuck -- TANSTAAFL there ain't no such thing as a free lunch M.C. van den Bovenkamp wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Daren Presbitero wrote: Couldn't you bridge the VLAN's into an ATM 1483 bridged PVC, point to point across the WAN at both ends? That's how I did it when I had the need. Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54925t=54866 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
