ESAFE Spam Filter.. [7:56344]
I just ordered it.. Anyone implemeted this yet? -Kevin _ Broadband? Dial-up? Get reliable MSN Internet Access. http://resourcecenter.msn.com/access/plans/default.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56344t=56344 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Written - the final push [7:56332]
Go thorugh 6500 documentation also. Especially PVLANs, VACLs, RACLs etc. Also if u have time breeze through these urls: Bridging Switching http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_6_3/confg_gd/spantree.htm#10890 http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sft_6_1/configgd/routing.htm#xtocid223388 http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_6_3/confg_gd/vlans.htm#xtocid551119 http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_6_3/confg_gd/acc_list.htm http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_6_3/confg_gd/span.htm http://www.cisco.com/warp/public/793/lan_switching/2.html http://www.cisco.com/warp/public/cc/pd/ibsw/ibdlsw/prodlit/dls12_rg.htm http://www.cisco.com/warp/public/793/lan_switching/6.html http://www.cisco.com/warp/public/473/77.html http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/tech/c65sp_wp.htm http://standards.ieee.org/getieee802/802.1.html http://www.cisco.com/warp/public/473/#LANSecurity http://www.cisco.com/warp/public/473/79.html http://cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_6_3/config/channel.htm http://cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ibm_c/bcprt1/bcdtb.htm#xtocid1869438 http://cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ibm_r/brprt1/br1dtb.htm#xtocid132742 http://cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ibm_c/bcprt1/bcdtb.htm Cisco Device Operation http://www.cisco.com/warp/public/432/features.html http://www.cisco.com/warp/public/63/vip_crash.html http://www.cisco.com/warp/public/66/23.html http://www.cisco.com/warp/public/63/pcmciamatrix.html http://www.cisco.com/warp/public/130/upgrade_index.shtml http://www.cisco.com/warp/public/473/34.shtml http://www.cisco.com/warp/public/473/46.html http://www.cisco.com/warp/public/474/11.html http://www.cisco.com/warp/public/473/81.shtml http://www.cisco.com/warp/public/473/14.shtml Desktop Protocols http://www.cisco.com/warp/public/473/33.html#ping http://www.cisco.com/warp/public/473/33.html#service http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/wan_c/wcdfrely.htm IP http://www.cisco.com/warp/public/cc/pd/iosw/ioft/ionetn/prodlit/1195_pp.htm http://www.cisco.com/networkers/nw00/pres/2212_6-28.pdf http://www.cisco.com/warp/public/105/5.html http://www.cisco.com/warp/public/63/ping_traceroute.html http://www.cisco.com/warp/public/759/ipj_2-3/ipj_2-3_oneb.html http://www.cisco.com/warp/public/105/56.html http://www.cisco.com/warp/public/105/acl_wp.html IP Routing http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s15/eigrpstb.htm Multicast http://www.cisco.com/warp/public/105/48.html LAN http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/1000gbic/instnote.htm#xtocid1019419 http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/6000hw/mod_inst/02prep.htm#xtocid21176 http://www.cisco.com/warp/public/473/46.html http://www.cisco.com/warp/public/102/wlan/connectivity.html#third http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_6_3/config/fddi.htm#xtocid2505711 http://www.cisco.com/warp/public/102/wlan/ap-faq.html#Q13 http://www.cisco.com/warp/public/784/packet/techspeak.html http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fswtch_c/swprt6/xcfvl.htm#77315 http://standards.ieee.org/getieee802/802.2.html http://standards.ieee.org/getieee802/802.3.html http://standards.ieee.org/getieee802/802.5.html http://standards.ieee.org/getieee802/802.11.html http://www.cisco.com/warp/public/697/troubleshooting_tr_interfaces.shtml http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/tokenrng.htm http://www.cisco.com/warp/public/473/46.html http://www.cisco.com/univercd/cc/td/doc/cisintwk/itg_v1/tr1904.htm#34634 http://cisco.com/warp/public/cc/so/neso/lnso/lnmnso/feth_tc.htm Multiservice http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fvvfax_r/vrf_a.htm#xtocid1720898 QoS http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c/index.htm http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c/index.htm http://www.cisco.com/warp/public/125/13.html http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121e/121e2/nbar2e.htm http://wwwin-iostm.cisco.com/qos/gtsconf.html http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_r/qrcmda.htm http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c/qcpart5/qcrsvp.htm#xtocid739315 Security http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/fsaaa/scfaaa.htm#xtocid258098
RE: Connecting 2 routers using modems through the aux [7:56340]
Do a show line whichever TTY has AUX next to is the port refered to as XX from now on. Modem Settings are as follows line XX login password put a password here flowcontrol hardware speed put the speed here transport input all stopbits 1 modem inout / or dialin Interface soft configs are as follows interface async XX encapsulation ppp async dynamic address async mode interactive ppp authentication chap / or PAP Interface hard configs are as follows line xx login local modem inout speed put speed here flowcontrol hardware rotary ## autoselect ppp US robotics external modems are not bad. Expect to pay about $60 for each. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56346t=56340 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Pix non-Rfc networks. [7:56347]
Hello, I was just reading this document,from the following link http://www.cisco.com/warp/customer/110/8.html I have attached the Pdf file of the same for your convinence :-). now coming to my doubt. If i have a network say like 192.5.2.0/24 inside the pix (connecting to internet) Does it mean that all the sites with 192.5.2.0/24 would not be accessible to the inside network ?? thanks and regards, Murali [GroupStudy.com removed an attachment of type application/octet-stream which had a name of non-rtc-net.pdf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56347t=56347 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Lock out by PIX [7:56342]
Hi Leo, What ever you are writing here is simply bad period!! No the pix is useless! meaning no access for nobody from outside. why? I ll explain in a sec. The only way u can connect to this pix is to use console or any other interface other than outside. I believe u first removed ur acl corresponding to match address right? if yes than u r locked out becasue there is no acl correspondign to match address and the default behaviour is to encrypt everyhting and i repeat everyhting.so ur pix is simply dropping anything which is not encrypted plus it is so busy in enc/decryption process that it has no time to allocate resources for your ssh sessions. if no then u should remove the entire crypto map and should not start with match address. This is a HAT wearing offence!! ;) Yeah plz login via console and go from there. Shahid Leo Song wrote:Hi, there. I connected to a PIX through Outside interface by using SSH, and to do some changes on the VPN tunnel, first of all I remove the crypto map xxx match address xxx in order to change that ACL, but just after that I was locked out and lost the connection to that PIX, and now I can't even ping that PIX while I can do so before, and my concern and questions is: 1. is that PIX still working properly, say the users could get access Outside from Inside, and it just lock SSH out or any access from Outside. 2. what's the general suggested methods or steps when dealing with ACL or Tunnel changes on a PIX, in order to avoid being locked out. 3. is there any remedy sloution at present, (and I don't have physical access to that PIX right now? Appreciate all of your help. Leo Best Regards. Shahid Muhammad Shafi Every man dies; not every man really lives remember, if God bringz u 2 it, He WILL bring u thru it!!!- Please help feed hungry people worldwide http://www.hungersite.com/ A small thing each of us can do to help others less fortunate than ourselves - Do you Yahoo!? Y! Web Hosting - Let the expert host your web site Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56348t=56342 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX CCO question [7:56162]
6.2 supports groups now -Original Message- From: [EMAIL PROTECTED] [mailto:nobody;groupstudy.com] On Behalf Of Symon Thurlow Sent: Friday, October 25, 2002 6:46 PM To: [EMAIL PROTECTED] Subject: RE: PIX CCO question [7:56162] No, but I recently purchased 2 x 515's and they arrived with 6.1. I migrated the customer from Checkpoint to these two PIX's. In Checkpoint (a much easier product to configure IMHO) I had about 13 rules in the ruleset, utilising lots of groups. 6.1 doesn't support groups, so I was faced with having to create hundreds of rules. I called the reseller, and they emailed me 6.22 and PDM 2.02 on the same day! The also said that next time, specify the desired OS and they will pre-install. This is in London, where, hmm, customer service is not a priority...!!! So you should be able to get it done where you are. Symon -Original Message- From: sam sneed [mailto:vristevski;hotmail.com] Sent: 24 October 2002 16:57 To: [EMAIL PROTECTED] Subject: Re: PIX CCO question [7:56162] Thats really good to hear. My main concern is that I want the OS to support PPP over ethernet which I believe is only avaible on newer versions. Anyone know the exact version that supports this? wrote in message news:200210241459.OAA14364;groupstudy.com... I ran into this recently, but the PIX was running 6.1. You usually have a standard one year equipment warranty; that should cover something like that Be really really nice when you open a case. They usually are willing to help out. Another great thing about Cisco!!! -Original Message- From: sam sneed [mailto:vristevski;hotmail.com] Sent: Thursday, October 24, 2002 9:21 AM To: [EMAIL PROTECTED] Subject: Re: PIX CCO question [7:56162] My question only pertains to new equipment. For example, lets say I buy a brand new PIX online. The place I buy from has one in stock thats been sitting around for a year and they ship me that one. It has an older OS , lets say 5.4 with a few significant bugs. What do I do then? I'm basically left with a piece of brand new equipment that doesn't work right. I figured Cisco had a 90 day warranty or soemhting that would cover getting the new OS? Anyone know about this for sure? Loken, Bjorn wrote in message news:200210241200.MAA01818;groupstudy.com... I was looking into getting a PIX and had a question. If cdw.com (for instance) ships one over with an older OS and I want the current OS loaded on it what happens if I don't have a CCO support contract. Is there a grace period once you buy the product to be able to download the latest OS and the instructions to upgrade? Hi there, in the price list there is an option for PIX Firewall Relicensing for Used Equipment. A brief comparison of the prices shows no difference between the relicensing prices, and the price for a regular licence. I'm not aware of any option from Cisco where they let you download new software for free when buying used equipment. -Bjorn This message contains information that may be privileged or confidential and is the property of the Cap Gemini Ernst Young Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. = This email has been content filtered and subject to spam filtering. If you consider this email is unsolicited please forward the email to [EMAIL PROTECTED] and request that the sender's domain be blocked from sending any further emails. = Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56349t=56162 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP [7:56288]
I'm 3/4 of the way through, just CIT to go. I did it in this order - routing, switching, remote access but I suggest doing it this way, instead - routing, remote access, switching. The remote access test is kindof an extension of routing, so I would definitely do it after routing. I think the remote access study material, books, etc. assumes you already have learned things like passive interfaces, static routes, etc. If you don't have knowledge of that stuff already, either from studying for the routing test or from real world experience, you'll be at a disadvantage when going for the remote access test and it'll be more difficult than it needs to be. IMHO. If you'd like, you can email me with questions. I'd be happy to answer. Good luck. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56350t=56288 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Routing sims [7:56132]
Kay and Fred, thanks for the advice too. I think I will go ahead with sourcing a simulator as I feel I remember and understand thing far better if I can actually implement them a few times or even whilst I'm reading the particular chapters. Regards, James. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56351t=56132 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Using PAT with NAT Pools [7:56208]
Hi, http://www.cisco.com/warp/public/556/nat-faq.html#Q13 (including Q14) describes the functionality when using multiple addresses in an overload. As MADMAN says, it4s kind of arbitrary. Some colleagues of mine tried to NAT/PAT in the same way that You want about a year ago, but unfortunately the did not find a solution. They ended up with a PIX instead. I don4t think it is possible. Dan MADMAN wrote: Add the command overload: ip nat inside source list 1 pool NATPOOL overload but like I mentioned earlier this does not mean IOS will use NAT until the last address is used, it seems rather arbitrary wheras the PIX will use all the NAT address before using PAT. Dave trammer wrote: Kind of, ip nat pool NATPOOL 192.168.1.10 192.168.1.20 netmask 255.255.255.0 ip nat inside source list 1 pool NATPOOL ip access-list 1 permit 10.1.0.0 0.0.255.255 Where would one go from here to have the NAT pool of 1.10 to 1.20 utilized and also PAT if every address is used from the pool. The nat inside source list defines which addresses can be nated from the pool. Another form of the command is with the overload statement as you mentioned. But if I enter this it will only PAT through the first address in the pool in testing (192.168.1.10. I can't determine if it would use the next address in the pool because of the use of numerous ports. Will it just dynamically choose from the pool as if they are all PAT addresses? If this is the case then it sounds like in the situation I am trying to address I would be best off defining a static NAT mapping from the pool to the outside for the specific hosts that I want, and let the rest PAT. Hopefully this makes sense. -Adam MADMAN wrote in message news:200210241940.TAA32116;groupstudy.com... do you mean: C2620B(config)#ip nat inside source list 1 pool MADMAN overload Dave trammer wrote: Dave, Can you post an example. Is the syntax different then what I am thinking. thnx MADMAN wrote in message news:200210241606.QAA03297;groupstudy.com... Use the overload command though unlike the PIX when you overload, (PAT) on a router it's kinda arbitrary. Some connection will use NAT and others will PAT, it does not wait until the last address in the pool is used before converting to PAT. Dave trammer wrote: Hello, Quick question that I am having trouble locating the answer on. Basically I need to know whether you can configure PAT to work in conjunction with a NAT pool on an IOS router. 12.2.x on 2621? Ex. Nat pool of 192.168.1.10-192.168.1.20 Once all nat pool IPs are taken. Roll to a PAT on say 192.168.1.21. Naturally I would think this is possible, but then again I could be wrong. I know this is possible on the PIX but cannot find specifics for an IOS router configuration. Thanks. Cheers -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56354t=56208 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Lock out by PIX [7:56342]
Just reboot the pix...SSH has nothing to do with crypto maps or VPN's It's just allows secure remote access through the outide interface via secure shell :) No vpn connection involved ..as previous response stated earlier, you should have first remove the crypto map binding to the outside interface first to avoid the issue... -Original Message- From: [EMAIL PROTECTED] [mailto:nobody;groupstudy.com]On Behalf Of Shahid Muhammad Shafi Sent: Saturday, October 26, 2002 6:52 AM To: [EMAIL PROTECTED] Subject: Re: Lock out by PIX [7:56342] Hi Leo, What ever you are writing here is simply bad period!! No the pix is useless! meaning no access for nobody from outside. why? I ll explain in a sec. The only way u can connect to this pix is to use console or any other interface other than outside. I believe u first removed ur acl corresponding to match address right? if yes than u r locked out becasue there is no acl correspondign to match address and the default behaviour is to encrypt everyhting and i repeat everyhting.so ur pix is simply dropping anything which is not encrypted plus it is so busy in enc/decryption process that it has no time to allocate resources for your ssh sessions. if no then u should remove the entire crypto map and should not start with match address. This is a HAT wearing offence!! ;) Yeah plz login via console and go from there. Shahid Leo Song wrote:Hi, there. I connected to a PIX through Outside interface by using SSH, and to do some changes on the VPN tunnel, first of all I remove the crypto map xxx match address xxx in order to change that ACL, but just after that I was locked out and lost the connection to that PIX, and now I can't even ping that PIX while I can do so before, and my concern and questions is: 1. is that PIX still working properly, say the users could get access Outside from Inside, and it just lock SSH out or any access from Outside. 2. what's the general suggested methods or steps when dealing with ACL or Tunnel changes on a PIX, in order to avoid being locked out. 3. is there any remedy sloution at present, (and I don't have physical access to that PIX right now? Appreciate all of your help. Leo Best Regards. Shahid Muhammad Shafi Every man dies; not every man really lives remember, if God bringz u 2 it, He WILL bring u thru it!!!- Please help feed hungry people worldwide http://www.hungersite.com/ A small thing each of us can do to help others less fortunate than ourselves - Do you Yahoo!? Y! Web Hosting - Let the expert host your web site Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56355t=56342 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP Best Path Algorithm -- Trick [7:56356]
OK, from Cisco http://www.cisco.com/warp/public/459/25.shtml Step 3: Prefer the path that was locally originated via a network or aggregate BGP subcommand, or through redistribution from an IGP. Local paths sourced by network/redistribute commands are preferred over local aggregates sourced by the aggregate-address command. Step 4: Prefer the path with the shortest AS_PATH Step 5: Prefer the path with the lowest origin type: IGP is lower than EGP, and EGP is lower than INCOMPLETE My question: In step 3 if a path is locally originated within a AS, it's path will always be shorter than any path learned through over means. So what is the rational for this step? I bet it is used in some trick configuration and I admit I have run out of imagination... Any hint would be greatly appreciated. Thanks, Pierre-Alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56356t=56356 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Pix non-Rfc networks. [7:56347]
Yes, You will never even make it to the pix if your destined for the 192.5.2.0/24 network. -Original Message- From: [EMAIL PROTECTED] [mailto:nobody;groupstudy.com]On Behalf Of [EMAIL PROTECTED] Sent: Saturday, October 26, 2002 5:05 AM To: [EMAIL PROTECTED] Subject: Pix non-Rfc networks. [7:56347] Hello, I was just reading this document,from the following link http://www.cisco.com/warp/customer/110/8.html I have attached the Pdf file of the same for your convinence :-). now coming to my doubt. If i have a network say like 192.5.2.0/24 inside the pix (connecting to internet) Does it mean that all the sites with 192.5.2.0/24 would not be accessible to the inside network ?? thanks and regards, Murali [GroupStudy.com removed an attachment of type application/octet-stream which had a name of non-rtc-net.pdf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56357t=56347 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Dreadful writing on CCNP support exam. [7:56237]
I couldn't agree with you more, I failed by six points (guess I need more quality studying time). Some questions had me asking what are they asking here the meaning of life. Not that I'm sour grapes but yes the wording is very vague at best. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56358t=56237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HighAvailability on Dual MSFCII's [7:56325]
Bob, We tried the HSRP mode at first in our 6513. What we learned was this: 1 - Both MSFCs must be configured the same with the exception of a few specific parameters (IP address, HSRP parameters, Apple Talk, etc.) or the ASICs wouldn't be programmed consistently. http://www.cisco.com/en/US/products/hw/switches/ps700/products_configuration_guide_chapter09186a008007fa3c.html#43570 2 - Since we use Apple Talk, we either had to manually make sure the two configurations were synchronized or deal with turning config sync on and off every time we needed to change something that wasn't handled by config sync. 3 - We didn't want to deal with the headache of manual synchronization. We finally decided SRM would work better for us. Just a single configuration to deal with. The down side is it can take up to 2 minutes to fail over to the redundant MSFC while all the tables repopulate. This time period is now configurable. http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a008007ec13.html#33310 Hope this helps. Ken McManus, Robert BGI SDC 10/25/02 04:38PM I was hoping someone could shed some light on this topic. Right now I have been given the responsibility to implement this on 2 new 6513's with dual supII's. I have been testing with basic configs using HSRP in addition to the Highavailabilty/configsync option. It has been nothing but confusing so far... Any info or experience with this feature would be appreciated. Thanks Bob Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56359t=56325 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ack attack or config prob? [7:56341]
I don't have an answer to your question, though it does sound like a DoS attack to me... My only input is that if you are running NT 4.0 Servers, definitely ensure they are running Service Pack 6a, which you can get from MS's site. Also, if you are running Exchange, make sure you have SP 4 installed, as it fixes several issues relating to some critical Exchange functions. For more info, review the release notes for both service packs before installing. Let us know what the ISP's security folks find... this would be an interesting learning experience. -Mark -Original Message- From: Garrett Allen [mailto:garrett.allen;erols.com] Sent: Friday, October 25, 2002 10:51 PM To: [EMAIL PROTECTED] Subject: ack attack or config prob? [7:56341] heys, ran into something interesting today. not sure if it is a dos attack or if it indicates an ip stack misconfig. here is the symptom: periodically through the day today we received 100,000 packet bursts on a t-1 circuit. this is a name-brand provider. when the burst occurs it is from the same ip address. on some bursts the packets are all acks. on others they are all fin acks. they are directed at our email servers. when they occur the packets in a burst are all sourced from the same ip address. in the one case where we resolved the ip address back it was another orgs email server. based on the router interface stats the traffic is coming from the outside and is not an internal broadcast storm. per the ms site, A default-configured Windows NT 3.5x or 4.0 computer will retransmit the SYN-ACK 5 times, doubling the time-out value after each retransmission. if the same logic holds for other parts of the handshake then i'm at a loss to explain tens of thousands of packets unless it is an exploit of a weakness in the stack that allows for virtually unlimited retries. anyone run into this kind of situation before and was the resolution a service pack or other such server upgrade? it caused considerable slowness on external accesses as you might imagine. i grabbed a number of traces documenting it and we did contact our provider (they opened a ticket with their security folk). thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56360t=56341 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP Best Path Algorithm -- Trick [7:56356]
Sorry about the bad grammar. I must have been tired. Here is the same message again hopefully without typos. OK, from Cisco http://www.cisco.com/warp/public/459/25.shtml Step 3: Prefer the path that was locally originated via a network or aggregate BGP subcommand, or through redistribution from an IGP. Local paths sourced by network/redistribute commands are preferred over local aggregates sourced by the aggregate-address command. Step 4: Prefer the path with the shortest AS_PATH Step 5: Prefer the path with the lowest origin type: IGP is lower than EGP, and EGP is lower than INCOMPLETE - My question: In step 3, if a path is locally originated within a AS, its path will always be shorter than any path learned through other means. So what is the rational for this step? I bet it is used in some trick configuration, and I admit I have run out of imagination... Any hint would be greatly appreciated. Thanks, Pierre-Alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56361t=56356 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ack attack or config prob? [7:56341]
mark, will keep you informed when we do hear from the vendors security folk. as an aside ethereal (a really great lil' analyzer freely available for download) had no problem keeping up with the data volumes - but do configure it with various address translations turned off or it will appear to hang when dealing with these data volumes. we are on exchange 5.5 / nt 4 running the latest service packs. the ms web site is generally good for technical info but i've not found anything on this particular set of symptoms which is why i question whether it is an exploit or a misconfig. thanks. - Original Message - From: Mark W. Odette II To: Sent: Saturday, October 26, 2002 3:41 PM Subject: RE: ack attack or config prob? [7:56341] I don't have an answer to your question, though it does sound like a DoS attack to me... My only input is that if you are running NT 4.0 Servers, definitely ensure they are running Service Pack 6a, which you can get from MS's site. Also, if you are running Exchange, make sure you have SP 4 installed, as it fixes several issues relating to some critical Exchange functions. For more info, review the release notes for both service packs before installing. Let us know what the ISP's security folks find... this would be an interesting learning experience. -Mark -Original Message- From: Garrett Allen [mailto:garrett.allen;erols.com] Sent: Friday, October 25, 2002 10:51 PM To: [EMAIL PROTECTED] Subject: ack attack or config prob? [7:56341] heys, ran into something interesting today. not sure if it is a dos attack or if it indicates an ip stack misconfig. here is the symptom: periodically through the day today we received 100,000 packet bursts on a t-1 circuit. this is a name-brand provider. when the burst occurs it is from the same ip address. on some bursts the packets are all acks. on others they are all fin acks. they are directed at our email servers. when they occur the packets in a burst are all sourced from the same ip address. in the one case where we resolved the ip address back it was another orgs email server. based on the router interface stats the traffic is coming from the outside and is not an internal broadcast storm. per the ms site, A default-configured Windows NT 3.5x or 4.0 computer will retransmit the SYN-ACK 5 times, doubling the time-out value after each retransmission. if the same logic holds for other parts of the handshake then i'm at a loss to explain tens of thousands of packets unless it is an exploit of a weakness in the stack that allows for virtually unlimited retries. anyone run into this kind of situation before and was the resolution a service pack or other such server upgrade? it caused considerable slowness on external accesses as you might imagine. i grabbed a number of traces documenting it and we did contact our provider (they opened a ticket with their security folk). thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56362t=56341 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix non-Rfc networks. [7:56347]
In article , [EMAIL PROTECTED] says... Hello, I was just reading this document,from the following link http://www.cisco.com/warp/customer/110/8.html I have attached the Pdf file of the same for your convinence :-). now coming to my doubt. If i have a network say like 192.5.2.0/24 inside the pix (connecting to internet) Does it mean that all the sites with 192.5.2.0/24 would not be accessible to the inside network ?? thanks and regards, Murali Yes, but it's not limited to the Pix. If your internal network is using one subnet, your devices will never be able to get to devices on the Internet using addresses from the same subnet. When your machine looks at the destination address, it thinks it is on its local network (layer 2) and will not even bother going to the default gateway for it. I've done the same thing by 'fat fingering' the mask to encapsulate more than the intended addresses (255.255.0.0 instead of 255.255.255.0 for instance). If the destination address would normally fall outside your subnet, but you stuffed up the mask and now it is included, your machine doesn't bother going to the default gateway to find it. Can I chip in with a question for everyone now? If you apply more specific routes to all devices for an address which should appear on your local subnet, will it then try the routed path to the device. eg Machine addressed 100.100.100.100 255.255.255.0 route add 100.100.100.10 mask 255.255.255.255 [default gateway] Not that you'd want to do it, but just wondering. Cheers, Gaz Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56363t=56347 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Redistributing RIP into OSPF Lab practice [7:56313]
THe trick is to see if you can do it in 1 access-list statement. I think it can be done in 1. -- RFC 1149 Compliant. J B wrote in message news:200210252026.UAA12924;groupstudy.com... Thanks for the Help JB Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56364t=56313 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ack attack or config prob? [7:56341]
It sounds like you were under attack, though it's hard to say for sure. I doubt that it's a misconfig on your end, though. It could be a misconfig at the other server, but probably not. I don't think you can set the parameters that badly!? :-) It sounds like a DoS attack because of the volume of 100,000 packets. What's the timeframe, though? You said burst so I assume pretty quick. Did the problem happen just once or has it reoccured? What do any relevant logs show? Do you have a firewall or Intrusion Detection System that logs info? How about the server itself? Does it show anything in its log? Were all the packets to the server? Were they ACKs or SYN ACKs? You mentioned both. Were they in response to something your server sent? Were they always the same ACK number? What were the port numbers? You mentioned e-mail, so were the packets to port 25 for SMTP? SMTP implementations used to have many security flaws. Hopefully those would be fixed in a modern OS, but you never know. Usually, DoS attacks are SYNs, but there are probably ones that use ACKs or SYN ACKs too. A search on Google might reveal more info. Anyway, I think you did the right thing by getting the ISP security folks involved. Keep us posted, unless they recommend that you keep it quiet. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Garrett Allen wrote: heys, ran into something interesting today. not sure if it is a dos attack or if it indicates an ip stack misconfig. here is the symptom: periodically through the day today we received 100,000 packet bursts on a t-1 circuit. this is a name-brand provider. when the burst occurs it is from the same ip address. on some bursts the packets are all acks. on others they are all fin acks. they are directed at our email servers. when they occur the packets in a burst are all sourced from the same ip address. in the one case where we resolved the ip address back it was another orgs email server. based on the router interface stats the traffic is coming from the outside and is not an internal broadcast storm. per the ms site, A default-configured Windows NT 3.5x or 4.0 computer will retransmit the SYN-ACK 5 times, doubling the time-out value after each retransmission. if the same logic holds for other parts of the handshake then i'm at a loss to explain tens of thousands of packets unless it is an exploit of a weakness in the stack that allows for virtually unlimited retries. anyone run into this kind of situation before and was the resolution a service pack or other such server upgrade? it caused considerable slowness on external accesses as you might imagine. i grabbed a number of traces documenting it and we did contact our provider (they opened a ticket with their security folk). thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56365t=56341 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix non-Rfc networks. [7:56347]
No need to doubt. If you have the network 192.5.2.0/24 inside the pix, why would a client want to connect to the same network outside the pix? As far as the client is concerned it is ON the 192.5.2.0/24 network!! - Original Message - From: Brett spunt To: Sent: Saturday, October 26, 2002 7:36 PM Subject: RE: Pix non-Rfc networks. [7:56347] Yes, You will never even make it to the pix if your destined for the 192.5.2.0/24 network. -Original Message- From: [EMAIL PROTECTED] [mailto:nobody;groupstudy.com]On Behalf Of [EMAIL PROTECTED] Sent: Saturday, October 26, 2002 5:05 AM To: [EMAIL PROTECTED] Subject: Pix non-Rfc networks. [7:56347] Hello, I was just reading this document,from the following link http://www.cisco.com/warp/customer/110/8.html I have attached the Pdf file of the same for your convinence :-). now coming to my doubt. If i have a network say like 192.5.2.0/24 inside the pix (connecting to internet) Does it mean that all the sites with 192.5.2.0/24 would not be accessible to the inside network ?? thanks and regards, Murali [GroupStudy.com removed an attachment of type application/octet-stream which had a name of non-rtc-net.pdf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56366t=56347 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Pix non-Rfc networks. [7:56347]
True, but that network is not a private ip, so if inside host is trying to hit a live web server at 192.5.2.x, there are SCREWED, ya know. -Original Message- From: gogarty [mailto:ciaron;gogarty.net] Sent: Saturday, October 26, 2002 4:47 PM To: Brett spunt; [EMAIL PROTECTED] Subject: Re: Pix non-Rfc networks. [7:56347] No need to doubt. If you have the network 192.5.2.0/24 inside the pix, why would a client want to connect to the same network outside the pix? As far as the client is concerned it is ON the 192.5.2.0/24 network!! - Original Message - From: Brett spunt To: Sent: Saturday, October 26, 2002 7:36 PM Subject: RE: Pix non-Rfc networks. [7:56347] Yes, You will never even make it to the pix if your destined for the 192.5.2.0/24 network. -Original Message- From: [EMAIL PROTECTED] [mailto:nobody;groupstudy.com]On Behalf Of [EMAIL PROTECTED] Sent: Saturday, October 26, 2002 5:05 AM To: [EMAIL PROTECTED] Subject: Pix non-Rfc networks. [7:56347] Hello, I was just reading this document,from the following link http://www.cisco.com/warp/customer/110/8.html I have attached the Pdf file of the same for your convinence :-). now coming to my doubt. If i have a network say like 192.5.2.0/24 inside the pix (connecting to internet) Does it mean that all the sites with 192.5.2.0/24 would not be accessible to the inside network ?? thanks and regards, Murali [GroupStudy.com removed an attachment of type application/octet-stream which had a name of non-rtc-net.pdf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56367t=56347 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Tag-switching and MPLS interface commands [7:56368]
Does anybody know the differences between the the interface commands tag-switching ip and mpls ip (or better yet, have a good URL for it)? On both my 2610 and 2500's, when I enter the mpls ip command, the tag-switching ip command appears in my configuration. I've been through both of my MPLS books and haven't seen how they differ... Thanks... --- Dennis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56368t=56368 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ack attack or config prob? [7:56341]
priscilla, the bursts were To: Sent: Saturday, October 26, 2002 7:40 PM Subject: RE: ack attack or config prob? [7:56341] It sounds like you were under attack, though it's hard to say for sure. I doubt that it's a misconfig on your end, though. It could be a misconfig at the other server, but probably not. I don't think you can set the parameters that badly!? :-) It sounds like a DoS attack because of the volume of 100,000 packets. What's the timeframe, though? You said burst so I assume pretty quick. Did the problem happen just once or has it reoccured? What do any relevant logs show? Do you have a firewall or Intrusion Detection System that logs info? How about the server itself? Does it show anything in its log? Were all the packets to the server? Were they ACKs or SYN ACKs? You mentioned both. Were they in response to something your server sent? Were they always the same ACK number? What were the port numbers? You mentioned e-mail, so were the packets to port 25 for SMTP? SMTP implementations used to have many security flaws. Hopefully those would be fixed in a modern OS, but you never know. Usually, DoS attacks are SYNs, but there are probably ones that use ACKs or SYN ACKs too. A search on Google might reveal more info. Anyway, I think you did the right thing by getting the ISP security folks involved. Keep us posted, unless they recommend that you keep it quiet. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Garrett Allen wrote: heys, ran into something interesting today. not sure if it is a dos attack or if it indicates an ip stack misconfig. here is the symptom: periodically through the day today we received 100,000 packet bursts on a t-1 circuit. this is a name-brand provider. when the burst occurs it is from the same ip address. on some bursts the packets are all acks. on others they are all fin acks. they are directed at our email servers. when they occur the packets in a burst are all sourced from the same ip address. in the one case where we resolved the ip address back it was another orgs email server. based on the router interface stats the traffic is coming from the outside and is not an internal broadcast storm. per the ms site, A default-configured Windows NT 3.5x or 4.0 computer will retransmit the SYN-ACK 5 times, doubling the time-out value after each retransmission. if the same logic holds for other parts of the handshake then i'm at a loss to explain tens of thousands of packets unless it is an exploit of a weakness in the stack that allows for virtually unlimited retries. anyone run into this kind of situation before and was the resolution a service pack or other such server upgrade? it caused considerable slowness on external accesses as you might imagine. i grabbed a number of traces documenting it and we did contact our provider (they opened a ticket with their security folk). thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56369t=56341 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Where are the good practice labs online? [7:56370]
Hi Folks, I need some feedback on what are the better online practice labs out there (ie Fatkid etc)? My date is coming up soon and I need some more resources that reflect the new format. Thanks in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56370t=56370 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: trying a third time [7:56293]
Hi Aaron, Thanks for the useful information. I am also studying for BCRAN exam and scheduled to do it in a months time. That is very useful information - Thanks. CCNP-to-be Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56371t=56293 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tag-switching and MPLS interface commands [7:56372]
I believe the main difference between the two is that tag-switching ip turns on TDP which is Cisco proprietary and MPLS IP turns on LDP which is the open standard everyone adopted after Cisco came up with tag switching I think each are implemented slightly differently but both are basically used to distribute label information in the network. The only thing I can recall at this moment is that they use different tcp port numbers but that is about it. I am not sure why turning on mpls ip would show the tag-switching ip in the configuration. - Paul http://www.convergedigest.com/tutorials/mpls2/page1.htm Dennis Laganiere wrote: Does anybody know the differences between the the interface commands tag-switching ip and mpls ip (or better yet, have a good URL for it)? On both my 2610 and 2500's, when I enter the mpls ip command, the tag-switching ip command appears in my configuration. I've been through both of my MPLS books and haven't seen how they differ... Thanks... --- Dennis - Do you Yahoo!? Y! Web Hosting - Let the expert host your web site Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56372t=56372 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ack attack or config prob? [7:56341]
the filter doesn't like special characters. sorry. here is another try without the less than symbol: priscilla, the bursts were less than 2mins each in duration as i recall. they occurred sporatically through the day. i have traces and i'll look for more precise timeframes later tonite. within each burst the packets were from the same ip address. there were at least 2 unique non-contiguous ip addresses involved and 1 repeated a burst at least once that we tracked (i.e. at least 2 bursts of 100k packets). the trace reveals acks and fin acks; no syn or syn ack's noted (my reference to syn acks in the prior email was the only reference i could find on the ms site that discussed their retry implementation, which could cause this if it was unlimited). firewalls are in place which is why i was going down the path of a misconfiguration on our servers. in theory the firewall vendor states that the firewall is doing a stateful inspection and we did see some evidence of packets being dropped at the firewall - but not all. if the session was not previously opened the firewall should drop the ack and fin ack's as they are not a valid start of session transmission. each burst contained the same sequence and ack numbers. i wondered at first if it was our servers that was initiating this behavior pattern. we did reboot the servers. urban legend has it (i.e. my neighbor has a friend whose wife's cousin said ...) that unexpected terminations of outlook web access can cause this kind of behavior to occur, but it is just legend. an examination of the trace doesn't point in that direction but i need to spend more time reviewing them. and the problem reoccurred after the reboots. like i said i think it is an interesting issue because there are so many possibilities and it forces one to think about all the many things that can go wrong. thanks for your insights and thoughtful questions. - Original Message - From: Garrett Allen To: Sent: Saturday, October 26, 2002 9:59 PM Subject: Re: ack attack or config prob? [7:56341] priscilla, the bursts were To: Sent: Saturday, October 26, 2002 7:40 PM Subject: RE: ack attack or config prob? [7:56341] It sounds like you were under attack, though it's hard to say for sure. I doubt that it's a misconfig on your end, though. It could be a misconfig at the other server, but probably not. I don't think you can set the parameters that badly!? :-) It sounds like a DoS attack because of the volume of 100,000 packets. What's the timeframe, though? You said burst so I assume pretty quick. Did the problem happen just once or has it reoccured? What do any relevant logs show? Do you have a firewall or Intrusion Detection System that logs info? How about the server itself? Does it show anything in its log? Were all the packets to the server? Were they ACKs or SYN ACKs? You mentioned both. Were they in response to something your server sent? Were they always the same ACK number? What were the port numbers? You mentioned e-mail, so were the packets to port 25 for SMTP? SMTP implementations used to have many security flaws. Hopefully those would be fixed in a modern OS, but you never know. Usually, DoS attacks are SYNs, but there are probably ones that use ACKs or SYN ACKs too. A search on Google might reveal more info. Anyway, I think you did the right thing by getting the ISP security folks involved. Keep us posted, unless they recommend that you keep it quiet. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Garrett Allen wrote: heys, ran into something interesting today. not sure if it is a dos attack or if it indicates an ip stack misconfig. here is the symptom: periodically through the day today we received 100,000 packet bursts on a t-1 circuit. this is a name-brand provider. when the burst occurs it is from the same ip address. on some bursts the packets are all acks. on others they are all fin acks. they are directed at our email servers. when they occur the packets in a burst are all sourced from the same ip address. in the one case where we resolved the ip address back it was another orgs email server. based on the router interface stats the traffic is coming from the outside and is not an internal broadcast storm. per the ms site, A default-configured Windows NT 3.5x or 4.0 computer will retransmit the SYN-ACK 5 times, doubling the time-out value after each retransmission. if the same logic holds for other parts of the handshake then i'm at a loss to explain tens of thousands of packets unless it is an exploit of a weakness in the stack that allows for virtually unlimited retries. anyone run into this kind of situation before and was the resolution a service pack or other such server upgrade? it
Re: hate cisco's new site? [7:56236]
Howard C. Berkowitz wrote in message news:200210252303.XAA06341;groupstudy.com... Tim Medley wrote: Oh did they mean to redesign the website? I thought some script kiddies defaced it and Cisco hadn't had time to fix it. Nope, marketing kiddies! ;-) Priscilla Oh. Script kiddies with incompetent adult supervision. CL: all in good fun so far, but I am starting to run into some real issues. I work for one of Cisco's largest partners, and my CCO account gives me access to a number of partner specific areas that I use regularly. I was working on something for a client, was sent a link by Cisco pre-sales ( partner only information link ) and I have been unable to get in. Let's see - fifteen email messages later we fixed it try - grrr no you didn't ... try it now ,,, still doesn't work and I am giving up. What's more irritating is that every time I respond to their automated e-mail, I get a reply that says write your comments between the lines ( special formatting ) Thing is, on the original e-mail, these formatting lines do not exist. CL: I can live with the marketing crap. I can live with the colors. I can't live with the loss of certain functionality. CL: I will say that if you dig around, there can be a lot more and a lot better information to be found. CL: I can also say with assurance that there are some tools, like the configurator, which still need a LOT of work. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56326t=56236 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Written - the final push [7:56332]
Thank you everyone who has sent advice, links and encouragement. Today I'm spending the day reading the various CCO links people have sent; reviewing the highlighted sections of the books I read; going through bosons#1 and #3; and just trying to pack it all in. I hope to have positive news for the group late tomorrow. Thank you again for all the support. Tick Shahid Muhammad Shafi wrote:Go thorugh 6500 documentation also. Especially PVLANs, VACLs, RACLs etc. Also if u have time breeze through these urls: Bridging Switching http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_6_3/confg_gd/spantree.htm#10890 http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sft_6_1/configgd/routing.htm#xtocid223388 http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_6_3/confg_gd/vlans.htm#xtocid551119 http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_6_3/confg_gd/acc_list.htm http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_6_3/confg_gd/span.htm http://www.cisco.com/warp/public/793/lan_switching/2.html http://www.cisco.com/warp/public/cc/pd/ibsw/ibdlsw/prodlit/dls12_rg.htm http://www.cisco.com/warp/public/793/lan_switching/6.html http://www.cisco.com/warp/public/473/77.html http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/tech/c65sp_wp.htm http://standards.ieee.org/getieee802/802.1.html http://www.cisco.com/warp/public/473/#LANSecurity http://www.cisco.com/warp/public/473/79.html http://cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_6_3/config/channel.htm http://cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ibm_c/bcprt1/bcdtb.htm#xtocid1869438 http://cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ibm_r/brprt1/br1dtb.htm#xtocid132742 http://cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ibm_c/bcprt1/bcdtb.htm Cisco Device Operation http://www.cisco.com/warp/public/432/features.html http://www.cisco.com/warp/public/63/vip_crash.html http://www.cisco.com/warp/public/66/23.html http://www.cisco.com/warp/public/63/pcmciamatrix.html http://www.cisco.com/warp/public/130/upgrade_index.shtml http://www.cisco.com/warp/public/473/34.shtml http://www.cisco.com/warp/public/473/46.html http://www.cisco.com/warp/public/474/11.html http://www.cisco.com/warp/public/473/81.shtml http://www.cisco.com/warp/public/473/14.shtml Desktop Protocols http://www.cisco.com/warp/public/473/33.html#ping http://www.cisco.com/warp/public/473/33.html#service http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/wan_c/wcdfrely.htm IP http://www.cisco.com/warp/public/cc/pd/iosw/ioft/ionetn/prodlit/1195_pp.htm http://www.cisco.com/networkers/nw00/pres/2212_6-28.pdf http://www.cisco.com/warp/public/105/5.html http://www.cisco.com/warp/public/63/ping_traceroute.html http://www.cisco.com/warp/public/759/ipj_2-3/ipj_2-3_oneb.html http://www.cisco.com/warp/public/105/56.html http://www.cisco.com/warp/public/105/acl_wp.html IP Routing http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s15/eigrpstb.htm Multicast http://www.cisco.com/warp/public/105/48.html LAN http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/1000gbic/instnote.htm#xtocid1019419 http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/6000hw/mod_inst/02prep.htm#xtocid21176 http://www.cisco.com/warp/public/473/46.html http://www.cisco.com/warp/public/102/wlan/connectivity.html#third http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_6_3/config/fddi.htm#xtocid2505711 http://www.cisco.com/warp/public/102/wlan/ap-faq.html#Q13 http://www.cisco.com/warp/public/784/packet/techspeak.html http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fswtch_c/swprt6/xcfvl.htm#77315 http://standards.ieee.org/getieee802/802.2.html http://standards.ieee.org/getieee802/802.3.html http://standards.ieee.org/getieee802/802.5.html http://standards.ieee.org/getieee802/802.11.html http://www.cisco.com/warp/public/697/troubleshooting_tr_interfaces.shtml http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/tokenrng.htm http://www.cisco.com/warp/public/473/46.html http://www.cisco.com/univercd/cc/td/doc/cisintwk/itg_v1/tr1904.htm#34634 http://cisco.com/warp/public/cc/so/neso/lnso/lnmnso/feth_tc.htm Multiservice http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fvvfax_r/vrf_a.htm#xtocid1720898 QoS http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c/index.htm http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c/index.htm http://www.cisco.com/warp/public/125/13.html http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121e/121e2/nbar2e.htm http://wwwin-iostm.cisco.com/qos/gtsconf.html http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_r/qrcmda.htm http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c/qcpart5/qcrsvp.htm#xtocid739315 Security
HSRP B/W Layer 3 Devices [7:56374]
Can HSRP work between to layer 3 devices? If I have (2) 6000 Layer 3 Catalyst switches and (2) 7500 series routers. I want to connect each 6000 switches to 7500 routers. For Example, I can connect (2) 6009A/6009B to 7507A/7507B via subnets 172.16.10.0/24, and 172.16.20.0/24. Configs:6009A:int vlan 10ip address 172.16.10.2 255.255.255.0standby 10 ip addres 172.16.10.1standby 10 priority 110standby 10 preempt int vlan 11ip address 172.16.11.3 255.255.255.0standby 11 ip address 172.16.11.1standby 11 priroity 100 6009B int vlan 10ip address 172.16.10.3 255.255.255.0 standby 10 ip addres 172.16.10.1standby 10 priority 100 int vlan 11ip address 172.16.11.2 255.255.255.0standby 11 ip address 172.16.11.1standby 11 priroity 110standby 11 preempt 7500Aint E6/0ip address 172.16.10.4 255.255.255.0 int E6/1ip address 172.16.11.4 255.255.255.0 7507B int E6/0ip address 172.16.10.5 255.255.255.0 int E6/1ip address 172.16.11.5 255.255.255.0 Will it work? I don't know if HSRP can work between (2) Layer 3 device. Thanks ___ Join Excite! - http://www.excite.com The most personalized portal on the Web! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56374t=56374 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]