Re: PPP Multilink ISDN BRI [7:56257]
Hi Doug, I've had this problem too. Try this command. isdn fast-rollover-delay Something about the router trying to redial the same number because it does recieve busy signal from switch yet instead of rolling over to next number. HTH, Dale - Original Message - From: "Doug S" To: Sent: Friday, October 25, 2002 12:05 AM Subject: PPP Multilink ISDN BRI [7:56257] > I haven't seen that any other's posters have had this problem, which makes > me think I may be missing something really basic in the configuration. Any > help is greatly appreciated > > I have MPPP configured on two routers' BRI interfaces with the load > threshold set at one, so the second b channel should come up immediately. > Two dialer maps are configured, each pointing to the same ip, using the > different dial strings of the other router's two b channels: > > host Capetown > interface BRI0 > ip address 192.168.16.3 255.255.255.0 > no ip directed-broadcast > encapsulation ppp > dialer idle-timeout 60 > dialer map ip 192.168.16.1 name SanJose1 broadcast 384010 > dialer map ip 192.168.16.1 name SanJose1 broadcast 384710 > dialer load-threshold 1 either > dialer-group 1 > isdn switch-type basic-5ess > isdn spid1 384741 384030 > isdn spid2 384742 384750 > ppp authentication chap > ppp multilink > > host SanJose1 > interface BRI0 > ip address 192.168.16.1 255.255.255.0 > no ip directed-broadcast > encapsulation ppp > dialer idle-timeout 60 > dialer map ip 192.168.16.3 name Capetown broadcast 384030 > dialer map ip 192.168.16.3 name Capetown broadcast 384750 > dialer-group 1 > isdn switch-type basic-5ess > isdn spid1 384701 384010 > isdn spid2 384702 384710 > ppp authentication chap > ppp multilink > > When a host off Capetown's E0 interface initiates traffic towards SanJose1, > the first B channel comes up, but the second B channel never does. > > I've done a lot of debugging (dialer, q931, ppp negotiation) and staring > blankly at it and I see what's happening, but I have no idea why, or how to > correct it. > > What's happening is this: > 1)Interesting traffic received > 2)Dialer dials 384010 on the first B channel > 3)Connection is made, PPP LCP, Authentication, and IPCP succeed. > 4)Multilink bundle is sucessfully created with BRI0:1 as the only member > 5)Load threshold is exceeded. > 6)Dialer AGAIN TRIES TO DIAL THE SAME NUMBER - 384010 > 7)Q931 fails - message back from the isdn switch that the called line is > busy (no surprise) > 8)Dialer tries the other number - 384710 > 9)Error message that 2 dialers are already in use, no free dialers. > (I take this to mean the dialer that originally called 384010, and the > second dialer which again tried to call 384010) > > I have successfully MANUALLY got the second B channels to join the same > multilink bundle and stay up, > > (Capetown)# isdn call int bri0:2 384710 > > so it seems to be just the one free dialer tieing itself up trying to setup > a call on the second B channel to a number that the first B channel is > already connected to. > > Thanks for any help. > > (The whole config on both routers is verbatim out of Cisco Sem 6 lab, other > than using appropriate spids and dial strings). Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56262&t=56257 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VOIP [7:56129]
Hi , You may need some basic stuff like E & M voice port modules connected to a PBX at your central site router( you can have the extensions for the users which depends upon the hardware cards available on your PBX) and also depends upon the number of voice modules on the router you will get the concurrent voice call sessions.. And if you have sites connected to your central site which also need this VOIP facility then you may need a FXS voice port modules at your client router.and configure the dial peer and dial plan for it..and with the destination pattern ( route ) And you need to plan your dial plan numbering system and use IOS later than 12.1. Probably you may refer CCO to get some more ideas. Thanks, S.Paramesh Hamed Sedighi wrote:Dear fiends, Who can send me some information about VOIP. In my Network, One of the Routers is Cisco 3661. I like to offer VOIP service by this Router(Cico 3661) but I don't have any information about VOIP service. Please let me to know about the hardwares and softwares that I need them to offering this service to my users.. Regards, Hamed Sedghi Do you Yahoo!? Y! Web Hosting - Let the expert host your web site Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56261&t=56129 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hate cisco's new site? [7:56236]
I used to bitch about the old one and am now totally screwed... I guess I'll learn to like it ;-( Tim ""sam sneed"" wrote in message news:200210241956.TAA01985@;groupstudy.com... > Am I the only one that hates Cisco's new site? I can't find anything that > I'm looking for on the there. Its driving me up the wall. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56260&t=56236 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
E & M Voice port problem [7:56259]
Hi Group, I have some of the voice ports of my 3662 router running on IOS 12.2(10) hanging and all these E & M Ports are currently in EM_PARK state.And we have asked for cisco TAC to help us,meanwhile i want to know if someone had similar problem and found some solution for it.. Pls.share your ideas. Thanks, S.Paramesh - Do you Yahoo!? Y! Web Hosting - Let the expert host your web site Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56259&t=56259 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NetIQ VoIP Manager Suite [7:56258]
Is anyone using VoIP Manager Suite to monitor VoIP ? Ryan, Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56258&t=56258 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PPP Multilink ISDN BRI [7:56257]
I haven't seen that any other's posters have had this problem, which makes me think I may be missing something really basic in the configuration. Any help is greatly appreciated I have MPPP configured on two routers' BRI interfaces with the load threshold set at one, so the second b channel should come up immediately. Two dialer maps are configured, each pointing to the same ip, using the different dial strings of the other router's two b channels: host Capetown interface BRI0 ip address 192.168.16.3 255.255.255.0 no ip directed-broadcast encapsulation ppp dialer idle-timeout 60 dialer map ip 192.168.16.1 name SanJose1 broadcast 384010 dialer map ip 192.168.16.1 name SanJose1 broadcast 384710 dialer load-threshold 1 either dialer-group 1 isdn switch-type basic-5ess isdn spid1 384741 384030 isdn spid2 384742 384750 ppp authentication chap ppp multilink host SanJose1 interface BRI0 ip address 192.168.16.1 255.255.255.0 no ip directed-broadcast encapsulation ppp dialer idle-timeout 60 dialer map ip 192.168.16.3 name Capetown broadcast 384030 dialer map ip 192.168.16.3 name Capetown broadcast 384750 dialer-group 1 isdn switch-type basic-5ess isdn spid1 384701 384010 isdn spid2 384702 384710 ppp authentication chap ppp multilink When a host off Capetown's E0 interface initiates traffic towards SanJose1, the first B channel comes up, but the second B channel never does. I've done a lot of debugging (dialer, q931, ppp negotiation) and staring blankly at it and I see what's happening, but I have no idea why, or how to correct it. What's happening is this: 1)Interesting traffic received 2)Dialer dials 384010 on the first B channel 3)Connection is made, PPP LCP, Authentication, and IPCP succeed. 4)Multilink bundle is sucessfully created with BRI0:1 as the only member 5)Load threshold is exceeded. 6)Dialer AGAIN TRIES TO DIAL THE SAME NUMBER - 384010 7)Q931 fails - message back from the isdn switch that the called line is busy (no surprise) 8)Dialer tries the other number - 384710 9)Error message that 2 dialers are already in use, no free dialers. (I take this to mean the dialer that originally called 384010, and the second dialer which again tried to call 384010) I have successfully MANUALLY got the second B channels to join the same multilink bundle and stay up, (Capetown)# isdn call int bri0:2 384710 so it seems to be just the one free dialer tieing itself up trying to setup a call on the second B channel to a number that the first B channel is already connected to. Thanks for any help. (The whole config on both routers is verbatim out of Cisco Sem 6 lab, other than using appropriate spids and dial strings). Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56257&t=56257 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cat 3550-emi ? [7:56180]
""MADMAN"" wrote in message news:200210241322.NAA16403@;groupstudy.com... > Sure you can bridge between like VLANs and route between differant > VLANs in the same box. CL: you can also bridge between unlike vlans and unlike subnets - don't forget fallback bridging! > > > Dave > > Jesse Loggins wrote: > > > > Is it possiable to do both transparent bridging and intervlan routing on > > this box at the same time? Or is intervlan routing even an option? I am > > trying to figure out if I need to purchase a router with a fastethernet > port > > since I have a 3550. > -- > David Madland > CCIE# 2016 > Sr. Network Engineer > Qwest Communications > 612-664-3367 > > "You don't make the poor richer by making the rich poorer." --Winston > Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56255&t=56180 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Windows Load balancing [7:56244]
I have been playing with them all for awhile now (F5, Alteon, Local Director, Etc.). I finally settled on Alteons products (I like the hardware based products). Unfortunately, I have a side contract, and they are concrete on using Windows Load balancing...Wait 'til they see the licensing on multiple Adv. Servers. I'll let you know how it turns out. As for the Alteon, Easy to setup and use and monitor. Good tech support too. Thanks, Duncan Wallace 12835 SW Thunderhead Way Beaverton, Or. 97008 503-646-5707 [EMAIL PROTECTED] -Original Message- From: John Chang [mailto:johnec@;umich.edu] Sent: Thursday, October 24, 2002 3:50 PM To: Duncan Wallace Subject: Re: Windows Load balancing [7:56244] I read through MS's info on it and I thought it was chatty and wouldn't want to put it on a separate network. Use 2 nics, 1 for load balancing chatter. What hardware load balancing device have you used and how well did it work and how much approximately? Any I should stay away from? Thanks! At 08:48 PM 10/24/2002 +, Duncan Wallace wrote: >Has anyone had any experience in implementing Windows load balancing a >server cluster ? I have always used hardware based load balancers so I >am somewhat new to the MS flavor. I have a 2621 router and I am >wondering if it is capable of the following. This is just some >preliminary information gathering, so I thought I would throw it out to >the group while I do my own research. >What Windows 2000 Advanced Server says: >If Network Load Balancing clients are accessing a cluster through a >router when the cluster has been configured to operate in multicast >mode, be sure that the router meets the following requirements: >* Accepts an ARP > reply that has one MAC address > in the payload of the ARP structure but appears to arrive >from a station with another MAC address, as judged by the Ethernet >header >* In multicast mode, accepts an ARP reply that has a multicast MAC >address in the payload of the ARP structure >This allows the router to map the cluster's > primary IP address and other > multihomed addresses to the corresponding MAC >address. If your router does not meet these requirements, you can also >create a static ARP entry in the router. Cisco routers require a static >ARP entry because they do not support the resolution of unicast IP >addresses to multicast MAC addresses > . > > >Thanks in advance, > >Duncan Wallace >[EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56253&t=56244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: hate cisco's new site? [7:56236]
You are by no means the only one. I'm composing a letter to our SE detailing the many ways in which the new site hinders both troubleshooting and fact-finding. Now, it appears to be a lot more marketing and significantly less technical. For example, the way they have classified everything into "software, hardware and technology" is at best obtuse. How many people trying to troubleshoot/optimize their infrastructure want to wander around until they find the appropriate tech note? Wouldn't it be simpler and easier to have it the way it used to be, by product (e.g. "CallManager") or by technology (e.g. "EIGRP")? If enough of us complain, perhaps they'll change it back. I also think a SlashApp-like RSS feed from CCO would be pretty nice... Cheers all. Paul Forbes Network Engineer Trimble +1.408.481.8291 > -Original Message- > From: sam sneed [mailto:vristevski@;hotmail.com] > Sent: Thursday, October 24, 2002 12:56 PM > To: [EMAIL PROTECTED] > Subject: hate cisco's new site? [7:56236] > > > Am I the only one that hates Cisco's new site? I can't find > anything that > I'm looking for on the there. Its driving me up the wall. > Report misconduct > and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56249&t=56236 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Using PAT with NAT Pools [7:56208]
Add the command overload: ip nat inside source list 1 pool NATPOOL overload but like I mentioned earlier this does not mean IOS will use NAT until the last address is used, it seems rather arbitrary wheras the PIX will use all the NAT address before using PAT. Dave trammer wrote: > > Kind of, > > ip nat pool NATPOOL 192.168.1.10 192.168.1.20 netmask 255.255.255.0 > ip nat inside source list 1 pool NATPOOL > > ip access-list 1 permit 10.1.0.0 0.0.255.255 > > Where would one go from here to have the NAT pool of 1.10 to 1.20 utilized > and also PAT if every address is used from the pool. > > The nat inside source list defines which addresses can be nated from the > pool. Another form of the command is with the overload statement as you > mentioned. But if I enter this it will only PAT through the first address > in the pool in testing (192.168.1.10. I can't determine if it would use > the next address in the pool because of the use of numerous ports. > > Will it just dynamically choose from the pool as if they are all PAT > addresses? If this is the case then it sounds like in the situation I am > trying to address I would be best off defining a static NAT mapping from the > pool to the outside for the specific hosts that I want, and let the rest > PAT. > > Hopefully this makes sense. > > -Adam > > ""MADMAN"" wrote in message > news:200210241940.TAA32116@;groupstudy.com... > > do you mean: > > > > C2620B(config)#ip nat inside source list 1 pool MADMAN overload > > > > Dave > > > > trammer wrote: > > > > > > Dave, > > > > > > Can you post an example. Is the syntax different then what I am > thinking. > > > > > > thnx > > > > > > ""MADMAN"" wrote in message > > > news:200210241606.QAA03297@;groupstudy.com... > > > > Use the overload command though unlike the PIX when you overload, > > > > (PAT) on a router it's kinda arbitrary. Some connection will use NAT > > > > and others will PAT, it does not wait until the last address in the > pool > > > > is used before converting to PAT. > > > > > > > > Dave > > > > > > > > trammer wrote: > > > > > > > > > > Hello, > > > > > > > > > > Quick question that I am having trouble locating the answer on. > > > > > > > > > > Basically I need to know whether you can configure PAT to work in > > > > > conjunction with a NAT pool on an IOS router. 12.2.x on 2621? > > > > > > > > > > Ex. Nat pool of 192.168.1.10-192.168.1.20 Once all nat pool IPs > are > > > > > taken. Roll to a PAT on say 192.168.1.21. > > > > > > > > > > Naturally I would think this is possible, but then again I could be > > > wrong. > > > > > > > > > > I know this is possible on the PIX but cannot find specifics for an > IOS > > > > > router configuration. > > > > > > > > > > Thanks. > > > > > > > > > > Cheers > > > > -- > > > > David Madland > > > > CCIE# 2016 > > > > Sr. Network Engineer > > > > Qwest Communications > > > > 612-664-3367 > > > > > > > > "You don't make the poor richer by making the rich poorer." --Winston > > > > Churchill > > -- > > David Madland > > CCIE# 2016 > > Sr. Network Engineer > > Qwest Communications > > 612-664-3367 > > > > "You don't make the poor richer by making the rich poorer." --Winston > > Churchill -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "You don't make the poor richer by making the rich poorer." --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56247&t=56208 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: hate cisco's new site? [7:56236]
I agree, it is horrible, absolutely horrible. -Original Message- From: sam sneed [mailto:vristevski@;hotmail.com] Sent: Thursday, October 24, 2002 12:56 PM To: [EMAIL PROTECTED] Subject: hate cisco's new site? [7:56236] Am I the only one that hates Cisco's new site? I can't find anything that I'm looking for on the there. Its driving me up the wall. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56246&t=56236 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE R&S WRITTEN STUDY PARTNER IN FREMONT, [7:54491]
Hi Jayagiri, Thanks for your reply to my posting. I am staying at Fremont. In case you are staying at fremont too, we can study together. I am looking for a study partner. In case you are interested in a study partner, lets meet ASAP and see if we can be study partners. Thanks and regards. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56245&t=54491 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Windows Load balancing [7:56244]
Has anyone had any experience in implementing Windows load balancing a server cluster ? I have always used hardware based load balancers so I am somewhat new to the MS flavor. I have a 2621 router and I am wondering if it is capable of the following. This is just some preliminary information gathering, so I thought I would throw it out to the group while I do my own research. What Windows 2000 Advanced Server says: If Network Load Balancing clients are accessing a cluster through a router when the cluster has been configured to operate in multicast mode, be sure that the router meets the following requirements: * Accepts an ARP reply that has one MAC address in the payload of the ARP structure but appears to arrive from a station with another MAC address, as judged by the Ethernet header * In multicast mode, accepts an ARP reply that has a multicast MAC address in the payload of the ARP structure This allows the router to map the cluster's primary IP address and other multihomed addresses to the corresponding MAC address. If your router does not meet these requirements, you can also create a static ARP entry in the router. Cisco routers require a static ARP entry because they do not support the resolution of unicast IP addresses to multicast MAC addresses . Thanks in advance, Duncan Wallace [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56244&t=56244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hate cisco's new site? [7:56236]
I'm getting used to finding stuff but I really dislike the small font, hard to read!! Dave sam sneed wrote: > > Am I the only one that hates Cisco's new site? I can't find anything that > I'm looking for on the there. Its driving me up the wall. -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "You don't make the poor richer by making the rich poorer." --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56241&t=56236 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AT&T MPLS netwo rk ? [7:56187]
We've been using their mpls service in europe for the past 3 months and it's been great so far. Only problems have been with the telco's local tails. ""Ryan Finnesey"" wrote in message news:200210240551.FAA23094@;groupstudy.com... > Is anyone using AT&T MPLS ( it is also called eVPN or IP-enabled Frame > Relay )network to link offices and also running VoIP ? If so any > problems ? I am looking to link office in India, Mexico New York and > also Boston. > > > > Ryan. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56213&t=56187 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX CCO question [7:56162]
I ran into this recently, but the PIX was running 6.1. You usually have a "standard" one year equipment warranty; that should cover something like that Be really really nice when you open a case. They usually are willing to help out. Another great thing about Cisco!!! -Original Message- From: sam sneed [mailto:vristevski@;hotmail.com] Sent: Thursday, October 24, 2002 9:21 AM To: [EMAIL PROTECTED] Subject: Re: PIX CCO question [7:56162] My question only pertains to new equipment. For example, lets say I buy a brand new PIX online. The place I buy from has one in stock thats been sitting around for a year and they ship me that one. It has an older OS , lets say 5.4 with a few significant bugs. What do I do then? I'm basically left with a piece of brand new equipment that doesn't work right. I figured Cisco had a 90 day warranty or soemhting that would cover getting the new OS? Anyone know about this for sure? ""Loken, Bjorn"" wrote in message news:200210241200.MAA01818@;groupstudy.com... > > I was looking into getting a PIX and had a question. If cdw.com (for > > instance) ships one over with an older OS and I want the > > current OS loaded > > on it what happens if I don't have a CCO support contract. Is > > there a grace > > period once you buy the product to be able to download the > > latest OS and the > > instructions to upgrade? > > Hi there, > > in the price list there is an option for PIX Firewall Relicensing for Used > Equipment. > A brief comparison of the prices shows no difference between the relicensing > prices, and the price for a regular licence. > I'm not aware of any option from Cisco where they let you download new > software for free when buying used equipment. > > > -Bjorn > > > This message contains information that may be privileged or confidential and > is the property of the Cap Gemini Ernst & Young Group. It is intended only > for the person to whom it is addressed. If you are not the intended > recipient, you are not authorized to read, print, retain, copy, disseminate, > distribute, or use this message or any part thereof. If you receive this > message in error, please notify the sender immediately and delete all copies > of this message. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56214&t=56162 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX CCO question [7:56162]
I agree with Mike. If it is brand new out of the box than you can open a case with TAC and they will be more than glad to help you. If it is refurb than watch out. Cisco is doing the big crack down on that stuff. Steve -Original Message- From: [EMAIL PROTECTED] [mailto:mike.jablonski@;abnamrousa.com] Sent: Thursday, October 24, 2002 9:59 AM To: [EMAIL PROTECTED] Subject: RE: PIX CCO question [7:56162] I ran into this recently, but the PIX was running 6.1. You usually have a "standard" one year equipment warranty; that should cover something like that Be really really nice when you open a case. They usually are willing to help out. Another great thing about Cisco!!! -Original Message- From: sam sneed [mailto:vristevski@;hotmail.com] Sent: Thursday, October 24, 2002 9:21 AM To: [EMAIL PROTECTED] Subject: Re: PIX CCO question [7:56162] My question only pertains to new equipment. For example, lets say I buy a brand new PIX online. The place I buy from has one in stock thats been sitting around for a year and they ship me that one. It has an older OS , lets say 5.4 with a few significant bugs. What do I do then? I'm basically left with a piece of brand new equipment that doesn't work right. I figured Cisco had a 90 day warranty or soemhting that would cover getting the new OS? Anyone know about this for sure? ""Loken, Bjorn"" wrote in message news:200210241200.MAA01818@;groupstudy.com... > > I was looking into getting a PIX and had a question. If cdw.com (for > > instance) ships one over with an older OS and I want the > > current OS loaded > > on it what happens if I don't have a CCO support contract. Is > > there a grace > > period once you buy the product to be able to download the > > latest OS and the > > instructions to upgrade? > > Hi there, > > in the price list there is an option for PIX Firewall Relicensing for Used > Equipment. > A brief comparison of the prices shows no difference between the relicensing > prices, and the price for a regular licence. > I'm not aware of any option from Cisco where they let you download new > software for free when buying used equipment. > > > -Bjorn > > > This message contains information that may be privileged or confidential and > is the property of the Cap Gemini Ernst & Young Group. It is intended only > for the person to whom it is addressed. If you are not the intended > recipient, you are not authorized to read, print, retain, copy, disseminate, > distribute, or use this message or any part thereof. If you receive this > message in error, please notify the sender immediately and delete all copies > of this message. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56217&t=56162 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX failover problem [7:56199]
I think you've got your config correct, when any of the interfaces go down on the active PIX it will switch into standby. So when you reboot the standby it will cause this to happen, the documentation does say you should use a separate switch for the failover NICs which should prevent this, http://www.cisco.com/warp/customer/110/failover.html . Do you use a failover cable as well, I would have thought the primary would prevent the failover but I'm not 100 percent sure. Cheers Pat ""Vamsi Krishna"" wrote in message news:200210241235.MAA05012@;groupstudy.com... > Hi, >We are facing a strange problem with PIX failover. We have two PIX = > 525 (OS 6.0.1) in failover configuration. When the standby PIX is = > rebooted for maintenance reasons, it came up and became the Active PIX = > (which should not happen). The active PIX showed stateful failover link = > failed and so the PIX was in failed state. Both the PIX are connected = > through a stateful failover link (100Mbps) using a Crossover cable.=20 >Is it a problem because both the PIX are connected using a crossover = > cable? Is it recommended to connect through a switch? Has anyone faced a = > similar problem? > > Regards, > Vamsi > **Disclaimer > > Information contained in this E-MAIL being proprietary to Wipro Limited is > 'privileged' and 'confidential' and intended for use only by the individual > or entity to which it is addressed. You are notified that any use, copying > or dissemination of the information contained in the E-MAIL in any manner > whatsoever is strictly prohibited. > > *** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56216&t=56199 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
caller name ID/call manager [7:56218]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We have been "working" with Cisco on a problem for about a year now and have determined that we can not get caller name id on our phone because Bellsouth is sending it in the facility ID field. Cisco call manager will only look at the display IE field. We have also checked with two other carriers and they also deliver it in the facility ID field. My question is... does anyone get caller name ID on their phones from external callers? And if so what carrier do you use and what kind of switch is it being brought in on? Paul Beckman MCSE MCT CCNA CCA Delta Health Group CIS Department (850) 470-0155 [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: PGPfreeware 7.0.3 for non-commercial use iQA/AwUBPbgT9hWcSOytpgTKEQIHTQCgtpSERcRtzv8sHpM2R5Sp9jUkp10AoOj/ yFcoI+Iz9oLFBq3nQWdOS8sz =p+gW -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56218&t=56218 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX CCO question [7:56162]
Thats really good to hear. My main concern is that I want the OS to support PPP over ethernet which I believe is only avaible on newer versions. Anyone know the exact version that supports this? wrote in message news:200210241459.OAA14364@;groupstudy.com... > I ran into this recently, but the PIX was running 6.1. > > You usually have a "standard" one year equipment warranty; that should cover > something like that Be really really nice when you open a case. They > usually are willing to help out. > > Another great thing about Cisco!!! > > -Original Message- > From: sam sneed [mailto:vristevski@;hotmail.com] > Sent: Thursday, October 24, 2002 9:21 AM > To: [EMAIL PROTECTED] > Subject: Re: PIX CCO question [7:56162] > > > My question only pertains to new equipment. For example, lets say I buy a > brand new PIX online. The place I buy from has one in stock thats been > sitting around for a year and they ship me that one. It has an older OS , > lets say 5.4 with a few significant bugs. What do I do then? I'm basically > left with a piece of brand new equipment that doesn't work right. I figured > Cisco had a 90 day warranty or soemhting that would cover getting the new > OS? > > Anyone know about this for sure? > > > ""Loken, Bjorn"" wrote in message > news:200210241200.MAA01818@;groupstudy.com... > > > I was looking into getting a PIX and had a question. If cdw.com (for > > > instance) ships one over with an older OS and I want the > > > current OS loaded > > > on it what happens if I don't have a CCO support contract. Is > > > there a grace > > > period once you buy the product to be able to download the > > > latest OS and the > > > instructions to upgrade? > > > > Hi there, > > > > in the price list there is an option for PIX Firewall Relicensing for Used > > Equipment. > > A brief comparison of the prices shows no difference between the > relicensing > > prices, and the price for a regular licence. > > I'm not aware of any option from Cisco where they let you download new > > software for free when buying used equipment. > > > > > > -Bjorn > > > > > > This message contains information that may be privileged or confidential > and > > is the property of the Cap Gemini Ernst & Young Group. It is intended only > > for the person to whom it is addressed. If you are not the intended > > recipient, you are not authorized to read, print, retain, copy, > disseminate, > > distribute, or use this message or any part thereof. If you receive this > > message in error, please notify the sender immediately and delete all > copies > > of this message. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56220&t=56162 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX RIP [7:56221]
Does PIX accept RIP route for Version 5.1? _ Internet access plans that fit your lifestyle -- join MSN. http://resourcecenter.msn.com/access/plans/default.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56221&t=56221 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Using PAT with NAT Pools [7:56208]
Use the overload command though unlike the PIX when you overload, (PAT) on a router it's kinda arbitrary. Some connection will use NAT and others will PAT, it does not wait until the last address in the pool is used before converting to PAT. Dave trammer wrote: > > Hello, > > Quick question that I am having trouble locating the answer on. > > Basically I need to know whether you can configure PAT to work in > conjunction with a NAT pool on an IOS router. 12.2.x on 2621? > > Ex. Nat pool of 192.168.1.10-192.168.1.20 Once all nat pool IPs are > taken. Roll to a PAT on say 192.168.1.21. > > Naturally I would think this is possible, but then again I could be wrong. > > I know this is possible on the PIX but cannot find specifics for an IOS > router configuration. > > Thanks. > > Cheers -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "You don't make the poor richer by making the rich poorer." --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56222&t=56208 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX failover problem [7:56199]
Hi Pat, I have got the correct configuration as mentioned in Cisco. I too think the primary PIX fails as the failover link goes into failed state as the secondary is down and secondary PIX will become active as the primary is in failed state. Has anyone faced this problem ? What is the normal practice of connecting PIX in failover configuration ? through cross over cable or through a separate switch ? Pls reply. Regards, Vamsi - Original Message - From: "Patrick Donlon" To: Sent: Thursday, October 24, 2002 4:11 PM Subject: Re: PIX failover problem [7:56199] > I think you've got your config correct, when any of the interfaces go down > on the active PIX it will switch into standby. So when you reboot the > standby it will cause this to happen, the documentation does say you should > use a separate switch for the failover NICs which should prevent this, > http://www.cisco.com/warp/customer/110/failover.html . Do you use a > failover cable as well, I would have thought the primary would prevent the > failover but I'm not 100 percent sure. > > Cheers > > Pat > > ""Vamsi Krishna"" wrote in message > news:200210241235.MAA05012@;groupstudy.com... > > Hi, > >We are facing a strange problem with PIX failover. We have two PIX = > > 525 (OS 6.0.1) in failover configuration. When the standby PIX is = > > rebooted for maintenance reasons, it came up and became the Active PIX = > > (which should not happen). The active PIX showed stateful failover link = > > failed and so the PIX was in failed state. Both the PIX are connected = > > through a stateful failover link (100Mbps) using a Crossover cable.=20 > >Is it a problem because both the PIX are connected using a crossover = > > cable? Is it recommended to connect through a switch? Has anyone faced a = > > similar problem? > > > > Regards, > > Vamsi > > **Disclaimer > > > > Information contained in this E-MAIL being proprietary to Wipro Limited is > > 'privileged' and 'confidential' and intended for use only by the > individual > > or entity to which it is addressed. You are notified that any use, > copying > > or dissemination of the information contained in the E-MAIL in any manner > > whatsoever is strictly prohibited. > > > > > *** **Disclaimer Information contained in this E-MAIL being proprietary to Wipro Limited is 'privileged' and 'confidential' and intended for use only by the individual or entity to which it is addressed. You are notified that any use, copying or dissemination of the information contained in the E-MAIL in any manner whatsoever is strictly prohibited. *** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56219&t=56199 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 4006 IP Phone DHCP problem [7:56049]
Sorry for the late reply. Our e-mail was backup up and I am not going through over 300 emails from the Groupstudy lists. We have the Cisco eq. working fine and I am currently trying to get the Avaya stuff to work. Unfortunately I don't have access to the eq directly, so I have to work with the on site tech to configure things. Once I get it working I will let everyone know, or if not, why it doesn't work... Thanks Larry -Original Message- From: Jennifer Mellone [mailto:jmellone@;speakeasy.net] Sent: Wednesday, October 23, 2002 10:49 PM To: [EMAIL PROTECTED] Subject: RE: 4006 IP Phone DHCP problem [7:56049] Larry, Don't mind me, I'm not challenging the configs, just trying to learn - sometimes Cisco's website can be very unclear to me ;-) I forgot to ask - How are those Avaya phones working out compared to Cisco phones? - Jennifer Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56224&t=56049 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Catalyst 8540CSR [7:56172]
I have a client that used to have a pair of them..."chucked them" about a year ago. 8540's (at least in the L2/L3 LAN-Switching arena) were an "abortion" of a product; it was merely a stop-gap measure to say that Cisco had a L3 switch on the market. With the 6500-series they've got a capable product now and they have successfully wiped the egg from their faces. I have yet to hear of a customer that purchased 8540's to do L3 switching functions that was happy with the purchase. I have heard that the ATM version of the 8540's performed quite well (basically an upgrade to the LS1010) but don't have any personal experience with that. -Original Message- From: [EMAIL PROTECTED] [mailto:nobody@;groupstudy.com] On Behalf Of Ellis, Andrew Sent: Wednesday, October 23, 2002 6:25 PM To: [EMAIL PROTECTED] Subject: Catalyst 8540CSR [7:56172] Hi, Is there anyone out there that has 8540CSRs or MSRs in their network? If so, what version of IOS are you running and are they really problematic? Are you disgusted with them and ready to chuck 'em? -Drew Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56223&t=56172 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 4006 IP Phone DHCP problem [7:56049]
I think the problem is that the 4006 is an IOS switch. I haven't worked with VoIP on a "set" based switch yet, so I don't know much about configuring them for this stuff. Thanks Larry -Original Message- From: Jennifer Mellone [mailto:jmellone@;speakeasy.net] Sent: Wednesday, October 23, 2002 10:45 PM To: [EMAIL PROTECTED] Subject: RE: 4006 IP Phone DHCP problem [7:56049] Larry, I noticed you have the command "switchport trunk encapsulation dot1q". Do you need to configure the interface/port as a trunk when you do the "set port auxiliaryvlan" command (catos) or the "switch voice vlan" command (ios switch)? According to Cisco's website, you don't for a catos switch, but you do for an ios switch: Check this out: http://www.cisco.com/univercd/cc/td/doc/product/voice/ip_tele/network/dgcamp us.htm#xtocid364019 NO TRUNKING HERE ON CATOS SWITCH: Voice VLAN Configuration To configure the VVID from the Catalyst software CLI, use the set port auxiliaryvlan command. You can use this command to set the VVID on a single port, on a range of ports, or for an entire module. The following example shows how to display the command syntax: Console> (enable) set port auxiliaryvlan help Usage: set port auxiliaryvlan (vlan + 1..1000) In the following example, the VVID is set to 222 for ports 2/1 through 2/3. When the phone powers up, the switch instructs it to register with VLAN 222. Console> (enable) set port auxiliaryvlan 2/1-3 222 Auxiliaryvlan 222 configuration successful. The following examples show how to display which ports are in which auxiliary VLAN: Console> show port auxiliaryvlan 222 AuxiliaryVlan auxVlanStatus Mod/Ports - - - 222 222 1/2,2/1-3 Console> show port 2/1 Port AuxiliaryVlan AuxVlan-Status - - -- 2.1 222 active - TRUNKING HERE ON IOS SWITCH: The following is an example of VVID configuration on Catalyst switches running Cisco IOS at the interface level (for example, Catalyst 3524-PWR and 2900XL): interface FastEthernet0/1 switchport trunk encapsulation dot1q switchport trunk native vlan switchport mode trunk switchport voice vlan spanning-tree portfast switchport mode trust - Jennifer PS - are you going to trust the CoS going from phone to switch? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56225&t=56049 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TCP Ack numbers suddenly regress [7:56189]
The keepalive process shouldn't cause ACKs to go backwards. It should cause them to stay the same. This doesn't sound like a keepalive situation which should proceed smoothly. This situation involves a RESET which usually indicates a problem of some sort, although possibly just a minor problem. It sounds more like a bug in the TCP implementation to me. We would have to see both sides of the conversation, including what both sides send, not just what they ACK, to troubleshoot this. The TCP RFC doesn't cover keepalives. They are mentioned in the Host Requirements RFC 1122, which is pretty critical of them, but admits that they MAY be included in a TCP implementation. After 2 hours (by default) a UNIX system that is using keepalives sends either any empty segment or a segment with one byte of garbage data. For the sequence number, it uses the sequence number of the last byte already sent. This should cause the other side to send the last ACK that it sent. Example: Host A sends bytes 100-200, SEQ number = 100 Host B ACKs, ACK number = 201 two hours Host A sends segment with SEQ number = 200 Host B ACKS, ACK number = 201 To troubleshoot, you can't just look at ACKs anyway. You have to look at both sides of the conversation. Also look at the timing. Did 2 hours go by? Also, what's the actual user complaint? Or is this just something you happened to notice in a trace? What is the network topology? Where are these hosts and what's in between them? Is there some sort of "feature" running between them that messes with TCP? For example a firewall or a router that does TCP Intercept?? ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Matthew F. Crane wrote: > > Ok you don't say what they host systems are but I am going to > guess Unix of > some variety, in which case has anyone been playing around with > the > keepalive timers ? > > If the session keepalive timer is reached a probe is sent with > the ACK > number set to ACK-1 i.e. telling the other end that the > recipient lied > previously when it said it had received all the data. This > forces the origin > to resend with the correct ACK number > > TCP/IP Illustrated Vol 2 p830 > > There are probably other instances where this is done but > that's the one > I've come across most often. > > MFC > > -Original Message- > From: [EMAIL PROTECTED] [mailto:nobody@;groupstudy.com]On > Behalf Of > Matthew Tayler > Sent: 24 October 2002 09:04 > To: [EMAIL PROTECTED] > Subject: TCP Ack numbers suddenly regress [7:56189] > > > Anyone come across a situation where the ACK number suddenly > steps back 1 > and the link then resets ? > > Host A to Host B is running fine with the app using port 2400 > on A talking > to an app on B using ports 3564 & 3565 are in use. We have > several traces > showing the steady increase of sequence numbers then all of a > sudden the ACK > number takes step back by 1. There are no FIN segments in the > preceeding > traffic, but the now regressed ACK number is repeated in 7 > segments sent and > then a reset segment is issued and the two start exchanging > data again. > > I am not allowed to post any of the data from the trace given > the nature of > the two systems involved, but here is an example of the way the > ACK numbers > run > > >From A to B port 2400 to 3564 > 4567 is ACK'd > 4785 . > 4948 > 4947 > > >From A to B port 2400 to 3565 > 466 is ACK'd > 483 . > 500 > 499 > > The link between the two is fine during this problem, > utilisation drops but > is nevera bove 20% anyway. Both host applicationms are still > running and > there are no process issues. The Cisco kit at either end is > happy no error > messages or the like so I we knows its host/app related. > > I can't find anything this specific in the archives and the > nearest any of > my textbooks come is to say a FIN has been issued - which the > trace says is > not the case. > > The reason for asking is that I didn't think it was possible to > regress the > sequence numbers, with the exception of the example from TCP/IP > Illustrated > Vol 2 noted above. > > Any ideas would be appreciated. > > Thanks > > Matt T > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56227&t=56189 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Decent modem for dial-up to Cisco routers [7:56202]
This doesn't really answer your question. But in the past, I've used USR modems connected to a remote reboot device (like an X10 or similar). When the modem stopped responding (ie. didnt answer the phone) the rebooter would pick up and powercycle the device. Power | Phone--Rebooter-Modem-Computer | | - Power Hope this helps Jarett ""Sean C"" wrote in message news:200210241252.MAA07986@;groupstudy.com... > Hello to all, > > Sorry for the off-topic but can anyone suggest a particular brand of modem > that my company should sell to customers for dial-in access to Cisco > routers. We've used USRobotics (various Couriers, Sportsters and 5686s), > Zooms, Bocas, and Conexants. The USRobtics seems to need to be reset a lot > (hard to do when no one is at the site), the Zooms tend to put 1720s in > rommon mode when plugged in the console port, Bocas are old and loss their > configs easily. Anyway, if anyone can write "We use this modem and it's > rock-solid each and every time" than it would be greatly appreciated. > > Thanks in advance, > Sean Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56228&t=56202 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP4 and Multiple Providers [7:55918]
At 1:29 PM + 10/24/02, Vern Stitt wrote: >As an alternative, Radware offers the LinkProof which also allows multiple >ISPs without using BGP. Their box is a more robust ASIC based design rather >than a PC. The same hardware is also used in their FireProof and Web Server >Director (WSD) products. > There are several such boxes on the market, but not a huge amount of operational experience. Believe me, people in the IETF and NANOG are very interested to see if they work. Often, the box does speak BGP to the outside (I can't speak to Radware) but it's transparent to the user. One of the major scalability problems in the global Internet is user-level multihoming, so non-BGP solutions might be very welcome. There certainly aren't any substantial discussions in the IETF or IRTF about this, other than in midboxes (load-sharing NAT), some of which still need to listen passively to BGP. I am assuming that the proposed product does optimal route selection, not just failover. If the box doesn't speak BGP, be sure to find out how it decides on the preferred ISP. There are several possible strategies: delay either to the POP or to selected destinations, utilization on the links to the various POPs (obviously this needs to be corrected for speed if different), etc. Some Cisco solutions such as Distributed Director get various information from routers in the various paths. That may require limited BGP. There are assortments of solutions from various vendors that load-balance based on your server loading, but to affect inbound traffic, they have to speak some BGP or use much slower DNS. But I'd be very interested in knowing how a box can know optimal routes without either listening to BGP, doing active probes, or distributing load by knowing server load. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56226&t=55918 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Jitter, RTD [7:56150]
I saw "jitter" in the title, so with respect to voice: NetIQ Chariot, along with an Avaya product called Expertnet, can measure MOS, jitter, delay, and packet loss while simulating voice calls (software installed on PCs simulate IP phones). Chariot is a very expensive product, and Expertnet isn't a shrink wrapped product today. Consultants bring it in and use it on the network and write a report/make recommendations. http://www1.avaya.com/enterprise/testimonials/svc1737.pdf http://www.netiq.com/solutions/voip/default.asp - Jennifer Mellone Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56230&t=56150 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Questions about PIX firewall [7:24634]
> 1. To configure a PIX, is there any GUI interface or need to use Command > Line Interface? If it has GUI interface, is it bundle with a PIX or need to > purchase separately? Yes and it comes with the PIX. You'll hate it once you use it. > 2. We plan to use 2 PIX for HA solution. Is it stable? Sorry what is HA? > 3. Is there any materials to describe the PIX failover? > Yep. Here's the URL http://www.cisco.com/warp/public/110/failover.html Regards, John Huston A+ N+ CNE MCSE CCDP, CCNP bfd and xyz > Regards, > Dovelet Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56229&t=24634 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Questions about PIX firewall [7:24634]
The GUI is great for some things but overall I still like the CLI for general day-to-day changes. The GUI is great for monitoring stats such as CPU, memory, and etc. In my experience the failover/HA pix solution is very stable. Depending on your setup it can be immediate or just quick. If you're doing LAN based failover it all depends on how much you trust your network.you can tell the primary unit to poll the secondary every second if you want but if you ever have a latency problem then the secondary unit will kick in once it doesn't receive a response from the primary even though it's working fine. I've always thought a 5 second interval was appropriate but your mileage may vary. If you're doing a local solution with a failover cable then the secondary unit typically kicks in immediately. We've done several tests where we pull the power on the primary and nobody even knows. From what I understand it doesn't work 'quite' as fast if the primary unit simply crashes but I haven't had that happen yet (fingers crossed) so I can't say for certain. I have had a couple problems when pushing the load back to the primary unit.it works, but sometimes you do see a pause in the traffic flow. -Original Message- From: John Huston [mailto:nomail@;nomail.com] Sent: Thursday, October 24, 2002 1:32 PM To: [EMAIL PROTECTED] Subject: Re: Questions about PIX firewall [7:24634] > 1. To configure a PIX, is there any GUI interface or need to use > Command Line Interface? If it has GUI interface, is it bundle with a > PIX or need to > purchase separately? Yes and it comes with the PIX. You'll hate it once you use it. > 2. We plan to use 2 PIX for HA solution. Is it stable? Sorry what is HA? > 3. Is there any materials to describe the PIX failover? > Yep. Here's the URL http://www.cisco.com/warp/public/110/failover.html Regards, John Huston A+ N+ CNE MCSE CCDP, CCNP bfd and xyz > Regards, > Dovelet Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56232&t=24634 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Using PAT with NAT Pools [7:56208]
Dave, Can you post an example. Is the syntax different then what I am thinking. thnx ""MADMAN"" wrote in message news:200210241606.QAA03297@;groupstudy.com... > Use the overload command though unlike the PIX when you overload, > (PAT) on a router it's kinda arbitrary. Some connection will use NAT > and others will PAT, it does not wait until the last address in the pool > is used before converting to PAT. > > Dave > > trammer wrote: > > > > Hello, > > > > Quick question that I am having trouble locating the answer on. > > > > Basically I need to know whether you can configure PAT to work in > > conjunction with a NAT pool on an IOS router. 12.2.x on 2621? > > > > Ex. Nat pool of 192.168.1.10-192.168.1.20 Once all nat pool IPs are > > taken. Roll to a PAT on say 192.168.1.21. > > > > Naturally I would think this is possible, but then again I could be wrong. > > > > I know this is possible on the PIX but cannot find specifics for an IOS > > router configuration. > > > > Thanks. > > > > Cheers > -- > David Madland > CCIE# 2016 > Sr. Network Engineer > Qwest Communications > 612-664-3367 > > "You don't make the poor richer by making the rich poorer." --Winston > Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56234&t=56208 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Using PAT with NAT Pools [7:56208]
do you mean: C2620B(config)#ip nat inside source list 1 pool MADMAN overload Dave trammer wrote: > > Dave, > > Can you post an example. Is the syntax different then what I am thinking. > > thnx > > ""MADMAN"" wrote in message > news:200210241606.QAA03297@;groupstudy.com... > > Use the overload command though unlike the PIX when you overload, > > (PAT) on a router it's kinda arbitrary. Some connection will use NAT > > and others will PAT, it does not wait until the last address in the pool > > is used before converting to PAT. > > > > Dave > > > > trammer wrote: > > > > > > Hello, > > > > > > Quick question that I am having trouble locating the answer on. > > > > > > Basically I need to know whether you can configure PAT to work in > > > conjunction with a NAT pool on an IOS router. 12.2.x on 2621? > > > > > > Ex. Nat pool of 192.168.1.10-192.168.1.20 Once all nat pool IPs are > > > taken. Roll to a PAT on say 192.168.1.21. > > > > > > Naturally I would think this is possible, but then again I could be > wrong. > > > > > > I know this is possible on the PIX but cannot find specifics for an IOS > > > router configuration. > > > > > > Thanks. > > > > > > Cheers > > -- > > David Madland > > CCIE# 2016 > > Sr. Network Engineer > > Qwest Communications > > 612-664-3367 > > > > "You don't make the poor richer by making the rich poorer." --Winston > > Churchill -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "You don't make the poor richer by making the rich poorer." --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56235&t=56208 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
hate cisco's new site? [7:56236]
Am I the only one that hates Cisco's new site? I can't find anything that I'm looking for on the there. Its driving me up the wall. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56236&t=56236 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Dreadful writing on CCNP support exam. [7:56237]
I wish I could turn my high school English teacher loose on the CCNP support exam. The writing was worse than dreadful. Has anyone else noticed this? I passed with plenty to spare, so this is not sour grapes. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56237&t=56237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Using PAT with NAT Pools [7:56208]
Kind of, ip nat pool NATPOOL 192.168.1.10 192.168.1.20 netmask 255.255.255.0 ip nat inside source list 1 pool NATPOOL ip access-list 1 permit 10.1.0.0 0.0.255.255 Where would one go from here to have the NAT pool of 1.10 to 1.20 utilized and also PAT if every address is used from the pool. The nat inside source list defines which addresses can be nated from the pool. Another form of the command is with the overload statement as you mentioned. But if I enter this it will only PAT through the first address in the pool in testing (192.168.1.10. I can't determine if it would use the next address in the pool because of the use of numerous ports. Will it just dynamically choose from the pool as if they are all PAT addresses? If this is the case then it sounds like in the situation I am trying to address I would be best off defining a static NAT mapping from the pool to the outside for the specific hosts that I want, and let the rest PAT. Hopefully this makes sense. -Adam ""MADMAN"" wrote in message news:200210241940.TAA32116@;groupstudy.com... > do you mean: > > C2620B(config)#ip nat inside source list 1 pool MADMAN overload > > Dave > > trammer wrote: > > > > Dave, > > > > Can you post an example. Is the syntax different then what I am thinking. > > > > thnx > > > > ""MADMAN"" wrote in message > > news:200210241606.QAA03297@;groupstudy.com... > > > Use the overload command though unlike the PIX when you overload, > > > (PAT) on a router it's kinda arbitrary. Some connection will use NAT > > > and others will PAT, it does not wait until the last address in the pool > > > is used before converting to PAT. > > > > > > Dave > > > > > > trammer wrote: > > > > > > > > Hello, > > > > > > > > Quick question that I am having trouble locating the answer on. > > > > > > > > Basically I need to know whether you can configure PAT to work in > > > > conjunction with a NAT pool on an IOS router. 12.2.x on 2621? > > > > > > > > Ex. Nat pool of 192.168.1.10-192.168.1.20 Once all nat pool IPs are > > > > taken. Roll to a PAT on say 192.168.1.21. > > > > > > > > Naturally I would think this is possible, but then again I could be > > wrong. > > > > > > > > I know this is possible on the PIX but cannot find specifics for an IOS > > > > router configuration. > > > > > > > > Thanks. > > > > > > > > Cheers > > > -- > > > David Madland > > > CCIE# 2016 > > > Sr. Network Engineer > > > Qwest Communications > > > 612-664-3367 > > > > > > "You don't make the poor richer by making the rich poorer." --Winston > > > Churchill > -- > David Madland > CCIE# 2016 > Sr. Network Engineer > Qwest Communications > 612-664-3367 > > "You don't make the poor richer by making the rich poorer." --Winston > Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56239&t=56208 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hate cisco's new site? [7:56236]
I'm with you, Mr. Sneed. I've even had an email conversation with someone at Cisco where I detailed why I hate their new site. They have good intentions and I think once they're completely finished it will be nice, but at the moment it's hard to navigate. I suggested that they allow us to create our own stylized home pages and she said they are already working on that. I would love to have that! My home page would consist of: Software Center TAC Pricing Tool Service Contract Center Technical Docs And that's about it. I'd love to get rid of all the junk they use to clutter up the main page. >>> "sam sneed" 10/24/02 1:56:01 PM >>> Am I the only one that hates Cisco's new site? I can't find anything that I'm looking for on the there. Its driving me up the wall. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56238&t=56236 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Looking for networkers presentation: VVT-201 ? [7:56212]
Hi, I am in Networkers in Copenhagen, I attended a session about QoS and in the presentation they make a reference to session VVT-201 which is about deploying VPN for SOHO and try to have IP Telephony thru an IPSEC tunnel. This presentation doesn't exist here, did some of you got the presentation from Networkers in the US ? Any reference about deploying SOHO/Home Office thru VPN including IP telephony would be welcome. Thanks & Regards, Sebastien Venturoso __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56212&t=56212 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN Sim [7:56195]
To those who are interested, Arca Technologies is offering refurb Emutel simulators (3 ports) for 500 pounds (about $700) with updated software and six month warranty. Since I just bought one from ebay I'm stuck, but others may benefit. Just an FYI to other lab builders out there!! PJC Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56195&t=56195 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX CCO question [7:56162]
My question only pertains to new equipment. For example, lets say I buy a brand new PIX online. The place I buy from has one in stock thats been sitting around for a year and they ship me that one. It has an older OS , lets say 5.4 with a few significant bugs. What do I do then? I'm basically left with a piece of brand new equipment that doesn't work right. I figured Cisco had a 90 day warranty or soemhting that would cover getting the new OS? Anyone know about this for sure? ""Loken, Bjorn"" wrote in message news:200210241200.MAA01818@;groupstudy.com... > > I was looking into getting a PIX and had a question. If cdw.com (for > > instance) ships one over with an older OS and I want the > > current OS loaded > > on it what happens if I don't have a CCO support contract. Is > > there a grace > > period once you buy the product to be able to download the > > latest OS and the > > instructions to upgrade? > > Hi there, > > in the price list there is an option for PIX Firewall Relicensing for Used > Equipment. > A brief comparison of the prices shows no difference between the relicensing > prices, and the price for a regular licence. > I'm not aware of any option from Cisco where they let you download new > software for free when buying used equipment. > > > -Bjorn > > > This message contains information that may be privileged or confidential and > is the property of the Cap Gemini Ernst & Young Group. It is intended only > for the person to whom it is addressed. If you are not the intended > recipient, you are not authorized to read, print, retain, copy, disseminate, > distribute, or use this message or any part thereof. If you receive this > message in error, please notify the sender immediately and delete all copies > of this message. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56211&t=56162 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VOIP [7:56129]
What kind of service do you want to offer? PBX trunking? Individual FXS connections? Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56210&t=56129 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Queuing Question [7:56139]
Just a related note. You can convert any number of the top queues in Custom queueing over to Priority queues. (i.e. you could configure queues 1 - 8 as priority queues, with the remainder being treated as custom queues only after queues 1-8 have been serviced). So it's not surprising that there would be a Q0 for system traffic that's given strict priority. Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56209&t=56139 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Using PAT with NAT Pools [7:56208]
Hello, Quick question that I am having trouble locating the answer on. Basically I need to know whether you can configure PAT to work in conjunction with a NAT pool on an IOS router. 12.2.x on 2621? Ex. Nat pool of 192.168.1.10-192.168.1.20 Once all nat pool IPs are taken. Roll to a PAT on say 192.168.1.21. Naturally I would think this is possible, but then again I could be wrong. I know this is possible on the PIX but cannot find specifics for an IOS router configuration. Thanks. Cheers Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56208&t=56208 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
QoS [7:56207]
Does someone know if the IOS release 12.1(3)T support the nested class-map? I can't enter this configuration command: class-map silver_ports match access-group 102 class-map match-any silver match class-map silver_ports match destination-address 10.2.5.0 Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56207&t=56207 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Subinterface config. in CAT3550. [7:56174]
The 3550 definitely does support ISL trunking. ""Ellis, Andrew"" wrote in message news:200210241123.LAA30175@;groupstudy.com... > Raj, > > The following link will tell you enough so you can make it work, if you have > the right router. > > http://www.cisco.com/warp/public/473/50.shtml > > -Drew > > -Original Message- > From: Rajesh Kumar [mailto:pikumar@;cisco.com] > Sent: Wednesday, October 23, 2002 7:28 PM > To: [EMAIL PROTECTED] > Subject: Subinterface config. in CAT3550. [7:56174] > > > Hi all, > > I am trying to configure a router on a stick configuration - with 26xx > series router's e0/0 port connected to fa0/1 port of CAT3550. > > Router's E0 port is configured like this > > int e0/1 > no shu > no ip address > > int e0/1.1 > encap isl 20 > ip address 192.168.20.1 255.255.255.0 > > int e0/1.2 > encap isl 40 > ip address 192.168.40.1 255.255.255.0 > > When I try to do the same thing on CAT 3550's fa0/1 port, I get an error > message like this : > > " Configuring IP routing on LAN subinterface is only allowed if that > subinterface is configured as a part of IEEE 802.10 or dot1q or ISL > VLAN. " > > But nowhere I find the command "encap isl " to insert this in > the subinterfaces. > > > Does anyone has anythoughts on this and how to overcome this? > > Thanks, > Rajesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56206&t=56174 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP4 and Multiple Providers [7:55918]
As an alternative, Radware offers the LinkProof which also allows multiple ISPs without using BGP. Their box is a more robust ASIC based design rather than a PC. The same hardware is also used in their FireProof and Web Server Director (WSD) products. Vern Stitt CCNA, ASE, MCSE(4.0 & 2000) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56205&t=55918 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cat 3550-emi ? [7:56180]
Sure you can bridge between like VLANs and route between differant VLANs in the same box. Dave Jesse Loggins wrote: > > Is it possiable to do both transparent bridging and intervlan routing on > this box at the same time? Or is intervlan routing even an option? I am > trying to figure out if I need to purchase a router with a fastethernet port > since I have a 3550. -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "You don't make the poor richer by making the rich poorer." --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56204&t=56180 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Windows meltdown??? [7:56190]
Without describing the "major problem" with the network it's hard to conclude very much, but..a machine becoming the master browser should not effect much more than the other machines in the workgroup/domain ability to see other machines on a browse list. The maximum size of a browse list is 64K (2500 machines approx) so you don't have much data being transferred. I would look elsewhere for the solution to the problem. This is not it. J -Original Message- From: Patrick Donlon [mailto:pat_donlon@;yahoo.co.uk] Sent: Thursday, October 24, 2002 6:30 AM To: [EMAIL PROTECTED] Subject: OT: Windows meltdown??? [7:56190] We had an interested situation develop yesterday, about mid morning the helpdesk manager reported a major problem with the network. Checked the network with HPOV and some basic stuff on the core switches to check cpu, peaks, etc. All was fine. Spoke to the NT team and it seems two servers are having problems, a file server and a BDC. After some investigation (event log checking probably) they tell me that the problem is caused by a machine becoming the master browser. So a man hunt begins for a machine (a non standard one from the name found for the machine) on a VLAN which was separate from the VLAN the servers sit on. The machine was not responding to pings and was probably not even being used! Eventually the user came back to his machine mid afternoon and we find the port being used and the NT guys disable his Computer Browser. In between finding the machine the two offending servers had to be re-booted to fix their mystery problems. >From what I know about the browser this shouldn't cause a problem on the network and if it does only with the windows machines in that subnet ( please correct feel free to correct me). Also XP has default registry settings to prevent it becoming the master browser - yep the guy was using XP (Japanese edition). Has anyone else had such a meltdown on their Windows environment because of such problems or is this just a case a apportioning blame to an outsider? Cheers Pat Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56203&t=56190 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Decent modem for dial-up to Cisco routers [7:56202]
Hello to all, Sorry for the off-topic but can anyone suggest a particular brand of modem that my company should sell to customers for dial-in access to Cisco routers. We've used USRobotics (various Couriers, Sportsters and 5686s), Zooms, Bocas, and Conexants. The USRobtics seems to need to be reset a lot (hard to do when no one is at the site), the Zooms tend to put 1720s in rommon mode when plugged in the console port, Bocas are old and loss their configs easily. Anyway, if anyone can write "We use this modem and it's rock-solid each and every time" than it would be greatly appreciated. Thanks in advance, Sean Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56202&t=56202 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AT&T MPLS netwo rk ? [7:56187]
Whether ATT uses ATM/Frame switches or MPLS shouldn't be noticeable to you as a consumer. I assume they can provide you with latency budgets and uptime SLAs? At 05:51 AM 10/24/2002 +, Ryan Finnesey wrote: >Is anyone using AT&T MPLS ( it is also called eVPN or IP-enabled Frame >Relay )network to link offices and also running VoIP ? If so any >problems ? I am looking to link office in India, Mexico New York and >also Boston. > > > >Ryan. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56201&t=56187 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP/OSPF table-map tag question???? [7:56188]
Hey Tim, Wouldn't you just set origin IGP in your BGP route map? At 06:20 AM 10/24/2002 +, Timothy Ouellette wrote: >table-map/bgp/ospf/origin code question. I'm having some trouble >getting it to work. r1 has a loopback 1.1.1.1 >and has a network statement in BGP for it, i'm taking the bgp routes, >putting them into ospf and trying to tag them (with origin code) and >then when that route makes it over to r3, trying to read the tag and set >it again so it shows "i" and not incomplete but I can't seem to get the >external tag data into ospf. > >Here's the setup.. > >1.1.1.1 (lo1 in BGP as 1) R1---ospf0r2ospf0--r3(3.3.3.3 in >bgp as 3) > >here's the relevant configs > >r1 >nterface Loopback1 > ip address 1.1.1.1 255.255.255.0 >! >interface Serial0 > ip address 192.168.1.1 255.255.255.0 > encapsulation frame-relay >! >router ospf 1 > log-adjacency-changes > redistribute bgp 1 subnets > network 192.168.1.0 0.0.0.255 area 0 > neighbor 192.168.1.2 priority 1 >! >router bgp 1 > table-map autotag > bgp log-neighbor-changes > network 1.1.1.0 mask 255.255.255.0 > redistribute ospf 1 metric 5 match internal external 1 external 2 >route-map tags > no auto-summary >! >route-map tags permit 10 > set as-path tag >! >route-map autotag permit 10 > set automatic-tag > > >r2 > >interface Ethernet0 > ip address 172.16.1.2 255.255.255.0 >! >interface Serial0 > ip address 192.168.1.2 255.255.255.0 > encapsulation frame-relay > frame-relay map ip 192.168.1.1 201 broadcast >! >router ospf 1 > log-adjacency-changes > network 172.16.1.0 0.0.0.255 area 0 > network 192.168.1.0 0.0.0.255 area 0 > neighbor 192.168.1.1 > >r3 > >nterface Loopback0 > ip address 3.3.3.3 255.255.255.0 >! >interface Ethernet0 > ip address 172.16.1.3 255.255.255.0 >! >router ospf 1 > log-adjacency-changes > redistribute bgp 3 subnets > network 172.16.1.0 0.0.0.255 area 0 >! >router bgp 3 > table-map autotag > bgp log-neighbor-changes > network 3.3.3.0 mask 255.255.255.0 > redistribute ospf 1 metric 5 match internal external 1 external 2 >route-map tags > no auto-summary >! >route-map tags permit 10 > set as-path tag >! >route-map autotag permit 10 > set automatic-tag > > >here's the info about 1.1.1.0/24 from r1 but from r3's perspective. >r3#sh ip bgp 1.1.1.0 >BGP routing table entry for 1.1.1.0/24, version 7 >Paths: (1 available, best #1, table Default-IP-Routing-Table) > Not advertised to any peer > Local > 172.16.1.2 from 0.0.0.0 (3.3.3.3) > Origin incomplete, metric 5, localpref 100, weight 32768, valid, >sourced, best >r3# > 3#sh ip ospf data e > >OSPF Router with ID (3.3.3.3) (Process ID 1) > > > Type-5 AS External Link States > > Routing Bit Set on this LSA > LS age: 879 > Options: (No TOS-capability, DC) > LS Type: AS External Link > Link State ID: 1.1.1.0 (External Network Number ) > Advertising Router: 1.1.1.1 > LS Seq Number: 8001 > Checksum: 0xE6C5 > Length: 36 > Network Mask: /24 > Metric Type: 2 (Larger than any link state path) > TOS: 0 > Metric: 1 > Forward Address: 0.0.0.0 > External Route Tag: 0 > > LS age: 815 > Options: (No TOS-capability, DC) > LS Type: AS External Link > Link State ID: 3.3.3.0 (External Network Number ) > Advertising Router: 3.3.3.3 > LS Seq Number: 8001 > Checksum: 0x623C > Length: 36 > Network Mask: /24 > Metric Type: 2 (Larger than any link state path) > TOS: 0 > Metric: 1 > Forward Address: 0.0.0.0 > External Route Tag: 0 > >r3# Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56200&t=56188 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX failover problem [7:56199]
Hi, We are facing a strange problem with PIX failover. We have two PIX = 525 (OS 6.0.1) in failover configuration. When the standby PIX is = rebooted for maintenance reasons, it came up and became the Active PIX = (which should not happen). The active PIX showed stateful failover link = failed and so the PIX was in failed state. Both the PIX are connected = through a stateful failover link (100Mbps) using a Crossover cable.=20 Is it a problem because both the PIX are connected using a crossover = cable? Is it recommended to connect through a switch? Has anyone faced a = similar problem? Regards, Vamsi **Disclaimer Information contained in this E-MAIL being proprietary to Wipro Limited is 'privileged' and 'confidential' and intended for use only by the individual or entity to which it is addressed. You are notified that any use, copying or dissemination of the information contained in the E-MAIL in any manner whatsoever is strictly prohibited. *** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56199&t=56199 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OT: Windows meltdown??? [7:56190]
I think your network was probably okay. My guess is there was just a problem with users getting to shares on the file server, so they screamed like users always do. The master browser holds the master list of all available shares - that's probably simplifying it, but that's how I understand it. Since this one XP workstation was becoming the master browser, it would be involved when clients accessing file shares. Then when this guy turns off his workstation (you said you couldn't ping it) an election would take place so the network could figure out who the new master browser is. Then the guy comes back and turns his workstation back on and another master browser election takes place. This could make the list float around, from one place to another and possibly be unavailable for short periods, making it seem like the network is slow when in actuality it's just the process of finding shares that's slow. Just my guess. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56198&t=56190 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Catalyst 8540CSR [7:56172]
Been running a few 8540CSR's for a couple of years now. E-mail me off-topic, and we can exchange information. -Tom Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56197&t=56172 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX CCO question [7:56162]
> I was looking into getting a PIX and had a question. If cdw.com (for > instance) ships one over with an older OS and I want the > current OS loaded > on it what happens if I don't have a CCO support contract. Is > there a grace > period once you buy the product to be able to download the > latest OS and the > instructions to upgrade? Hi there, in the price list there is an option for PIX Firewall Relicensing for Used Equipment. A brief comparison of the prices shows no difference between the relicensing prices, and the price for a regular licence. I'm not aware of any option from Cisco where they let you download new software for free when buying used equipment. -Bjorn This message contains information that may be privileged or confidential and is the property of the Cap Gemini Ernst & Young Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56196&t=56162 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Subinterface config. in CAT3550. [7:56174]
Raj, The following link will tell you enough so you can make it work, if you have the right router. http://www.cisco.com/warp/public/473/50.shtml -Drew -Original Message- From: Rajesh Kumar [mailto:pikumar@;cisco.com] Sent: Wednesday, October 23, 2002 7:28 PM To: [EMAIL PROTECTED] Subject: Subinterface config. in CAT3550. [7:56174] Hi all, I am trying to configure a router on a stick configuration - with 26xx series router's e0/0 port connected to fa0/1 port of CAT3550. Router's E0 port is configured like this int e0/1 no shu no ip address int e0/1.1 encap isl 20 ip address 192.168.20.1 255.255.255.0 int e0/1.2 encap isl 40 ip address 192.168.40.1 255.255.255.0 When I try to do the same thing on CAT 3550's fa0/1 port, I get an error message like this : " Configuring IP routing on LAN subinterface is only allowed if that subinterface is configured as a part of IEEE 802.10 or dot1q or ISL VLAN. " But nowhere I find the command "encap isl " to insert this in the subinterfaces. Does anyone has anythoughts on this and how to overcome this? Thanks, Rajesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56194&t=56174 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Subinterface config. in CAT3550. [7:56174]
But isn't that what I said 2620 or better? -Original Message- From: Jesse Loggins [mailto:nobody@;groupstudy.com] Sent: Wednesday, October 23, 2002 9:33 PM To: [EMAIL PROTECTED] Subject: RE: Subinterface config. in CAT3550. [7:56174] This is not true, you can do inter vlan routing with a 2620. See below "Enables inter-VLAN routing via Cisco's Inter-Switch Link (ISL) protocol (Cisco 2620 and 2621), reducing the cost of adds, moves and changes" This is a quote straight from Cisco's site Here is the link watch for wrap : http://www.cisco.com/en/US/products/hw/routers/ps259/prod_brochure09186a00800921cd.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56193&t=56174 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Catalyst 8540CSR [7:56172]
Not having any yet but have heard things. I just want to check with folks who are using them before we install them. -ALE -Original Message- From: Ken Chipps [mailto:chipps@;chipps.com] Sent: Wednesday, October 23, 2002 11:51 PM To: Ellis, Andrew; [EMAIL PROTECTED] Subject: RE: Catalyst 8540CSR [7:56172] We have three 8510 MSRs in a lab environment, that we will be using beginning in a few weeks. What kind of problems are you having? -Original Message- From: [EMAIL PROTECTED] [mailto:nobody@;groupstudy.com] On Behalf Of Ellis, Andrew Sent: Wednesday, October 23, 2002 6:25 PM To: [EMAIL PROTECTED] Subject: Catalyst 8540CSR [7:56172] Hi, Is there anyone out there that has 8540CSRs or MSRs in their network? If so, what version of IOS are you running and are they really problematic? Are you disgusted with them and ready to chuck 'em? -Drew Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56192&t=56172 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TCP Ack numbers suddenly regress [7:56189]
Ok you don't say what they host systems are but I am going to guess Unix of some variety, in which case has anyone been playing around with the keepalive timers ? If the session keepalive timer is reached a probe is sent with the ACK number set to ACK-1 i.e. telling the other end that the recipient lied previously when it said it had received all the data. This forces the origin to resend with the correct ACK number TCP/IP Illustrated Vol 2 p830 There are probably other instances where this is done but that's the one I've come across most often. MFC -Original Message- From: [EMAIL PROTECTED] [mailto:nobody@;groupstudy.com]On Behalf Of Matthew Tayler Sent: 24 October 2002 09:04 To: [EMAIL PROTECTED] Subject: TCP Ack numbers suddenly regress [7:56189] Anyone come across a situation where the ACK number suddenly steps back 1 and the link then resets ? Host A to Host B is running fine with the app using port 2400 on A talking to an app on B using ports 3564 & 3565 are in use. We have several traces showing the steady increase of sequence numbers then all of a sudden the ACK number takes step back by 1. There are no FIN segments in the preceeding traffic, but the now regressed ACK number is repeated in 7 segments sent and then a reset segment is issued and the two start exchanging data again. I am not allowed to post any of the data from the trace given the nature of the two systems involved, but here is an example of the way the ACK numbers run >From A to B port 2400 to 3564 4567 is ACK'd 4785 . 4948 4947 >From A to B port 2400 to 3565 466 is ACK'd 483 . 500 499 The link between the two is fine during this problem, utilisation drops but is nevera bove 20% anyway. Both host applicationms are still running and there are no process issues. The Cisco kit at either end is happy no error messages or the like so I we knows its host/app related. I can't find anything this specific in the archives and the nearest any of my textbooks come is to say a FIN has been issued - which the trace says is not the case. The reason for asking is that I didn't think it was possible to regress the sequence numbers, with the exception of the example from TCP/IP Illustrated Vol 2 noted above. Any ideas would be appreciated. Thanks Matt T Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56191&t=56189 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Windows meltdown??? [7:56190]
We had an interested situation develop yesterday, about mid morning the helpdesk manager reported a major problem with the network. Checked the network with HPOV and some basic stuff on the core switches to check cpu, peaks, etc. All was fine. Spoke to the NT team and it seems two servers are having problems, a file server and a BDC. After some investigation (event log checking probably) they tell me that the problem is caused by a machine becoming the master browser. So a man hunt begins for a machine (a non standard one from the name found for the machine) on a VLAN which was separate from the VLAN the servers sit on. The machine was not responding to pings and was probably not even being used! Eventually the user came back to his machine mid afternoon and we find the port being used and the NT guys disable his Computer Browser. In between finding the machine the two offending servers had to be re-booted to fix their mystery problems. >From what I know about the browser this shouldn't cause a problem on the network and if it does only with the windows machines in that subnet ( please correct feel free to correct me). Also XP has default registry settings to prevent it becoming the master browser - yep the guy was using XP (Japanese edition). Has anyone else had such a meltdown on their Windows environment because of such problems or is this just a case a apportioning blame to an outsider? Cheers Pat Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56190&t=56190 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
TCP Ack numbers suddenly regress [7:56189]
Anyone come across a situation where the ACK number suddenly steps back 1 and the link then resets ? Host A to Host B is running fine with the app using port 2400 on A talking to an app on B using ports 3564 & 3565 are in use. We have several traces showing the steady increase of sequence numbers then all of a sudden the ACK number takes step back by 1. There are no FIN segments in the preceeding traffic, but the now regressed ACK number is repeated in 7 segments sent and then a reset segment is issued and the two start exchanging data again. I am not allowed to post any of the data from the trace given the nature of the two systems involved, but here is an example of the way the ACK numbers run >From A to B port 2400 to 3564 4567 is ACK'd 4785 . 4948 4947 >From A to B port 2400 to 3565 466 is ACK'd 483 . 500 499 The link between the two is fine during this problem, utilisation drops but is nevera bove 20% anyway. Both host applicationms are still running and there are no process issues. The Cisco kit at either end is happy no error messages or the like so I we knows its host/app related. I can't find anything this specific in the archives and the nearest any of my textbooks come is to say a FIN has been issued - which the trace says is not the case. The reason for asking is that I didn't think it was possible to regress the sequence numbers, with the exception of the example from TCP/IP Illustrated Vol 2 noted above. Any ideas would be appreciated. Thanks Matt T Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56189&t=56189 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]