Wireless 350 bridge problem [7:57827]
Hi All, We have installed Aironet 350 series bridges 2 months ago. They were working fine until yesterday. Bridges are on the top of two buildings and they were and are clearly seeing each other, freshnel zone okey. But yesterday morning the network was gone. We have controlled the settings and set up the bridges again. Checked that if they can see each other, yes. But it doesn't work. Bridge link down. Then we have changed the rate to only 1 Mbit, found a really clear channel and it started to work but really in a bad mood. The client bridge was associating and then disappearing every 1 minute. Now the wireless network is down. Has anybody faced a problem like this? Any help will be highly appreciated. Best regards, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57827t=57827 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
AS5300 Configuration Problem [7:57828]
Dear All, =20 I'm doing my first AS5300 installation, after configuration, I did the first connection test by using my notebook and open a Hyper terminal session then dial the AS5300,=20 The AS5300 software configuration guide says that after dialling from the Hyper I must get The username password prompt, but this is not what I get, as I only see Connect 50660 then there is a rubbish on the screen for around 30 seconds, then the line disconnects, Can anyone help me solve the problem, knowing that I teried with my hyper and AS5300 speed settings with no luck, Thanks in advance, =20 [GroupStudy.com removed an attachment of type image/gif which had a name of Blank Bkgrd.gif] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57828t=57828 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
3com switch : superstack II 1100 password reset [7:57829]
Hi Can anyone guide me to reset the 3COM superstack switch 1100 console password thanks in adv Catch all the cricket action. Download Yahoo! Score tracker Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57829t=57829 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
3002 Vpn Client 3DES [7:57830]
can any one give me an idea about the 3des throughput of the 3002 VPN Hardware Client ? have looked all over cisco´s site, but can not find anything Best regards, Arni Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57830t=57830 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Confused from London [7:57780]
I'm sure they will, but my routers still forwarding subnet broadcasts even with this line in a sh ip int output:- Directed broadcast forwarding is disabled Thanks -P 5 games of cricket Between Australia and England have just commenced... Australia won the first game very convincingly Australia should go a clean sweep -- Regards, Peter Kingston Telstra BigPond Direct Freecall 1800 066 594 Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Well you better explain this to us Yankees. Our baseball season is over unfortunatley, and now all we have is football (ugh). Well we have hockey and basketball too, I guess, and they're a litte better! :-) Priscilla Peter Kingston wrote: I just as a little bit of friendly rivalry, I believe there is more than yourself confused in London, naming your cricketers 5 zips looks like a fair chance -- Regards, Peter Kingston Telstra BigPond Direct Freecall 1800 066 594 wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Someone asked me a question which confused me:- If i ping a network broadcast from a host on a different network, which passes through a cisco router why do i get replies from certain devices. The router has directed broadcast forwarding disabled. I thought the router would therefore drop the packet Any thoughts Thanks -P Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57831t=57780 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: FW: VTP modes Server/Client vs Transparent [7:57650]
I think that is the best way. First migrate to local Vlans and after use Server/Client. While in Lane you could also use a big domain, with two central switches as the servers and all the others as clients, but I think your solution is better. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57832t=57650 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Very poor performance on Cat 6000 gigabit? [7:57695]
Have you tried the URL NIC Issues... on Cisco pages? There are a list of problems related with Intel, Compaq and so on. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57833t=57695 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Wireless 350 bridge problem [7:57827]
try using a spectrum analyser to determine if there is a strong RF interference from somewhere close bythis is probably ur best bet. Tunde - Original Message - From: Cisco Breaker To: Sent: Thursday, November 21, 2002 9:04 AM Subject: Wireless 350 bridge problem [7:57827] Hi All, We have installed Aironet 350 series bridges 2 months ago. They were working fine until yesterday. Bridges are on the top of two buildings and they were and are clearly seeing each other, freshnel zone okey. But yesterday morning the network was gone. We have controlled the settings and set up the bridges again. Checked that if they can see each other, yes. But it doesn't work. Bridge link down. Then we have changed the rate to only 1 Mbit, found a really clear channel and it started to work but really in a bad mood. The client bridge was associating and then disappearing every 1 minute. Now the wireless network is down. Has anybody faced a problem like this? Any help will be highly appreciated. Best regards, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57834t=57827 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Wireless 350 bridge problem [7:57827]
We cannot afford that equipment right now. Also ran the diagnostic test to find the clear channel, we found the channel but bridges didn't work. Best regards, Tunde Kalejaiye wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... try using a spectrum analyser to determine if there is a strong RF interference from somewhere close bythis is probably ur best bet. Tunde - Original Message - From: Cisco Breaker To: Sent: Thursday, November 21, 2002 9:04 AM Subject: Wireless 350 bridge problem [7:57827] Hi All, We have installed Aironet 350 series bridges 2 months ago. They were working fine until yesterday. Bridges are on the top of two buildings and they were and are clearly seeing each other, freshnel zone okey. But yesterday morning the network was gone. We have controlled the settings and set up the bridges again. Checked that if they can see each other, yes. But it doesn't work. Bridge link down. Then we have changed the rate to only 1 Mbit, found a really clear channel and it started to work but really in a bad mood. The client bridge was associating and then disappearing every 1 minute. Now the wireless network is down. Has anybody faced a problem like this? Any help will be highly appreciated. Best regards, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57835t=57827 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
GRE on Cisco routers [7:57836]
I have 2 questions: 1) IPSec 172.16.1.1/24 - RTA == RTB -- 172.16.2.1/24 | | 192.168.1.0/24192.168.2.0/24 Here are more info:- RTA's Serial0 (connecting to RTB) - 10.64.10.13/27 RTB's Serial1 (connecting back to RTA) - 10.64.10.14/27 Both RTA RTA are running EIGRP. As per CCO, IPSec (without GRE) does not transfer routing protocols such as EIGRP / OSPF etc. I have tested this on the above topology, but I can get the EIGRP routes across from RTA to RTB vice versa. What am I missing?? And here are the configs:- And RTA:- crypto isakmp policy 15 hash md5 authentication pre-share ! crypto isakmp key 1234a address 10.64.10.14 ! ! crypto ipsec transform-set setOne esp-des esp-md5-hmac ! crypto map combined local-address Serial1 ! crypto map combined 8 ipsec-isakmp set peer 10.64.10.14 set transform-set setOne match address 101 ! ! interface Loopback0 ip address 192.168.1.1 255.255.255.0 ! ! interface Serial0 ip address 172.16.1.1 255.255.255.0 no fair-queue ! interface Serial1 ip address 10.64.10.13 255.255.255.224 no ip route-cache no ip mroute-cache clockrate 64000 crypto map combined ! router eigrp 1 network 10.0.0.0 network 172.16.1.0 0.0.0.255 network 192.168.1.0 no auto-summary ! ! access-list 101 permit ip 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255 RTB:- crypto isakmp policy 5 hash md5 authentication pre-share ! ! crypto isakmp key 1234a address 10.64.10.13 ! crypto ipsec transform-set setTwo esp-des esp-md5-hmac ! crypto map combined local-address Serial0 ! crypto map combined 13 ipsec-isakmp set peer 10.64.10.13 set transform-set setTwo match address 101 ! ! interface Loopback0 ip address 192.168.2.1 255.255.255.0 ! interface Ethernet0 ip address 172.16.2.1 255.255.255.0 ! interface Serial0 ip address 10.64.10.14 255.255.255.224 no fair-queue crypto map combined ! ! router eigrp 1 network 10.0.0.0 network 172.16.2.0 0.0.0.255 network 192.168.2.0 no auto-summary no eigrp log-neighbor-changes ! ! access-list 101 permit ip 172.16.2.0 0.0.0.255 172.16.1.0 0.0.0.255 *** So instead of getting the EIGRP routes via Tunnel 0 inteface, I'm getting it via the outgoing interface (serial 0), the IPSec still works. So what am I missing, and how does it make a difference if I use GRE over IPSec? I also tested RIPv2 getting similar results. RTA#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 172.16.0.0/24 is subnetted, 2 subnets C 172.16.1.0 is directly connected, Serial0 D 172.16.2.0 [90/2195456] via 10.64.10.14, 00:36:16, Serial1 10.0.0.0/27 is subnetted, 1 subnets C 10.64.10.0 is directly connected, Serial1 C192.168.1.0/24 is directly connected, Loopback0 D192.168.2.0/24 [90/2297856] via 10.64.10.14, 01:24:52, Serial1 RTA# RTA#sh crypto engine connections act ID Interface IP-Address State Algorithm Encrypt Decrypt 1 Serial1 10.64.10.13 setHMAC_MD5+DES_56_CB0 0 2000 Serial1 10.64.10.13 setHMAC_MD5+DES_56_CB0 6 2001 Serial1 10.64.10.13 setHMAC_MD5+DES_56_CB6 0 RTA# -- 2) Most configs / examples I found on CCO and books use: ccrypto ipsec transform-set setTwo esp-des so when would one use: ccrypto ipsec transform-set setTwo esp-des ?? Or is it generally not needed / recommended to use the mode transport? If anyone can give me some config e.g., that would be greatly appreciated. Thanks, HL Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57836t=57836 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Wireless 350 bridge problem [7:57827]
Cisco Breaker wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... We cannot afford that equipment right now. Also ran the diagnostic test to find the clear channel, we found the channel but bridges didn't work. CL: can you afford to have your network down? for how long? forever? CL: joys of wireless - works great until someone else in the neighborhood decides to put one in. Or some equipment that radiates harmonics of the wireless band. Or puts up a concrete wall or grows a tree. CL: it shouldn't be too hard to find a company with the spectrum analyzer who wil come out for an hour on a time and materials basis. barring that, you are left with trial and error - change the bridge locations and see if that changes for the better. Best regards, Tunde Kalejaiye wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... try using a spectrum analyser to determine if there is a strong RF interference from somewhere close bythis is probably ur best bet. Tunde - Original Message - From: Cisco Breaker To: Sent: Thursday, November 21, 2002 9:04 AM Subject: Wireless 350 bridge problem [7:57827] Hi All, We have installed Aironet 350 series bridges 2 months ago. They were working fine until yesterday. Bridges are on the top of two buildings and they were and are clearly seeing each other, freshnel zone okey. But yesterday morning the network was gone. We have controlled the settings and set up the bridges again. Checked that if they can see each other, yes. But it doesn't work. Bridge link down. Then we have changed the rate to only 1 Mbit, found a really clear channel and it started to work but really in a bad mood. The client bridge was associating and then disappearing every 1 minute. Now the wireless network is down. Has anybody faced a problem like this? Any help will be highly appreciated. Best regards, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57837t=57827 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Home Lab Materials and Equipments [7:57810]
You need more books then those two. Vol 1 is a great book. The cisco web page is the best place for information. This is the Web page for the Cisco CD that you are allowed to use in the lab. (The CD not the web page) http://www.cisco.com/univercd/home/home.htm You need to go to All Product Documentation then Cisco IOS Software Configuration You don't need a Catalyst 5000. The lab changed to Catalyst 3550 w/ the EMI image. Two totally different switches. Also get more routers, the 2500 series is good enough and cheap on ebay. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57826t=57810 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Home Lab Materials and Equipments [7:57810]
Godswill HO wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi group, I want to get it right the first time. I intend setting up my CCIE lab at home. I will appreciate if someone that have taken the lab or preparing for it, tell me what Switches, Routers, materials I need to buy. Also information about the various needed blades on the switches is important, cables, cards, modules, etc. I currently have a cable connection and also a dialup connection from home to the internet, are these enough or do I need to get a second cable connection? I curently have the following books: 1. CCIE Fundametals Network Design and Case Studies 2nd Edition by Cisco Press. 2. Routing TCP/IP, volume 1 by Cisco Press (Jeff Doyle) CL: check out my web site for my own personal opinion of must have books and other study materials: http://www.chuckslongroad.info/BookList.htm while you're poking around there, a couple of the Groupstudy Homilies are worth looking at - distribute-list gateway and DiffServ-DSCP. If you really want to do this at home - get one of the lab packages - NLI, IPExpert, hello computers - and enough routers to emulate the topology. All of the packages differ in router requirements. you don't necessarily need a lot of 2600's, but you will need a lot of serial ports for frame relay and for other topology simulation. you will need to fork out for at least one of the 3550's. IMHO, don't spend money on things like ATM and voice - rent a few hours of rack time to practice this stuff. concentrate on practicing routing any and all protocols over nmba, redistribution, qos, bridging, dlsw. these are the keys, and if you don't get these right, the rest doesn't matter. best wishes. also 1. Cisco router 1601 2. Cisco router 2502 3. cisco router 3000 I intend buying Cisco Catalyst Switch 5000 within a few days, but I need your assistance. Please I will appreciate an answer for my big brothers sisters CCIEs and those who are currently working towards it. Thanks in advance. Godswill Oletu CCNP, CCDP, CSS1. __ Do you Yahoo!? Yahoo! Web Hosting - Let the expert host your site http://webhosting.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57839t=57810 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: GRE on Cisco routers [7:57836]
Is the EIGRP traffic being sent through IPsec? From the configuration I got the impression that it is not. H @groupstudy.com em 11/21/2002 10:42:09 AM Favor responder a H Enviado Por: [EMAIL PROTECTED] Para: [EMAIL PROTECTED] cc: Assunto:GRE on Cisco routers [7:57836] I have 2 questions: 1) IPSec 172.16.1.1/24 - RTA == RTB -- 172.16.2.1/24 | | 192.168.1.0/24192.168.2.0/24 Here are more info:- RTA's Serial0 (connecting to RTB) - 10.64.10.13/27 RTB's Serial1 (connecting back to RTA) - 10.64.10.14/27 Both RTA RTA are running EIGRP. As per CCO, IPSec (without GRE) does not transfer routing protocols such as EIGRP / OSPF etc. I have tested this on the above topology, but I can get the EIGRP routes across from RTA to RTB vice versa. What am I missing?? And here are the configs:- And RTA:- crypto isakmp policy 15 hash md5 authentication pre-share ! crypto isakmp key 1234a address 10.64.10.14 ! ! crypto ipsec transform-set setOne esp-des esp-md5-hmac ! crypto map combined local-address Serial1 ! crypto map combined 8 ipsec-isakmp set peer 10.64.10.14 set transform-set setOne match address 101 ! ! interface Loopback0 ip address 192.168.1.1 255.255.255.0 ! ! interface Serial0 ip address 172.16.1.1 255.255.255.0 no fair-queue ! interface Serial1 ip address 10.64.10.13 255.255.255.224 no ip route-cache no ip mroute-cache clockrate 64000 crypto map combined ! router eigrp 1 network 10.0.0.0 network 172.16.1.0 0.0.0.255 network 192.168.1.0 no auto-summary ! ! access-list 101 permit ip 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255 RTB:- crypto isakmp policy 5 hash md5 authentication pre-share ! ! crypto isakmp key 1234a address 10.64.10.13 ! crypto ipsec transform-set setTwo esp-des esp-md5-hmac ! crypto map combined local-address Serial0 ! crypto map combined 13 ipsec-isakmp set peer 10.64.10.13 set transform-set setTwo match address 101 ! ! interface Loopback0 ip address 192.168.2.1 255.255.255.0 ! interface Ethernet0 ip address 172.16.2.1 255.255.255.0 ! interface Serial0 ip address 10.64.10.14 255.255.255.224 no fair-queue crypto map combined ! ! router eigrp 1 network 10.0.0.0 network 172.16.2.0 0.0.0.255 network 192.168.2.0 no auto-summary no eigrp log-neighbor-changes ! ! access-list 101 permit ip 172.16.2.0 0.0.0.255 172.16.1.0 0.0.0.255 *** So instead of getting the EIGRP routes via Tunnel 0 inteface, I'm getting it via the outgoing interface (serial 0), the IPSec still works. So what am I missing, and how does it make a difference if I use GRE over IPSec? I also tested RIPv2 getting similar results. RTA#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 172.16.0.0/24 is subnetted, 2 subnets C 172.16.1.0 is directly connected, Serial0 D 172.16.2.0 [90/2195456] via 10.64.10.14, 00:36:16, Serial1 10.0.0.0/27 is subnetted, 1 subnets C 10.64.10.0 is directly connected, Serial1 C192.168.1.0/24 is directly connected, Loopback0 D192.168.2.0/24 [90/2297856] via 10.64.10.14, 01:24:52, Serial1 RTA# RTA#sh crypto engine connections act ID Interface IP-Address State Algorithm Encrypt Decrypt 1 Serial1 10.64.10.13 setHMAC_MD5+DES_56_CB0 0 2000 Serial1 10.64.10.13 setHMAC_MD5+DES_56_CB0 6 2001 Serial1 10.64.10.13 setHMAC_MD5+DES_56_CB6 0 RTA# -- 2) Most configs / examples I found on CCO and books use: ccrypto ipsec transform-set setTwo esp-des so when would one use: ccrypto ipsec transform-set setTwo esp-des ?? Or is it generally not needed / recommended to use the mode transport? If anyone can give me some config e.g., that would be greatly appreciated. Thanks, HL Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57842t=57836 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Multicat [7:57773]
At 4:43 PM + 11/20/02, Fernandez, Tim wrote: Yes, yes and yes but, only certain cats support igmp snooping. Hmmm...Rhonda is most likely to sniff (snoop) the router but prefers to walk on the keyboard. Ding does investigate the router but usually stays off the keyboard. Mr. Clark tends to ignore both, but he's large enough that when he does get on the keyboard, it's something of a broadcast storm. They are working on an Internet Draft about flooding with cat fur. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57843t=57773 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Security rep for a mortgage company [7:57798]
Thanks for your help, JB Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57838t=57798 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: GRE on Cisco routers [7:57836]
And RTA:- router eigrp 1 network 10.0.0.0 the routers will create adjacencies if you add this! they are on the same LAN. the eigrp traffic doesn't go via the ipsec tunnel but directly... david Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57844t=57836 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
LMS v2.1 [7:57845]
I am currently configuring an LMS to manage a small number of 2950 and 3550 switches. All appears ok except for one issue. When i pull a cable and bring a port down the GUI takes up to 5 minutes to update. Traps are sent and the polling period is down to 30 secs but the topology diagram still does not update immediately. Is there any way to have instant notification of this (or any other) event? Thanks in advance, Filo. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57845t=57845 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ATM encapsulations, which is best [7:57840]
If you have a 10M pipe to your ISP this will allow you to transmit at 10M under your atm p-p subinterface: pvc madman 1/32 encapsulation aal5snap vbr-nrt 1 1 1 Cisco doesn't give you a CBR option but the above will do the same. Just did one for a 10M pipe yesterday, works like a champ aal5mux only allows one protocol unless you do aal5mux ppp. aal5ciscoppp is what it says. ppp over ATM but you probably are better off using nonproprietary encap aal5mux ppp I use snap unless doing ppp. Dave TMS wrote: Hello I have connection to my ISP via ATM OC3c fiber optic link. Link capacity is 10Mbps IP. My ISP declared that 1Mbps IP = 1100 PCR in Kbps (vbr-nrt as ATM contract. Is this setting is correct ? This ATM/AAL5 encapsulation is best for point-to-point ATM links ? For now I using aal5snap, but maybe aal5mux ip or aal5ciscoppp is better for IP link ? Is any good document which describes diffrences between ATM/aal5 encapsulations (aal5snap, aal5mux, aal5ciscoppp) ? -- TMS -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57846t=57840 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF Filtering [7:57789]
Sanjay, I don't think you can do this. I understand that you can filter ospf routes inbound on an interface to stop the routes getting into the routing table, BUT NOT getting into the ospf Database. Hence you will have to filter on each downstream router to stop the the route from being propogated further. Distribute list out doesn't work with OSPF anyway as you can't filter the LSA's as such. HTH Richard Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57847t=57789 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: GRE on Cisco routers [7:57836]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 *** So instead of getting the EIGRP routes via Tunnel 0 inteface, I'm getting it via the outgoing interface (serial 0), the IPSec still works. So what am I missing, and how does it make a difference if I use GRE over IPSec? I also tested RIPv2 getting similar results. Hello everyone, i am new to the list, and have been studying cisco for a month now, i thought this list would be a great way of getting to know/understand the community, and would also be a great resource for me. alaerte - I have been using freebsd for a while now, and have used vpn for a little while as well. In *bsd there are a couple packages which have worked well with our cisco (3600x). For bsd i have been using racoon/zebra. Well, as i started to get into zebra, which does rip/ospf/bgp/foo.. i noticed that for a ipsec vpn, it would not take broadcast/multicast traffic over the tunnel. I then layered gre into the tunnel, and whalla, the broadcast and multicast messages were dropping over to the other side of the tunnel. I am not sure why gre takes it and ipsec doesnt. Remember, i am very new to cisco, so i am not sure how that side works. But try to use that approach, and maybe it will help you. cheers- Eric -BEGIN PGP SIGNATURE- Version: PGP 8.0 (Build 349) Beta iQA/AwUBPd0aMaUUXFhoQKvpEQLNTACfcG61THlR7HSVwFeu0gUwAb12aLUAn1Y0 FO7h6YYILpNWB20T/Yrjr1TA =vDsv -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57848t=57836 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Very poor performance on Cat 6000 gigabit? [7:57695]
hi, as far as i was aware you CAN`T team to different speed network cards we use the intel/Compaq/HP (the same cards/drivers) and i have not been able to get the teaming to work with 100/1000 . if you put 2 1g`s togther ...no problem2 100`s ...again no problem but different speed`s NOPE.. HTH steve - Original Message - From: Elijah Savage III To: Sent: Tuesday, November 19, 2002 2:31 PM Subject: RE: Very poor performance on Cat 6000 gigabit? [7:57695] If you get this to work keep me/us informed as I am sure you will. Because I could never get this to work, I actually had to buy another 1gig nic and still the drivers did not work correctly actually eneded up just using fast etherchannel which is working great. -Original Message- From: Martin Reilly [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 6:45 AM To: [EMAIL PROTECTED] Subject: Very poor performance on Cat 6000 gigabit? [7:57695] Here's something annoying that I came across yesterday... any clues as to what's going wrong would be very much appreciated. Scenario: HP NetServers with built-in 100M NICs, based on an Intel chipset. With the HP drivers, the performance is fine - as you'd expect from a 100M connection. With Intel drivers, nothing changes. Still fine. Add a 1G NIC, again HP badged but with an Intel chipset (Intel Pro/1000TX), and bind them together into a fault-tolerant set using the Intel drivers that were priovided by HP (they don't provide HP badged drivers for this card, though they are happy to sell it with an HP sticker on it for twice the cost of the Intel card). My intention of course is that the 1G adapter is the primary (and set so in the teamed adapter settings) and the 100M would only be used as a fallback if the 1G fails. That's where things go wrong. With both cards connected to the same switch (long-term intention of course is that the 100M card will connect to a standby switch) it insists on using the 100M card, even when the 1G is set as the preferred primary and the 100M is the preferred secondary. Both cards definitely work... if I unplug the connection to the 100M, the 1G takes over. With only the 100M connected, it works. Now, here's the very odd bit. You'd expect better performance from the 1G card. But no. Testing with file copies to or from another server that has been working fine with a 1G card for a year or so (attached via fiber to a GBIC on the supervisor card on the switch), I get several times times better performance with the 100M NIC than I do with the 1G (both UTP). I've tried different cables. All are BICC GigaPlus. The 100M connection goes through a patch panel, but I've run a 20M flylead direct from the server to the switch for the 1G connection. The switch is a Cisco Catalyst 6000 with the 100M connections going to 48-port 100M cards, and the 1G connections going to a 16-port 1G card. Software, firmware, etc versions pasted below. Seeing much worse performance from Gigabit adapters compared to 100M is something of a disappointment, to say the least. Any ideas? The hardware and versions: WS-C6006 Software, Version NmpSW: 7.2(2) Copyright (c) 1995-2002 by Cisco Systems NMP S/W compiled on Jun 3 2002, 18:30:10 System Bootstrap Version: 5.3(1) System Web Interface Version: Engine Version: 5.3.4 ADP Device: Cat6000 ADP Ver0 Hardware Version: 1.0 Model: WS-C6006 Serial #: XXX PS1 Module: WS-CAC-1300WSerial #: XXX PS2 Module: WS-CAC-1300WSerial #: XXX Mod Port Model Serial #Versions --- --- --- -- 1 2WS-X6K-SUP1A-2GEXXX Hw : 3.1 Fw : 5.3(1) Fw1: 5.1(1)CSX Sw : 7.2(2) Sw1: 7.2(2) WS-F6K-PFC XXX Hw : 1.0 3 8WS-X6408-GBIC XXX Hw : 2.1 Fw : 4.2(0.24)VAI78 Sw : 7.2(2) 4 48 WS-X6248-RJ-45 XXX Hw : 1.1 Fw : 4.2(0.24)VAI78 Sw : 7.2(2) 5 48 WS-X6248-RJ-45 XXX Hw : 1.4 Fw : 5.4(2) Sw : 7.2(2) 6 16 WS-X6316-GE-TX XXX Hw : 1.3 Fw : 5.4(2) Sw : 7.2(2) 15 1WS-F6K-MSFC XXX Hw : 1.3 Fw : 12.0(7)XE1, Sw : 12.0(7)XE1, [GroupStudy.com removed an attachment of type application/ms-tnef which had a name of winmail.dat] Message Posted at:
Re: LMS v2.1 [7:57845]
hi, not really... LMS was never designed to do this .. I too have never been able to get the polled info back quick enough for my liking I spoke to an instructor who said that it will only update after 5 minutes and that it is not as responsive as he would have liked what you could do is download SNMPc ...it is a small but useful HP Openview Netowrk Node manger type programwhic will give you instant updates.or you could try solarwinds network performance monitor ...which is the same sort of thing... both are quite cheep to buy and should suit a small upto 100 device network ... HTH steve - Original Message - From: richard beddow To: Sent: Thursday, November 21, 2002 5:16 PM Subject: LMS v2.1 [7:57845] I am currently configuring an LMS to manage a small number of 2950 and 3550 switches. All appears ok except for one issue. When i pull a cable and bring a port down the GUI takes up to 5 minutes to update. Traps are sent and the polling period is down to 30 secs but the topology diagram still does not update immediately. Is there any way to have instant notification of this (or any other) event? Thanks in advance, Filo. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57850t=57845 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Very poor performance on Cat 6000 gigabit? [7:57695]
You are right you can't team 2 different speed nics. But like I said I could not even get teaming to work with the hp drivers with 2 of the same nics, that is why I recommended getting another 1 gig nic and using gigachannel or either use fast etherchannel with 2 100 meg nics and you do not have to worry about flaky software. -Original Message- From: steve [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 21, 2002 12:41 PM To: [EMAIL PROTECTED] Subject: Re: Very poor performance on Cat 6000 gigabit? [7:57695] hi, as far as i was aware you CAN`T team to different speed network cards we use the intel/Compaq/HP (the same cards/drivers) and i have not been able to get the teaming to work with 100/1000 . if you put 2 1g`s togther ...no problem2 100`s ...again no problem but different speed`s NOPE.. HTH steve - Original Message - From: Elijah Savage III To: Sent: Tuesday, November 19, 2002 2:31 PM Subject: RE: Very poor performance on Cat 6000 gigabit? [7:57695] If you get this to work keep me/us informed as I am sure you will. Because I could never get this to work, I actually had to buy another 1gig nic and still the drivers did not work correctly actually eneded up just using fast etherchannel which is working great. -Original Message- From: Martin Reilly [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 6:45 AM To: [EMAIL PROTECTED] Subject: Very poor performance on Cat 6000 gigabit? [7:57695] Here's something annoying that I came across yesterday... any clues as to what's going wrong would be very much appreciated. Scenario: HP NetServers with built-in 100M NICs, based on an Intel chipset. With the HP drivers, the performance is fine - as you'd expect from a 100M connection. With Intel drivers, nothing changes. Still fine. Add a 1G NIC, again HP badged but with an Intel chipset (Intel Pro/1000TX), and bind them together into a fault-tolerant set using the Intel drivers that were priovided by HP (they don't provide HP badged drivers for this card, though they are happy to sell it with an HP sticker on it for twice the cost of the Intel card). My intention of course is that the 1G adapter is the primary (and set so in the teamed adapter settings) and the 100M would only be used as a fallback if the 1G fails. That's where things go wrong. With both cards connected to the same switch (long-term intention of course is that the 100M card will connect to a standby switch) it insists on using the 100M card, even when the 1G is set as the preferred primary and the 100M is the preferred secondary. Both cards definitely work... if I unplug the connection to the 100M, the 1G takes over. With only the 100M connected, it works. Now, here's the very odd bit. You'd expect better performance from the 1G card. But no. Testing with file copies to or from another server that has been working fine with a 1G card for a year or so (attached via fiber to a GBIC on the supervisor card on the switch), I get several times times better performance with the 100M NIC than I do with the 1G (both UTP). I've tried different cables. All are BICC GigaPlus. The 100M connection goes through a patch panel, but I've run a 20M flylead direct from the server to the switch for the 1G connection. The switch is a Cisco Catalyst 6000 with the 100M connections going to 48-port 100M cards, and the 1G connections going to a 16-port 1G card. Software, firmware, etc versions pasted below. Seeing much worse performance from Gigabit adapters compared to 100M is something of a disappointment, to say the least. Any ideas? The hardware and versions: WS-C6006 Software, Version NmpSW: 7.2(2) Copyright (c) 1995-2002 by Cisco Systems NMP S/W compiled on Jun 3 2002, 18:30:10 System Bootstrap Version: 5.3(1) System Web Interface Version: Engine Version: 5.3.4 ADP Device: Cat6000 ADP Ver0 Hardware Version: 1.0 Model: WS-C6006 Serial #: XXX PS1 Module: WS-CAC-1300WSerial #: XXX PS2 Module: WS-CAC-1300WSerial #: XXX Mod Port Model Serial #Versions --- --- --- -- 1 2WS-X6K-SUP1A-2GEXXX Hw : 3.1 Fw : 5.3(1) Fw1: 5.1(1)CSX Sw : 7.2(2) Sw1: 7.2(2) WS-F6K-PFC XXX Hw : 1.0 3 8WS-X6408-GBIC XXX Hw : 2.1 Fw : 4.2(0.24)VAI78 Sw : 7.2(2) 4 48 WS-X6248-RJ-45 XXX Hw : 1.1 Fw : 4.2(0.24)VAI78 Sw : 7.2(2) 5 48 WS-X6248-RJ-45 XXX Hw : 1.4
Re: Router forwarding directed broadcasts [7:57780]
[EMAIL PROTECTED] wrote: I'm sure they will, but my routers still forwarding subnet broadcasts even with this line in a sh ip int output:- Directed broadcast forwarding is disabled Why don't you send us a config and some discussion of the situation and your methods of testing. This group can be helpful, despite the numerous silly answers, but we can't output a solution to your problem with no useful input. Troublehsooting requires data. If you can give us data, perhaps we can help you. The end result could be that everyone benefits. Also, please use a meaningful title on your messages. Thanks ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Thanks -P 5 games of cricket Between Australia and England have just commenced... Australia won the first game very convincingly Australia should go a clean sweep -- Regards, Peter Kingston Telstra BigPond Direct Freecall 1800 066 594 Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Well you better explain this to us Yankees. Our baseball season is over unfortunatley, and now all we have is football (ugh). Well we have hockey and basketball too, I guess, and they're a litte better! :-) Priscilla Peter Kingston wrote: I just as a little bit of friendly rivalry, I believe there is more than yourself confused in London, naming your cricketers 5 zips looks like a fair chance -- Regards, Peter Kingston Telstra BigPond Direct Freecall 1800 066 594 wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Someone asked me a question which confused me:- If i ping a network broadcast from a host on a different network, which passes through a cisco router why do i get replies from certain devices. The router has directed broadcast forwarding disabled. I thought the router would therefore drop the packet Any thoughts Thanks -P Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57852t=57780 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router forwarding directed broadcasts [7:57780]
Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... [EMAIL PROTECTED] wrote: I'm sure they will, but my routers still forwarding subnet broadcasts even with this line in a sh ip int output:- Directed broadcast forwarding is disabled Why don't you send us a config and some discussion of the situation and your methods of testing. This group can be helpful, despite the numerous silly answers, but we can't output a solution to your problem with no useful input. Troublehsooting requires data. If you can give us data, perhaps we can help you. The end result could be that everyone benefits. CL: look, I don't have time to answer any questions. get up here right now. it's broken. so FIX IT :- CL: at least, that's the way my users would report problems at the brokerage firm. Also, please use a meaningful title on your messages. Thanks CL: picky picky. CL: I'm reminded of the consulting firm I used to work at. We had customers who would call and tell us something or other wasn't working, and to send a CCIE over RIGHT NOW to FIX IT!!! ask for configs and you'd never hear from them again. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Thanks -P 5 games of cricket Between Australia and England have just commenced... Australia won the first game very convincingly Australia should go a clean sweep -- Regards, Peter Kingston Telstra BigPond Direct Freecall 1800 066 594 Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Well you better explain this to us Yankees. Our baseball season is over unfortunatley, and now all we have is football (ugh). Well we have hockey and basketball too, I guess, and they're a litte better! :-) Priscilla Peter Kingston wrote: I just as a little bit of friendly rivalry, I believe there is more than yourself confused in London, naming your cricketers 5 zips looks like a fair chance -- Regards, Peter Kingston Telstra BigPond Direct Freecall 1800 066 594 wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Someone asked me a question which confused me:- If i ping a network broadcast from a host on a different network, which passes through a cisco router why do i get replies from certain devices. The router has directed broadcast forwarding disabled. I thought the router would therefore drop the packet Any thoughts Thanks -P Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57854t=57780 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Security rep for a mortgage company [7:57798]
J B wrote: I have a client mortgage company the would like to connect to the internet and provide VPN access to the sattelite offices. Is there any legal or specific requirement they need to meet in order to allow access to users over the internet. Can somebody help. Thanks J barrera There are numerous specific technical requirements, but there probably aren't any legal requirements, if you're talking about the United States. In the U.S., the Internet is a lawless place, with good people and also numerous thieves and vandals. So you want to protect yourself with encryption, etc., but the laws probably won't protect you. Your ISP may have an Acceptable Use Policy that is relevant. If you already have a business account with the ISP, I would guess that both VPN clients and concentrators are permitted. But that depends on the ISP. If you have an end-user account, then a VPN concentrator might be ouside the acceptable use policy. You also posted an empty message that said Thank-you for the info. What info? If someone did help you, it might be nice to share it with us all so the group benefits. And people who answer should answer to the entire group. Also, empty messages waste bandwidth. If you use the Web site, please click on the Quote button so we can see the message to which you are responding. Thanks. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57853t=57798 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Freebie for BSCI Prospects [7:57855]
Here is a cut-and-paste from a Cisco Press newsletter I received this morning: = Cisco Press Authors, Experts in the Field: Diane Teare and Catherine Paquet Diane and Catherine are the authors of numerous Cisco Press titles, including both joint and solo efforts. Both are Senior Network Architects with Global Knowledge, and certified Cisco Systems instructors. This teaching skill, and their exceptional technical expertise, has combined to create some of the best-selling professional level self-study resources. Diane and Catherine currently have a supplemental chapter to their best-selling Building Scalable Cisco Networks title available at ciscopress.com. Addressing the topic of IS-IS, a new addition to the CCNP routing exam, this chapter provides a valuable final preparation tool for CCNP candidates. Access the free chapter on IS-IS: http://www.ciscopress.com/link.asp?link=54 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57855t=57855 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router forwarding directed broadcasts [7:57780]
The Long and Winding Road wrote: [EMAIL PROTECTED] wrote: I'm sure they will, but my routers still forwarding subnet broadcasts even with this line in a sh ip int output:- Directed broadcast forwarding is disabled Why don't you send us a config and some discussion of the situation and your methods of testing. CL: look, I don't have time to answer any questions. get up here right now. it's broken. so FIX IT :- CL: at least, that's the way my users would report problems at the brokerage firm. He's not a user. Users probably aren't on this list. Also, please use a meaningful title on your messages. Thanks CL: picky picky. He had titled it Confused in London. I changed it. If he wants an answer, he should title it something useful. CL: I'm reminded of the consulting firm I used to work at. We had customers who would call and tell us something or other wasn't working, and to send a CCIE over RIGHT NOW to FIX IT!!! ask for configs and you'd never hear from them again. Asking questions of customers so that you get helpful answers can be difficult. With troubleshooting, there's an entire set of soft skills that can help you avoid never hearing from your customer again, which certainly doesn't seem like the best outcome, (well except for the jerks maybe. :-) The directed broadcast question is intriguing. Why can't we focus on that instead of all the BS answers. What would cause a router to forward directed broadcasts even though you told it not to? Maybe he has the no ip directed-broadcasts on the wrong interface? Mabye there's a subnet mask problem? Maybe he has a helper address that points to a directed broadcast and that ignores the no ip directed-broadcasts command, which focuses on ordinary packet forwarding. Maybe we can only guess without more info. I hope we didn't miss the chance to help him with the actual question and also help him learn how to get help. Priscilla ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Thanks -P 5 games of cricket Between Australia and England have just commenced... Australia won the first game very convincingly Australia should go a clean sweep -- Regards, Peter Kingston Telstra BigPond Direct Freecall 1800 066 594 Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Well you better explain this to us Yankees. Our baseball season is over unfortunatley, and now all we have is football (ugh). Well we have hockey and basketball too, I guess, and they're a litte better! :-) Priscilla Peter Kingston wrote: I just as a little bit of friendly rivalry, I believe there is more than yourself confused in London, naming your cricketers 5 zips looks like a fair chance -- Regards, Peter Kingston Telstra BigPond Direct Freecall 1800 066 594 wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Someone asked me a question which confused me:- If i ping a network broadcast from a host on a different network, which passes through a cisco router why do i get replies from certain devices. The router has directed broadcast forwarding disabled. I thought the router would therefore drop the packet Any thoughts Thanks -P Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57856t=57780 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router forwarding directed broadcasts [7:57780]
Think i figured it out The router will forward the subnet broadcast regardless of whether the no ip directed-broadcast command is configured on the ingress/egress interface or not - IF the destination subnet isn't locally attached to the router. Guess the router just does a route lookup and forwards it If the destination network is directly attached and ip forward directed-broadcasts is disabled then the router replys on behalf of the subnet but does not forward the broadcast out onto the subnet The replies i was seeing were from subnets that were locally attached to non cisco firewalls Thanks for your help -Original Message- From: Priscilla Oppenheimer To: [EMAIL PROTECTED] Date: Thursday, November 21, 2002 6:36 PM Subject: Re: Router forwarding directed broadcasts [7:57780] [EMAIL PROTECTED] wrote: I'm sure they will, but my routers still forwarding subnet broadcasts even with this line in a sh ip int output:- Directed broadcast forwarding is disabled Why don't you send us a config and some discussion of the situation and your methods of testing. This group can be helpful, despite the numerous silly answers, but we can't output a solution to your problem with no useful input. Troublehsooting requires data. If you can give us data, perhaps we can help you. The end result could be that everyone benefits. Also, please use a meaningful title on your messages. Thanks ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Thanks -P 5 games of cricket Between Australia and England have just commenced... Australia won the first game very convincingly Australia should go a clean sweep -- Regards, Peter Kingston Telstra BigPond Direct Freecall 1800 066 594 Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Well you better explain this to us Yankees. Our baseball season is over unfortunatley, and now all we have is football (ugh). Well we have hockey and basketball too, I guess, and they're a litte better! :-) Priscilla Peter Kingston wrote: I just as a little bit of friendly rivalry, I believe there is more than yourself confused in London, naming your cricketers 5 zips looks like a fair chance -- Regards, Peter Kingston Telstra BigPond Direct Freecall 1800 066 594 wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Someone asked me a question which confused me:- If i ping a network broadcast from a host on a different network, which passes through a cisco router why do i get replies from certain devices. The router has directed broadcast forwarding disabled. I thought the router would therefore drop the packet Any thoughts Thanks -P Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57858t=57780 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Security rep for a mortgage company [7:57798]
Will do! Sorry, for the confusion and have included the previous messages i received from all the very kind people who uses this group. JB - There are a lot of considerations you need to think about, not so much on the legal side but more on the security side. You have a company that first wants to have internet access - what's the purpose for the internet access? For outbound internet? What about inbound? Websites etc? What kind of digital information can be found at the mortgage company that the mortgage company wants to protect? What is the value of the information and what's the risk if the information has unauthorized access? This is your first concern. Now you want to connect other sites to this office. They'll need internet access as well. You can do two things. Do split tunneling, which means data bound for the internet goes directly to the satellites ISP and data bound for the home office is encrypted via VPN. Or you can disable split tunneling which means all the satellite's internet bound traffic goes to the home office and out the home offices ISP. The home office has opened up digital access from the internet to data that it might want to protect. So if the data is valuable, the home office needs to take the necessary steps to secure that data. Now you're connecting other offices to the home office. If these sites are using spit tunneling, you now how multiple security 'holes' that need to be managed to the degree that the home office is secured. And since 80% of all malicious attacks on digital data and resources comes from within, the home office has become much more vulnerable. With split-tunneling, you have to invest in security, again, equal to the home office. With split-tunneling disabled, you only have to concentrate internet related security at the home office, but this adds hops and latency. And now the home office needs to consider internal threats. This is a high level overview. There are a lot more details involved that require a lot of time and consideration. Steve -Original Message- From: J B [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 20, 2002 3:40 PM To: [EMAIL PROTECTED] Subject: Security rep for a mortgage company [7:57798] I have a client mortgage company the would like to connect to the internet and provide VPN access to the sattelite offices. Is there any legal or specific requirement they need to meet in order to allow access to users over the internet. Can somebody help. Thanks J barrera Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57798t=57798 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] * The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. * J B wrote: I have a client mortgage company the would like to connect to the internet and provide VPN access to the sattelite offices. Is there any legal or specific requirement they need to meet in order to allow access to users over the internet. Can somebody help. Thanks J barrera Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57859t=57798 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Stateful NAT Failover [7:57857]
I've been hunting for specific technical documentation on stateful failover between NAT instances in two routers, or even PIX. I can find lots of marketing references in the description of the Cisco GRIP architecture, and details of stateful IPsec failover. No details of NAT failover. On assorted search engines (Cisco and non-Cisco), it keeps coming back to stateful packet inspection, but not NAT per se. By stateful NAT failover, assume the following scenario: R1 is primary and R2 is backup. R1 knows its mappings from outside address/port to inside address/port. It shares this information with R2, which remains passive. Presumably, inside routers use HSRP to find the active NAT, which is on the DMZ. HSRP on the DMZ can tell the Internet access routers which NAT is active. Does anyone know where this is documented, or is it simply considered a subset of stateful packet inspection at the implementation, not marketing, level? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57857t=57857 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router forwarding directed broadcasts [7:57780]
Paul Williamson wrote: Think i figured it out The router will forward the subnet broadcast regardless of whether the no ip directed-broadcast command is configured on the ingress/egress interface or not - IF the destination subnet isn't locally attached to the router. That makes sense. The router can't know for sure if a packet for a non-local destination even is a broadcast. It may not know the prefix boundary (subnet mask) for non-local networks. It just knows this for its own interfaces (because it's configured on its own interfaces). Guess the router just does a route lookup and forwards it If the destination network is directly attached and ip forward directed-broadcasts is disabled then the router replys on behalf of the subnet but does not forward the broadcast out onto the subnet The replies i was seeing were from subnets that were locally attached to non cisco firewalls Ah. That explains it. Thanks for letting us know. Whew. I didn't have much hope for this thread! I'm glad it worked out. :-) Priscilla Thanks for your help -Original Message- From: Priscilla Oppenheimer To: [EMAIL PROTECTED] Date: Thursday, November 21, 2002 6:36 PM Subject: Re: Router forwarding directed broadcasts [7:57780] [EMAIL PROTECTED] wrote: I'm sure they will, but my routers still forwarding subnet broadcasts even with this line in a sh ip int output:- Directed broadcast forwarding is disabled Why don't you send us a config and some discussion of the situation and your methods of testing. This group can be helpful, despite the numerous silly answers, but we can't output a solution to your problem with no useful input. Troublehsooting requires data. If you can give us data, perhaps we can help you. The end result could be that everyone benefits. Also, please use a meaningful title on your messages. Thanks ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Thanks -P 5 games of cricket Between Australia and England have just commenced... Australia won the first game very convincingly Australia should go a clean sweep -- Regards, Peter Kingston Telstra BigPond Direct Freecall 1800 066 594 Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Well you better explain this to us Yankees. Our baseball season is over unfortunatley, and now all we have is football (ugh). Well we have hockey and basketball too, I guess, and they're a litte better! :-) Priscilla Peter Kingston wrote: I just as a little bit of friendly rivalry, I believe there is more than yourself confused in London, naming your cricketers 5 zips looks like a fair chance -- Regards, Peter Kingston Telstra BigPond Direct Freecall 1800 066 594 wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Someone asked me a question which confused me:- If i ping a network broadcast from a host on a different network, which passes through a cisco router why do i get replies from certain devices. The router has directed broadcast forwarding disabled. I thought the router would therefore drop the packet Any thoughts Thanks -P Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57860t=57780 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: passed cit. that's a wrap on ccnp [7:57741]
huh.. i guess that all depends on what kind of experience you have. Routing is the hardest, support, remote access, switching Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57861t=57741 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IOS for LLQ - VoIP on 3640 and 2621 [7:57862]
Folks, I need to find out the best IOS for LLQ on 3640 and 2621 routers. 3640 is very straightforward with just IP routing. 2621 needs a DES software as it terminates IPSec. Both platforms need Low Latency Queueing as they will be passing Voice Packets. I have tried a few IOSs, but if you have any suggestions as to which ones work the best, I would appreciate it. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57862t=57862 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 3002 Vpn Client 3DES [7:57830]
Arni, We do not have an officialy throughput rate on the 3002. However it does perform very well. The official term we use is that it scales very high. This being that it will send over 2 megs of traffic over a link with 3DES enabled. Please contact me if you have any questions on this. Thanks, Robert Raver - Original Message - From: Arni V. Skarphedinsson To: Sent: Thursday, November 21, 2002 4:03 AM Subject: 3002 Vpn Client 3DES [7:57830] can any one give me an idea about the 3des throughput of the 3002 VPN Hardware Client ? have looked all over cisco4s site, but can not find anything Best regards, Arni Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57863t=57830 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco 3005 VPN concentrator issues. [7:57495]
I note you said 200 users The 3005 is limited to 100 simultaneous user http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/prod_models_compar ison.html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Umar Ahmed Sent: Friday, November 15, 2002 3:00 AM To: [EMAIL PROTECTED] Subject: Cisco 3005 VPN concentrator issues. [7:57495] Hi all, Ive got a customer who has a 3005 concentrator connected to our network. He has setup a vpn connection which he accesses from home over the public internet. The problem he and the other 200 users are having is that they are loosing connectivity to the box intermittently throughtout the day. When he has loss of service, I can ping the vpn box directly connected to my network, whats even more strange, is that I can ping other customer hosts on the same subnet . Any ideas ?? Regards, Umar. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57864t=57495 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Stateful NAT Failover [7:57857]
Howard C. Berkowitz wrote: I've been hunting for specific technical documentation on stateful failover between NAT instances in two routers, or even PIX. I don't know about routers, but there's an OK document about PIX failover here: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea7.shtml If you look at the section on Stateful Failover, you'll see that PIX address translation (xlate, static and dynamic) and connection (conn) records are passed to the standby unit from the active unit along with other state information. PIX has a Logical Update (LU) software module that provides transport to PIX applications supporting stateful failover. The state update occurs from the active to standby through the LAN interface. The state update sent to the standby PIX is triggered by the application. The LU transport is UDP-like, with no retransmission. (Bet that's not what you though LU stood for! ;-) There's not a whole lot of detail in the document, but it might be a start. Priscilla I can find lots of marketing references in the description of the Cisco GRIP architecture, and details of stateful IPsec failover. No details of NAT failover. On assorted search engines (Cisco and non-Cisco), it keeps coming back to stateful packet inspection, but not NAT per se. By stateful NAT failover, assume the following scenario: R1 is primary and R2 is backup. R1 knows its mappings from outside address/port to inside address/port. It shares this information with R2, which remains passive. Presumably, inside routers use HSRP to find the active NAT, which is on the DMZ. HSRP on the DMZ can tell the Internet access routers which NAT is active. Does anyone know where this is documented, or is it simply considered a subset of stateful packet inspection at the implementation, not marketing, level? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57866t=57857 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Toronto CCIE group study team Meeting this Sat ... [7:57865]
Anybody interested to join us in Toronto CCIE Lab study group? We're gathering people resources for this CCIE LAB Study Group looking towards mid next year's exam. Syson Suy If Life is a Game, These are the Rules: Life is not measured by the number of breaths we take, but by the moments that take our breath away. - Original Message - From: T B To: Sent: Thursday, November 21, 2002 10:32 AM Subject: RE: CCIE Home Lab Materials and Equipments [7:57810] You need more books then those two. Vol 1 is a great book. The cisco web page is the best place for information. This is the Web page for the Cisco CD that you are allowed to use in the lab. (The CD not the web page) http://www.cisco.com/univercd/home/home.htm You need to go to All Product Documentation then Cisco IOS Software Configuration You don't need a Catalyst 5000. The lab changed to Catalyst 3550 w/ the EMI image. Two totally different switches. Also get more routers, the 2500 series is good enough and cheap on ebay. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57865t=57865 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: GRE on Cisco routers [7:57836]
EIGRP, OSPF and RIPv2 do routing update with multicast traffic. IPSec alone does not support multicast. GRE does support multicasting traffic. You can use GRE over IPSec tunnel to run routing protocol such as EIGRP, OSPF or RIPv2. Thomas H wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have 2 questions: 1) IPSec 172.16.1.1/24 - RTA == RTB -- 172.16.2.1/24 | | 192.168.1.0/24192.168.2.0/24 Here are more info:- RTA's Serial0 (connecting to RTB) - 10.64.10.13/27 RTB's Serial1 (connecting back to RTA) - 10.64.10.14/27 Both RTA RTA are running EIGRP. As per CCO, IPSec (without GRE) does not transfer routing protocols such as EIGRP / OSPF etc. I have tested this on the above topology, but I can get the EIGRP routes across from RTA to RTB vice versa. What am I missing?? And here are the configs:- And RTA:- crypto isakmp policy 15 hash md5 authentication pre-share ! crypto isakmp key 1234a address 10.64.10.14 ! ! crypto ipsec transform-set setOne esp-des esp-md5-hmac ! crypto map combined local-address Serial1 ! crypto map combined 8 ipsec-isakmp set peer 10.64.10.14 set transform-set setOne match address 101 ! ! interface Loopback0 ip address 192.168.1.1 255.255.255.0 ! ! interface Serial0 ip address 172.16.1.1 255.255.255.0 no fair-queue ! interface Serial1 ip address 10.64.10.13 255.255.255.224 no ip route-cache no ip mroute-cache clockrate 64000 crypto map combined ! router eigrp 1 network 10.0.0.0 network 172.16.1.0 0.0.0.255 network 192.168.1.0 no auto-summary ! ! access-list 101 permit ip 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255 RTB:- crypto isakmp policy 5 hash md5 authentication pre-share ! ! crypto isakmp key 1234a address 10.64.10.13 ! crypto ipsec transform-set setTwo esp-des esp-md5-hmac ! crypto map combined local-address Serial0 ! crypto map combined 13 ipsec-isakmp set peer 10.64.10.13 set transform-set setTwo match address 101 ! ! interface Loopback0 ip address 192.168.2.1 255.255.255.0 ! interface Ethernet0 ip address 172.16.2.1 255.255.255.0 ! interface Serial0 ip address 10.64.10.14 255.255.255.224 no fair-queue crypto map combined ! ! router eigrp 1 network 10.0.0.0 network 172.16.2.0 0.0.0.255 network 192.168.2.0 no auto-summary no eigrp log-neighbor-changes ! ! access-list 101 permit ip 172.16.2.0 0.0.0.255 172.16.1.0 0.0.0.255 *** So instead of getting the EIGRP routes via Tunnel 0 inteface, I'm getting it via the outgoing interface (serial 0), the IPSec still works. So what am I missing, and how does it make a difference if I use GRE over IPSec? I also tested RIPv2 getting similar results. RTA#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 172.16.0.0/24 is subnetted, 2 subnets C 172.16.1.0 is directly connected, Serial0 D 172.16.2.0 [90/2195456] via 10.64.10.14, 00:36:16, Serial1 10.0.0.0/27 is subnetted, 1 subnets C 10.64.10.0 is directly connected, Serial1 C192.168.1.0/24 is directly connected, Loopback0 D192.168.2.0/24 [90/2297856] via 10.64.10.14, 01:24:52, Serial1 RTA# RTA#sh crypto engine connections act ID Interface IP-Address State Algorithm Encrypt Decrypt 1 Serial1 10.64.10.13 setHMAC_MD5+DES_56_CB0 0 2000 Serial1 10.64.10.13 setHMAC_MD5+DES_56_CB0 6 2001 Serial1 10.64.10.13 setHMAC_MD5+DES_56_CB6 0 RTA# -- 2) Most configs / examples I found on CCO and books use: ccrypto ipsec transform-set setTwo esp-des so when would one use: ccrypto ipsec transform-set setTwo esp-des ?? Or is it generally not needed / recommended to use the mode transport? If anyone can give me some config e.g., that would be greatly appreciated. Thanks, HL Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57867t=57836 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN PRI and CCIE lab [7:57868]
Hi Folks, I have noticed that none of the online rack offers scenarios for ISDN PRI configuration. Does that mean this is not on the CCIE lab? I mean the current topologies that services such as Ipexpert offers does not give meaningful topology for practicing rotary group or dialer profiles. In my opinion a typical topology that justifies configuration of rotary groups or dialer profiles is that of central site with at least tow bri interfaces and at least tow remote sites with a bri interface each. Any comments or advice will be appreciated. Thanks John Tafasi Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57868t=57868 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]