Re: Default route redistribution using Rip [7:57240]
Hi all, Pls ignore my earlier mail. You can use the default-information originate command under router rip to do this. You can also use the default-network command, but make sure you have a route to that network in the routing table. Hope this helps. rgds, Murali Murali Das wrote: Hi All, As per RFC and info I readRIP automatically redistributes the default routes. I have a lab setup with 2 routers connected back to back and I configured a default route on one of them. Both the routers were configured to run RIP. The other router never received the default route. When I configured redistribute static.I could see the default route on the 2nd router. am I missing something. Thanks for your help in advance. rgds, Murali - Do you Yahoo!? U2 on LAUNCH - Exclusive medley videos from Greatest Hits CD - Do you Yahoo!? Yahoo! News - Today's headlines Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57240t=57240 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Clearing access lists counters [7:57241]
Can some one tell me how to clear access-list counters? I tried to use the command clear access-list counters but it did not work. Please see the output of the show command below. R5-2503#show access-lis abc Extended IP access list abc Dynamic test permit ip any any permit ip any any (158 matches) permit tcp any host 10.10.110.3 eq telnet R5-2503# Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57241t=57241 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF non-broadcast mode question [7:57242]
Hi all, I build an OSPF config between one cisco box and a zebra openbsd. LAN1 ZEBRA == (GRE Tunnel over Internet) == CISCO -- LAN2 Because I had some problem on the openbsd to encapsulate multicast hello packets in GRE, I used the ospf network type : non broadcast. My config is : interface Tunnel0 description Tunnel vers NICE ip address 192.168.0.2 255.255.255.252 ip mtu 1450 ip ospf network non-broadcast ip ospf cost 100 ip ospf hello-interval 10 ip ospf priority 255 tunnel source Ethernet1 tunnel destination 212.232.45.149 ! router ospf 1 router-id 192.168.2.1 log-adjacency-changes redistribute connected metric-type 1 subnets route-map CONNECTED-to-OSPF network 192.168.0.0 0.0.0.3 area 0 network 192.168.2.1 0.0.0.0 area 0 neighbor 192.168.0.1 priority 1 poll-interval 1 I don't exactely understand the behavior of the non-broadcast mode. What the purpose of the neighbor command ? Is it just for DR/BDR election or for neighbor discovering too ? If not, how is done the discovery (I didn't configure the neighbor command on the zebra box, and it works. moreover if I issue a non neighbor on the cisco, the command is still here) ? Are all the OSPF packets unicast ? (I take some traces, and it appears that all packets are unicast, but I want to be sure). Thanks for the help, I can't find any good documentation for NBMA ... Best Regards, Stephane Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57242t=57242 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Lab Rentals in the Wash.DC area -- any?? [7:57244]
Hello,Does anyone know of any CCIE Labs for rent in the Wash. DC/VA/MD area? I am looking for any rentals, where I could be there physically present - same deal as renting it remotely but just like to be present physically.I would also like to ask any one studying for the CCIE Lab in this area whether they would like to rent their Labs when they are not using it, probably during the 4 days of Thanksgiving holiday. I am particularly interested in learning how to configure the 2 3550 switches in the new Lab format. If any one has the 3550's please let me know if you are interested.I do have my own Lab and it had cost me a fortune to buy a Cat5005 but now that's just collecting dust :-( sob, sob..Thank you for your help.Sincerely. MSN 8 with e-mail virus protection service: 2 months FREE* Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57244t=57244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
please help with vlan scenario [7:57245]
I have Site A which acts as a host for incoming fiber connections from Sites B,C, and D. All 4 sites are on different subnets. At Site A a Catalyst 3550G with 12 available fiber GBIC connections is what the 3 incoming sites B,C, and D connect to on GBIC interfaces 1,2, and 3, respectively.. The 3550G also has two Ethernet ports on it, one which has a crossover to a Catalyst 3548 switch, which feeds the local LAN users at Site A itself. Interface GBIC 4 on the 3550G has a fiber link connecting to Site E, which is then routed over ATM. So basically the 3550 at Site A routes traffic between itself and the B,C, and D sites and over to Site E. Site E is actually our core router site (Cisco 3540) but Site A was chosen to hosts the other 3 sites (B,C,and D) due to logistics. Now what I need to do back at Site A is segment the local LAN on the 3548 switch into two vlans. Both vlans need to pass traffic across the network. Remember one port on the 3548 has a crossover to the 3550G switch. The 3550G is not set up with vlans. If I break the ports on the 3548 to the vlans I want, I assume I set the crossover port to be a trunk? And if so, do I need to setup the other end of the crossover on the 3550 with any vlans or trunking??? No other subnets will be broken into vlans so I want to make sure any change I may have to make on the 3550 to support the local vlans on the 3548 do not hinder traffic flow to and from the other sites interfaces on the 3550. Am I over complicating this setup? I know my description probably is confusing. I guess in simple terms I just need to make sure how I set up vlans on the local Site A without affecting the other sites that Site A supports? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57245t=57245 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Throughput [7:57158]
Cliff Cliff wrote: Dear all, One of our customer want to know the simply way to calculate the throughput in their link. Calculating throughput can be difficult. Your customer should measure actual throughput for a typical case, using a protocol analyzer or one of the many other tools for calculating throughput, including ttcp. Right now, they have 64k from us using satellite and both end a cisco router (normal satellite round trip time is 510ms). Bandwidth = capacity = 64 Kbps in your case. Capacity and throughput are similar, but not the same. Capacity is the actual amount of resources available across a given path. Throughput is a measure of how much data can be passed across a medium in a stated period of time, and typically this refers to user data. (Source: Darren L. Spohn, Data Network Design) Note that throughput is a measure. Your customer should make some measurements, after deciding if he/she wants to measure overall throughput or just throughput for user data. Once the customer has some measurements, there are tools available to determine what the measurement would be if bandwidth were increased. NetPredictor is one such tool. Since you are an ISP, you may need a more general answer too, though, and maybe you can't easily measure your customer's throughput... The Sales Answer: You can use as much capacity as we give you and your throughput on large data transfers, assuming well-tuned TCP/IP implementations, can approach the capacity. The Real (Technical) Answer: It depends. Small data transfer throughput results are going to be more affected by the high latency in your satellite network. The bits can be sent at 64 Kbps (your capacity), but the first bit is going to take a long time to get there. By the time it gets there, the sender may no longer be sending. You mentioned using a 1024 KB file. You should use a larger file to get better results. Large data transfer throughput results won't be as affected by the high latency. The first bit takes the same amount of time to get there, but it's immediately followed by numerous additional bits. In addition, the following factors affect throughput: -- Protocol behavior. Is it a request/reply protocol, where each request results in a reply, or does it support a window size that is larger than one packet? -- What is the window size? A host can send up through its send window size worth of data, at which time it must stop and wait for an ACK. During that stopping, no data is sent. -- ACKs. Depending on the protocol and application, some ACKs might just be ACKs and not have any data. They take time and can't be counted if you are measuring throughput of user data. -- TCP slow start. Most implementations of TCP only send a few packets to start and then build up to the window size. -- The TCP 3-way handshake times time, especially in a high-latency network. With FTP, there are many 3-way handshakes, one for control, and one for each data transfer for listing directories, sending files, etc. -- MTU. How much data can be stuffed into each packet? If you are measuring throughput of user data, how much of a packet is user data and how much is overhead? How much overhead is there from packet headers? -- Processing speed at the two hosts involved in the data transfer. -- RAM at the two hosts. RAM affects window sizes. It also affects how much data can be stored at a time before a host has to stop and write to disk. -- Disk access speed -- Packetization and queing time at intermediate-routers and switches -- Errors and how they are handled. Does data have to be retransmitted frequenty? This could be deadly on a satellite link. There's probably many more things too, but that's a start. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com They just ask me a simple question that how much BW that they can take in one session for e.g. 1024k file download using this link. I don't think I can answer to them by telling them the answer is 1024k * 8/64k (throughput), then if they buy more BW from us (let say 256k), is it just like 1024k *8/256k? After I search the info from internet, I see there is some parameters which make the throughput varies: 1. RTT (Round trip time) 2. Window size 3. Overhead of HDLC 4. MTU size (Max Transfer Unit) 5. link BW Does anyone know that how should I tell this customer? OR there exist any general equipment can show to our customer the estimated value. Also, I really want to know how the above parameters correlated which affect the throughput. Really thx if someone is spend some time answer my Q. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57246t=57158 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Pix515 memories and 16MB Flash available for [7:57239]
Hi All, Sorry the OT post. I have the following items available for sale: 1 Cisco 2513 with 8MB of RAM and 16MB Flash, 1 Cisco 4500 router with 16MB of RAM and 8MB of Flash. This router has 2 Ethernet interfaces and 4 Serial interfaces, 1 Cisco Pix 16MB Flash (with box and documentation). I bought this flash a couple week ago to prepare for my CSPFA exam because the 2MB flash doesn't support any code higher than 5.1(5). The Flash is brand new and fully tested (I use it for the exam), 4 pieces of 32MB of memory (128MB total) for the Pix515, Make me an offer if you are interested. Phillip - Do you Yahoo!? U2 on LAUNCH - Exclusive medley videos from Greatest Hits CD Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57239t=57239 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Clearing access lists counters [7:57241]
restart the router. -- Curious MCSE, CCNP John Tafasi wrote in message news:20022125.VAA01591;groupstudy.com... Can some one tell me how to clear access-list counters? I tried to use the command clear access-list counters but it did not work. Please see the output of the show command below. R5-2503#show access-lis abc Extended IP access list abc Dynamic test permit ip any any permit ip any any (158 matches) permit tcp any host 10.10.110.3 eq telnet R5-2503# Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57247t=57241 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2600 bootstrap [7:57248]
Hi all, I am looking for a new bootstrap image for a 2600 as mine currently is running 11.3 I would like to upgrade this to 12.1 to match my ios My problem is after searching and searching on CCO I am unable to find an image now am I going crazy or is there no image to find. Thanks Regards D'Wayne Saunders Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57248t=57248 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: WLAN security matters [7:57160]
Hi Vicky, Thank you for your answer but although I'm interested in almost every possible way to secure that kind of network, I rather prefer standard solutions not based on vendor-hardware. Anyway, could you give me and the rest of the list a link about the product you were referring to? Thanks in advance, -- Carlos -Mensaje original- De: [EMAIL PROTECTED] [mailto:nobody;groupstudy.com]En nombre de Vicky O. Mair Enviado el: domingo, 10 de noviembre de 2002 1:57 Para: [EMAIL PROTECTED] Asunto: RE: WLAN security matters [7:57160] hi there, ping me offline and i can direct you to folks who have a (hw) solution which not only secures wlans but also does a good job protecting your overall backbone security. /vicky -Original Message- From: [EMAIL PROTECTED] [mailto:nobody;groupstudy.com]On Behalf Of Carlos Fragoso Mariscal Sent: Saturday, November 09, 2002 9:19 AM To: [EMAIL PROTECTED] Subject: WLAN security matters [7:57160] Hello, I'm doing a research for the deployment of a secure implementation of a wireless 802.11a/b environment. Until WPA (Wireless Protected Access) from the WiFi alliance comes to life next year, I realised that WEP is the only air-side Layer 2 (crackeable) encryption protocol. This lack of security requires other upper-layer protocols to do this job such as IPSec or VPN implementations. Those solutions seem to be not very scalable indeed. I would like to know which kind of implementations are the most preferred and desirable for you. Is there anyone managing any secure deployment similar? I have heard a little bit about Cisco vendor implementation (LEAP) but I suppose it only works with both APs and client cards from Cisco. Authentication is a first step, 802.1x could help us to authenticate users and establish a secure VLAN-based traffic, but it is not a solution for air-side sniffing and spoofing. Is IPSec or VPN the only solution? If anyone has any documentation or slides about LEAP, 802.1x either wireless secure deployments, they will be appreciated. Thank you, -- Carlos Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57249t=57160 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: WLAN security matters [7:57160]
Hi Mike, If I correctly understand your answer, EAP-TLS is the standard way to get authenticated (to a Radius) and then deploying encryption through IPSec? I took a look at 802.11i and its near-term subset WPA from Wi-Fi alliance, and it seems that near-term solutions are still based in 3DES and 802.11i will force to use AES, I think that it could be better to wait for 802.11i at the 4Q 2003 instead of using an AES based proprietary solution. Don't you think so? Please, could you describe a little bit the elements involved in your implementation? (clients, routers, switches, APs,...) I mean all the things that should be upgraded/configured to get your solution working. Please if I say something wrong, i'll appreciate your corrections. Thanks in advance, -- Carlos -Mensaje original- De: [EMAIL PROTECTED] [mailto:nobody;groupstudy.com]En nombre de mike greenberg Enviado el: domingo, 10 de noviembre de 2002 14:04 Para: [EMAIL PROTECTED] Asunto: RE: WLAN security matters [7:57160] Most financial corportations that implement Wireless LAN (WAN) ususally do this: 1) Implement EAP-TLS. This method is open-standard as opposed to LEAP which is Cisco propriatery. Furthermore, LEAP is vulnerable to man in the middle attack while EAP-TLS is not. EAP-TLS supports mutual authentication and last but not least, EAP-TLS supports Certificate Authority (CA) in addition to password. FreeRadius (which I use) supports EAP-TLS which work great. EAP-TLS with CA solution is not a very scalable one but that is the tradeoff between security and convenience. 2) Implement IPSec to run on top of EAP-TLS which provides another layer of Security. Now, if you are security conscious, I would suggest you go with vendors that support AES instead of 3DES (again, Cisco has no plan of supporting AES; however, CheckPoint does). This solution doesn't work too well if you have too many users on WLAN because a lot of bandwidth will be dedicated to EAP-TLS and IPSec traffic. Again, you are trading security for speed. I've successfully implemented EAP-TLS and IPSec for WLAN a couple weeks ago. It is not that difficult. Mike Vicky O. Mair wrote:hi there, ping me offline and i can direct you to folks who have a (hw) solution which not only secures wlans but also does a good job protecting your overall backbone security. /vicky -Original Message- From: [EMAIL PROTECTED] [mailto:nobody;groupstudy.com]On Behalf Of Carlos Fragoso Mariscal Sent: Saturday, November 09, 2002 9:19 AM To: [EMAIL PROTECTED] Subject: WLAN security matters [7:57160] Hello, I'm doing a research for the deployment of a secure implementation of a wireless 802.11a/b environment. Until WPA (Wireless Protected Access) from the WiFi alliance comes to life next year, I realised that WEP is the only air-side Layer 2 (crackeable) encryption protocol. This lack of security requires other upper-layer protocols to do this job such as IPSec or VPN implementations. Those solutions seem to be not very scalable indeed. I would like to know which kind of implementations are the most preferred and desirable for you. Is there anyone managing any secure deployment similar? I have heard a little bit about Cisco vendor implementation (LEAP) but I suppose it only works with both APs and client cards from Cisco. Authentication is a first step, 802.1x could help us to authenticate users and establish a secure VLAN-based traffic, but it is not a solution for air-side sniffing and spoofing. Is IPSec or VPN the only solution? If anyone has any documentation or slides about LEAP, 802.1x either wireless secure deployments, they will be appreciated. Thank you, -- Carlos Do you Yahoo!? U2 on LAUNCH - Exclusive medley videos from Greatest Hits CD Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57250t=57160 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2600 bootstrap [7:57248]
The bootstrap is loaded in the bootROM (read-only) unless you have a 2691 which is a non-FRU. If you go to the link below, it will guide you on the replacement procedure. I ordered the chips over the phone through the cust svc line (800)553-6387, option 2 then 6. I don't know what the going rate is, I just upgraded my 2500's and they were FREE (plus shipping). So best of luck! (word wrap caution) http://www.cisco.com/en/US/partner/products/hw/routers/ps259/products_instal lation_guide_chapter09186a008007e026.html#xtocid35 Bill Creighton CCNP Senior System Engineer Motorola iDEN CNRC Packet Data / MPS -Original Message- From: Dwayne Saunders [mailto:dwaynes;lasseters.com.au] Sent: Monday, November 11, 2002 4:55 PM To: [EMAIL PROTECTED] Subject: 2600 bootstrap [7:57248] Hi all, I am looking for a new bootstrap image for a 2600 as mine currently is running 11.3 I would like to upgrade this to 12.1 to match my ios My problem is after searching and searching on CCO I am unable to find an image now am I going crazy or is there no image to find. Thanks Regards D'Wayne Saunders Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57251t=57248 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN/DDR - Bandwidth on Demand [7:57038]
Hmm.. configs and routing tables might give a clue. My guess is that your serial line is still seen as the preferred route. By the way, be aware that depending on the bandwidth of your serial link, and your configuration, the extra bandwidth of the ISDN may be more hindrance than help. I haven't played with this using EIGRP (I'm more familiar with OSPF), so the variance command may get around this, but if you have (say) a 512 kbps serial link, and you add a 64kbps ISDN channel, and you have equal cost routes across them... you suddenly have 128 kbps of effective bandwidth in total. Not pretty. i know EIGRP can do unequal load balancing - I don't think it's automatic though (I'm sure someone will correct me if I'm wrong). JMcL =?iso-8859-1?Q?Jens_von_B=FClow?= wrote: Greetings, I am trying to configure bandwidth-on-demand between two internal routers - I have so far managed to setup the DDR interface and been able to specify the backup and load parameters to activate the ISDN line... All works as expected. When the serial interfaces goes down the dialer interfaces kicks in and calls the remote site and connectivity is restored. My problem is that during periods of heavy load the ISDN line is activated and the calls is placed and connected (as expected) - I can ping the remote ISDN interfaces without any problems, from both routers - I have checked my EIGRP settings and I can see the topology database being updated with the new routes. However, no packets are actually sent over the ISDN line (I have even tried to no ip route-cache on the serial interface, but this has not made a difference. When the load eventually drops down below the threshold values (no thanks to the ISDN line), the ISDN line is release and the dialer interface goes back into standby mode. How do I get the ISDN line to participate in the send of traffic (I have tried searching the www.cisco.com website - but I have not found any example that are able to help me out) I look forward to any example configurations and or pointers. Thanks Regards Jens Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57253t=57038 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: WLAN security matters [7:57160]
Going back to the original e-mail question. I disagree that EAP-TLS is not a solution for sniffing. Technically any wireless data can be sniffed, regardless of encryption. However, it will be garbage until decoded. If you use EAP-TLS and set the rekeying to a very short interval ( say 1 minute ) you would not be passing enough data for the person to be able to decrypt using the weakness in the IV. I'm not saying rekey every 1 minute, just that rekeying at 1 minute would assure you that not enough data had passed. You need to weigh the load on the server/the amount of wireless traffic/the amount of security that you need, to come up with the rekeying interval. The biggest drawback to EAP-TLS has been lack of support at the OS level. Windows XP supports it natively, but all other Microsoft OS's require additional software. Supposedly Microsoft is going to back fit W2K , but they haven't released when. If you want vendor neutrality as I am looking to do , you either need to be assured that all the vendors release software that allows you to run EAP-TLS on your PC, or wait until MS does it at the OS level. I know that Cisco and Lucent have EAP-TLS aware clients, although I have only used Cisco's. Cisco and Lucent/Orinoco also have EAP-TLS aware AP's, but I have yet to get the spare time to actually install my AP-500. With EAP-TLS, you must worry about stolen laptops, which will have the Certificate stored automatically allowing access to the network. CSACS 3.0 doesn't't support CRL's , so until 3.1 comes out which I was told will have CRL support, you will need to just disable the username on the certificate. The more obstacles that the end user must jump over, the more likely that a rogue AP will pop up on the network. It is critical IMO that the authentication to the network be as smooth and transparent as possible. LEAP does an excellent job of that, but its proprietary :( Just my opinion though Thanks Larry -Original Message- From: Carlos Fragoso Mariscal [mailto:cfragoso;terra.es] Sent: Monday, November 11, 2002 6:03 PM To: [EMAIL PROTECTED] Subject: RE: WLAN security matters [7:57160] Hi Vicky, Thank you for your answer but although I'm interested in almost every possible way to secure that kind of network, I rather prefer standard solutions not based on vendor-hardware. Anyway, could you give me and the rest of the list a link about the product you were referring to? Thanks in advance, -- Carlos -Mensaje original- De: [EMAIL PROTECTED] [mailto:nobody;groupstudy.com]En nombre de Vicky O. Mair Enviado el: domingo, 10 de noviembre de 2002 1:57 Para: [EMAIL PROTECTED] Asunto: RE: WLAN security matters [7:57160] hi there, ping me offline and i can direct you to folks who have a (hw) solution which not only secures wlans but also does a good job protecting your overall backbone security. /vicky -Original Message- From: [EMAIL PROTECTED] [mailto:nobody;groupstudy.com]On Behalf Of Carlos Fragoso Mariscal Sent: Saturday, November 09, 2002 9:19 AM To: [EMAIL PROTECTED] Subject: WLAN security matters [7:57160] Hello, I'm doing a research for the deployment of a secure implementation of a wireless 802.11a/b environment. Until WPA (Wireless Protected Access) from the WiFi alliance comes to life next year, I realised that WEP is the only air-side Layer 2 (crackeable) encryption protocol. This lack of security requires other upper-layer protocols to do this job such as IPSec or VPN implementations. Those solutions seem to be not very scalable indeed. I would like to know which kind of implementations are the most preferred and desirable for you. Is there anyone managing any secure deployment similar? I have heard a little bit about Cisco vendor implementation (LEAP) but I suppose it only works with both APs and client cards from Cisco. Authentication is a first step, 802.1x could help us to authenticate users and establish a secure VLAN-based traffic, but it is not a solution for air-side sniffing and spoofing. Is IPSec or VPN the only solution? If anyone has any documentation or slides about LEAP, 802.1x either wireless secure deployments, they will be appreciated. Thank you, -- Carlos Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57254t=57160 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
iBGP and convergence when failure happens [7:57255]
Suppose I have several routers making up an iBGP mesh. Lets suppose I have two routers (R1 and R2) which are advertising the same set of networks: N1, N2, ... Nk. OSPF is running underneath BGP (assume area 0). All of the N networks are being advertised with a next-hop set to the respective loopback's from R1 and R2. Now consider some other BGP router in the network. It will have received a BGP announcement for each of N1, N2, .. Nk from R1 and R2. This third router will select one of the paths to N1, N2, etc. and insert it into the routing table. I'd expect to see something like: subnet next-hop --- --- N1 R1-lo0 N2 R1-lo0 ... ... Nk R1-lo0 R1-lo0 R2-lo0 Now, suppose R1 goes belly up. OSPF will quickly inform all other routers that R1 and its loopback no longer exist. I'm assuming that this will invalidate all the routes in the routing table which have R1-lo0 as next hop. This will therefore cause the removal of all occurences of routes to N1, N2, ... Nk from the routing table. The question is this: what event will trigger BGP to re-evaluate the routes it knows about and add in routes for N1, N2, ... Nk via R2-lo0? Will the removal of the N1 route from the routing table inform BGP to re-evaluate? Or will the BGP timers need to timeout and detect that R1 is dead before re-evaluating? One other question-- does no sync in BGP have a role here or is that related only to determining when to advertise a route via eBGP? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57255t=57255 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: WLAN security matters [7:57160]
Some notes/opinions: 1. A stolen laptop should trigger an employee to contact Human Resources, Security and/or IS. Anything less on the part of said employee is cause for termination - period. Alternatively, if the perceived threat is via corporate/military espionage, then the short-term solution is IPsec (IMO defeating the valuable properties of wireless) and long-term PEAP. Better yet, no wireless access at all and lock the your wired ports down via URT or some such. 2. ACS v3.1 was released and is orderable, but I can't find a single thing regarding CRL support by the authentication server. I'm digging around within my Cisco contacts for an answer. If I hear anything on this front, I'll be sure to toss a up a comment. 3. Mike G. mentioned in a previous email the absence of AES in Cisco's product plans. This is NOT the case - the AP1200 product line was created so that, among other reasons, the CPU was capable of 256-bit AES. This was addressed in some detail at the San Diego Networkers' evening Product Session by Mike McAndrews, the Director of Product Management for the Wireless Networking BU. Cheers all. Paul -Original Message- From: Roberts, Larry [mailto:Larry.Roberts;expanets.com] Sent: Monday, November 11, 2002 4:12 PM To: [EMAIL PROTECTED] Subject: RE: WLAN security matters [7:57160] Going back to the original e-mail question. I disagree that EAP-TLS is not a solution for sniffing. Technically any wireless data can be sniffed, regardless of encryption. However, it will be garbage until decoded. If you use EAP-TLS and set the rekeying to a very short interval ( say 1 minute ) you would not be passing enough data for the person to be able to decrypt using the weakness in the IV. I'm not saying rekey every 1 minute, just that rekeying at 1 minute would assure you that not enough data had passed. You need to weigh the load on the server/the amount of wireless traffic/the amount of security that you need, to come up with the rekeying interval. The biggest drawback to EAP-TLS has been lack of support at the OS level. Windows XP supports it natively, but all other Microsoft OS's require additional software. Supposedly Microsoft is going to back fit W2K , but they haven't released when. If you want vendor neutrality as I am looking to do , you either need to be assured that all the vendors release software that allows you to run EAP-TLS on your PC, or wait until MS does it at the OS level. I know that Cisco and Lucent have EAP-TLS aware clients, although I have only used Cisco's. Cisco and Lucent/Orinoco also have EAP-TLS aware AP's, but I have yet to get the spare time to actually install my AP-500. With EAP-TLS, you must worry about stolen laptops, which will have the Certificate stored automatically allowing access to the network. CSACS 3.0 doesn't't support CRL's , so until 3.1 comes out which I was told will have CRL support, you will need to just disable the username on the certificate. The more obstacles that the end user must jump over, the more likely that a rogue AP will pop up on the network. It is critical IMO that the authentication to the network be as smooth and transparent as possible. LEAP does an excellent job of that, but its proprietary :( Just my opinion though Thanks Larry Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57256t=57160 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2 Questions [7:57257]
1. Where should one start to prepare for the CCIE written exam, what kind of approach? 2. What are the benefits or privileges associated with the CCIE? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57257t=57257 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2 Questions [7:57257]
start here: http://www.cisco.com/warp/public/625/ccie/exam_preparation/preparation.html and read/ask questions here and also try alt.certification.cisco LOON wrote in message news:200211120210.CAA20443;groupstudy.com... 1. Where should one start to prepare for the CCIE written exam, what kind of approach? 2. What are the benefits or privileges associated with the CCIE? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57258t=57257 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Throughput [7:57158]
HI All, Thx for your reply and I really appreciate your explaination. I know that my customer is very difficult to use the whole BW in the high delay time environment. But I need to tell him what's the max throughput. So that's why I need to tell him how they can do in their computer / network change in order to get the max throughput - just like the network optimization (I don't think they can get 64k, it is only theory can occur). So according to s vermill, I will ask customer to tune the window to the following figure: 64,000/8 * 0.51 = 4,080 Bytes to get the max throughput, am I right? In here, I assume that the satellite part is very stable (always 510ms), my customer only transfer IP stuff. Not IPX or other protocol. Also I assume that their MTU size is by default using cisco router default and their transfer file size is 1M. So is they can get the max throughput after setting the window size to 4080 bytes? and how it can be calculate base on above assumption (I mean the max throughput)? Kindly advice. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57259t=57158 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: WLAN security matters [7:57160]
paul, When I talked about IPSec, I mean to say that AES is not currently supported on on Pix Firewalls on any VPN concentrator. After I established connection via EAP/TLS on the wireless network, I have to make another IPSec connection via Cisco VPN client to make a secure connection to the internal network or surfing the Internet from my wireless DMZ segment. At the moment, I know that Pix does NOT support AES, only 3DES. CheckPoint has beaten Cisco to the punch with SecureRemote (CheckPoint Client that is similar to Cisco VPN client) that supports AES. Now if you know where I can get AES for Pix firewall from Cisco, please let me know so that I can contact Cisco for support. Mike G. Paul Forbes wrote:Some notes/opinions: 1. A stolen laptop should trigger an employee to contact Human Resources, Security and/or IS. Anything less on the part of said employee is cause for termination - period. Alternatively, if the perceived threat is via corporate/military espionage, then the short-term solution is IPsec (IMO defeating the valuable properties of wireless) and long-term PEAP. Better yet, no wireless access at all and lock the your wired ports down via URT or some such. 2. ACS v3.1 was released and is orderable, but I can't find a single thing regarding CRL support by the authentication server. I'm digging around within my Cisco contacts for an answer. If I hear anything on this front, I'll be sure to toss a up a comment. 3. Mike G. mentioned in a previous email the absence of AES in Cisco's product plans. This is NOT the case - the AP1200 product line was created so that, among other reasons, the CPU was capable of 256-bit AES. This was addressed in some detail at the San Diego Networkers' evening Product Session by Mike McAndrews, the Director of Product Management for the Wireless Networking BU. Cheers all. Paul -Original Message- From: Roberts, Larry [mailto:Larry.Roberts;expanets.com] Sent: Monday, November 11, 2002 4:12 PM To: [EMAIL PROTECTED] Subject: RE: WLAN security matters [7:57160] Going back to the original e-mail question. I disagree that EAP-TLS is not a solution for sniffing. Technically any wireless data can be sniffed, regardless of encryption. However, it will be garbage until decoded. If you use EAP-TLS and set the rekeying to a very short interval ( say 1 minute ) you would not be passing enough data for the person to be able to decrypt using the weakness in the IV. I'm not saying rekey every 1 minute, just that rekeying at 1 minute would assure you that not enough data had passed. You need to weigh the load on the server/the amount of wireless traffic/the amount of security that you need, to come up with the rekeying interval. The biggest drawback to EAP-TLS has been lack of support at the OS level. Windows XP supports it natively, but all other Microsoft OS's require additional software. Supposedly Microsoft is going to back fit W2K , but they haven't released when. If you want vendor neutrality as I am looking to do , you either need to be assured that all the vendors release software that allows you to run EAP-TLS on your PC, or wait until MS does it at the OS level. I know that Cisco and Lucent have EAP-TLS aware clients, although I have only used Cisco's. Cisco and Lucent/Orinoco also have EAP-TLS aware AP's, but I have yet to get the spare time to actually install my AP-500. With EAP-TLS, you must worry about stolen laptops, which will have the Certificate stored automatically allowing access to the network. CSACS 3.0 doesn't't support CRL's , so until 3.1 comes out which I was told will have CRL support, you will need to just disable the username on the certificate. The more obstacles that the end user must jump over, the more likely that a rogue AP will pop up on the network. It is critical IMO that the authentication to the network be as smooth and transparent as possible. LEAP does an excellent job of that, but its proprietary :( Just my opinion though Thanks Larry Do you Yahoo!? U2 on LAUNCH - Exclusive medley videos from Greatest Hits CD Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57260t=57160 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Interrupting VLANs [7:57261]
If I have a working network, for example (2) 3550 switches are connected to (2) 6509s. The first 3550 is in VLAN 10 connected to both 6509s, and the second 3550 is in VLAN 11 again connected to both 6509s. I like to add one more 3550 switch (24) ports in VLAN 10 and the other (24) ports in VLAN 11. As I assume this new switch will run STP Calculations to determine which uplink ports should go into the forwarding/Blocking mode since the switch will be connected to both Core 6509s. My question is will it interrupt the already working VLANs 10 and 11 since STP will have to rerun for this new switch only. If it will then I will have to do this after hours. Regards, Teza ___ Join Excite! - http://www.excite.com The most personalized portal on the Web! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57261t=57261 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
problem with groupstudy? [7:57262]
I have been recieving very few emails and a sent an email several days ago i never seen come back to me. Is there a problem with the list? _ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57262t=57262 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: iBGP and convergence when failure happens [7:57255]
a couple of things - in line below bergenpeak wrote in message news:200211120028.AAA03239;groupstudy.com... Suppose I have several routers making up an iBGP mesh. Lets suppose I have two routers (R1 and R2) which are advertising the same set of networks: N1, N2, ... Nk. OSPF is running underneath BGP (assume area 0). All of the N networks are being advertised with a next-hop set to the respective loopback's from R1 and R2. Now consider some other BGP router in the network. It will have received a BGP announcement for each of N1, N2, .. Nk from R1 and R2. This third router will select one of the paths to N1, N2, etc. and insert it into the routing table. I'd expect to see something like: subnet next-hop --- --- N1 R1-lo0 N2 R1-lo0 ... ... Nk R1-lo0 R1-lo0 R2-lo0 Now, suppose R1 goes belly up. OSPF will quickly inform all other routers that R1 and its loopback no longer exist. I'm assuming that this will invalidate all the routes in the routing table which have R1-lo0 as next hop. This will therefore cause the removal of all occurences of routes to N1, N2, ... Nk from the routing table. The question is this: what event will trigger BGP to re-evaluate the routes it knows about and add in routes for N1, N2, ... Nk via R2-lo0? Will the removal of the N1 route from the routing table inform BGP to re-evaluate? Or will the BGP timers need to timeout and detect that R1 is dead before re-evaluating? detecting a link down, or dead timer expired. One other question-- does no sync in BGP have a role here or is that related only to determining when to advertise a route via eBGP? iBGP will not install a route into the BGP table unless it can verify reachability. I.e. unless there is a valid path to the advertiser in the routing table. This is synchronization. the no synch command allows BGP to bypass this validation step. in the case you mention, with full mesh, and full IGP connectivity, no sync is not not necessary. HTH Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57263t=57255 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2 Questions [7:57257]
LOON wrote in message news:200211120210.CAA20443;groupstudy.com... 1. Where should one start to prepare for the CCIE written exam, what kind of approach? as always, begin at the beginning www.cisco.com/go/ccie 2. What are the benefits or privileges associated with the CCIE? in today's bad economy, about the only ones I can think of, is you attract more women than you can shake a stick at, if that's your idea of a good time with women. If you get your CCIE, first thing to do is buy the jacket. the women really dig it, so I'm told. ;- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57264t=57257 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Throughput [7:57158]
The default window size for modern implementations of TCP on modern operating systems is bigger than 4080 bytes anyway. No change will probably be necessary. The window size varies as clients and servers ACK data, but it should start out at 8192 or greater, depending on the OS. Are you wondering about throughput for user data or throughupt for all bytes including overhead that are being transferred? By user data I mean the actual file data that is being transferred. The maximum throughput for all bytes is about 64 kbps for the file size you mentioned (1 MB) and a window size of 4080 bytes or bigger. With that window size, he can fill the pipe. With such a big file size, the delay of .5 seconds isn't a big deal. It's going to take a couple minutes anyway to transfer the file. If you add on that delay to the entire time and use it in the kbps calculation, it essentially disappears. It doesn't disappear for a small file, however. You want to send 8,000,000 bits at 64 Kbps. This will take 125 seconds. The first bit will take .5 seconds. So the entire time is 125.5 seconds because of your long delay. Guess what 8,000,000 divided by 125.5 is? About 64,000 bits per second. If you want a better calculation, then you have to know the amount of time that elapses for the stuff I mentioned earlier, disk access speed etc. If you consider throughput just for user data, i.e. application-layer or file data, then you have to pay attention to all that other stuff I wrote too. Priscilla Cliff Cliff wrote: HI All, Thx for your reply and I really appreciate your explaination. I know that my customer is very difficult to use the whole BW in the high delay time environment. But I need to tell him what's the max throughput. So that's why I need to tell him how they can do in their computer / network change in order to get the max throughput - just like the network optimization (I don't think they can get 64k, it is only theory can occur). So according to s vermill, I will ask customer to tune the window to the following figure: 64,000/8 * 0.51 = 4,080 Bytes to get the max throughput, am I right? In here, I assume that the satellite part is very stable (always 510ms), my customer only transfer IP stuff. Not IPX or other protocol. Also I assume that their MTU size is by default using cisco router default and their transfer file size is 1M. So is they can get the max throughput after setting the window size to 4080 bytes? and how it can be calculate base on above assumption (I mean the max throughput)? Kindly advice. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57265t=57158 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: WLAN security matters [7:57160]
I wasn't aware that 3.1 was out. I was told way back when that 3.1 would include CRL support by TAC , but considering my recent troubles with TAC, it doesn't surprise me. I agree with the stolen laptop, but your expecting the typical user to actually think. If they do actually ( send them a bonus check and flowers ! ) then you would need to disable, but NOT delete the account listed as the CN of the cert. If 3.1 does support CRL's then you could revoke the cert, but otherwise, change the CN and disable the old account. My approach is going to be issue a single Cert. per wireless location. If it is compromised everyone that uses those AP's will need to get another Cert that is valid and then disable the old one. My reasoning for this is that I don't want to issue everyone a Cert based on their network login, else when its lost, I have to disable their account and assign a new, and non-standard login. I guess you could modify the login for cert purposes, but then you still have an equal number of certs per wireless user. I figure it is more manageable to have 50 certs for 50 locations than 2500 certs for 2500 users. Of course if I could just dictate Cisco and LEAP then all would be well, but alas, it ain't gonna happen. Thanks Larry -Original Message- From: Paul Forbes [mailto:Paul_Forbes;Trimble.com] Sent: Monday, November 11, 2002 8:40 PM To: [EMAIL PROTECTED] Subject: RE: WLAN security matters [7:57160] Some notes/opinions: 1. A stolen laptop should trigger an employee to contact Human Resources, Security and/or IS. Anything less on the part of said employee is cause for termination - period. Alternatively, if the perceived threat is via corporate/military espionage, then the short-term solution is IPsec (IMO defeating the valuable properties of wireless) and long-term PEAP. Better yet, no wireless access at all and lock the your wired ports down via URT or some such. 2. ACS v3.1 was released and is orderable, but I can't find a single thing regarding CRL support by the authentication server. I'm digging around within my Cisco contacts for an answer. If I hear anything on this front, I'll be sure to toss a up a comment. 3. Mike G. mentioned in a previous email the absence of AES in Cisco's product plans. This is NOT the case - the AP1200 product line was created so that, among other reasons, the CPU was capable of 256-bit AES. This was addressed in some detail at the San Diego Networkers' evening Product Session by Mike McAndrews, the Director of Product Management for the Wireless Networking BU. Cheers all. Paul -Original Message- From: Roberts, Larry [mailto:Larry.Roberts;expanets.com] Sent: Monday, November 11, 2002 4:12 PM To: [EMAIL PROTECTED] Subject: RE: WLAN security matters [7:57160] Going back to the original e-mail question. I disagree that EAP-TLS is not a solution for sniffing. Technically any wireless data can be sniffed, regardless of encryption. However, it will be garbage until decoded. If you use EAP-TLS and set the rekeying to a very short interval ( say 1 minute ) you would not be passing enough data for the person to be able to decrypt using the weakness in the IV. I'm not saying rekey every 1 minute, just that rekeying at 1 minute would assure you that not enough data had passed. You need to weigh the load on the server/the amount of wireless traffic/the amount of security that you need, to come up with the rekeying interval. The biggest drawback to EAP-TLS has been lack of support at the OS level. Windows XP supports it natively, but all other Microsoft OS's require additional software. Supposedly Microsoft is going to back fit W2K , but they haven't released when. If you want vendor neutrality as I am looking to do , you either need to be assured that all the vendors release software that allows you to run EAP-TLS on your PC, or wait until MS does it at the OS level. I know that Cisco and Lucent have EAP-TLS aware clients, although I have only used Cisco's. Cisco and Lucent/Orinoco also have EAP-TLS aware AP's, but I have yet to get the spare time to actually install my AP-500. With EAP-TLS, you must worry about stolen laptops, which will have the Certificate stored automatically allowing access to the network. CSACS 3.0 doesn't't support CRL's , so until 3.1 comes out which I was told will have CRL support, you will need to just disable the username on the certificate. The more obstacles that the end user must jump over, the more likely that a rogue AP will pop up on the network. It is critical IMO that the authentication to the network be as smooth and transparent as possible. LEAP does an excellent job of that, but its proprietary :( Just my opinion though Thanks Larry Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57266t=57160 -- FAQ, list archives, and subscription info:
Need Info IPtelephony exam [7:57267]
Hi, Has anyone taken the IP telephony exam(9e0-402) recently ?I just want to know how whether the IP telephony book by David Lovell is sufficient.Can also let me know with any other links (CCO) and materials you used to pass the exam. Kind Regards/Thangavel **Disclaimer Information contained in this E-MAIL being proprietary to Wipro Limited is 'privileged' and 'confidential' and intended for use only by the individual or entity to which it is addressed. You are notified that any use, copying or dissemination of the information contained in the E-MAIL in any manner whatsoever is strictly prohibited. *** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57267t=57267 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CID exam 640-025 [7:57268]
Hi folks, The CID exam. The Cisco has a lot of SNA content in it, however I can't find any SNA stuff at (excuse wrapping) http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_exams/640-025.html I can't find anything about changes on Cisco's website, so...does the CID have any SNA? Cheers, David Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57268t=57268 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2 Questions [7:57257]
Assuming you get a raise to buy that $300 leather jacket ;- -Original Message- From: [EMAIL PROTECTED] [mailto:nobody;groupstudy.com] On Behalf Of The Long and Winding Road Sent: Monday, November 11, 2002 10:08 PM To: [EMAIL PROTECTED] Subject: Re: 2 Questions [7:57257] LOON wrote in message news:200211120210.CAA20443;groupstudy.com... 1. Where should one start to prepare for the CCIE written exam, what kind of approach? as always, begin at the beginning www.cisco.com/go/ccie 2. What are the benefits or privileges associated with the CCIE? in today's bad economy, about the only ones I can think of, is you attract more women than you can shake a stick at, if that's your idea of a good time with women. If you get your CCIE, first thing to do is buy the jacket. the women really dig it, so I'm told. ;- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57269t=57257 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP4 and Multiple Providers [7:55918]
Hi All, We also having the same situation. Actually, if you really want to do the load balance, you need to know what's your customer mostly going, it also can be captured by the cache server whcih place in between your router and ISP. As some cache server will record the traffic pattern for your traffic. Since from our end, we don't want to put one more equipments (cache server) in our end, so what we do in here is force one of our customer to particular provider(using source route in the serial interface that customer connected to your router). As we know that traffic pattern for each customer, so that we can having the good shape of your traffic pattern for both DS3 line. e.g. apply the following command under serial port: ip policy route-map Source_Route_UUNET under global: route-map Source_Route_UUNET permit 10 match ip address prefix-list Cust_UUNET_Outgoing set ip next-hop x.x.x.x ip prefix-list Cust_UUNET_Outgoing description Customer_Use_UUNET_Outgoing ip prefix-list Cust_UUNET_Outgoing seq 5 permit 203.203.203.0/24 le 32 Another solution is you select the best path in your BGP setting from your both providers using as path filter list so that they are not overload one of DS3 line. Hope this help! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57270t=55918 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Clearing access lists counters [7:57241]
although that should have worked, try clear ip access-list counter as well I just tested this on a 3662 and both commands worked (IOS 12.1) Tim John Tafasi wrote in message news:20022125.VAA01591;groupstudy.com... Can some one tell me how to clear access-list counters? I tried to use the command clear access-list counters but it did not work. Please see the output of the show command below. R5-2503#show access-lis abc Extended IP access list abc Dynamic test permit ip any any permit ip any any (158 matches) permit tcp any host 10.10.110.3 eq telnet R5-2503# Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57271t=57241 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CID exam 640-025 [7:57268]
No SNA on the blueprint means no SNA on the test. I took it a few months ago and didn't have any either. Tim David wrote in message news:200211120415.EAA12014;groupstudy.com... Hi folks, The CID exam. The Cisco has a lot of SNA content in it, however I can't find any SNA stuff at (excuse wrapping) http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_exam s/640-025.html I can't find anything about changes on Cisco's website, so...does the CID have any SNA? Cheers, David Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57272t=57268 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Help wanted [7:57273]
Hi, I have a WAN connection with a 1601 router connected to the core router which is a 2600 series router. I want to allocate bandwidth to a specific IP address/or priorities any traffic for that users IP address. How do I do that? Thanks Johan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57273t=57273 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Priorities Traffic [7:57274]
How do I priorities traffic or allocate bandwidth for a specific user over a WAN link. I have a 1601 connected to a 2600 router. Thanks Johan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57274t=57274 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]