RE: 640-604 Switching [7:58384]

[Siddiqi Kenan]

I am interested in trading. Please contact me on my e-mail address.

Cheers,

Kenan


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58429&t=58384
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Monitoring SPF algorithm [7:58408]

[alaerte Vidali]

Any Thoughts?

Thanks


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58432&t=58408
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE written [7:58400]

[alaerte Vidali]

>From my experience the passing score were 70% 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58431&t=58400
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Support exam how to prepare [7:58430]

[Siddiqi Kenan]

Hi there,
First of all, thank you to all of those who helped and guided me for the
exam. Passed it. Here is what I learnt from my experience:

1. Passing score was 755, I had 58 questions (but this varies from person to
person)
2. The best way I found to prepare for this exam was using the offical
course book. Read every bit very carefully. Some questions do require
in-depth knowledge and familiarity with Cisco device operations. Then again,
nothing replaces hands-on experience.
3. About 2 weeks before the exam, practice Boson tests. They help in making
sure you know the thigns properly.

Ok then, happy studying! :)

Cheers,

Kenan


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58430&t=58430
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Home lab setup FRAME SWITCH [7:58204]

[Larry Letterman]

Yes, your correct...

The ones I have at home are 4500 routers with 4700 cpu's...



Cisco Internetwork Operating System Software
IOS (tm) 4500 Software (C4500-BOOT-M), Version 11.1(22), RELEASE 
SOFTWARE (fc1)
Copyright (c) 1986-1998 by cisco Systems, Inc.
Compiled Mon 28-Sep-98 18:10 by richv
Image text-base: 0x600088A0, data-base: 0x602B2000

System image file is "bootflash:c4500-boot-m.111-22", booted via ROM

cisco CPA4700 (R4K) processor (revision C) with 32768K/16384K bytes of 
memory.
Processor board ID 03426366
R4700 processor, Implementation 33, Revision 1.0 (Level 2 Cache)
G.703/E1 software, Version 1.0.
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
Authorized for CiscoPro software set only.
2 Ethernet/IEEE 802.3 interfaces.
4 Serial network interfaces.
128K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)
4096K bytes of processor board Boot flash (Read/Write)

Larry


J.D. Chaiken wrote:

>Don't you mean a 4500 w/ a 4 Port Serial works great?  The 4000 doesn't
>support the NP-4T  only the NP-2T.
>
>Jarett
>
>""Larry Letterman""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
>>a 4000 with a 4 port serial card works great...
>>
>>Symon Thurlow wrote:
>>
>>>What about a 4000/4500 with 2x NP4T? They are reasonably priced.
>>>
>>>-Original Message-
>>>From: Elijah Savage III [mailto:[EMAIL PROTECTED]]
>>>Sent: 27 November 2002 18:25
>>>To: [EMAIL PROTECTED]
>>>Subject: Home lab setup FRAME SWITCH [7:58204]
>>>
>>>
>>>Here is my lab setup there is one thing I think I am in desperate need
>>>of and that is a frame switch I do not need the 3550 we are deploying
>>>them at work and have access to them and also 5500's with the
>>>lightstream equipment. After getting this lab together of course I have
>>>spent some bucks as you can see below, but for the LABS like from NLI
>>>and some of the others will a 2521 serve as a frame switch to do these
>>>labs or do a I really need to fork over the bucks for a 2522, you just
>>>don't see ags+ on ebay much anymore. I would like to just buy a 2521 if
>>>it is sufficient and spend the rest of my allotted funds on purchasing
>>>the labs. Or is there someone out there wanting to sell a ags+ or some
>>>other router as a frame switch.
>>>
>>>3 2501
>>>1 2503 isdn
>>>1 2611
>>>1 2621
>>>1 2509
>>>1 1605 with wic 1T
>>>1 804 isdn
>>>1900 enterprise
>>>2924 enterprise Just got this one yesterday
>>>Pix501
>>>Suse8.1 LinuxPC
>>>Redhat8.0PC
>>>
>>>Elijah
>>>http://www.digitalrage.org
>>>Your one stop for Technical News
>>>and HowTo's
>>>=
>>>
>>>This email has been content filtered and
>>>subject to spam filtering. If you consider
>>>this email is unsolicited please forward
>>>the email to [EMAIL PROTECTED] and
>>>request that the sender's domain be
>>>blocked from sending any further emails.
>>>
>>>=




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58416&t=58204
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE LAB Preparation - Anyone on same path!! [7:58433]

[kaushik khakhar]

Hello @,

I have started preparing for my CCIE LAB again (2nd try in Feb). Now the
LAB is changed with new additonal switch 3550 and so on.

Anyone who is in the same direction, can get in touch to get and share
views/inputs.

Regards,

Kaushik Khakhar A



MSN 8 with e-mail virus protection service: 2 months FREE*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58433&t=58433
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Collision [7:58389]

[Larry Letterman]

Most likely the previous 10/half interface on the switch and the router 
were not
linked at the same speed/duplex or the other router had an issue with 
the setting.

To be safe I would set the switch port and the router interface to 
100/full or 10/full
and there should be no issues then.

and yes, the fast ethernet in the 26XX/36XX routers are a better 
solution.

Larry Letterman
Cisco IT-LAN , San Jose

Cliff Cliff wrote:

>Today, We are put 3660 router to their end, having Fastethernet card, and
>connected to their switch.
>
>They change their switch port as following:
>
>interface FastEthernet0/14 
>load-interval 30 
>duplex full
>
>so far, after observe serveral hours, there is no collision as well as not
>error message in our router.
>
>So, what's wrong? Is the fastethernet is better? or previous setting that I
>have is wrong?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58434&t=58389
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: QOS on 40003 [7:58412]

[Juan Blanco]

Johnman,
Based on Cisco Recommendation the following is the baseline for traffic
classification
Traffic TypeLayer 2 COS Layer 3 IP Precedence   Layer 
3 DSCP
Voice RTP   5   5  
 EF
Voice Control   3   3  
 AF31
Video   4   4  
 AF41
Data0-2 0-2
 0-AF23

Juan Blanco

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
johnman johnman
Sent: Monday, December 02, 2002 4:02 PM
To: [EMAIL PROTECTED]
Subject: QOS on 40003 [7:58412]


I am configuring QOS for Video-Conference on my CAT 4003.
I would like to know what IP precedence numbers I can use to classify the
video traffic.



_
The new MSN 8: smart spam protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58435&t=58412
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Specific BGP Question [7:58428]

[[EMAIL PROTECTED]]

HI Jim,

Part 1: I guess the filter list take priority over the route-map as they are
the
first to be listed in "sh run" config.
part 2: Yes Map1 and Map2 are valid as the cond adv. feature use the general
terms route-map and this includes all types of filter lists. But why you
want to
use access list based on as-path(really bad for cond. adv.)
part 3: I cant think of any other soln. I guess this was the only prupose of
making Cond. Adv. feature and hence it should be used.

--Vinay





"Jim Devane"  on 12/03/2002 12:46:32 PM

Please respond to "Jim Devane" 

To:   [EMAIL PROTECTED]
cc:(bcc: Vinay S Jamwal/HSS)

Subject:  Specific BGP Question [7:58428]




Hello all,

Long time lurker, first time poster.

I have a router that is multi-homed between 16631 and 701.
I have a new client who is buying transit from us.
They are multi-homed to us and 1239.
A business decision was made to policy route their traffic out 16631.
As a result I will only publish 16631 routes to them.
However, if 16631 goes away, I want to be able to push the 701 routes to
them.
Injecting a default wouldn't be very effective here since 1239 will most
likely have a more specific route!
So Conditional Adv to the rescue. However..I have a few questions I am
unsure about and I don't have a lab to try it out on.

In this config:

router bgp 
nei New_Client remote-as Client_AS
nei New_Client filter-list 4 in
nei New_Client filter-list 3 out

ip as path access-list 3 permit .*
ip as-path access-list 4 permit ^Client_AS$

so far so good
I want to add this...

nei New_Client advertise-map MAP1 non-exist-map MAP2

route-map MAP1 permit 10
match as-path 5
route-map MAP2 permit 10
match as-path 6

ip as-path access-list 5 ^$ _16631_
ip as-path access-list 6 ^$ _701_


SO NOW THE QUESTIONS!!!

1) What is the order of operation for the advertisement out? Will the
Filter-list showing all routes cancel any effect of the route-map?
2) Are the MAP1 and MAP2 route maps valid in this config because they use
as-path? The config's I could find as example were based on Prefix. I made
up the part about using the as-path, but it seems logical (boy, I wish I had
a couple extra routers!)
3) Is there a better way to go about this!

Thanks in advance. And thanks to everybody who posts. I have taken away a
lot from this mailing-list!

Jim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58436&t=58428
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Regarding Router rental business? [7:58422]

[Ellis, Andrew]

Guys, the spelling is getting terrible. Even painful to read. 

-Original Message-
From: wma2 [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 02, 2002 11:01 PM
To: [EMAIL PROTECTED]
Subject: Regarding Router rental business? [7:58422]


Hi guys:
I and my freind just got tones of Cisco equipment, so now we not
sure to sale them or
start an online lab business.
so I just want to do a quick survey here .

1.how many of you guys here would be interested paying for lab time ?

2.how much would u willing to pay for the lab time. (e.g $5 hour or $50
per days)

3.   Do you perfer do your lab exercise online or in the actual lab ?

4.What sort of equipment do most perfer to work on?


so if you guys can gave me some idea about the current market.

that will be greatly apperciated.

also for those of u who do joint the survey,  there will be a special
discount for u

if we do decide to go ahead with this business.

you can send reply to news group or send enquiry to [EMAIL PROTECTED]

thanks you very much for reading.


best regard

Mic




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58438&t=58422
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: QOS on 40003 [7:58412]

[Juan Blanco]

Johnman,
Based on Cisco Recommendation the following is the baseline for traffic
classification
Traffic TypeLayer 2 COS Layer 3 IP Precedence   Layer 
3 DSCP
Voice RTP   5   5  
 EF
Voice Control   3   3  
 AF31
Video   4   4  
 AF41
Data0-2 0-2
 0-AF23

Juan Blanco

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
johnman johnman
Sent: Monday, December 02, 2002 4:02 PM
To: [EMAIL PROTECTED]
Subject: QOS on 40003 [7:58412]


I am configuring QOS for Video-Conference on my CAT 4003.
I would like to know what IP precedence numbers I can use to classify the
video traffic.



_
The new MSN 8: smart spam protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58439&t=58412
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: AS 5400 lost carrier [7:58361]

[John Botha]

Hi

We have had similar problems with different routers acting as NAS dialup
servers. The main reasons for disconnected carrier on modems:

- The router not earthed properly in the cabinet
- The "mica modem " command - if you are using mica modems, of
course.

Hope it helps :)

Regards,

John Botha

 -Original Message-
From:   Ismail M Saeed [mailto:[EMAIL PROTECTED]] 
Sent:   01 December 2002 10:26
To: [EMAIL PROTECTED]
Subject:AS 5400 lost carrier [7:58361]

Dear All,
I am running AS 5400 with 16 PRI (analog modems only) and I am facing modem
disconnection after 15 to 30 minutes and the reason is lost carrier
Any info about the reason of this lost carrier (cabling or modem or chassis
or
configuration etc..)

Thanks and best regards
_ _ _ _ _ _ _ _ _ _




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58440&t=58361
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: I seems Confused.....Peer-to-to TCP/IP Network [7:58255]

[Godswill Oletu]

Hi Mark and All!

This is to thank everyone who responded or think through my question but
could not response.

I have been able to resolve the problem.

Actually, I install Checkpoint NG on the Windows NT 4.0 system for my home
lab but had not being using it. So I completely forgot that its security
modules still loads in the services. So it drops all traffics.

Thanks once again.

Regards.
Godswill

- Original Message -
From: Mark W. Odette II 
To: 
Sent: Friday, November 29, 2002 2:03 PM
Subject: RE: I seems Confused.Peer-to-to TCP/IP Network [7:58255]


> Oletu-
> What you are trying to do is not impossible.  Many of us do this all the
> time to migrate data from one machine to another without burdening the
> Hub-based LAN or if the computer is all by itself and is being upgraded.
> Case in point is the situation where a Win9x/Pentium 166Mhz workstation
> is being replaced with a Windows XP/Pentium III 1.8Ghz workstation...
> NetBEUI isn't a protocol option on XP, as it isn't supported anymore-
> So, it's TCP/IP or IPX!
>
> Configuration of each computer is correct; the fact that you can operate
> with success running NetBEUI says that your physical layer is also
> solid, i.e., NIC's and Cross-over cable.
>
> Next thing to do is (for informational purposes) to 'route print' or a
> 'netstat -r' at the command line to determine the TCP/IP stack has
> proper routing information.  Optionally issue the 'nbtstat -c' or
> 'nbtstat -r' to see if you are getting any netbios caching...
>
> After collecting this information, I would remove the TCP/IP protocol,
> reboot, reinstall TCP/IP protocol, install most recent SP for OS, and
> test again...  If that doesn't resolve the problem, then seek out
> replacement drivers for the NIC(s).
>
> This pretty much addresses every possibility of failure between two
> Windows-based computers that are directly connected to each other with a
> cross-over cable.
>
> ... One other thought- You wouldn't have some kind of personal firewall
> installed/previously installed on either one of these computers by
> chance, would you!?!?!
>
> I have seen all kinds of crazy stuff occur on MS boxes that had had any
> of the different flavors of "Personal Firewalls" installed, which
> usually required complete removal of the TCP/IP protocol, and then
> sifting through the networking portion of the registry to recover the
> machine.  The alternative was to reinstall the OS from scratch.  The
> firewalls in question were the Norton Personal Firewall, the Network
> Associates Desktop Firewall, BlackIce, and one other I can't recall the
> name of.  Just some extra info to chew on for possibility.
>
> Good luck, and let us know what you find...
>
> -Mark
>
>
> -Original Message-
> From: Godswill Oletu [mailto:[EMAIL PROTECTED]]
> Sent: Friday, November 29, 2002 12:04 PM
> To: Mark W. Odette II; [EMAIL PROTECTED]
> Subject: Re: I seems Confused.Peer-to-to TCP/IP Network [7:58255]
>
> Hi Mark,
>
> I have done all that. The crossover cable is okay. NeTBEUI is working
> fine.
> I can see both computers through Network Neigbourhood; copy files from
> one
> computer to the other. Everthing about NetBEUI is kool. I have alos
> edited
> the hosts/lmhost files on each computer (this only help to resolve the
> IP
> Address to the netbios name.)
>
> IP addresses are Computer A=192.168.0.1/255.255.255.0 and Computer
> B=192.168.0.2/255.255.255.0
>
> On Computer A, I can ping 192.168.0.1, localhost and 127.0.0.1 and it
> will
> response fine. On Computer B, I can also ping 192.168.0.2, localhost and
> 127.0.0.1 and it will response fine. (TCP/IP stack seems perfectly
> installed)!!!
>
> But I cannot ping A from B, neither can I ping B from A.
>
> This is the dumbest thing I have ever done and it is messing me up.
>
> Or is it impossible?
>
> - Original Message -
> From: Mark W. Odette II
> To:
> Sent: Thursday, November 28, 2002 8:22 PM
> Subject: RE: I seems Confused.Peer-to-to TCP/IP Network [7:58255]
>
>
> > Check your subnet masks for each computer.
> > Either specify Computer B as the default gateway for Computer A and
> > vice-versa, or don't specify a default gateway at all.
> >
> > After that, you have to configure the lmhosts/hosts files if you want
> to
> > resolve machine names between each other (quickly).
> >
> > Verify that your cross-over cable is good, or plug each computer into
> a
> > hub/switch.
> >
> > It's that simple.
> >
> > Cheers!
> > -Mark
> >
> > -Original Message-
> > From: Godswill Oletu [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, November 28, 2002 6:26 PM
> > To: [EMAIL PROTECTED]
> > Subject: I seems Confused.Peer-to-to TCP/IP Network [7:58255]
> >
> > Hi all,
> >
> > Where are mine going wrong? Has anyone implemented a Peer-to-Peer
> > network
> > involving just two computers with ONLY TCP/IP Protocol?
> >
> > I have been trying to do it but keeping failing. NetBEUI is working
> > fine, I
> > can transfer files in between bot

Re: RE: Regarding Router rental business? [7:58422]

[B.J. Wilson]

> Guys, the spelling is getting terrible. Even painful to read. 

Agreed.  The three R's are *not* "readin', routin', and 'rithmetic." ;-)

BJ




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58442&t=58422
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Specific BGP Question [7:58428]

[Peter van Oene]

Hi Jim, 

Some thoughts inline.

On Tue, 2002-12-03 at 02:16, Jim Devane wrote:
> Hello all,
>  
> Long time lurker, first time poster.
>  
> I have a router that is multi-homed between 16631 and 701.
> I have a new client who is buying transit from us.
> They are multi-homed to us and 1239.
> A business decision was made to policy route their traffic out 16631. 

Sound fair.  Likely cheaper than 701 I expect.

> As a result I will only publish 16631 routes to them. 

Can you elaborate on why you would do this?  Also, do you send 0/0 to
the customer?

> However, if 16631 goes away, I want to be able to push the 701 routes to
> them.

Not sure why you are worried about sending both in the first place?

 Injecting a default wouldn't be very effective here since 1239 will most
> likely have a more specific route!
> So Conditional Adv to the rescue. However..I have a few questions I am
> unsure about and I don't have a lab to try it out on.
>  
> In this config:
>  
> router bgp 
> nei New_Client remote-as Client_AS
> nei New_Client filter-list 4 in 
> nei New_Client filter-list 3 out
>  
> ip as path access-list 3 permit .*
> ip as-path access-list 4 permit ^Client_AS$
>  
> so far so good
> I want to add this...
>  
> nei New_Client advertise-map MAP1 non-exist-map MAP2
>  
> route-map MAP1 permit 10
> match as-path 5
> route-map MAP2 permit 10
> match as-path 6
>  
> ip as-path access-list 5 ^$ _16631_
> ip as-path access-list 6 ^$ _701_
>  
>  
> SO NOW THE QUESTIONS!!!
>  
> 1) What is the order of operation for the advertisement out? Will the
> Filter-list showing all routes cancel any effect of the route-map?
> 2) Are the MAP1 and MAP2 route maps valid in this config because they use
> as-path? The config's I could find as example were based on Prefix. I made
> up the part about using the as-path, but it seems logical (boy, I wish I
had
> a couple extra routers!)
> 3) Is there a better way to go about this!
>  
> Thanks in advance. And thanks to everybody who posts. I have taken away a
> lot from this mailing-list!
>  
> Jim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58443&t=58428
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: configure spanning tree mode [7:58365]

[Brett]

Which Sup.Eng. are you using in the 4006?  The 4xxx does 802.1Q, not
ISL, so that may be a problem.

b.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
puro prasad
Sent: Sunday, December 01, 2002 8:01 AM
To: [EMAIL PROTECTED]
Subject: configure spanning tree mode [7:58365]

Hi,
How do i configure the spanning tree mode (cst, pvst, pvst+) on my 6509,
4006, 3524 and 3548 switches.
I had faced problems while establishing a trunk link inbetween a 4006
and a
3524 switch. Has anyone faced any problems in such a scenario.
Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58444&t=58365
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ntp stateless packet [7:58446]

[John Tafasi]

Hi group,

Below is the output of debug ntp packets on my router. It show that the
router is sending ntp stateless packets. Why is that? What it means? When
will the router send stateless packet?



Dec  2 22:43:12.909: NTP: rcv packet from 10.10.10.2:
Dec  2 22:43:12.909:  leap 0, mode 3, version 3, stratum 9, ppoll 64
Dec  2 22:43:12.913:  rtdel 08B1 (33.951), rtdsp 0077 (1.816), refid
0A0A0A01 (10.10.10.1)
Dec  2 22:43:12.913:  ref C1966040.F259C10C (22:42:08.946 UTC Mon Dec 2
2002)
Dec  2 22:43:12.917:  org C1966049.0FCC1B7E (22:42:17.061 UTC Mon Dec 2
2002)
Dec  2 22:43:12.921:  rec C1966049.13E7D9BE (22:42:17.077 UTC Mon Dec 2
2002)
Dec  2 22:43:12.921:  xmt C1966080.E4581349 (22:43:12.891 UTC Mon Dec 2
2002)
Dec  2 22:43:12.925:  inp C1966080.E8FD727C (22:43:12.910 UTC Mon Dec 2
2002)


Dec  2 22:43:12.929: NTP: stateless xmit packet to 10.10.10.2:
Dec  2 22:43:12.933:  leap 0, mode 4, version 3, stratum 8, ppoll 64
Dec  2 22:43:12.933:  rtdel  (0.000), rtdsp 0002 (0.031), refid 7F7F0701
(127.127.7.1)
Dec  2 22:43:12.937:  ref C196607F.0FC1FFAC (22:43:11.061 UTC Mon Dec 2
2002)
Dec  2 22:43:12.937:  org C1966080.E4581349 (22:43:12.891 UTC Mon Dec 2
2002)
Dec  2 22:43:12.941:  rec C1966080.E8FD727C (22:43:12.910 UTC Mon Dec 2
2002)
Dec  2 22:43:12.945:  xmt C1966080.EE2232A6 (22:43:12.930 UTC Mon Dec 2
2002)
r2-2516#show debug
NTP:




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58446&t=58446
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Need a solution [7:58447]

[Guruprasad Sanjeevi]

Hi group,

  Howdy?

 I have my branch office located in India and our headquarters in US
.The offices are connected via 512kbps IPLC. These offices have their own
separate Internet links. Now we are opening one more office in India.
 We need a solution like this...

The existing office is going to be connected with our new
office by a leased line. This leased line is an E1 line. The new office will
also have an IPLC connected to our HQ in US. We have the following
requirements...

1.  The existing office and new office should have voice and data
(obviously) connectivity via the leased line
2.  A receptionist is not going to be in new office. Hence all calls for
new office will land in the existing office and then gets transferred to the
new office
Via the leased line. This is where I am stuck On how to
integrate data/voice and POTS voice using the same leased line.

3.  Redundancy needs to be enabled for each other. i.e. If the IPLC is
down from existing office to US , automatically it has to take the new
office IPLC to
Communicate to US and it's the same for the new office


Please give in your suggestions/advices/comments. I would be glad to
receive all your replies.

 Regards
 Guruprasad

[GroupStudy.com removed an attachment of type application/ms-tnef which had
a name of winmail.dat]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58447&t=58447
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

for PIX VPN gurus... [7:58448]

[Edward Sohn]

I have a requirement in which a single Headquarters PIX needs to VPN
over the internet to a single remote site which have two separate PIXes
(connected the same site LAN).  The goal is to introduce redundancy into
the VPN connection to the remote site.  Unfortunately, it has to be like
this due to the company's hardware limitations.

This is not a "classic" PIX failover configuration via the serial method
(515, 525, 535), but two separate PIX 506's connected separately to the
same LAN.

I can't find anywhere on CCO whether this config is supported, and the
TAC engineer is also clueless (he even said that he doesn't have a way
to LAB it up--can you believe that?.  This is Cisco we're talking about
here).

Anyway, anybody ever done something like this?  Will this work?  Can
somebody test this?

BTW, I need to know ASAP, because the customer wants to implement this
immediately if it will work.

Thanks,

Eddie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58448&t=58448
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE written [7:58400]

[Bernard]

Cisco is using a sliding scale based on overall failure rate of the
exam.  As of 10/19, you needed a 58% to pass, not the 70% .  The
required % to pass will change over time, again based on failure rate. 
This exam is much more doable now. It is not as scary as it used to be
at 70%.

Bernard 

 

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, December 03, 2002 3:30 AM
> To: [EMAIL PROTECTED]
> Subject: Re: CCIE written [7:58400]
> 
> From my experience the passing score were 70%




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58449&t=58400
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco Secure ACS [7:58101]

[Tunde Kalejaiye]

hi,

i upgraded my acs 2.6 to a 3.0 when i read ur mail in reference to changing
user passwords. i cant seem to get this working...i cant find attributes 17
and 21 in the acs configuration.
any info is highly appreciated.

thanks
- Original Message -
From: "Elijah Savage III" 
To: 
Sent: Tuesday, November 26, 2002 8:52 PM
Subject: RE: Cisco Secure ACS [7:58101]


> I had this same issue a while back but at least you got yours to work,
> the max sessions I think was just coincidence. Because with our 3030
> concentrators this did not work and we were told by TAC that Radius with
> Expiry with 2.6 ACS would not work but this was fixed in version 3.0. We
> upgraded to 3.0 and haven't looked back nice product CISCO way to go.
> Just for others interested so you do not travel the same hard road but
> FUNK Radius Steel belted did not support the changing of passwords
> because they did not know how to pass the right attirbutes back to the
> client through the cisco device. I was told by a 3rd level engineer from
> Funk that they are working on it but finding it hard to work with
> Microsoft because of some agreement Cisco has with Microsoft but they
> should have it working 1st qtr of next year. Just FYI for those who
> care.
>
> -Original Message-
> From: Mahmood [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, November 26, 2002 8:07 AM
> To: [EMAIL PROTECTED]
> Subject: Cisco Secure ACS [7:58101]
>
>
> I have a problem with User-Changeable Password in Cisco Secure ACS
> version 2.6 on my 2000 server. When I get online with my username and
> want to change my password, It don't let me, and give me a "Login
> Failed" error. But if I change the Max Sessions to 2 ot higher, ev ery
> thing work fine. What's the problem?
>
> Any help would be appreciated.
> Mahmood




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58450&t=58101
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: CCIE written [7:58400]

[B.J. Wilson]

I would think that this would be a bad thing, for two reasons: one, the
number of people who put "CCIE Written" on their resumes will increase, and
the availability of lab dates will decrease.

US$0.02,

BJ


---Original Message---
From: Bernard 
Sent: 12/03/02 11:29 AM
To: [EMAIL PROTECTED]
Subject: RE: CCIE written [7:58400]

> Cisco is using a sliding scale based on overall failure rate of the
exam.  As of 10/19, you needed a 58% to pass, not the 70% .  The
required % to pass will change over time, again based on failure rate. 
This exam is much more doable now. It is not as scary as it used to be
at 70%.

Bernard 

 

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, December 03, 2002 3:30 AM
> To: [EMAIL PROTECTED]
> Subject: Re: CCIE written [7:58400]
> 
> From my experience the passing score were 70%




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58451&t=58400
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Question on CCIE lab equipment? [7:58414]

[bill cisco-guy]

Would be nice to know but I doubt you will get a answer since you
then know what they can and can't test on.
Only one for sure is token ring.
They said no token ring after nov 4 so why would they have a interface

What is even more of a issue is that they took out the 2500's
Now they can test all the stuff that requires CEF like MPLS and
some of the advanced CBWFQ.  

 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58452&t=58414
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Configuring A digi portserver for cisco anyone!!! [7:58453]

[Matt]

Does anybody have an idea on how to configure a digi portserver (terminal)
so i can connect through it to my cisco routers.
I have set up an ip address of 10.0.0.1 for the terminal server and can log
in no problem whatsoever,however, Whilst i am in the root mode i cannot
reverse telnet to any of the ports as it comes up with the following:-

> telnet 10.0.0.1 2001
err#43  : telnet  : access to this port denied.

I am using hyperterminal as the emulation program and i can  reverse telnet
into the routers if i change the setup of hyperterminal by keeping the ip
address as 10.0.0.1 though changing the port to 2001.

Im sure there must be a way for me to log into the digi portserver and then
navigate to any of the routers without having to exit the current connection
and then re establish a new one to the new port.

Apologies if this off topic and a bit confusing though im getting confused
with it.

If anyone has a sample config of a digi portserver, that would be most
helpful as well...

Cheers

Matt




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58453&t=58453
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OSPF E1 or E2 [7:58454]

[p b]

One of the cisco press books indicates one should use
type 1 externals when the route is being advertised by
>1 ASBR and type 2 externals when there's a single
ASBR.  

Are there any issues if one uses type 1 external even
when the route is being advertised by a single ASBR?  It
would seem useful, given the cost to the external is
compatible with the costing used in the OSPF network, to
use type 1 externals even if the route originates from a
single ASBR.  The benefit being able to get a meaningful
cost value to the external.

Is there any unexpected issues which might arise when
doing this?   Flooding of LSAs or SPF aren't imapcted
if a route is an E1 or E2, right?

Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58454&t=58454
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: for PIX VPN gurus... [7:58448]

[Roberts, Larry]

Taking a guess, but could you specify multiple destination IP's under the
crypto map peer statement?

PIX#(config) crypto map TEST 10 set peer 10.20.30.1 10.20.30.2

PIX#(config) show crypto map
Crypto Map: "TEST" interfaces: { }

Crypto Map "TEST" 10 ipsec-isakmp
Peer = 10.20.30.1
Peer = 10.20.30.2
No matching address list set.
Current peer: 10.20.30.1
Security association lifetime: 4608000 kilobytes/28800 seconds
PFS (Y/N): N
Transform sets={ }

I believe that this will first cause it to build to .1, and if it is
unavailable to .2
I would be curious as to how your going to handle the internal routing back
to the corporate site?
I think that would be a stumbling block from what I can tell.


Thanks

Larry
 

-Original Message-
From: Edward Sohn [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 03, 2002 11:14 AM
To: [EMAIL PROTECTED]
Subject: for PIX VPN gurus... [7:58448]


I have a requirement in which a single Headquarters PIX needs to VPN over
the internet to a single remote site which have two separate PIXes
(connected the same site LAN).  The goal is to introduce redundancy into the
VPN connection to the remote site.  Unfortunately, it has to be like this
due to the company's hardware limitations.

This is not a "classic" PIX failover configuration via the serial method
(515, 525, 535), but two separate PIX 506's connected separately to the same
LAN.

I can't find anywhere on CCO whether this config is supported, and the TAC
engineer is also clueless (he even said that he doesn't have a way to LAB it
up--can you believe that?.  This is Cisco we're talking about here).

Anyway, anybody ever done something like this?  Will this work?  Can
somebody test this?

BTW, I need to know ASAP, because the customer wants to implement this
immediately if it will work.

Thanks,

Eddie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58455&t=58448
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE written [7:58400]

[קורן לב]

Someone should say this already :
There is no experties-checking in any ccie written exam!
The ccie is a rip-off!
50% memory questions (like "what vip version is eprom-value:01e00" and other
shit.." 
I got the "official exam certification guide" I am a ccip/ccdp/ccnp and I
never got so miss-leaded! this book from july 2002 (very new) and it says
(page 4) the exam is 100 question + does not include the fddi and many more
... it is missleading in many areas
+
the question and cd-test is 80% less
hard then the actual test and it tells
you that they are harder!
i payed the price for getting the book for an idea of the test and i got the
wrong idea! 
i think that cisco is doing something very wrong with this
The material are quite broad and you can ask many hard questions on the
technologies
But there are so many of them about "how many slots in this..?","what
version support that..?","what ip precedence number is flush.." that gets
you thinking cisco is not
Concern about checking your experties but something complitly different -
that gets people like us talking about the exams like it is something to
brag about!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58456&t=58400
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Ccie is a rip off! [7:58458]

[קורן לב]

Someone should say this already :
There is no experties-checking in any ccie written exam!
The ccie is a rip-off!
50% memory questions (like "what vip version is eprom-value:01e00" and other
shit.." 
I got the "official exam certification guide" I am a ccip/ccdp/ccnp and I
never got so miss-leaded! this book from july 2002 (very new) and it says
(page 4) the exam is 100 question + does not include the fddi and many more
... it is missleading in many areas
+
the question and cd-test is 80% less
hard then the actual test and it tells
you that they are harder!
i payed the price for getting the book for an idea of the test and i got the
wrong idea! 
i think that cisco is doing something very wrong with this
The material are quite broad and you can ask many hard questions on the
technologies But there are so many of them about "how many slots in
this..?","what version support that..?","what ip precedence number is
flush.." that gets you thinking cisco is not Concern about checking your
experties but something complitly different - that gets people like us
talking about the exams like it is something to brag about!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58458&t=58458
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE written [7:58457]

[קורן לב]

Someone should say this already :
There is no experties-checking in any ccie written exam!
The ccie is a rip-off!
50% memory questions (like "what vip version is eprom-value:01e00" and other
shit.." 
I got the "official exam certification guide" I am a ccip/ccdp/ccnp and I
never got so miss-leaded! this book from july 2002 (very new) and it says
(page 4) the exam is 100 question + does not include the fddi and many more
... it is missleading in many areas
+
the question and cd-test is 80% less
hard then the actual test and it tells
you that they are harder!
i payed the price for getting the book for an idea of the test and i got the
wrong idea! 
i think that cisco is doing something very wrong with this
The material are quite broad and you can ask many hard questions on the
technologies But there are so many of them about "how many slots in
this..?","what version support that..?","what ip precedence number is
flush.." that gets you thinking cisco is not Concern about checking your
experties but something complitly different - that gets people like us
talking about the exams like it is something to brag about!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58457&t=58457
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: CCIE written [7:58400]

[Creighton Bill-BCREIGH1]

They better not be putting CCIE written, see point 2 below... I posted this
in a thread on the jobs@groupstudy list - straight from the source:

Discussion Thread 
 Response (Marisol) 11/21/2002 08:50 AM 
Dear Bill:

Thank you for your patience.

1) When using the logos for business cards or signatures, it is preferred
that you use the highest certification as those familiar with Cisco
certifications will know the order of certifications.

2) Signature lines, cover letters, or resumes can not reference that an
individual is a CCIE candidate. Only CCIE certified individuals should
reference their certification as they have already completed it.

3) Trademark violations are escalated to our legal team and are strictly
enforced. In addition to the loss of Cisco certifications, legal actions can
also be taken when this happens.

If you have any further questions, click on the hyperlink below to update,
review or generate a support request.

Be sure to bookmark the www.cisco.com/go/certsupport site for all of your
future Cisco Training and Career Certification inquires. 

-Original Message-
From: B.J. Wilson [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 03, 2002 10:40 AM
To: [EMAIL PROTECTED]
Subject: Re: RE: CCIE written [7:58400]


I would think that this would be a bad thing, for two reasons: one, the
number of people who put "CCIE Written" on their resumes will increase, and
the availability of lab dates will decrease.

US$0.02,

BJ


---Original Message---
From: Bernard 
Sent: 12/03/02 11:29 AM
To: [EMAIL PROTECTED]
Subject: RE: CCIE written [7:58400]

> Cisco is using a sliding scale based on overall failure rate of the
exam.  As of 10/19, you needed a 58% to pass, not the 70% .  The required %
to pass will change over time, again based on failure rate. 
This exam is much more doable now. It is not as scary as it used to be at
70%.

Bernard 

 

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, December 03, 2002 3:30 AM
> To: [EMAIL PROTECTED]
> Subject: Re: CCIE written [7:58400]
> 
> From my experience the passing score were 70%




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58459&t=58400
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: configure spanning tree mode [7:58365]

[MADMAN]

the 4000 with a SUPIII will allow ISL.

  Dave

Brett wrote:
> 
> Which Sup.Eng. are you using in the 4006?  The 4xxx does 802.1Q, not
> ISL, so that may be a problem.
> 
> b.
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> puro prasad
> Sent: Sunday, December 01, 2002 8:01 AM
> To: [EMAIL PROTECTED]
> Subject: configure spanning tree mode [7:58365]
> 
> Hi,
> How do i configure the spanning tree mode (cst, pvst, pvst+) on my 6509,
> 4006, 3524 and 3548 switches.
> I had faced problems while establishing a trunk link inbetween a 4006
> and a
> 3524 switch. Has anyone faced any problems in such a scenario.
> Thanks.
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

"You don't make the poor richer by making the rich poorer." --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58460&t=58365
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: for PIX VPN gurus... [7:58448]

[Daniel Cotts]

A diagram would help. I'm visualizing the remote site as having one Internet
connection. The gateway router's inside interface connects to a hub/switch.
The outside interfaces of the two 506s connect to this hub/switch. The
inside interfaces of the 506s connect to a second (common) hub/switch which
is the LAN. So the two 506s are in parallel. True?

I repeat the mantra of this list. "What is the problem that you are trying
to solve?" What is the perceived problem? What is the supposed solution?
Does the solution really fix the problem?

Can you be more clear about how "redundancy" will be provided. Is the
customer concerned about a PIX failing? Does he need both 506s working at
the same time?
 
If not, one could be on line with the other as a cold spare (either
installed or on the shelf.) Imagine the joy of keeping those configs in
sync!!
 
If so, then I'm guessing that the 506s are in parallel. Then each requires
its own outside address - which is different from a standard failover
scenario. Can you create a VPN from HQ to each 506 - with one preferred?

> -Original Message-
> From: Edward Sohn [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, December 03, 2002 10:14 AM
> To: [EMAIL PROTECTED]
> Subject: for PIX VPN gurus... [7:58448]
> 
> 
> I have a requirement in which a single Headquarters PIX needs to VPN
> over the internet to a single remote site which have two 
> separate PIXes
> (connected the same site LAN).  The goal is to introduce 
> redundancy into
> the VPN connection to the remote site.  Unfortunately, it has 
> to be like
> this due to the company's hardware limitations.
> 
> This is not a "classic" PIX failover configuration via the 
> serial method
> (515, 525, 535), but two separate PIX 506's connected 
> separately to the
> same LAN.
> 
> I can't find anywhere on CCO whether this config is supported, and the
> TAC engineer is also clueless (he even said that he doesn't have a way
> to LAB it up--can you believe that?.  This is Cisco we're 
> talking about
> here).
> 
> Anyway, anybody ever done something like this?  Will this work?  Can
> somebody test this?

> Thanks,
> 
> Eddie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58461&t=58448
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PPP events [7:58462]

[wolfgang klages]

Group,

Couple of PPP questions...

[1] I'm looking at the debug output of a PPP
negotiation on a Cisco router.
The router receives a CONFREQ in the 'Closed' state.
RFC1661 specifies
that the router should reply with a Terminate-Ack.
However, the router
replies with a CONFREQ of its own. The router then
moves from the 'Closed'
state to the 'REQsent' state. Hard to believe but
could it be that the
router is not behaving according to RFC1661.

[2] In this same debug output, I see the router
receive a 'FORCED
CONFREQ'. This message is not in RFC1661. Is this
something internal
only to Cisco routers? If so, what is its purpose?


Thanks

__
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58462&t=58462
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: rate-limit question [7:58423]

[Mariusz T.]

U?ytkownik ""William Lijewski""  napisa3 w wiadomo6ci
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> For rate-limit, is there a default "exceed-action" ?  I have been looking
in
> the documents and all of the configs I seem to find all have the
> "exceed-action drop", what I am wondering is what happens if I leave the
> exceed-action command off of the statement?  Do the packets that don't
> conform still go through unchanged, or do they get dropped?
>
You simply can't enter rate-limit command without exceed-action statement,
at least for IOS 12.2...

Regards
Mariusz




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58463&t=58423
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Question on CCIE lab equipment? [7:58414]

[nrf]

""bill cisco-guy""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Would be nice to know but I doubt you will get a answer since you
> then know what they can and can't test on.
> Only one for sure is token ring.
> They said no token ring after nov 4 so why would they have a interface
>
> What is even more of a issue is that they took out the 2500's
> Now they can test all the stuff that requires CEF like MPLS and
> some of the advanced CBWFQ.

Well, 2500's also have CEF (in the later IOS's).

But it's true that moving away from the 2500's allow for more complex
problems.  Which is exactly the way it should be.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58464&t=58414
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Ccie is a rip off! [7:58458]

[Johnny Routin]

Sorry the CCIE cert is not the easy paper cert like the other certs you
have.  If you can't handle it then go get msce instead.


JR
--
Johnny Routin




""wexo la""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Someone should say this already :
> There is no experties-checking in any ccie written exam!
> The ccie is a rip-off!
> 50% memory questions (like "what vip version is eprom-value:01e00" and
other
> shit.."
> I got the "official exam certification guide" I am a ccip/ccdp/ccnp and I
> never got so miss-leaded! this book from july 2002 (very new) and it says
> (page 4) the exam is 100 question + does not include the fddi and many
more
> ... it is missleading in many areas
> +
> the question and cd-test is 80% less
> hard then the actual test and it tells
> you that they are harder!
> i payed the price for getting the book for an idea of the test and i got
the
> wrong idea!
> i think that cisco is doing something very wrong with this
> The material are quite broad and you can ask many hard questions on the
> technologies But there are so many of them about "how many slots in
> this..?","what version support that..?","what ip precedence number is
> flush.." that gets you thinking cisco is not Concern about checking your
> experties but something complitly different - that gets people like us
> talking about the exams like it is something to brag about!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58465&t=58458
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSPF E1 or E2 [7:58454]

[Howard C. Berkowitz]

At 5:00 PM + 12/3/02, p b wrote:
>One of the cisco press books indicates one should use
>type 1 externals when the route is being advertised by
>>1 ASBR and type 2 externals when there's a single
>ASBR.

This is just plain wrong. The reason you have E1 and E2 is to have 
different routing policies.

E1 enforces a closest-exit policy which gives a degree of load sharing.

E2 enforces a best-exit policy.  For example, you might have one fast 
link to an ISP and one dial backup link, or a primary and a backup 
provider.  In both cases, you want an E2 because you always want to 
go to a specific exit UNLESS there is a failure.

>
>Are there any issues if one uses type 1 external even
>when the route is being advertised by a single ASBR?  It
>would seem useful, given the cost to the external is
>compatible with the costing used in the OSPF network, to
>use type 1 externals even if the route originates from a
>single ASBR.  The benefit being able to get a meaningful
>cost value to the external.

Why? If there's only one connection to the outside, does the internal 
cost really matter if you have to go there?

>
>Is there any unexpected issues which might arise when
>doing this?   Flooding of LSAs or SPF aren't imapcted
>if a route is an E1 or E2, right?
>
>Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58466&t=58454
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco Secure ACS [7:58101]

[Elijah Savage III]

Exactly what capacity are you using the Radius box in? I use my radius
box with a Cisco 3030 concentrator all users logging in via vpn are
authenticated against the concentrator. There is nothing special you
have to do on the radius box to allow for changing of passwords upon
expiration, but on the concentrator you MUST make sure you are set to
use Radius with Expiry.

-Original Message-
From: Tunde Kalejaiye [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 03, 2002 11:38 AM
To: Elijah Savage III; [EMAIL PROTECTED]
Subject: Re: Cisco Secure ACS [7:58101]


hi,

i upgraded my acs 2.6 to a 3.0 when i read ur mail in reference to
changing user passwords. i cant seem to get this working...i cant find
attributes 17 and 21 in the acs configuration. any info is highly
appreciated.

thanks
- Original Message -
From: "Elijah Savage III" 
To: 
Sent: Tuesday, November 26, 2002 8:52 PM
Subject: RE: Cisco Secure ACS [7:58101]


> I had this same issue a while back but at least you got yours to work,

> the max sessions I think was just coincidence. Because with our 3030 
> concentrators this did not work and we were told by TAC that Radius 
> with Expiry with 2.6 ACS would not work but this was fixed in version 
> 3.0. We upgraded to 3.0 and haven't looked back nice product CISCO way

> to go. Just for others interested so you do not travel the same hard 
> road but FUNK Radius Steel belted did not support the changing of 
> passwords because they did not know how to pass the right attirbutes 
> back to the client through the cisco device. I was told by a 3rd level

> engineer from Funk that they are working on it but finding it hard to 
> work with Microsoft because of some agreement Cisco has with Microsoft

> but they should have it working 1st qtr of next year. Just FYI for 
> those who care.
>
> -Original Message-
> From: Mahmood [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, November 26, 2002 8:07 AM
> To: [EMAIL PROTECTED]
> Subject: Cisco Secure ACS [7:58101]
>
>
> I have a problem with User-Changeable Password in Cisco Secure ACS 
> version 2.6 on my 2000 server. When I get online with my username and 
> want to change my password, It don't let me, and give me a "Login 
> Failed" error. But if I change the Max Sessions to 2 ot higher, ev ery

> thing work fine. What's the problem?
>
> Any help would be appreciated.
> Mahmood




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58467&t=58101
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

TEST Off topic!!!! [7:58468]

[Elijah Savage III]

Is there something going on with groupstudy mail server I notice last
night mail was queueing up on my mailserver, and I have set 3 messages
within the last 24 hours that has not shown up on the board.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58468&t=58468
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSPF E1 or E2 [7:58454]

[p b]

Comments inline:

Howard C. Berkowitz wrote:
> 
> At 5:00 PM + 12/3/02, p b wrote:
> >One of the cisco press books indicates one should use
> >type 1 externals when the route is being advertised by
> >>1 ASBR and type 2 externals when there's a single
> >ASBR.
> 
> This is just plain wrong. The reason you have E1 and E2 is to
> have
> different routing policies.
> 
> E1 enforces a closest-exit policy which gives a degree of load
> sharing.
> 
> E2 enforces a best-exit policy.  For example, you might have
> one fast
> link to an ISP and one dial backup link, or a primary and a
> backup
> provider.  In both cases, you want an E2 because you always
> want to
> go to a specific exit UNLESS there is a failure.

See ACRC (Chappel), page 217.  Under E1 explanation "...Use
this packet type when you have multiple ASBRs advertising a
route to the same AS"

Under E2 explanation "... use this packet type if only one router
is advertising a route to the AS..."


> 
> >
> >Are there any issues if one uses type 1 external even
> >when the route is being advertised by a single ASBR?  It
> >would seem useful, given the cost to the external is
> >compatible with the costing used in the OSPF network, to
> >use type 1 externals even if the route originates from a
> >single ASBR.  The benefit being able to get a meaningful
> >cost value to the external.
> 
> Why? If there's only one connection to the outside, does the
> internal
> cost really matter if you have to go there?

Is there no benefit to knowing the cumulative cost?  Is
there a benefit to knowing an E2 cost which has no cost
meaning within the OSPF AS?As mentioned, there is only
a single ASBR advertising this route, but there may be many
paths to this ABSR.  So if there's no overhead with using a
type 1 here, why not use it and get the cost information?  


> 
> >
> >Is there any unexpected issues which might arise when
> >doing this?   Flooding of LSAs or SPF aren't imapcted
> >if a route is an E1 or E2, right?
> >
> >Thanks
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58469&t=58454
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Ccie is a rip off! [7:58458]

[Mirza, Timur]

btw, to add what "[EMAIL PROTECTED]" said, the bruno text is practically
irrelevant when it comes to the written

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 03, 2002 9:11 AM
To: [EMAIL PROTECTED]
Subject: Ccie is a rip off! [7:58458]

Someone should say this already :
There is no experties-checking in any ccie written exam!
The ccie is a rip-off!
50% memory questions (like "what vip version is eprom-value:01e00" and other
shit.." 
I got the "official exam certification guide" I am a ccip/ccdp/ccnp and I
never got so miss-leaded! this book from july 2002 (very new) and it says
(page 4) the exam is 100 question + does not include the fddi and many more
... it is missleading in many areas
+
the question and cd-test is 80% less
hard then the actual test and it tells
you that they are harder!
i payed the price for getting the book for an idea of the test and i got the
wrong idea! 
i think that cisco is doing something very wrong with this
The material are quite broad and you can ask many hard questions on the
technologies But there are so many of them about "how many slots in
this..?","what version support that..?","what ip precedence number is
flush.." that gets you thinking cisco is not Concern about checking your
experties but something complitly different - that gets people like us
talking about the exams like it is something to brag about!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58470&t=58458
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Home lab setup FRAME SWITCH [7:58204]

[Elijah Savage III]

The 4000 will support the interfaces but it has to be a 4000M+.

r2#sh ver
Cisco Internetwork Operating System Software
IOS (tm) 4000 Software (C4000-D-M), Version 12.1(16), RELEASE SOFTWARE
(fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Tue 09-Jul-02 05:56 by kellythw
Image text-base: 0x00012000, data-base: 0x0087F824
ROM: System Bootstrap, Version 5.2(13a), RELEASE SOFTWARE
ROM: 4000 Bootstrap Software (XX-RXBOOT), Version 10.2(13a), RELEASE
SOFTWARE (f
c1)
r2 uptime is 1 minute
System returned to ROM by power-on
System image file is "flash:c4000-d-mz.121-16.bin"
cisco 4000 (68030) processor (revision 0xB0) with 16384K/4096K bytes of
memory. Processor board ID 5062416 G.703/E1 software, Version 1.0.
Bridging software. X.25 software, Version 3.0.0. Basic Rate ISDN
software, Version 1.1. 2 Ethernet/IEEE 802.3 interface(s) 4 Serial
network interface(s) 4 ISDN Basic Rate interface(s) 128K bytes of
non-volatile configuration memory. 8192K bytes of processor board System
flash (Read/Write) Configuration register is 0x2102

-Original Message-
From: Larry Letterman [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 03, 2002 8:46 AM
To: [EMAIL PROTECTED]
Subject: Re: Home lab setup FRAME SWITCH [7:58204]


Yes, your correct...

The ones I have at home are 4500 routers with 4700 cpu's...



Cisco Internetwork Operating System Software
IOS (tm) 4500 Software (C4500-BOOT-M), Version 11.1(22), RELEASE 
SOFTWARE (fc1)
Copyright (c) 1986-1998 by cisco Systems, Inc.
Compiled Mon 28-Sep-98 18:10 by richv
Image text-base: 0x600088A0, data-base: 0x602B2000

System image file is "bootflash:c4500-boot-m.111-22", booted via ROM

cisco CPA4700 (R4K) processor (revision C) with 32768K/16384K bytes of 
memory.
Processor board ID 03426366
R4700 processor, Implementation 33, Revision 1.0 (Level 2 Cache)
G.703/E1 software, Version 1.0. X.25 software, Version 2.0, NET2, BFE
and GOSIP compliant. Authorized for CiscoPro software set only. 2
Ethernet/IEEE 802.3 interfaces. 4 Serial network interfaces. 128K bytes
of non-volatile configuration memory. 16384K bytes of processor board
System flash (Read/Write) 4096K bytes of processor board Boot flash
(Read/Write)

Larry


J.D. Chaiken wrote:

>Don't you mean a 4500 w/ a 4 Port Serial works great?  The 4000 doesn't

>support the NP-4T  only the NP-2T.
>
>Jarett
>
>""Larry Letterman""  wrote in message 
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
>>a 4000 with a 4 port serial card works great...
>>
>>Symon Thurlow wrote:
>>
>>>What about a 4000/4500 with 2x NP4T? They are reasonably priced.
>>>
>>>-Original Message-
>>>From: Elijah Savage III [mailto:[EMAIL PROTECTED]]
>>>Sent: 27 November 2002 18:25
>>>To: [EMAIL PROTECTED]
>>>Subject: Home lab setup FRAME SWITCH [7:58204]
>>>
>>>
>>>Here is my lab setup there is one thing I think I am in desperate 
>>>need of and that is a frame switch I do not need the 3550 we are 
>>>deploying them at work and have access to them and also 5500's with 
>>>the lightstream equipment. After getting this lab together of course 
>>>I have spent some bucks as you can see below, but for the LABS like 
>>>from NLI and some of the others will a 2521 serve as a frame switch 
>>>to do these labs or do a I really need to fork over the bucks for a 
>>>2522, you just don't see ags+ on ebay much anymore. I would like to 
>>>just buy a 2521 if it is sufficient and spend the rest of my allotted

>>>funds on purchasing the labs. Or is there someone out there wanting 
>>>to sell a ags+ or some other router as a frame switch.
>>>
>>>3 2501
>>>1 2503 isdn
>>>1 2611
>>>1 2621
>>>1 2509
>>>1 1605 with wic 1T
>>>1 804 isdn
>>>1900 enterprise
>>>2924 enterprise Just got this one yesterday
>>>Pix501
>>>Suse8.1 LinuxPC
>>>Redhat8.0PC
>>>
>>>Elijah
>>>http://www.digitalrage.org
>>>Your one stop for Technical News
>>>and HowTo's
>>>=
>>>
>>>This email has been content filtered and
>>>subject to spam filtering. If you consider
>>>this email is unsolicited please forward
>>>the email to [EMAIL PROTECTED] and
>>>request that the sender's domain be
>>>blocked from sending any further emails.
>>>
>>>=




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58445&t=58204
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Home lab setup FRAME SWITCH [7:58204]

[Elijah Savage III]

Are you sure about this I can't find anything on CCO where these modules
are not supported on the 4000 I also know someone right now who has 2 of
the NP 4T modules in a 4000M and using it as a frame switch for his lab.

-Original Message-
From: J.D. Chaiken [mailto:[EMAIL PROTECTED]] 
Sent: Monday, December 02, 2002 4:21 PM
To: [EMAIL PROTECTED]
Subject: Re: Home lab setup FRAME SWITCH [7:58204]


Don't you mean a 4500 w/ a 4 Port Serial works great?  The 4000 doesn't
support the NP-4T  only the NP-2T.

Jarett

""Larry Letterman""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> a 4000 with a 4 port serial card works great...
>
> Symon Thurlow wrote:
>
> >What about a 4000/4500 with 2x NP4T? They are reasonably priced.
> >
> >-Original Message-
> >From: Elijah Savage III [mailto:[EMAIL PROTECTED]]
> >Sent: 27 November 2002 18:25
> >To: [EMAIL PROTECTED]
> >Subject: Home lab setup FRAME SWITCH [7:58204]
> >
> >
> >Here is my lab setup there is one thing I think I am in desperate 
> >need of and that is a frame switch I do not need the 3550 we are 
> >deploying them at work and have access to them and also 5500's with 
> >the lightstream equipment. After getting this lab together of course 
> >I have spent some bucks as you can see below, but for the LABS like 
> >from NLI and some of the others will a 2521 serve as a frame switch 
> >to do these labs or do a I really need to fork over the bucks for a 
> >2522, you just don't see ags+ on ebay much anymore. I would like to 
> >just buy a 2521 if it is sufficient and spend the rest of my allotted

> >funds on purchasing the labs. Or is there someone out there wanting 
> >to sell a ags+ or some other router as a frame switch.
> >
> >3 2501
> >1 2503 isdn
> >1 2611
> >1 2621
> >1 2509
> >1 1605 with wic 1T
> >1 804 isdn
> >1900 enterprise
> >2924 enterprise Just got this one yesterday
> >Pix501
> >Suse8.1 LinuxPC
> >Redhat8.0PC
> >
> >Elijah
> >http://www.digitalrage.org
> >Your one stop for Technical News
> >and HowTo's
> >=
> >
> > This email has been content filtered and
> > subject to spam filtering. If you consider
> > this email is unsolicited please forward
> > the email to [EMAIL PROTECTED] and
> > request that the sender's domain be
> > blocked from sending any further emails.
> >
> >=




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58437&t=58204
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: rate-limit question [7:58423]

[Dale]

What is the best way to rate-limit a subnet on a 3640 (IOS 12.2) ?
I've tried the following with no success:

rate-limit input access-group 151 128000 8000 256000 conform-action
transmit exceed-action drop
rate-limit output access-group 150 128000 8000 256000 conform-action
transmit exceed-action drop

access-list 150 permit ip any 10.0.0.224 0.0.0.16 
access-list 151 permit ip 10.0.0.224 0.0.0.16 any

Thanks in advance.
Dale

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Mariusz T.
Sent: Tuesday, December 03, 2002 12:52 PM
To: [EMAIL PROTECTED]
Subject: Re: rate-limit question [7:58423]


U?ytkownik ""William Lijewski""  napisa3 w wiadomo6ci
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> For rate-limit, is there a default "exceed-action" ?  I have been 
> looking
in
> the documents and all of the configs I seem to find all have the 
> "exceed-action drop", what I am wondering is what happens if I leave 
> the exceed-action command off of the statement?  Do the packets that 
> don't conform still go through unchanged, or do they get dropped?
>
You simply can't enter rate-limit command without exceed-action
statement, at least for IOS 12.2...

Regards
Mariusz




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58471&t=58423
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Ccie is a rip off! [7:58458]

[Peter van Oene]

Sorry, are you flaming the Cisco test, or some book?  

On Tue, 2002-12-03 at 12:11, W'WW(W WW wrote:
> Someone should say this already :
> There is no experties-checking in any ccie written exam!
> The ccie is a rip-off!
> 50% memory questions (like "what vip version is eprom-value:01e00" and
other
> shit.." 
> I got the "official exam certification guide" I am a ccip/ccdp/ccnp and I
> never got so miss-leaded! this book from july 2002 (very new) and it says
> (page 4) the exam is 100 question + does not include the fddi and many more
> ... it is missleading in many areas
> +
> the question and cd-test is 80% less
> hard then the actual test and it tells
> you that they are harder!
> i payed the price for getting the book for an idea of the test and i got
the
> wrong idea! 
> i think that cisco is doing something very wrong with this
> The material are quite broad and you can ask many hard questions on the
> technologies But there are so many of them about "how many slots in
> this..?","what version support that..?","what ip precedence number is
> flush.." that gets you thinking cisco is not Concern about checking your
> experties but something complitly different - that gets people like us
> talking about the exams like it is something to brag about!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58473&t=58458
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE written [7:58400]

[Steve Dispensa]

I must admit that I was surprised to see so many product questions on my
last CCIE recert (security).  I was expecting difficult technical
questions and (relatively) easy product questions, and I got the reverse
- the technical questions were simple, and the product questions were
surprisingly detailed.

In general, though, I found the blueprint on the website to be pretty
accurate.

My $0.02, anyway.

 -sd


On Tue, 2002-12-03 at 11:11, [EMAIL PROTECTED] wrote:
> Someone should say this already :
> There is no experties-checking in any ccie written exam!
> The ccie is a rip-off!
> 50% memory questions (like "what vip version is eprom-value:01e00" and
other
> shit.." 
> I got the "official exam certification guide" I am a ccip/ccdp/ccnp and I
> never got so miss-leaded! this book from july 2002 (very new) and it says
> (page 4) the exam is 100 question + does not include the fddi and many more
> ... it is missleading in many areas
> +
> the question and cd-test is 80% less
> hard then the actual test and it tells
> you that they are harder!
> i payed the price for getting the book for an idea of the test and i got
the
> wrong idea! 
> i think that cisco is doing something very wrong with this
> The material are quite broad and you can ask many hard questions on the
> technologies But there are so many of them about "how many slots in
> this..?","what version support that..?","what ip precedence number is
> flush.." that gets you thinking cisco is not Concern about checking your
> experties but something complitly different - that gets people like us
> talking about the exams like it is something to brag about!
-- 


Steve Dispensa
Chief Technology Officer
Positive Networks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58472&t=58400
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Help needed on ISDN PPP Multilink [7:58474]

[Leo Song]

Hi, friends.

I have one ISDN issue which make me quite headache, ok, I can call each
channel up (through dialer map or isdn call interface command)
separately without problem, which the problem is when I try to leverage
PPP multilink to bundle two channels in case of load-threshold events
was fired, the calling router did try to establish the second channel,
and it's connected, and the second call was CONNECTED for couple of
seconds, then disconnected, without error messages.

I opened a ticket with Cisco and our ISP, but no positive answer yet,
any help.

The following attachment is the debug (isdn, q931, ppp) from the called
router, as well as the config-file from the calling router, and the
configuration of called router is very similar with the calling router,
thanks.


dslvanrt3#sh debug
PPP:
  Multilink activity debugging is on
  Multilink events debugging is on
  First bytes of multilink packet debugging is on
ISDN:
  ISDN events debugging is on
  ISDN Q931 packets debugging is on
dslvanrt3#terminal monitor
dslvanrt3#
dslvanrt3#
dslvanrt3#
dslvanrt3#
dslvanrt3#
dslvanrt3#
Dec  3 10:37:38: ISDN BR0: RX   CONNECT pd = 8  callref = 0x81
Dec  3 10:37:38: Channel ID i = 0x89
Dec  3 10:37:38: ISDN BR0: RX  was hung up.
Dec  3 10:38:06: %ISDN-6-DISCONNECT: Interface BRI0:1  disconnected from
14163623576 dsltorrt3, call lasted 28 seconds
Dec  3 10:38:06: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
Dec  3 10:38:06: BR0:1 MLP: Multilink down event pending
Dec  3 10:38:06: BR0:1 MLP: Multilink down event pending
Dec  3 10:38:06: ISDN BR0: TX ->  RELEASE pd = 8  callref = 0x81
Dec  3 10:38:06: BR0:1 MLP: Removing link from dsltorrt3
Dec  3 10:38:06: dsltorrt3 MLP: Removing bundle
Dec  3 10:38:06: %LINK-3-UPDOWN: Interface Virtual-Access1, changed
state to down
Dec  3 10:38:06: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1,
changed state to down
Dec  3 10:38:06: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Virtual-Access1, changed state to down
Dec  3 10:38:06: ISDN BR0: RX   CONNECT pd = 8  callref = 0x81
Dec  3 10:38:21: Channel ID i = 0x89
Dec  3 10:38:21: ISDN BR0: RX <-  CONNECT_ACK pd = 8  callref = 0x01
Dec  3 10:38:21: Signal i = 0x4F - Alerting off 
Dec  3 10:38:21: Locking Shift to Codeset 5
Dec  3 10:38:21: Codeset 5 IE 0x2A  i = 0x809A0B, '14163623576',
0x800109800114800114800114
Dec  3 10:38:21: ISDN BR0: received HOST_CONNECT
Dec  3 10:38:21: ISDN BR0: Event: Connected to 14163623576 on B1 at 64
Kb/s
Dec  3 10:38:22: BR0:1 MLP: Multilink up event pending
Dec  3 10:38:22: Vi1 MLP: Added to huntgroup BR0
Dec  3 10:38:22: Vi1 MLP: Clone from BR0
Dec  3 10:38:22: %LINK-3-UPDOWN: Interface Virtual-Access1, changed
state to up
Dec  3 10:38:22: BR0:1 MLP: dsltorrt3, multilink up, first link
Dec  3 10:38:23: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1,
changed state to up
Dec  3 10:38:23: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Virtual-Access1, changed state to up
Dec  3 10:38:27: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to
14163623576 dsltorrt3


interface BRI0
 ip address 10.10.191.2 255.255.255.0
 encapsulation ppp
 bandwidth 128
 isdn spid1 60468746360101 6874636
 isdn spid2 60468746300101 6874630
 dialer map ip 10.10.191.1 name dsltorrt3 14163623576
 dialer map ip 10.10.191.1 name dsltorrt3 14163625538
 dialer-group 1
 no fair-queue
 ppp authentication chap
 ppp multilink
 hold-queue 75 out

access-list 100 permit ip xxx
dialer-list 1 protocol ip list 100



Leo




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58474&t=58474
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSPF E1 or E2 [7:58454]

[Peter van Oene]

Some thoughts below

On Tue, 2002-12-03 at 13:26, p b wrote:
> Comments inline:
> 
> Howard C. Berkowitz wrote:
> > 
> > At 5:00 PM + 12/3/02, p b wrote:
> > >One of the cisco press books indicates one should use
> > >type 1 externals when the route is being advertised by
> > >>1 ASBR and type 2 externals when there's a single
> > >ASBR.
> > 
> > This is just plain wrong. The reason you have E1 and E2 is to
> > have
> > different routing policies.
> > 
> > E1 enforces a closest-exit policy which gives a degree of load
> > sharing.
> > 
> > E2 enforces a best-exit policy.  For example, you might have
> > one fast
> > link to an ISP and one dial backup link, or a primary and a
> > backup
> > provider.  In both cases, you want an E2 because you always
> > want to
> > go to a specific exit UNLESS there is a failure.
> 
> See ACRC (Chappel), page 217.  Under E1 explanation "...Use
> this packet type when you have multiple ASBRs advertising a
> route to the same AS"
> 
> Under E2 explanation "... use this packet type if only one router
> is advertising a route to the AS..."

I'd go with Howard on this one ;-)  E1 metrics simply let routers find
the closest exit from the AS (so long as the external side of the
metrics are relatively consistent)  


> 
> > 
> > >
> > >Are there any issues if one uses type 1 external even
> > >when the route is being advertised by a single ASBR?  It
> > >would seem useful, given the cost to the external is
> > >compatible with the costing used in the OSPF network, to
> > >use type 1 externals even if the route originates from a
> > >single ASBR.  The benefit being able to get a meaningful
> > >cost value to the external.
> > 
> > Why? If there's only one connection to the outside, does the
> > internal
> > cost really matter if you have to go there?
> 
> Is there no benefit to knowing the cumulative cost?  Is
> there a benefit to knowing an E2 cost which has no cost
> meaning within the OSPF AS?As mentioned, there is only
> a single ASBR advertising this route, but there may be many
> paths to this ABSR.  So if there's no overhead with using a
> type 1 here, why not use it and get the cost information?  

The path to the ASBR, or forwarding address if it isn't 0.0.0.0, comes
out of the routing table.  Hence, the router already knows the best path
to ASBR.  Having it represented in OSPF simply changes the outcome of
the route selection process when there are mulitple entries for the same
destination.

In many cases, as Howard points out, you want all routers in the same AS
to prefer ASBR1 over ASBR2 for the same destination.  This is what
routing policies are all about.  In these cases, you simply set E2
metrics accordingly and accomplish your goal.   Again, it's a matter of
trying to figure out what you are trying to accomplish (what problem are
you trying to solve) and picking the right tools to solve it.  E1 and E2
are simply additional tools that can enable different routing
strategies.

> 
> 
> > 
> > >
> > >Is there any unexpected issues which might arise when
> > >doing this?   Flooding of LSAs or SPF aren't imapcted
> > >if a route is an E1 or E2, right?
> > >
> > >Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58475&t=58454
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Arp table - very strange [7:58404]

[Priscilla Oppenheimer]

The 2950 is a switch, i.e a Layer-2 device. For its normal operations, it
doesn't care about ARP, which maps L3 to L2 addresses.

So to troubleshoot your problem, consider what the switch is doing that is
related to Layer 3 and above. Does it do network management, ping, Telnet?

What does the switch use for a default gateway when it does these
upper-layer functions? Is that default gateway router doing Proxy ARP and
replying with its MAC address for devices on the other side of it?

What are the MAC and IP addresses in this mysterious ARP cache that you are
worried about? With some knowledge or your addressing scheme, you should be
able to figure out what's going on.

Priscilla

Cliff Cliff wrote:
> 
> Dear all,
> 
> For my company, there are two equipment rooms, one is in
> upstair ad one is in downstair. So we are using fiber
> connecting these two floor equipments by using Cisco 2950
> (which having 2 Fiber port) in both upstair and downstair.
> 
> In cisco 2950, there are 24 ports, for some reason, I need to
> set 12 ports for VLAN1 (IP address A.B.C.0/24) andb 12 ports
> for VLAN2(E.F.G.0/24) in upstair cisco 2950. Note that port 25
> is also VLAN1 and port 26 is VLAN2. The same applied to
> downstair cisco 2950 (Now we have two fibers connecting to
> upstair and downstair cisco 2950). The result why connected
> like this is we want to seperate the traffic for VLAN1 and VLAN2.
> 
> The config is like this
> 
> upstair and downstair cisco 2950 switch config
> ==
> Port 1 to port 12:
> 
> under interface FastEthernet0/1 to 0/12 - no special config
> (default)
> 
> Port 13 to port 24:
> 
> under interface FastEthernet0/13 to 0/24 - adding "switchport
> access vlan 2"
> 
> Assign ip address for upstair cisco 2950:
> 
> interface VLAN1
>  ip address A.B.C.1 255.255.255.0
> 
> Assign ip address for downstair cisco 2950:
> 
> interface VLAN1
>  ip address A.B.C.2 255.255.255.0
> 
> But when I issue a command show arp, I see very strange
> situation.
> 
> Actually from my knowledge, the arp table should contains only
> local arp table. But I find that there are some external
> address on my arp table. WHY? Really not understanding? Is my
> config for VLAN is wrong?
> 
> Also when I issue a command "show vlan brief", I get the
> following output:
> 
> VLAN  Name   StatusPorts
>  - --
> 1default activeFa0/1,Fa0/2, ...
> ,Fa0/12,Fa0/25
> 2VLAN0002activeFa0/13,Fa0/14, ... , Fa0/24,
> Fa0/26
> 1002 fddi-defaultactive
> 1003 token-ring-default  active
> 1004 fddinet-default active
> 1005 trnet-default   active
> 
> which I believe that I am not setting wrong for VLAN. Any
> comment or suggestion? Thx!
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58477&t=58404
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: CCIE written [7:58400]

[Priscilla Oppenheimer]

B.J. Wilson wrote:
> 
> I would think that this would be a bad thing, for two reasons:
> one, the number of people who put "CCIE Written" on their
> resumes will increase, and the availability of lab dates will
> decrease.

I don't think the lower passing score means more people pass. The test is
harder than it used to be.

> 
> US$0.02,
> 
> BJ
> 
> 
> ---Original Message---
> From: Bernard 
> Sent: 12/03/02 11:29 AM
> To: [EMAIL PROTECTED]
> Subject: RE: CCIE written [7:58400]
> 
> > Cisco is using a sliding scale based on overall failure rate
> of the
> exam.  As of 10/19, you needed a 58% to pass, not the 70% .  The
> required % to pass will change over time, again based on
> failure rate.
> This exam is much more doable now. It is not as scary as it
> used to be
> at 70%.

Isn't your logic backwards if you say that the exam is more doable and less
scary now?

To maintain the same ratio of passing people versus non-passing people, they
reduced the passing score because the exam is harder to pass than it used to
be.

At least that is what I would assume, or am I confused?

Priscilla

> 
> Bernard 
> 
>  
> 
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, December 03, 2002 3:30 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: CCIE written [7:58400]
> > 
> > From my experience the passing score were 70%
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58478&t=58400
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSPF E1 or E2 [7:58454]

[p b]

Sorry.  Wasn't trying to suggest Howard was wrong, just providing
the source of where I read the information.

Everything Howard mentions makes sense.

But when there's a single ASBR, it seems that there's no
difference in E1 or E2 other than E1 give ya the cost to the
external for free.  I'm planning to use E1s in this situation but
wanted to float this out to the list to see if there might
be unexpected consequencies.  From the feedback so far, there
doesn't seem to be.

Thanks





Peter van Oene wrote:
> 
> Some thoughts below
> 
> On Tue, 2002-12-03 at 13:26, p b wrote:
> > Comments inline:
> > 
> > Howard C. Berkowitz wrote:
> > > 
> > > At 5:00 PM + 12/3/02, p b wrote:
> > > >One of the cisco press books indicates one should use
> > > >type 1 externals when the route is being advertised by
> > > >>1 ASBR and type 2 externals when there's a single
> > > >ASBR.
> > > 
> > > This is just plain wrong. The reason you have E1 and E2 is
> to
> > > have
> > > different routing policies.
> > > 
> > > E1 enforces a closest-exit policy which gives a degree of
> load
> > > sharing.
> > > 
> > > E2 enforces a best-exit policy.  For example, you might have
> > > one fast
> > > link to an ISP and one dial backup link, or a primary and a
> > > backup
> > > provider.  In both cases, you want an E2 because you always
> > > want to
> > > go to a specific exit UNLESS there is a failure.
> > 
> > See ACRC (Chappel), page 217.  Under E1 explanation "...Use
> > this packet type when you have multiple ASBRs advertising a
> > route to the same AS"
> > 
> > Under E2 explanation "... use this packet type if only one
> router
> > is advertising a route to the AS..."
> 
> I'd go with Howard on this one ;-)  E1 metrics simply let
> routers find
> the closest exit from the AS (so long as the external side of
> the
> metrics are relatively consistent)  
> 
> 
> > 
> > > 
> > > >
> > > >Are there any issues if one uses type 1 external even
> > > >when the route is being advertised by a single ASBR?  It
> > > >would seem useful, given the cost to the external is
> > > >compatible with the costing used in the OSPF network, to
> > > >use type 1 externals even if the route originates from a
> > > >single ASBR.  The benefit being able to get a meaningful
> > > >cost value to the external.
> > > 
> > > Why? If there's only one connection to the outside, does the
> > > internal
> > > cost really matter if you have to go there?
> > 
> > Is there no benefit to knowing the cumulative cost?  Is
> > there a benefit to knowing an E2 cost which has no cost
> > meaning within the OSPF AS?As mentioned, there is only
> > a single ASBR advertising this route, but there may be many
> > paths to this ABSR.  So if there's no overhead with using a
> > type 1 here, why not use it and get the cost information?  
> 
> The path to the ASBR, or forwarding address if it isn't
> 0.0.0.0, comes
> out of the routing table.  Hence, the router already knows the
> best path
> to ASBR.  Having it represented in OSPF simply changes the
> outcome of
> the route selection process when there are mulitple entries for
> the same
> destination.
> 
> In many cases, as Howard points out, you want all routers in
> the same AS
> to prefer ASBR1 over ASBR2 for the same destination.  This is
> what
> routing policies are all about.  In these cases, you simply set
> E2
> metrics accordingly and accomplish your goal.   Again, it's a
> matter of
> trying to figure out what you are trying to accomplish (what
> problem are
> you trying to solve) and picking the right tools to solve it. 
> E1 and E2
> are simply additional tools that can enable different routing
> strategies.
> 
> > 
> > 
> > > 
> > > >
> > > >Is there any unexpected issues which might arise when
> > > >doing this?   Flooding of LSAs or SPF aren't imapcted
> > > >if a route is an E1 or E2, right?
> > > >
> > > >Thanks
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58479&t=58454
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Collision [7:58389]

[Priscilla Oppenheimer]

Larry Letterman wrote:
> 
> Most likely the previous 10/half interface on the switch and
> the router
> were not
> linked at the same speed/duplex or the other router had an
> issue with
> the setting.

No, the switch and router were set to the same thing, which was 10 Mbps half
duplex, if you read his messages. He was using a 2500 router. Those routers
predate the full duplex standard. In fact they may predate 100 Mbps also. He
had no choice but to upgrade the router, which he did.

He was seeing lots of collisions, including excessive collisions where the
frame got dropped because even after 15 retries it encountered a collision.

Collisions are normal in shared (half-duplex) Ehternet, but excessive
collisions are not. Collisions are caused by the stations on the shared link
simultaneously sending. Excessive collisions are due to a shortage of
capacity. One fix to the problem is to increase the capacity. By jumping
10-fold from 10 Mbps to 100 Mbps, the risk of collisions, especially
excessive collisions, goes way down. Since each frame takes 1/10th the
amount of time to send, the odds that some other station is sending when
another station transmits (or retransmits) go way down.

Increasing capacity used to be the only way we could upgrade an Ethernet
network. Then the full-duplex standard came about. It can only be used on a
point-to-point link where each side has its own dedicated transmit path. In
other words, it's no longer shared Ethernet. There's no need to sense
carrier to see if anyone else is sending, because there isn't anyone else.
It's not multiple access. Receiving while you're sening is legitimate, so
there's no need to check for collisions. It's no longer CSMA/CD. Of course
the collision rate goes down. Collisions really have no meaning in this
environment. If there are collisions, then there's probably a duplex mismatch.

So, anyway, he improved matters in two ways: upgrading the capacity and
moving to full duplex.

I just wanted to add this theory discussion. It's not right to say (as
someone else did) that collisions are "caused by" a half-duplex setting.
Collisions are caused by two stations sending at once, which tends to happen
more and more frequently when there's not enough  capacity to support the
sending behavior of the nodes on the shared network. To fix the problem, you
can increase capacity or you can make the network not shared by connecting
just two devices and using full duplex.

___

Priscilla Oppenheimer
www.troubleshootingnetworks.com
www.priscilla.com

> 
> To be safe I would set the switch port and the router interface
> to
> 100/full or 10/full
> and there should be no issues then.
> 
> and yes, the fast ethernet in the 26XX/36XX routers are a
> better
> solution.
> 
> Larry Letterman
> Cisco IT-LAN , San Jose
> 
> Cliff Cliff wrote:
> 
> >Today, We are put 3660 router to their end, having
> Fastethernet card, and
> >connected to their switch.
> >
> >They change their switch port as following:
> >
> >interface FastEthernet0/14 
> >load-interval 30 
> >duplex full
> >
> >so far, after observe serveral hours, there is no collision as
> well as not
> >error message in our router.
> >
> >So, what's wrong? Is the fastethernet is better? or previous
> setting that I
> >have is wrong?
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58480&t=58389
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Specific BGP Question [7:58428]

[Kent Yu]

Jim,

I assume your customer is okay with your business decision? People normally
want to get to the destinations through the shortest AS path, who you are
peering with and who you are buying transit from are important to your
customers.

I guess it is your customer's business decision, they want to pass traffic
through you so they will pay less to 1239, but you only pass 16631 to them
or you force all their traffic out to 16631, so they will either have less
chance to save money or have to use longer AS path, I guess your price is
competitive.

--kent

- Original Message -
From: "Jim Devane" 
To: 
Sent: Tuesday, December 03, 2002 2:16 AM
Subject: Specific BGP Question [7:58428]


> Hello all,
>
> Long time lurker, first time poster.
>
> I have a router that is multi-homed between 16631 and 701.
> I have a new client who is buying transit from us.
> They are multi-homed to us and 1239.
> A business decision was made to policy route their traffic out 16631.
> As a result I will only publish 16631 routes to them.
> However, if 16631 goes away, I want to be able to push the 701 routes to
> them.
> Injecting a default wouldn't be very effective here since 1239 will most
> likely have a more specific route!
> So Conditional Adv to the rescue. However..I have a few questions I am
> unsure about and I don't have a lab to try it out on.
>
> In this config:
>
> router bgp 
> nei New_Client remote-as Client_AS
> nei New_Client filter-list 4 in
> nei New_Client filter-list 3 out
>
> ip as path access-list 3 permit .*
> ip as-path access-list 4 permit ^Client_AS$
>
> so far so good
> I want to add this...
>
> nei New_Client advertise-map MAP1 non-exist-map MAP2
>
> route-map MAP1 permit 10
> match as-path 5
> route-map MAP2 permit 10
> match as-path 6
>
> ip as-path access-list 5 ^$ _16631_
> ip as-path access-list 6 ^$ _701_
>
>
> SO NOW THE QUESTIONS!!!
>
> 1) What is the order of operation for the advertisement out? Will the
> Filter-list showing all routes cancel any effect of the route-map?
> 2) Are the MAP1 and MAP2 route maps valid in this config because they use
> as-path? The config's I could find as example were based on Prefix. I made
> up the part about using the as-path, but it seems logical (boy, I wish I
had
> a couple extra routers!)
> 3) Is there a better way to go about this!
>
> Thanks in advance. And thanks to everybody who posts. I have taken away a
> lot from this mailing-list!
>
> Jim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58481&t=58428
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Ccie is a rip off! [7:58458]

[George Bethel]

The CCIE written is not a certification, it is a
qualification exam.  No matter how dificult you think
it is, if you can't pass the written you're not ready
for the lab.  



--- wexo__la  wrote:
> Someone should say this already :
> There is no experties-checking in any ccie written
> exam!
> The ccie is a rip-off!
> 50% memory questions (like "what vip version is
> eprom-value:01e00" and other
> shit.." 
> I got the "official exam certification guide" I am a
> ccip/ccdp/ccnp and I
> never got so miss-leaded! this book from july 2002
> (very new) and it says
> (page 4) the exam is 100 question + does not include
> the fddi and many more
> ... it is missleading in many areas
> +
> the question and cd-test is 80% less
> hard then the actual test and it tells
> you that they are harder!
> i payed the price for getting the book for an idea
> of the test and i got the
> wrong idea! 
> i think that cisco is doing something very wrong
> with this
> The material are quite broad and you can ask many
> hard questions on the
> technologies But there are so many of them about
> "how many slots in
> this..?","what version support that..?","what ip
> precedence number is
> flush.." that gets you thinking cisco is not Concern
> about checking your
> experties but something complitly different - that
> gets people like us
> talking about the exams like it is something to brag
> about!
[EMAIL PROTECTED]


__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58482&t=58458
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: CCIE written [7:58400]

[Mirza, Timur]

i can attest to that...i passed w/o a prob 3 yrs ago & failed on the new
written...its a night & day difference...when they lower the pass mark from
70% to 58%, it should make you think!

-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 03, 2002 11:25 AM
To: [EMAIL PROTECTED]
Subject: Re: RE: CCIE written [7:58400]


B.J. Wilson wrote:
> 
> I would think that this would be a bad thing, for two reasons:
> one, the number of people who put "CCIE Written" on their
> resumes will increase, and the availability of lab dates will
> decrease.

I don't think the lower passing score means more people pass. The test is
harder than it used to be.

> 
> US$0.02,
> 
> BJ
> 
> 
> ---Original Message---
> From: Bernard 
> Sent: 12/03/02 11:29 AM
> To: [EMAIL PROTECTED]
> Subject: RE: CCIE written [7:58400]
> 
> > Cisco is using a sliding scale based on overall failure rate
> of the
> exam.  As of 10/19, you needed a 58% to pass, not the 70% .  The
> required % to pass will change over time, again based on
> failure rate.
> This exam is much more doable now. It is not as scary as it
> used to be
> at 70%.

Isn't your logic backwards if you say that the exam is more doable and less
scary now?

To maintain the same ratio of passing people versus non-passing people, they
reduced the passing score because the exam is harder to pass than it used to
be.

At least that is what I would assume, or am I confused?

Priscilla

> 
> Bernard 
> 
>  
> 
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, December 03, 2002 3:30 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: CCIE written [7:58400]
> > 
> > From my experience the passing score were 70%




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58484&t=58400
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Collision [7:58389]

[Larry Letterman]

set one end to 100 half and the other to 100 full and see what happens:)

Priscilla Oppenheimer wrote:

>Larry Letterman wrote:
>
>>Most likely the previous 10/half interface on the switch and
>>the router
>>were not
>>linked at the same speed/duplex or the other router had an
>>issue with
>>the setting.
>>
>
>No, the switch and router were set to the same thing, which was 10 Mbps half
>duplex, if you read his messages. He was using a 2500 router. Those routers
>predate the full duplex standard. In fact they may predate 100 Mbps also. He
>had no choice but to upgrade the router, which he did.
>
>He was seeing lots of collisions, including excessive collisions where the
>frame got dropped because even after 15 retries it encountered a collision.
>
>Collisions are normal in shared (half-duplex) Ehternet, but excessive
>collisions are not. Collisions are caused by the stations on the shared link
>simultaneously sending. Excessive collisions are due to a shortage of
>capacity. One fix to the problem is to increase the capacity. By jumping
>10-fold from 10 Mbps to 100 Mbps, the risk of collisions, especially
>excessive collisions, goes way down. Since each frame takes 1/10th the
>amount of time to send, the odds that some other station is sending when
>another station transmits (or retransmits) go way down.
>
>Increasing capacity used to be the only way we could upgrade an Ethernet
>network. Then the full-duplex standard came about. It can only be used on a
>point-to-point link where each side has its own dedicated transmit path. In
>other words, it's no longer shared Ethernet. There's no need to sense
>carrier to see if anyone else is sending, because there isn't anyone else.
>It's not multiple access. Receiving while you're sening is legitimate, so
>there's no need to check for collisions. It's no longer CSMA/CD. Of course
>the collision rate goes down. Collisions really have no meaning in this
>environment. If there are collisions, then there's probably a duplex
mismatch.
>
>So, anyway, he improved matters in two ways: upgrading the capacity and
>moving to full duplex.
>
>I just wanted to add this theory discussion. It's not right to say (as
>someone else did) that collisions are "caused by" a half-duplex setting.
>Collisions are caused by two stations sending at once, which tends to happen
>more and more frequently when there's not enough  capacity to support the
>sending behavior of the nodes on the shared network. To fix the problem, you
>can increase capacity or you can make the network not shared by connecting
>just two devices and using full duplex.
>
>___
>
>Priscilla Oppenheimer
>www.troubleshootingnetworks.com
>www.priscilla.com
>
>>To be safe I would set the switch port and the router interface
>>to
>>100/full or 10/full
>>and there should be no issues then.
>>
>>and yes, the fast ethernet in the 26XX/36XX routers are a
>>better
>>solution.
>>
>>Larry Letterman
>>Cisco IT-LAN , San Jose
>>
>>Cliff Cliff wrote:
>>
>>>Today, We are put 3660 router to their end, having
>>>
>>Fastethernet card, and
>>
>>>connected to their switch.
>>>
>>>They change their switch port as following:
>>>
>>>interface FastEthernet0/14 
>>>load-interval 30 
>>>duplex full
>>>
>>>so far, after observe serveral hours, there is no collision as
>>>
>>well as not
>>
>>>error message in our router.
>>>
>>>So, what's wrong? Is the fastethernet is better? or previous
>>>
>>setting that I
>>
>>>have is wrong?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58485&t=58389
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Support exam how to prepare [7:58430]

[Priscilla Oppenheimer]

Congratulations on passing the Support exam.

For those of you who haven't passed it yet, I have a free practice Support
test at my Troubleshooting Networks Web site, which is the companion site
for my Support book, Troubleshooting Campus Networks.

The Web site has other free resources too, some of which are more than you
need for the test, which is rather easy.

For example, maybe you just need to know that FTP uses port 21 to answer
questions in the Support exam, but you sure need to know a lot more than
that to troubleshoot FTP problems, which can be complex due to the 2
connections, the use of IP addresses in application-layer commands, and the
troublesome behavior of Active FTP versus Passive FTP, especially when
firewalls are present.

Anyway, the Web site is here:

http://www.troubleshootingnetworks.com/

Go to Troubleshooting Resources for the practice test and other resources.

Priscilla

Siddiqi Kenan wrote:
> 
> Hi there,
> First of all, thank you to all of those who helped and guided
> me for the exam. Passed it. Here is what I learnt from my
> experience:
> 
> 1. Passing score was 755, I had 58 questions (but this varies
> from person to person)
> 2. The best way I found to prepare for this exam was using the
> offical course book. Read every bit very carefully. Some
> questions do require in-depth knowledge and familiarity with
> Cisco device operations. Then again, nothing replaces hands-on
> experience.
> 3. About 2 weeks before the exam, practice Boson tests. They
> help in making sure you know the thigns properly.
> 
> Ok then, happy studying! :)
> 
> Cheers,
> 
> Kenan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58483&t=58430
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Ccie is a rip off! [7:58458]

[Silju Pillai]

The book was released as per the old test. So there is no point in blaming
the book. Atleast give some credit to the author for releasing the book. He
might have spend nights writing the chapters.Its a good book to start with. 
Also you cannot expect the whole topic to cover in one single book. Its true
that new CCIE written goes in depth. But its better than the old written.
Read Doyle 1 and 2, CCIE Lan switching, Internet routing Architecture, CCIE
book by Caslow and www.cisco.com.

regards


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58476&t=58458
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: CCIE written [7:58400]

[Bernard]

Priscilla,

"more doable" & "less scary" refers to the same exam (new format) at
different passing scores.
I did not mean to compare the new format and the old format.

The new CCIE written exam with 58% as the passing score is "more doable"
& "less scary" than the same new CCIE written exam with 70% as the
passing score.

Rgds,

Bernard



> > This exam is much more doable now. It is not as scary as it
> > used to be
> > at 70%.
> 
> Isn't your logic backwards if you say that the exam is more doable and
> less
> scary now?
> 
> To maintain the same ratio of passing people versus non-passing
people,
> they
> reduced the passing score because the exam is harder to pass than it
used
> to
> be.
> 
> At least that is what I would assume, or am I confused?
> 
> Priscilla




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58486&t=58400
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Collision [7:58389]

[Priscilla Oppenheimer]

Larry Letterman wrote:
> 
> set one end to 100 half and the other to 100 full and see what
> happens:)

I mentioned the duplex mismatch problem too, but it has nothing to do with
his question or problem.

The key to troubleshooting is to address the actual problem, not some
assumption you make about the problem.

Thought you would have the last word, eh? :-)

Priscilla

> 
> Priscilla Oppenheimer wrote:
> 
> >Larry Letterman wrote:
> >
> >>Most likely the previous 10/half interface on the switch and
> >>the router
> >>were not
> >>linked at the same speed/duplex or the other router had an
> >>issue with
> >>the setting.
> >>
> >
> >No, the switch and router were set to the same thing, which
> was 10 Mbps half
> >duplex, if you read his messages. He was using a 2500 router.
> Those routers
> >predate the full duplex standard. In fact they may predate 100
> Mbps also. He
> >had no choice but to upgrade the router, which he did.
> >
> >He was seeing lots of collisions, including excessive
> collisions where the
> >frame got dropped because even after 15 retries it encountered
> a collision.
> >
> >Collisions are normal in shared (half-duplex) Ehternet, but
> excessive
> >collisions are not. Collisions are caused by the stations on
> the shared link
> >simultaneously sending. Excessive collisions are due to a
> shortage of
> >capacity. One fix to the problem is to increase the capacity.
> By jumping
> >10-fold from 10 Mbps to 100 Mbps, the risk of collisions,
> especially
> >excessive collisions, goes way down. Since each frame takes
> 1/10th the
> >amount of time to send, the odds that some other station is
> sending when
> >another station transmits (or retransmits) go way down.
> >
> >Increasing capacity used to be the only way we could upgrade
> an Ethernet
> >network. Then the full-duplex standard came about. It can only
> be used on a
> >point-to-point link where each side has its own dedicated
> transmit path. In
> >other words, it's no longer shared Ethernet. There's no need
> to sense
> >carrier to see if anyone else is sending, because there isn't
> anyone else.
> >It's not multiple access. Receiving while you're sening is
> legitimate, so
> >there's no need to check for collisions. It's no longer
> CSMA/CD. Of course
> >the collision rate goes down. Collisions really have no
> meaning in this
> >environment. If there are collisions, then there's probably a
> duplex mismatch.
> >
> >So, anyway, he improved matters in two ways: upgrading the
> capacity and
> >moving to full duplex.
> >
> >I just wanted to add this theory discussion. It's not right to
> say (as
> >someone else did) that collisions are "caused by" a
> half-duplex setting.
> >Collisions are caused by two stations sending at once, which
> tends to happen
> >more and more frequently when there's not enough  capacity to
> support the
> >sending behavior of the nodes on the shared network. To fix
> the problem, you
> >can increase capacity or you can make the network not shared
> by connecting
> >just two devices and using full duplex.
> >
> >___
> >
> >Priscilla Oppenheimer
> >www.troubleshootingnetworks.com
> >www.priscilla.com
> >
> >>To be safe I would set the switch port and the router
> interface
> >>to
> >>100/full or 10/full
> >>and there should be no issues then.
> >>
> >>and yes, the fast ethernet in the 26XX/36XX routers are a
> >>better
> >>solution.
> >>
> >>Larry Letterman
> >>Cisco IT-LAN , San Jose
> >>
> >>Cliff Cliff wrote:
> >>
> >>>Today, We are put 3660 router to their end, having
> >>>
> >>Fastethernet card, and
> >>
> >>>connected to their switch.
> >>>
> >>>They change their switch port as following:
> >>>
> >>>interface FastEthernet0/14 
> >>>load-interval 30 
> >>>duplex full
> >>>
> >>>so far, after observe serveral hours, there is no collision
> as
> >>>
> >>well as not
> >>
> >>>error message in our router.
> >>>
> >>>So, what's wrong? Is the fastethernet is better? or previous
> >>>
> >>setting that I
> >>
> >>>have is wrong?
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58487&t=58389
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: CCIE written [7:58400]

[Peter van Oene]

I've noticed however that the lab itself isn't booked heavily (I could
be wrong)  If the pool isn't full, turn on the hose and fill it up. 
Training down your qualification requirements accomplishes that as far
as I see it.



On Tue, 2002-12-03 at 16:19, Bernard wrote:
> Priscilla,
> 
> "more doable" & "less scary" refers to the same exam (new format) at
> different passing scores.
> I did not mean to compare the new format and the old format.
> 
> The new CCIE written exam with 58% as the passing score is "more doable"
> & "less scary" than the same new CCIE written exam with 70% as the
> passing score.
> 
> Rgds,
> 
> Bernard
> 
> 
> 
> > > This exam is much more doable now. It is not as scary as it
> > > used to be
> > > at 70%.
> > 
> > Isn't your logic backwards if you say that the exam is more doable and
> > less
> > scary now?
> > 
> > To maintain the same ratio of passing people versus non-passing
> people,
> > they
> > reduced the passing score because the exam is harder to pass than it
> used
> > to
> > be.
> > 
> > At least that is what I would assume, or am I confused?
> > 
> > Priscilla




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58488&t=58400
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: rate-limit question [7:58423]

[William Lijewski]

Well its actually a config at work that our ISP put on the router.  It is:

rate-limit 16000 8000 8000 conform-action set-prec-transmit 2

This is on our 256k link and we are having complaints that the line has
performance issues.  What I get out of this line is that anything in the 1st
24k or bandwidth is going to have the precedence set to 2, but what I really
need to know is if the rest of the traffic above the 24k is getting dropped?

There are a lot of TCP retransmissions on the line which leads me to believe
that the packets are getting dropped... I really need to know what happens
without that "exceed-action" command.

And as a side question, why would the ISP put this line in?

Thanks again,
Bill



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58489&t=58423
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: AW: Port Security on 3550 based on given MAC-Addre [7:58339]

[William Lijewski]

Hello,

The default for the maximum number of mac-addresses is one, and the default
violation is shutdown.

Bill


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58490&t=58339
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: for PIX VPN gurus... [7:58448]

[Edward Sohn]

Larry,

Good find, however, we are GRE tunneling EIGRP across
sites.  This is before the PIXes.

Thanks,

Ed

--- "Roberts, Larry" 
wrote:
> Taking a guess, but could you specify multiple
> destination IP's under the
> crypto map peer statement?
> 
> PIX#(config) crypto map TEST 10 set peer 10.20.30.1
> 10.20.30.2
> 
> PIX#(config) show crypto map
> Crypto Map: "TEST" interfaces: { }
> 
> Crypto Map "TEST" 10 ipsec-isakmp
> Peer = 10.20.30.1
> Peer = 10.20.30.2
> No matching address list set.
> Current peer: 10.20.30.1
> Security association lifetime: 4608000
> kilobytes/28800 seconds
> PFS (Y/N): N
> Transform sets={ }
> 
> I believe that this will first cause it to build to
> .1, and if it is
> unavailable to .2
> I would be curious as to how your going to handle
> the internal routing back
> to the corporate site?
> I think that would be a stumbling block from what I
> can tell.
> 
> 
> Thanks
> 
> Larry
>  
> 
> -Original Message-
> From: Edward Sohn [mailto:[EMAIL PROTECTED]] 
> Sent: Tuesday, December 03, 2002 11:14 AM
> To: [EMAIL PROTECTED]
> Subject: for PIX VPN gurus... [7:58448]
> 
> 
> I have a requirement in which a single Headquarters
> PIX needs to VPN over
> the internet to a single remote site which have two
> separate PIXes
> (connected the same site LAN).  The goal is to
> introduce redundancy into the
> VPN connection to the remote site.  Unfortunately,
> it has to be like this
> due to the company's hardware limitations.
> 
> This is not a "classic" PIX failover configuration
> via the serial method
> (515, 525, 535), but two separate PIX 506's
> connected separately to the same
> LAN.
> 
> I can't find anywhere on CCO whether this config is
> supported, and the TAC
> engineer is also clueless (he even said that he
> doesn't have a way to LAB it
> up--can you believe that?.  This is Cisco we're
> talking about here).
> 
> Anyway, anybody ever done something like this?  Will
> this work?  Can
> somebody test this?
> 
> BTW, I need to know ASAP, because the customer wants
> to implement this
> immediately if it will work.
> 
> Thanks,
> 
> Eddie
[EMAIL PROTECTED]


__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58491&t=58448
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Help needed on ISDN PPP Multilink [7:58474]

[William Lijewski]

Can you past the config from the other side also?  That would help.

Bill


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58492&t=58474
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Enterprise technologies [7:58493]

[Priscilla Oppenheimer]

I may be starting a new project doing some writing about technologies used
in enterprise networks. (read not service provider)

Do I need to cover IS-IS? Or is it mainly ISPs that use this?

How about MPLS? I should discuss it briefly, but aren't the main users of
MPLS ISPs, not enterprise networks?

Anyone using GARP? That's on my list to research too. I thought that Garp
was a hero in a John Irving book.

Alas, I have a lot to learn. Thank-you VERY much for answering these quick
questions.

___

Priscilla Oppenheimer
www.troubleshootingnetworks.com
www.priscilla.com


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58493&t=58493
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Help needed on ISDN PPP Multilink [7:58474]

[Leo Song]

Thanks.

The calling router config.

isdn switch-type basic-ni

interface BRI0
 bandwidth 128
 ip address 10.10.191.1 255.255.255.0
 encapsulation ppp
 dialer map ip 10.10.191.2 name dslvanrt3 916046874636
 dialer map ip 10.10.191.2 name dslvanrt3 916046874630
 dialer load-threshold 5 either
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 416362357600 3623576
 isdn spid2 416362553800 3625538
 ppp authentication chap
 ppp multilink
 hold-queue 75 out

access-list 100 permit ip xx
dialer-list 1 protocol ip permit

Leo 


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 03, 2002 5:18 PM
To: [EMAIL PROTECTED]
Subject: RE: Help needed on ISDN PPP Multilink [7:58474]

Can you past the config from the other side also?  That would help.

Bill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58494&t=58474
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: configure spanning tree mode [7:58365]

[puro prasad]

Enabling spanning tree is ok, but how about changing the mode. As u musst be
aware of, cisco supports 3 different spanning tree modes. common spannig
tree(cst, IEEE standard), per vlan spanning tree(pvst, cisco proprietary)
and pvst+(cisco proprietary interoperable with cst). Are these modes
configurable.
regarding the trunk link inbetween 3524 and 4006 switch, 4006 is running
5.5(11a) with a supII engine and 3524 is running 11.2(8.2)SA6
Thanks,
Prasad.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58495&t=58365
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

MRTG related [7:58497]

[puro prasad]

I am running mrtg to monitor one of my ethernet ports on the router. Since a
few days, the utilization shown has raised 4fold though no major changes
have been carried out on the intranet. Anybody aware of any such problem.
regs.,
prasad.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58497&t=58497
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Secondary IP Addresses [7:58498]

[Edward Sohn]

Thanks to all for the responses to my VPN connections.
 I have pretty much verified it will work in an
"active/failover" setting...

Now, I have an issue where I need to convince my
customer that it's better to subinterface a fast
ethernet port into two separate VLANs rather than add
secondary IP addressing on the router.

Now, from my understanding I thought that secondary IP
addressing is "traditionally" not recommended.  I
thought I read somewhere that it creates instability
for both networks and increases traffic.  Now, I'm not
certain, so correct me if I'm wrong.

Thanks,

Ed

__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58498&t=58498
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Collision [7:58389]

[Larry Letterman]

Not the last word, but you imply that the collisions are only due to 
capacity...
and I can have the wrong match on both ends and get plenty of collisions 
with no
capacity issue.and I reserve the last word as always for you...where 
have you been lately,
I have missed you   :)

Priscilla Oppenheimer wrote:

>Larry Letterman wrote:
>
>>set one end to 100 half and the other to 100 full and see what
>>happens:)
>>
>
>I mentioned the duplex mismatch problem too, but it has nothing to do with
>his question or problem.
>
>The key to troubleshooting is to address the actual problem, not some
>assumption you make about the problem.
>
>Thought you would have the last word, eh? :-)
>
>Priscilla
>
>>Priscilla Oppenheimer wrote:
>>
>>>Larry Letterman wrote:
>>>
Most likely the previous 10/half interface on the switch and
the router
were not
linked at the same speed/duplex or the other router had an
issue with
the setting.

>>>No, the switch and router were set to the same thing, which
>>>
>>was 10 Mbps half
>>
>>>duplex, if you read his messages. He was using a 2500 router.
>>>
>>Those routers
>>
>>>predate the full duplex standard. In fact they may predate 100
>>>
>>Mbps also. He
>>
>>>had no choice but to upgrade the router, which he did.
>>>
>>>He was seeing lots of collisions, including excessive
>>>
>>collisions where the
>>
>>>frame got dropped because even after 15 retries it encountered
>>>
>>a collision.
>>
>>>Collisions are normal in shared (half-duplex) Ehternet, but
>>>
>>excessive
>>
>>>collisions are not. Collisions are caused by the stations on
>>>
>>the shared link
>>
>>>simultaneously sending. Excessive collisions are due to a
>>>
>>shortage of
>>
>>>capacity. One fix to the problem is to increase the capacity.
>>>
>>By jumping
>>
>>>10-fold from 10 Mbps to 100 Mbps, the risk of collisions,
>>>
>>especially
>>
>>>excessive collisions, goes way down. Since each frame takes
>>>
>>1/10th the
>>
>>>amount of time to send, the odds that some other station is
>>>
>>sending when
>>
>>>another station transmits (or retransmits) go way down.
>>>
>>>Increasing capacity used to be the only way we could upgrade
>>>
>>an Ethernet
>>
>>>network. Then the full-duplex standard came about. It can only
>>>
>>be used on a
>>
>>>point-to-point link where each side has its own dedicated
>>>
>>transmit path. In
>>
>>>other words, it's no longer shared Ethernet. There's no need
>>>
>>to sense
>>
>>>carrier to see if anyone else is sending, because there isn't
>>>
>>anyone else.
>>
>>>It's not multiple access. Receiving while you're sening is
>>>
>>legitimate, so
>>
>>>there's no need to check for collisions. It's no longer
>>>
>>CSMA/CD. Of course
>>
>>>the collision rate goes down. Collisions really have no
>>>
>>meaning in this
>>
>>>environment. If there are collisions, then there's probably a
>>>
>>duplex mismatch.
>>
>>>So, anyway, he improved matters in two ways: upgrading the
>>>
>>capacity and
>>
>>>moving to full duplex.
>>>
>>>I just wanted to add this theory discussion. It's not right to
>>>
>>say (as
>>
>>>someone else did) that collisions are "caused by" a
>>>
>>half-duplex setting.
>>
>>>Collisions are caused by two stations sending at once, which
>>>
>>tends to happen
>>
>>>more and more frequently when there's not enough  capacity to
>>>
>>support the
>>
>>>sending behavior of the nodes on the shared network. To fix
>>>
>>the problem, you
>>
>>>can increase capacity or you can make the network not shared
>>>
>>by connecting
>>
>>>just two devices and using full duplex.
>>>
>>>___
>>>
>>>Priscilla Oppenheimer
>>>www.troubleshootingnetworks.com
>>>www.priscilla.com
>>>
To be safe I would set the switch port and the router

>>interface
>>
to
100/full or 10/full
and there should be no issues then.

and yes, the fast ethernet in the 26XX/36XX routers are a
better
solution.

Larry Letterman
Cisco IT-LAN , San Jose

Cliff Cliff wrote:

>Today, We are put 3660 router to their end, having
>
Fastethernet card, and

>connected to their switch.
>
>They change their switch port as following:
>
>interface FastEthernet0/14 
>load-interval 30 
>duplex full
>
>so far, after observe serveral hours, there is no collision
>
>>as
>>
well as not

>error message in our router.
>
>So, what's wrong? Is the fastethernet is better? or previous
>
setting that I

>have is wrong?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58499&t=58389
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Dialer profiles and broadcast [7:58500]

[John Tafasi]

I am using dialer profiles on r2 below and wants protocol broadcast such as
rip to be sent out accross the isdn link to r5. I tried to find the command
that allows me to configure broadcast but dialer interfaces do not accept
the dialer map command. Does any body of you know?


hostname r2
!
interface BRI0
 no ip address
 no ip directed-broadcast
 encapsulation ppp
 dialer pool-member 1
 isdn spid1 0835866101
 isdn spid2 0835866301
!
interface Dialer1
 ip address 10.10.10.1 255.255.255.0
 no ip directed-broadcast
 encapsulation ppp
 dialer remote-name r5
 dialer string 8358662
 dialer pool 1
 dialer-group 1
 pulse-time 0
 ppp chap hostname r2




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58500&t=58500
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: I seems Confused.....Peer-to-to TCP/IP Network [7:58255]

[Symon Thurlow]

That is really funny.

-Original Message-
From: Godswill Oletu [mailto:[EMAIL PROTECTED]] 
Sent: 03 December 2002 14:50
To: [EMAIL PROTECTED]
Subject: Re: I seems Confused.Peer-to-to TCP/IP Network [7:58255]


Hi Mark and All!

This is to thank everyone who responded or think through my question but
could not response.

I have been able to resolve the problem.

Actually, I install Checkpoint NG on the Windows NT 4.0 system for my
home lab but had not being using it. So I completely forgot that its
security modules still loads in the services. So it drops all traffics.

Thanks once again.

Regards.
Godswill

- Original Message -
From: Mark W. Odette II 
To: 
Sent: Friday, November 29, 2002 2:03 PM
Subject: RE: I seems Confused.Peer-to-to TCP/IP Network [7:58255]


> Oletu-
> What you are trying to do is not impossible.  Many of us do this all 
> the time to migrate data from one machine to another without burdening

> the Hub-based LAN or if the computer is all by itself and is being 
> upgraded. Case in point is the situation where a Win9x/Pentium 166Mhz 
> workstation is being replaced with a Windows XP/Pentium III 1.8Ghz 
> workstation... NetBEUI isn't a protocol option on XP, as it isn't 
> supported anymore- So, it's TCP/IP or IPX!
>
> Configuration of each computer is correct; the fact that you can 
> operate with success running NetBEUI says that your physical layer is 
> also solid, i.e., NIC's and Cross-over cable.
>
> Next thing to do is (for informational purposes) to 'route print' or a

> 'netstat -r' at the command line to determine the TCP/IP stack has 
> proper routing information.  Optionally issue the 'nbtstat -c' or 
> 'nbtstat -r' to see if you are getting any netbios caching...
>
> After collecting this information, I would remove the TCP/IP protocol,

> reboot, reinstall TCP/IP protocol, install most recent SP for OS, and 
> test again...  If that doesn't resolve the problem, then seek out 
> replacement drivers for the NIC(s).
>
> This pretty much addresses every possibility of failure between two 
> Windows-based computers that are directly connected to each other with

> a cross-over cable.
>
> ... One other thought- You wouldn't have some kind of personal 
> firewall installed/previously installed on either one of these 
> computers by chance, would you!?!?!
>
> I have seen all kinds of crazy stuff occur on MS boxes that had had 
> any of the different flavors of "Personal Firewalls" installed, which 
> usually required complete removal of the TCP/IP protocol, and then 
> sifting through the networking portion of the registry to recover the 
> machine.  The alternative was to reinstall the OS from scratch.  The 
> firewalls in question were the Norton Personal Firewall, the Network 
> Associates Desktop Firewall, BlackIce, and one other I can't recall 
> the name of.  Just some extra info to chew on for possibility.
>
> Good luck, and let us know what you find...
>
> -Mark
>
>
> -Original Message-
> From: Godswill Oletu [mailto:[EMAIL PROTECTED]]
> Sent: Friday, November 29, 2002 12:04 PM
> To: Mark W. Odette II; [EMAIL PROTECTED]
> Subject: Re: I seems Confused.Peer-to-to TCP/IP Network [7:58255]
>
> Hi Mark,
>
> I have done all that. The crossover cable is okay. NeTBEUI is working 
> fine. I can see both computers through Network Neigbourhood; copy 
> files from one
> computer to the other. Everthing about NetBEUI is kool. I have alos
> edited
> the hosts/lmhost files on each computer (this only help to resolve the
> IP
> Address to the netbios name.)
>
> IP addresses are Computer A=192.168.0.1/255.255.255.0 and Computer 
> B=192.168.0.2/255.255.255.0
>
> On Computer A, I can ping 192.168.0.1, localhost and 127.0.0.1 and it 
> will response fine. On Computer B, I can also ping 192.168.0.2, 
> localhost and 127.0.0.1 and it will response fine. (TCP/IP stack seems

> perfectly installed)!!!
>
> But I cannot ping A from B, neither can I ping B from A.
>
> This is the dumbest thing I have ever done and it is messing me up.
>
> Or is it impossible?
>
> - Original Message -
> From: Mark W. Odette II
> To:
> Sent: Thursday, November 28, 2002 8:22 PM
> Subject: RE: I seems Confused.Peer-to-to TCP/IP Network [7:58255]
>
>
> > Check your subnet masks for each computer.
> > Either specify Computer B as the default gateway for Computer A and 
> > vice-versa, or don't specify a default gateway at all.
> >
> > After that, you have to configure the lmhosts/hosts files if you 
> > want
> to
> > resolve machine names between each other (quickly).
> >
> > Verify that your cross-over cable is good, or plug each computer 
> > into
> a
> > hub/switch.
> >
> > It's that simple.
> >
> > Cheers!
> > -Mark
> >
> > -Original Message-
> > From: Godswill Oletu [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, November 28, 2002 6:26 PM
> > To: [EMAIL PROTECTED]
> > Subject: I seems Confused.Peer-to-to TCP/IP Network [7:58255]
> >
> > Hi all,
> >
> > Whe

Re: Collision [7:58389]

[Priscilla Oppenheimer]

Larry Letterman wrote:
> 
> Not the last word, but you imply that the collisions are only
> due to
> capacity...
> and I can have the wrong match on both ends and get plenty of
> collisions
> with no
> capacity issue.

It is a capcity issue. A collision results when the station set to half
duplex sends while the other side is sending too. If there were enough
capacity to handle all the traffic, this wouldn't happen, or at least not
nearly as often. It's one reason that troubleshooting a duplex mismatch
problem is difficult. The problems come and go with traffic load.

I suppose that these days where switches have replaced hubs and connect
single devices, one could say "if there are excessive collisions, check the
duplex setting."

But that doesn't let us jump to the conclusion that collisions are caused by
a mismatch problem.

> and I reserve the last word as always for
> you...where
> have you been lately,
> I have missed you   :)

On vacation! Yeah! :-)

Priscilla

> 
> Priscilla Oppenheimer wrote:
> 
> >Larry Letterman wrote:
> >
> >>set one end to 100 half and the other to 100 full and see what
> >>happens:)
> >>
> >
> >I mentioned the duplex mismatch problem too, but it has
> nothing to do with
> >his question or problem.
> >
> >The key to troubleshooting is to address the actual problem,
> not some
> >assumption you make about the problem.
> >
> >Thought you would have the last word, eh? :-)
> >
> >Priscilla
> >
> >>Priscilla Oppenheimer wrote:
> >>
> >>>Larry Letterman wrote:
> >>>
> Most likely the previous 10/half interface on the switch and
> the router
> were not
> linked at the same speed/duplex or the other router had an
> issue with
> the setting.
> 
> >>>No, the switch and router were set to the same thing, which
> >>>
> >>was 10 Mbps half
> >>
> >>>duplex, if you read his messages. He was using a 2500 router.
> >>>
> >>Those routers
> >>
> >>>predate the full duplex standard. In fact they may predate
> 100
> >>>
> >>Mbps also. He
> >>
> >>>had no choice but to upgrade the router, which he did.
> >>>
> >>>He was seeing lots of collisions, including excessive
> >>>
> >>collisions where the
> >>
> >>>frame got dropped because even after 15 retries it
> encountered
> >>>
> >>a collision.
> >>
> >>>Collisions are normal in shared (half-duplex) Ehternet, but
> >>>
> >>excessive
> >>
> >>>collisions are not. Collisions are caused by the stations on
> >>>
> >>the shared link
> >>
> >>>simultaneously sending. Excessive collisions are due to a
> >>>
> >>shortage of
> >>
> >>>capacity. One fix to the problem is to increase the capacity.
> >>>
> >>By jumping
> >>
> >>>10-fold from 10 Mbps to 100 Mbps, the risk of collisions,
> >>>
> >>especially
> >>
> >>>excessive collisions, goes way down. Since each frame takes
> >>>
> >>1/10th the
> >>
> >>>amount of time to send, the odds that some other station is
> >>>
> >>sending when
> >>
> >>>another station transmits (or retransmits) go way down.
> >>>
> >>>Increasing capacity used to be the only way we could upgrade
> >>>
> >>an Ethernet
> >>
> >>>network. Then the full-duplex standard came about. It can
> only
> >>>
> >>be used on a
> >>
> >>>point-to-point link where each side has its own dedicated
> >>>
> >>transmit path. In
> >>
> >>>other words, it's no longer shared Ethernet. There's no need
> >>>
> >>to sense
> >>
> >>>carrier to see if anyone else is sending, because there isn't
> >>>
> >>anyone else.
> >>
> >>>It's not multiple access. Receiving while you're sening is
> >>>
> >>legitimate, so
> >>
> >>>there's no need to check for collisions. It's no longer
> >>>
> >>CSMA/CD. Of course
> >>
> >>>the collision rate goes down. Collisions really have no
> >>>
> >>meaning in this
> >>
> >>>environment. If there are collisions, then there's probably a
> >>>
> >>duplex mismatch.
> >>
> >>>So, anyway, he improved matters in two ways: upgrading the
> >>>
> >>capacity and
> >>
> >>>moving to full duplex.
> >>>
> >>>I just wanted to add this theory discussion. It's not right
> to
> >>>
> >>say (as
> >>
> >>>someone else did) that collisions are "caused by" a
> >>>
> >>half-duplex setting.
> >>
> >>>Collisions are caused by two stations sending at once, which
> >>>
> >>tends to happen
> >>
> >>>more and more frequently when there's not enough  capacity to
> >>>
> >>support the
> >>
> >>>sending behavior of the nodes on the shared network. To fix
> >>>
> >>the problem, you
> >>
> >>>can increase capacity or you can make the network not shared
> >>>
> >>by connecting
> >>
> >>>just two devices and using full duplex.
> >>>
> >>>___
> >>>
> >>>Priscilla Oppenheimer
> >>>www.troubleshootingnetworks.com
> >>>www.priscilla.com
> >>>
> To be safe I would set the switch port and the router
> 
> >>interface
> >>
> to
> 100/full or 10/full
> and there should be no issues then.
> 
> and yes, the fast ethernet in the 26XX/36XX routers are a
> better
> solution.
> >>

Re: Secondary IP Addresses [7:58498]

[Darren S. Crawford]

Secondarys will really hurt you in a DHCP environment.  The workstations on
the secondary subnet will get their DHCP request forwarded with a source
segment of the initial IP address on the interface.  This was good ammo for
me when I was in the same boat.

HTH

Darren

At 10:52 PM 12/3/2002 +, Edward Sohn wrote:
>Thanks to all for the responses to my VPN connections.
> I have pretty much verified it will work in an
>"active/failover" setting...
>
>Now, I have an issue where I need to convince my
>customer that it's better to subinterface a fast
>ethernet port into two separate VLANs rather than add
>secondary IP addressing on the router.
>
>Now, from my understanding I thought that secondary IP
>addressing is "traditionally" not recommended.  I
>thought I read somewhere that it creates instability
>for both networks and increases traffic.  Now, I'm not
>certain, so correct me if I'm wrong.
>
>Thanks,
>
>Ed
>
>__
>Do you Yahoo!?
>Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
>http://mailplus.yahoo.com
+
International Network Services
Darren S. Crawford - CCNP, CCDP, CISSP
Sr. Network Systems Consultant
Northwest Region - Sacramento Office
Voicemail (916) 859-5200 x310
Pager (800) 467-1467
mailto:[EMAIL PROTECTED]
+

Every Job is a Self-Portrait of the person Who Did
It...Autograph Your Work With EXCELLENCE!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58503&t=58498
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Dialer profiles and broadcast [7:58504]

[Brian McGahan]

John,

When using dialer profiles, dialer interfaces are
point-to-point, therefore there is no need for protocol mappings.  IP
broadcast should not have any trouble being sent across the interface.
Dialer maps are only used on dialer interface when using rotary groups.
Dialer profiles are for when you have a single physical interface, but
multiple destinations to dial.  Rotary groups are for when you have
multiple physical interfaces, but one destination to dial.


HTH

Brian McGahan, CCIE #8593
Director of Design and Implementation
[EMAIL PROTECTED]

CyscoExpert Corporation
Internetwork Consulting & Training
Voice: 847.674.3392
Fax: 847.674.2625


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf
Of
> John Tafasi
> Sent: Tuesday, December 03, 2002 5:09 PM
> To: Cisco Group Study; ccielab
> Subject: Dialer profiles and broadcast
> 
> I am using dialer profiles on r2 below and wants protocol broadcast
such
> as
> rip to be sent out accross the isdn link to r5. I tried to find the
> command
> that allows me to configure broadcast but dialer interfaces do not
accept
> the dialer map command. Does any body of you know?
> 
> 
> hostname r2
> !
> interface BRI0
>  no ip address
>  no ip directed-broadcast
>  encapsulation ppp
>  dialer pool-member 1
>  isdn spid1 0835866101
>  isdn spid2 0835866301
> !
> interface Dialer1
>  ip address 10.10.10.1 255.255.255.0
>  no ip directed-broadcast
>  encapsulation ppp
>  dialer remote-name r5
>  dialer string 8358662
>  dialer pool 1
>  dialer-group 1
>  pulse-time 0
>  ppp chap hostname r2




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58504&t=58504
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Collision [7:58389]

[Symon Thurlow]

Actually, I disagree with a comment made way down in this email!!!:

One fix to the problem is to increase the capacity.
>>>
>>By jumping
>>
>>>10-fold from 10 Mbps to 100 Mbps, the risk of collisions,
>>>
>>especially
>>
>>>excessive collisions, goes way down. Since each frame takes
>>>
>>1/10th the
>>
>>>amount of time to send, the odds that some other station is
>>>
>>sending when
>>
>>>another station transmits (or retransmits) go way down.
>>>

This may be true if the frame is 100Mb in size, but if it is a 1500 byte
frame, then surely there is no difference in the capability of a 10Mb or
100Mb Ethernet to pass the frame?

Symon


-Original Message-
From: Larry Letterman [mailto:[EMAIL PROTECTED]] 
Sent: 03 December 2002 23:02
To: [EMAIL PROTECTED]
Subject: Re: Collision [7:58389]


Not the last word, but you imply that the collisions are only due to 
capacity...
and I can have the wrong match on both ends and get plenty of collisions

with no
capacity issue.and I reserve the last word as always for you...where

have you been lately,
I have missed you   :)

Priscilla Oppenheimer wrote:

>Larry Letterman wrote:
>
>>set one end to 100 half and the other to 100 full and see what
>>happens:)
>>
>
>I mentioned the duplex mismatch problem too, but it has nothing to do 
>with his question or problem.
>
>The key to troubleshooting is to address the actual problem, not some 
>assumption you make about the problem.
>
>Thought you would have the last word, eh? :-)
>
>Priscilla
>
>>Priscilla Oppenheimer wrote:
>>
>>>Larry Letterman wrote:
>>>
Most likely the previous 10/half interface on the switch and the 
router were not
linked at the same speed/duplex or the other router had an
issue with
the setting.

>>>No, the switch and router were set to the same thing, which
>>>
>>was 10 Mbps half
>>
>>>duplex, if you read his messages. He was using a 2500 router.
>>>
>>Those routers
>>
>>>predate the full duplex standard. In fact they may predate 100
>>>
>>Mbps also. He
>>
>>>had no choice but to upgrade the router, which he did.
>>>
>>>He was seeing lots of collisions, including excessive
>>>
>>collisions where the
>>
>>>frame got dropped because even after 15 retries it encountered
>>>
>>a collision.
>>
>>>Collisions are normal in shared (half-duplex) Ehternet, but
>>>
>>excessive
>>
>>>collisions are not. Collisions are caused by the stations on
>>>
>>the shared link
>>
>>>simultaneously sending. Excessive collisions are due to a
>>>
>>shortage of
>>
>>>capacity. One fix to the problem is to increase the capacity.
>>>
>>By jumping
>>
>>>10-fold from 10 Mbps to 100 Mbps, the risk of collisions,
>>>
>>especially
>>
>>>excessive collisions, goes way down. Since each frame takes
>>>
>>1/10th the
>>
>>>amount of time to send, the odds that some other station is
>>>
>>sending when
>>
>>>another station transmits (or retransmits) go way down.
>>>
>>>Increasing capacity used to be the only way we could upgrade
>>>
>>an Ethernet
>>
>>>network. Then the full-duplex standard came about. It can only
>>>
>>be used on a
>>
>>>point-to-point link where each side has its own dedicated
>>>
>>transmit path. In
>>
>>>other words, it's no longer shared Ethernet. There's no need
>>>
>>to sense
>>
>>>carrier to see if anyone else is sending, because there isn't
>>>
>>anyone else.
>>
>>>It's not multiple access. Receiving while you're sening is
>>>
>>legitimate, so
>>
>>>there's no need to check for collisions. It's no longer
>>>
>>CSMA/CD. Of course
>>
>>>the collision rate goes down. Collisions really have no
>>>
>>meaning in this
>>
>>>environment. If there are collisions, then there's probably a
>>>
>>duplex mismatch.
>>
>>>So, anyway, he improved matters in two ways: upgrading the
>>>
>>capacity and
>>
>>>moving to full duplex.
>>>
>>>I just wanted to add this theory discussion. It's not right to
>>>
>>say (as
>>
>>>someone else did) that collisions are "caused by" a
>>>
>>half-duplex setting.
>>
>>>Collisions are caused by two stations sending at once, which
>>>
>>tends to happen
>>
>>>more and more frequently when there's not enough  capacity to
>>>
>>support the
>>
>>>sending behavior of the nodes on the shared network. To fix
>>>
>>the problem, you
>>
>>>can increase capacity or you can make the network not shared
>>>
>>by connecting
>>
>>>just two devices and using full duplex.
>>>
>>>___
>>>
>>>Priscilla Oppenheimer
>>>www.troubleshootingnetworks.com
>>>www.priscilla.com
>>>
To be safe I would set the switch port and the router

>>interface
>>
to
100/full or 10/full
and there should be no issues then.

and yes, the fast ethernet in the 26XX/36XX routers are a better
solution.

Larry Letterman
Cisco IT-LAN , San Jose

Cliff Cliff wrote:

>Today, We are put 3660 router to their end, having
>
Fastethernet card, and

>connected to their switch.
>
>They change their switch port

Re: Enterprise technologies [7:58493]

[dre]

""Priscilla Oppenheimer""  wrote
> I may be starting a new project doing some writing about
> technologies used in enterprise networks. (read not service
> provider)
>
> Do I need to cover IS-IS? Or is it mainly ISPs that use this?

I've never seen IS-IS in Enterprise networks, only ISP
backbones and CODCN's (Central Office Data
Communications Networks) that implement OSI stacks on
network elements.  The primary reason I've heard (I'm an
IS-IS fan working in the Enterprise), that also happens to
be a sort of compelling argument - is that OSPF and
EIGRP work better through firewalls.  I believe that IS-IS
is significantly less complex than OSPF or EIGRP, and
therefore, easier to train/learn, implement, manage, etc.

> How about MPLS? I should discuss it briefly, but aren't
> the main users of MPLS ISPs, not enterprise networks?

I've only seen MPLS in ISP networks, but could be used
in Enterprise, especially simple VRF concepts (from
MPLS VPN's).  I could see many reasons that Enterprises
could use even static route VRF's for various useful purposes
on occasion, but even that is a rarity.  Of course, I'm also of
the opinion that MPLS doesn't really belong in SP networks
either - so YMMV.  MPLS-TE is still being argued among
the SP network guru's.  MPLS FRR (Fast Re-Route) is an
important network protection and resliency technology and
should be researched, tested, and implemented when the
need arises for it (including for Enterprises).

> Anyone using GARP? That's on my list to research too.

GARP, as in Multicast?  Many Enterprises are using
Multicast, but their use can vary depending on the
company (could be for reliable multicast like TIBCO, or
could be for live broadcasting sending/receiving, or
research, or many other technical/business reasons).
Understanding the basics is good, but it's hard to cover
all the advanced topics in IP Multicast because it's such
a point application as it is already.

> Alas, I have a lot to learn. Thank-you VERY much
> for answering these quick questions.

You will probably want to look at this from a specific industry
perspective, i.e.:

High-Tech Manufacturing / Hardware/Software Engineering
Pharmaceuticals
Automotive, Consumer Goods
Government / Political / Federal vs. State/County/City
Defense / Military / Aerospace
Education
Banking / Securities / Financials / Real-Estate
Insurance Companies
Entertainment
Retail
Health Care
Hospitality / Transportation
Energy

Certain companies have totally different needs technology-wise...
in particular, some business build networks without latency in mind
because they are a state-wide organization, or even a city-wide
organization.  Some companies have networks that span the globe,
and some have the same type of need in a mission-critical way.
There are many technologies that apply to certain companies and
not others.

For any large Enterprise that relies on IT to be mission-critical,
figure that the cost of IT downtime is significant (Meta Group
2001 report shows $1.5M per hour of downtime).  IT relies on
the Internet for growth and technology.  Data centers, especially
Internet data centers are the key point to any IT infrastructure.
The primary technologies in these environments are rapidly
shifting.  Many organizations are now required to, or at the very
least are planning to, add more than one primary data center for
100%, near-instantaneous continuous operation / disaster
recovery.  You will see this in the High-Tech industry because
of maturity, and you will see it in the Government/Defense
industries because of things like the Homeland Security Act
(signed November 25th, 2002).  The same Meta group report
shows that 70-75% of mid- to top-tier applications will be
distribued across at least two data centers by 2003.  I got this
information from:
http://www.cisco.com/global/EMEA/networkers/presentations/NSC-284_Reiner_Dre
sbach.pdf.gz

Because of the need for distributed data centers, technologies
such as:

BGP-4 (and therefore IP address management/globalization,
 as well as Peering and Carrier-Neutral co-location)
Content Networking (RHI, E-CDN, DNS/HTTP-routing)
Optical Networking (DWDM, Optical Ethernet, RSTP)
Virtual Private Networking (to include Site-to-Site VPN,
 Remote Access User VPN - both over the Internet and on
 private networks, as well as CE MPLS VPN)
Security (I see this more as host security, then network
 security, but YMMV)

will become increasingly important for Enterprises.  More
importantly, they will want to increase availability and
performance of 3-tier applications (front-ends, application
servers, and database servers), while also making them
global and distributed.  This will have a very serious impact
on the networking technologies and industry best practice
methods.

Also big for Enterprises will be technologies that represent
significant ROI with quick and easy Break-Even points, etc.

i.e.:
IP Telephony (SIP, Unified Messaging, CallManger, Unity)
Network Management / OSS / Automation

3-Tier 

Re: Secondary IP Addresses [7:58498]

[p b]

Actually using secondaries and DHCP should be a non issue with
any reasonable DHCP server platform.   As you mention, in many
versions of IOS the interface's primary IP address is used
as the DHCP giaddr.  If an interface has multiple secondaries,
one just needs to configure the DHCP server to be aware that
there are multiple scopes associated with the giaddr.  

The use of secondaries and the DHCP server logic to understand
what scopes are associated with an interface is a useful feature
when one might need to renumber users from one subnet to another.
Or if one runs out of IP addresses on an existing subnet, one
can simply add on a secondary subnet onto the interface and DHCP
server without causing everyone to be renumbered.


Darren S. Crawford wrote:
> 
> Secondarys will really hurt you in a DHCP environment.  The
> workstations on
> the secondary subnet will get their DHCP request forwarded with
> a source
> segment of the initial IP address on the interface.  This was
> good ammo for
> me when I was in the same boat.
> 
> HTH
> 
> Darren
> 
> At 10:52 PM 12/3/2002 +, Edward Sohn wrote:
> >Thanks to all for the responses to my VPN connections.
> > I have pretty much verified it will work in an
> >"active/failover" setting...
> >
> >Now, I have an issue where I need to convince my
> >customer that it's better to subinterface a fast
> >ethernet port into two separate VLANs rather than add
> >secondary IP addressing on the router.
> >
> >Now, from my understanding I thought that secondary IP
> >addressing is "traditionally" not recommended.  I
> >thought I read somewhere that it creates instability
> >for both networks and increases traffic.  Now, I'm not
> >certain, so correct me if I'm wrong.
> >
> >Thanks,
> >
> >Ed
> >
> >__
> >Do you Yahoo!?
> >Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> >http://mailplus.yahoo.com
> +
> International Network Services
> Darren S. Crawford - CCNP, CCDP, CISSP
> Sr. Network Systems Consultant
> Northwest Region - Sacramento Office
> Voicemail (916) 859-5200 x310
> Pager (800) 467-1467
> mailto:[EMAIL PROTECTED]
> +
> 
> Every Job is a Self-Portrait of the person Who Did
> It...Autograph Your Work With EXCELLENCE!
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58507&t=58498
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE LAB Preparation - Anyone on same path!! [7:58433]

[unload]

""kaushik khakhar""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello @,
>
> I have started preparing for my CCIE LAB again (2nd try in Feb). Now the
> LAB is changed with new additonal switch 3550 and so on.
>
> Anyone who is in the same direction, can get in touch to get and share
> views/inputs.
>
> Regards,
>
> Kaushik Khakhar A
>
> 
>
> MSN 8 with e-mail virus protection service: 2 months FREE*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58508&t=58433
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Visio Stencil for Cisco [7:58509]

[Steiven Poh-\(Jaring MailBox\)]

Dear All,

I can't remember where the url to download the Cisco Visio Stencil that I
have
done before,
can anyone please recall and let me know, Thanks in advance   :)

Rgds,
Steiven




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58509&t=58509
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OSPF forwarding address and route servers [7:58510]

[p b]

Reading (yawn) RFC 2328 and there's mention of two uses of the
forwarding address in external LSAs (section 2.3).  The 
second use is where one makes an OSPF router a route server and
it generates external LSAs with the forwarding address in each
LSA set to the proper AS exit point IP.  I guess the route server
could specify multiple exit points for the same external network
via a multiple respective LSAs and each router in the AS would
compute it's path to the nearest exit point.

Does anyone actually configure OSPF in this fashion?  

Thanks



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58510&t=58510
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Enterprise technologies [7:58493]

[Priscilla Oppenheimer]

Thanks so much dre! 

Regarding GARP, someone said I had to cover it, but didn't explain why or
even what it is. It seems to mean more than one thing:

Generic Attribute Registration Protocol 
and
Group Address Resolution Protocol

I'm assuming they meant the second one and that the second GARP is somewhat
of a replacement for IGMP snooping and CGMP? But I'm still trying to figure
it out.

Your comments are very helpful.

Priscilla

dre wrote:
> 
> ""Priscilla Oppenheimer""  wrote
> > I may be starting a new project doing some writing about
> > technologies used in enterprise networks. (read not service
> > provider)
> >
> > Do I need to cover IS-IS? Or is it mainly ISPs that use this?
> 
> I've never seen IS-IS in Enterprise networks, only ISP
> backbones and CODCN's (Central Office Data
> Communications Networks) that implement OSI stacks on
> network elements.  The primary reason I've heard (I'm an
> IS-IS fan working in the Enterprise), that also happens to
> be a sort of compelling argument - is that OSPF and
> EIGRP work better through firewalls.  I believe that IS-IS
> is significantly less complex than OSPF or EIGRP, and
> therefore, easier to train/learn, implement, manage, etc.
> 
> > How about MPLS? I should discuss it briefly, but aren't
> > the main users of MPLS ISPs, not enterprise networks?
> 
> I've only seen MPLS in ISP networks, but could be used
> in Enterprise, especially simple VRF concepts (from
> MPLS VPN's).  I could see many reasons that Enterprises
> could use even static route VRF's for various useful purposes
> on occasion, but even that is a rarity.  Of course, I'm also of
> the opinion that MPLS doesn't really belong in SP networks
> either - so YMMV.  MPLS-TE is still being argued among
> the SP network guru's.  MPLS FRR (Fast Re-Route) is an
> important network protection and resliency technology and
> should be researched, tested, and implemented when the
> need arises for it (including for Enterprises).
> 
> > Anyone using GARP? That's on my list to research too.
> 
> GARP, as in Multicast?  Many Enterprises are using
> Multicast, but their use can vary depending on the
> company (could be for reliable multicast like TIBCO, or
> could be for live broadcasting sending/receiving, or
> research, or many other technical/business reasons).
> Understanding the basics is good, but it's hard to cover
> all the advanced topics in IP Multicast because it's such
> a point application as it is already.
> 
> > Alas, I have a lot to learn. Thank-you VERY much
> > for answering these quick questions.
> 
> You will probably want to look at this from a specific industry
> perspective, i.e.:
> 
> High-Tech Manufacturing / Hardware/Software Engineering
> Pharmaceuticals
> Automotive, Consumer Goods
> Government / Political / Federal vs. State/County/City
> Defense / Military / Aerospace
> Education
> Banking / Securities / Financials / Real-Estate
> Insurance Companies
> Entertainment
> Retail
> Health Care
> Hospitality / Transportation
> Energy
> 
> Certain companies have totally different needs
> technology-wise...
> in particular, some business build networks without latency in
> mind
> because they are a state-wide organization, or even a city-wide
> organization.  Some companies have networks that span the globe,
> and some have the same type of need in a mission-critical way.
> There are many technologies that apply to certain companies and
> not others.
> 
> For any large Enterprise that relies on IT to be
> mission-critical,
> figure that the cost of IT downtime is significant (Meta Group
> 2001 report shows $1.5M per hour of downtime).  IT relies on
> the Internet for growth and technology.  Data centers,
> especially
> Internet data centers are the key point to any IT
> infrastructure.
> The primary technologies in these environments are rapidly
> shifting.  Many organizations are now required to, or at the
> very
> least are planning to, add more than one primary data center for
> 100%, near-instantaneous continuous operation / disaster
> recovery.  You will see this in the High-Tech industry because
> of maturity, and you will see it in the Government/Defense
> industries because of things like the Homeland Security Act
> (signed November 25th, 2002).  The same Meta group report
> shows that 70-75% of mid- to top-tier applications will be
> distribued across at least two data centers by 2003.  I got this
> information from:
>
http://www.cisco.com/global/EMEA/networkers/presentations/NSC-284_Reiner_Dre
> sbach.pdf.gz
> 
> Because of the need for distributed data centers, technologies
> such as:
> 
> BGP-4 (and therefore IP address management/globalization,
>  as well as Peering and Carrier-Neutral co-location)
> Content Networking (RHI, E-CDN, DNS/HTTP-routing)
> Optical Networking (DWDM, Optical Ethernet, RSTP)
> Virtual Private Networking (to include Site-to-Site VPN,
>  Remote Access User VPN - both over the Internet and on
>  private networks, as well as CE MPLS VPN)
> Secur

RE: MRTG related [7:58497]

[Kevin Stone]

Check that MRTG is still connecting to the router.  If MRTG loses
connectivity it will continue to use the last number it had.  If this
was during a peak it would look like the utilization had jumped up.  It
could also simply be increased usage.

-Kevin


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On 
> Behalf Of puro prasad
> Sent: Tuesday, December 03, 2002 5:50 PM
> To: [EMAIL PROTECTED]
> Subject: MRTG related [7:58497]
> 
> 
> I am running mrtg to monitor one of my ethernet ports on the 
> router. Since a few days, the utilization shown has raised 
> 4fold though no major changes have been carried out on the 
> intranet. Anybody aware of any such problem. regs., prasad.
> Report misconduct 
> and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58512&t=58497
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Secondary IP Addresses [7:58498]

[Priscilla Oppenheimer]

p b wrote:
> 
> 
> Actually using secondaries and DHCP should be a non issue with
> any reasonable DHCP server platform.   As you mention, in many
> versions of IOS the interface's primary IP address is used
> as the DHCP giaddr.  If an interface has multiple secondaries,
> one just needs to configure the DHCP server to be aware that
> there are multiple scopes associated with the giaddr.

But how does the server know which scope to use for the incoming requests
when they all have the same giaddr?

Priscilla
  
> 
> The use of secondaries and the DHCP server logic to understand
> what scopes are associated with an interface is a useful feature
> when one might need to renumber users from one subnet to
> another.
> Or if one runs out of IP addresses on an existing subnet, one
> can simply add on a secondary subnet onto the interface and DHCP
> server without causing everyone to be renumbered.
> 
> 
> Darren S. Crawford wrote:
> > 
> > Secondarys will really hurt you in a DHCP environment.  The
> > workstations on
> > the secondary subnet will get their DHCP request forwarded
> with
> > a source
> > segment of the initial IP address on the interface.  This was
> > good ammo for
> > me when I was in the same boat.
> > 
> > HTH
> > 
> > Darren
> > 
> > At 10:52 PM 12/3/2002 +, Edward Sohn wrote:
> > >Thanks to all for the responses to my VPN connections.
> > > I have pretty much verified it will work in an
> > >"active/failover" setting...
> > >
> > >Now, I have an issue where I need to convince my
> > >customer that it's better to subinterface a fast
> > >ethernet port into two separate VLANs rather than add
> > >secondary IP addressing on the router.
> > >
> > >Now, from my understanding I thought that secondary IP
> > >addressing is "traditionally" not recommended.  I
> > >thought I read somewhere that it creates instability
> > >for both networks and increases traffic.  Now, I'm not
> > >certain, so correct me if I'm wrong.
> > >
> > >Thanks,
> > >
> > >Ed
> > >
> > >__
> > >Do you Yahoo!?
> > >Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> > >http://mailplus.yahoo.com
> > +
> > International Network Services
> > Darren S. Crawford - CCNP, CCDP, CISSP
> > Sr. Network Systems Consultant
> > Northwest Region - Sacramento Office
> > Voicemail (916) 859-5200 x310
> > Pager (800) 467-1467
> > mailto:[EMAIL PROTECTED]
> > +
> > 
> > Every Job is a Self-Portrait of the person Who Did
> > It...Autograph Your Work With EXCELLENCE!
> > 
> > 
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58513&t=58498
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Secondary IP Addresses [7:58498]

[Roberts, Larry]

How do you handle when the DHCP server is on the same subnet as the FE with
multiple sub-interfaces ?
The router never even gets to touch the packet and therefore the Server
doesn't know to assign IP's from the secondary scope. Or at least that has
been my experience.

Im not going to touch the reasonable DHCP server platform statement. That
sounds like an MS bashing in the waiting :)



-Original Message-
From: p b [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 03, 2002 7:22 PM
To: [EMAIL PROTECTED]
Subject: Re: Secondary IP Addresses [7:58498]


Actually using secondaries and DHCP should be a non issue with
any reasonable DHCP server platform.   As you mention, in many
versions of IOS the interface's primary IP address is used
as the DHCP giaddr.  If an interface has multiple secondaries, one just
needs to configure the DHCP server to be aware that there are multiple
scopes associated with the giaddr.  

The use of secondaries and the DHCP server logic to understand what scopes
are associated with an interface is a useful feature when one might need to
renumber users from one subnet to another. Or if one runs out of IP
addresses on an existing subnet, one can simply add on a secondary subnet
onto the interface and DHCP server without causing everyone to be
renumbered.


Darren S. Crawford wrote:
> 
> Secondarys will really hurt you in a DHCP environment.  The 
> workstations on the secondary subnet will get their DHCP request 
> forwarded with a source
> segment of the initial IP address on the interface.  This was
> good ammo for
> me when I was in the same boat.
> 
> HTH
> 
> Darren
> 
> At 10:52 PM 12/3/2002 +, Edward Sohn wrote:
> >Thanks to all for the responses to my VPN connections.
> > I have pretty much verified it will work in an "active/failover" 
> >setting...
> >
> >Now, I have an issue where I need to convince my
> >customer that it's better to subinterface a fast
> >ethernet port into two separate VLANs rather than add secondary IP 
> >addressing on the router.
> >
> >Now, from my understanding I thought that secondary IP addressing is 
> >"traditionally" not recommended.  I thought I read somewhere that it 
> >creates instability for both networks and increases traffic.  Now, 
> >I'm not certain, so correct me if I'm wrong.
> >
> >Thanks,
> >
> >Ed
> >
> >__
> >Do you Yahoo!?
> >Yahoo! Mail Plus - Powerful. Affordable. Sign up now. 
> >http://mailplus.yahoo.com
> +
> International Network Services
> Darren S. Crawford - CCNP, CCDP, CISSP
> Sr. Network Systems Consultant
> Northwest Region - Sacramento Office
> Voicemail (916) 859-5200 x310
> Pager (800) 467-1467
> mailto:[EMAIL PROTECTED]
> +
> 
> Every Job is a Self-Portrait of the person Who Did It...Autograph Your 
> Work With EXCELLENCE!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58514&t=58498
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

NTP: Synchronization problem [7:58515]

[John Tafasi]

Hi group,

I have r2 (ntp server) and r5 (ntp client) exchnaging (or supposed to) ntp
information accross an isdn link. r2 is configured to broadcast ntp packets
via its bri0 interface and is doing so sucessfully. r5 is receiving the ntp
packets but the "debug ntp packets" on r5 does not produce any output. I can
see the packets arriving at r5 from the output of the "debug ip packet" on
r5. r5 stil not synchronized. what is the problem?How ntp broadcast should
be configured for this to be successfull? Has any one tried this on an
ethernet segment? I have a feeling that ntp broadcast will not work on an
isdn link

I have included the following snippet from both routers' configuration. Also
bear in mind that I am connected to both routers through the console. Thank
you for any comment

hostname r2-2516
!
interface BRI0
 no ip address
 no ip directed-broadcast
 encapsulation ppp
 dialer pool-member 1
 isdn spid1 0835866101
 isdn spid2 0835866301
!
interface Dialer1
 ip address 10.10.10.1 255.255.255.0
 no ip directed-broadcast
 encapsulation ppp
 dialer remote-name r5
 dialer idle-timeout 2147483
 dialer string 8358662
 dialer pool 1
 dialer-group 1
 ntp broadcast
 pulse-time 0
 ppp chap hostname r2
!
!
ntp clock-period 17179826
ntp master
end

r2-2516#show ntp status
Clock is synchronized, stratum 8, reference is 127.127.7.1
nominal freq is 250. Hz, actual freq is 250.0006 Hz, precision is 2**19
reference time is C197833E.E008EAFC (19:23:42.875 UTC Tue Dec 3 2002)
clock offset is 0. msec, root delay is 0.00 msec
root dispersion is 0.02 msec, peer dispersion is 0.02 msec

r2-2516#show ntp associations

  address ref clock st  when  poll reach  delay  offset
disp
*~127.127.7.1  127.127.7.1   75564  377 0.00.00
0.0
 * master (synced), # master (unsynced), + selected, - candidate, ~
configured
r2-2516#

==

hostname R5-2503
!
interface BRI0
 ip address 10.10.10.2 255.255.255.0
 encapsulation ppp
 dialer idle-timeout 2147483
 dialer map ip 10.10.10.1 name r2 broadcast 8358661
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 0835866201
 isdn spid2 0835866401
 cdapi buffers regular 0
 cdapi buffers raw 0
 cdapi buffers large 0
 ppp authentication chap
 ppp chap hostname r5
 ppp multilink
!
ntp clock-period 17179601
end

R5-2503#show ntp stat
Clock is unsynchronized, stratum 16, no reference clock
nominal freq is 250. Hz, actual freq is 250.0039 Hz, precision is 2**19
reference time is AF3BF1EE.0D8B939B (02:22:38.052 UTC Mon Mar 1 1993)
clock offset is 0. msec, root delay is 0.00 msec
root dispersion is 0.02 msec, peer dispersion is 0.02 msec
R5-2503#

R5-2503#show ntp associ

  address ref clock st  when  poll reach  delay  offset
disp
 * master (synced), # master (unsynced), + selected, - candidate, ~
configured
R5-2503#




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58515&t=58515
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Visio Stencil for Cisco [7:58509]

[NetEng]

""Steiven Poh-(Jaring MailBox)""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Dear All,
>
> I can't remember where the url to download the Cisco Visio Stencil that I
> have
> done before,
> can anyone please recall and let me know, Thanks in advance   :)
>
> Rgds,
> Steiven




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58516&t=58509
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Visio Stencil for Cisco [7:58509]

[tu do]

I found a set of them.
http://www.cisco.com/warp/public/503/2.html 
cheer,
Tu Do



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58517&t=58509
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Synchronization problem [7:58515]

[rcblock]

Looks like you are missing "ntp server  ip address" global config command on
r5. That's why there are not any associations on r5.


""John Tafasi""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi group,
>
> I have r2 (ntp server) and r5 (ntp client) exchnaging (or supposed to) ntp
> information accross an isdn link. r2 is configured to broadcast ntp packets
> via its bri0 interface and is doing so sucessfully. r5 is receiving the ntp
> packets but the "debug ntp packets" on r5 does not produce any output. I
can
> see the packets arriving at r5 from the output of the "debug ip packet" on
> r5. r5 stil not synchronized. what is the problem?How ntp broadcast should
> be configured for this to be successfull? Has any one tried this on an
> ethernet segment? I have a feeling that ntp broadcast will not work on an
> isdn link
>
> I have included the following snippet from both routers' configuration.
Also
> bear in mind that I am connected to both routers through the console. Thank
> you for any comment
>
> hostname r2-2516
> !
> interface BRI0
>  no ip address
>  no ip directed-broadcast
>  encapsulation ppp
>  dialer pool-member 1
>  isdn spid1 0835866101
>  isdn spid2 0835866301
> !
> interface Dialer1
>  ip address 10.10.10.1 255.255.255.0
>  no ip directed-broadcast
>  encapsulation ppp
>  dialer remote-name r5
>  dialer idle-timeout 2147483
>  dialer string 8358662
>  dialer pool 1
>  dialer-group 1
>  ntp broadcast
>  pulse-time 0
>  ppp chap hostname r2
> !
> !
> ntp clock-period 17179826
> ntp master
> end
>
> r2-2516#show ntp status
> Clock is synchronized, stratum 8, reference is 127.127.7.1
> nominal freq is 250. Hz, actual freq is 250.0006 Hz, precision is 2**19
> reference time is C197833E.E008EAFC (19:23:42.875 UTC Tue Dec 3 2002)
> clock offset is 0. msec, root delay is 0.00 msec
> root dispersion is 0.02 msec, peer dispersion is 0.02 msec
>
> r2-2516#show ntp associations
>
>   address ref clock st  when  poll reach  delay  offset
> disp
> *~127.127.7.1  127.127.7.1   75564  377 0.00.00
> 0.0
>  * master (synced), # master (unsynced), + selected, - candidate, ~
> configured
> r2-2516#
>
> ==
>
> hostname R5-2503
> !
> interface BRI0
>  ip address 10.10.10.2 255.255.255.0
>  encapsulation ppp
>  dialer idle-timeout 2147483
>  dialer map ip 10.10.10.1 name r2 broadcast 8358661
>  dialer-group 1
>  isdn switch-type basic-ni
>  isdn spid1 0835866201
>  isdn spid2 0835866401
>  cdapi buffers regular 0
>  cdapi buffers raw 0
>  cdapi buffers large 0
>  ppp authentication chap
>  ppp chap hostname r5
>  ppp multilink
> !
> ntp clock-period 17179601
> end
>
> R5-2503#show ntp stat
> Clock is unsynchronized, stratum 16, no reference clock
> nominal freq is 250. Hz, actual freq is 250.0039 Hz, precision is 2**19
> reference time is AF3BF1EE.0D8B939B (02:22:38.052 UTC Mon Mar 1 1993)
> clock offset is 0. msec, root delay is 0.00 msec
> root dispersion is 0.02 msec, peer dispersion is 0.02 msec
> R5-2503#
>
> R5-2503#show ntp associ
>
>   address ref clock st  when  poll reach  delay  offset
> disp
>  * master (synced), # master (unsynced), + selected, - candidate, ~
> configured
> R5-2503#




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58518&t=58515
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Collision [7:58389]

[Priscilla Oppenheimer]

Sending a frame of any size on 100 Mbps requires a node to use the medium
for 1/10 the time it would use it on 10 Mbps. This reduces contention for
the medium.

Whether this reduces collisions depends on the sending patterns of the
nodes. They could all send at the same time anyway, but that doesn't tend to
happen. The frames arrive randomly on most Ethernets. If there's more time
between frames, due to the shorter duration of transmissions, it's more
likely that two senders will be able to send when they want and without
encountering a collision. Although this isn't necessarily true, it is what
tends to happen.

Remember that this entire discussion started because his provider suggested
he move to 100 Mbps to reduce the excessive collisions. That's good, classic
advice. Using full-duplex is also good advice since it's a point-to-point
link. He is doing both now. The problem is solved.

I just didn't want us to forget what a collision really means and act like
it's just a configuration mistake.

Priscilla

Symon Thurlow wrote:
> 
> Actually, I disagree with a comment made way down in this
> email!!!:
> 
> One fix to the problem is to increase the capacity.
> >>>
> >>By jumping
> >>
> >>>10-fold from 10 Mbps to 100 Mbps, the risk of collisions,
> >>>
> >>especially
> >>
> >>>excessive collisions, goes way down. Since each frame takes
> >>>
> >>1/10th the
> >>
> >>>amount of time to send, the odds that some other station is
> >>>
> >>sending when
> >>
> >>>another station transmits (or retransmits) go way down.
> >>>
> 
> This may be true if the frame is 100Mb in size, but if it is a
> 1500 byte
> frame, then surely there is no difference in the capability of
> a 10Mb or
> 100Mb Ethernet to pass the frame?
> 
> Symon
> 
> 
> -Original Message-
> From: Larry Letterman [mailto:[EMAIL PROTECTED]] 
> Sent: 03 December 2002 23:02
> To: [EMAIL PROTECTED]
> Subject: Re: Collision [7:58389]
> 
> 
> Not the last word, but you imply that the collisions are only
> due to
> capacity...
> and I can have the wrong match on both ends and get plenty of
> collisions
> 
> with no
> capacity issue.and I reserve the last word as always for
> you...where
> 
> have you been lately,
> I have missed you   :)
> 
> Priscilla Oppenheimer wrote:
> 
> >Larry Letterman wrote:
> >
> >>set one end to 100 half and the other to 100 full and see what
> >>happens:)
> >>
> >
> >I mentioned the duplex mismatch problem too, but it has
> nothing to do
> >with his question or problem.
> >
> >The key to troubleshooting is to address the actual problem,
> not some
> >assumption you make about the problem.
> >
> >Thought you would have the last word, eh? :-)
> >
> >Priscilla
> >
> >>Priscilla Oppenheimer wrote:
> >>
> >>>Larry Letterman wrote:
> >>>
> Most likely the previous 10/half interface on the switch
> and the
> router were not
> linked at the same speed/duplex or the other router had an
> issue with
> the setting.
> 
> >>>No, the switch and router were set to the same thing, which
> >>>
> >>was 10 Mbps half
> >>
> >>>duplex, if you read his messages. He was using a 2500 router.
> >>>
> >>Those routers
> >>
> >>>predate the full duplex standard. In fact they may predate
> 100
> >>>
> >>Mbps also. He
> >>
> >>>had no choice but to upgrade the router, which he did.
> >>>
> >>>He was seeing lots of collisions, including excessive
> >>>
> >>collisions where the
> >>
> >>>frame got dropped because even after 15 retries it
> encountered
> >>>
> >>a collision.
> >>
> >>>Collisions are normal in shared (half-duplex) Ehternet, but
> >>>
> >>excessive
> >>
> >>>collisions are not. Collisions are caused by the stations on
> >>>
> >>the shared link
> >>
> >>>simultaneously sending. Excessive collisions are due to a
> >>>
> >>shortage of
> >>
> >>>capacity. One fix to the problem is to increase the capacity.
> >>>
> >>By jumping
> >>
> >>>10-fold from 10 Mbps to 100 Mbps, the risk of collisions,
> >>>
> >>especially
> >>
> >>>excessive collisions, goes way down. Since each frame takes
> >>>
> >>1/10th the
> >>
> >>>amount of time to send, the odds that some other station is
> >>>
> >>sending when
> >>
> >>>another station transmits (or retransmits) go way down.
> >>>
> >>>Increasing capacity used to be the only way we could upgrade
> >>>
> >>an Ethernet
> >>
> >>>network. Then the full-duplex standard came about. It can
> only
> >>>
> >>be used on a
> >>
> >>>point-to-point link where each side has its own dedicated
> >>>
> >>transmit path. In
> >>
> >>>other words, it's no longer shared Ethernet. There's no need
> >>>
> >>to sense
> >>
> >>>carrier to see if anyone else is sending, because there isn't
> >>>
> >>anyone else.
> >>
> >>>It's not multiple access. Receiving while you're sening is
> >>>
> >>legitimate, so
> >>
> >>>there's no need to check for collisions. It's no longer
> >>>
> >>CSMA/CD. Of course
> >>
> >>>the collision rate goes down. Collisions really have no
> >>>
> >>meaning in this
> >>
> >>>env

Re: Regarding Router rental business? [7:58422]

[Tom Lisa]

dey shore r et r cologe!

Prof. Tom Lisa, CCAI
Community College of Southern Nevada
Cisco ATC/Regional Networking Academy
"Cunctando restituit rem"
 
 

"B.J. Wilson" wrote:

  > Guys, the spelling is getting terrible. Even painful to read.

  Agreed.  The three R's are *not* "readin', routin', and 'rithmetic."
  ;-)

  BJ
  [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58520&t=58422
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

NAT over virtual template [7:58521]

[pauldongso]

Hi,

Is it valid to configure virtual template as the NAT inside source?
Thanks

Paul




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58521&t=58521
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Synchronization problem [7:58515]

[John Tafasi]

I am expecting that r5 will synchronize to the broadcast heared from r2.
That is why I did not configure the command "ntp server".

""rcblock""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Looks like you are missing "ntp server  ip address" global config command
on
> r5. That's why there are not any associations on r5.
>
>
> ""John Tafasi""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi group,
> >
> > I have r2 (ntp server) and r5 (ntp client) exchnaging (or supposed to)
ntp
> > information accross an isdn link. r2 is configured to broadcast ntp
packets
> > via its bri0 interface and is doing so sucessfully. r5 is receiving the
ntp
> > packets but the "debug ntp packets" on r5 does not produce any output. I
> can
> > see the packets arriving at r5 from the output of the "debug ip packet"
on
> > r5. r5 stil not synchronized. what is the problem?How ntp broadcast
should
> > be configured for this to be successfull? Has any one tried this on an
> > ethernet segment? I have a feeling that ntp broadcast will not work on
an
> > isdn link
> >
> > I have included the following snippet from both routers' configuration.
> Also
> > bear in mind that I am connected to both routers through the console.
Thank
> > you for any comment
> >
> > hostname r2-2516
> > !
> > interface BRI0
> >  no ip address
> >  no ip directed-broadcast
> >  encapsulation ppp
> >  dialer pool-member 1
> >  isdn spid1 0835866101
> >  isdn spid2 0835866301
> > !
> > interface Dialer1
> >  ip address 10.10.10.1 255.255.255.0
> >  no ip directed-broadcast
> >  encapsulation ppp
> >  dialer remote-name r5
> >  dialer idle-timeout 2147483
> >  dialer string 8358662
> >  dialer pool 1
> >  dialer-group 1
> >  ntp broadcast
> >  pulse-time 0
> >  ppp chap hostname r2
> > !
> > !
> > ntp clock-period 17179826
> > ntp master
> > end
> >
> > r2-2516#show ntp status
> > Clock is synchronized, stratum 8, reference is 127.127.7.1
> > nominal freq is 250. Hz, actual freq is 250.0006 Hz, precision is
2**19
> > reference time is C197833E.E008EAFC (19:23:42.875 UTC Tue Dec 3 2002)
> > clock offset is 0. msec, root delay is 0.00 msec
> > root dispersion is 0.02 msec, peer dispersion is 0.02 msec
> >
> > r2-2516#show ntp associations
> >
> >   address ref clock st  when  poll reach  delay  offset
> > disp
> > *~127.127.7.1  127.127.7.1   75564  377 0.00.00
> > 0.0
> >  * master (synced), # master (unsynced), + selected, - candidate, ~
> > configured
> > r2-2516#
> >
> > ==
> >
> > hostname R5-2503
> > !
> > interface BRI0
> >  ip address 10.10.10.2 255.255.255.0
> >  encapsulation ppp
> >  dialer idle-timeout 2147483
> >  dialer map ip 10.10.10.1 name r2 broadcast 8358661
> >  dialer-group 1
> >  isdn switch-type basic-ni
> >  isdn spid1 0835866201
> >  isdn spid2 0835866401
> >  cdapi buffers regular 0
> >  cdapi buffers raw 0
> >  cdapi buffers large 0
> >  ppp authentication chap
> >  ppp chap hostname r5
> >  ppp multilink
> > !
> > ntp clock-period 17179601
> > end
> >
> > R5-2503#show ntp stat
> > Clock is unsynchronized, stratum 16, no reference clock
> > nominal freq is 250. Hz, actual freq is 250.0039 Hz, precision is
2**19
> > reference time is AF3BF1EE.0D8B939B (02:22:38.052 UTC Mon Mar 1 1993)
> > clock offset is 0. msec, root delay is 0.00 msec
> > root dispersion is 0.02 msec, peer dispersion is 0.02 msec
> > R5-2503#
> >
> > R5-2503#show ntp associ
> >
> >   address ref clock st  when  poll reach  delay  offset
> > disp
> >  * master (synced), # master (unsynced), + selected, - candidate, ~
> > configured
> > R5-2503#




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58522&t=58515
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Synchronization problem [7:58515]

[John Tafasi]

I just need to add something to what i said below; once you configure
clients with the ip address of the ntp server, the server does not need to
broadcast

""John Tafasi""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I am expecting that r5 will synchronize to the broadcast heared from r2.
> That is why I did not configure the command "ntp server".
>
> ""rcblock""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Looks like you are missing "ntp server  ip address" global config
command
> on
> > r5. That's why there are not any associations on r5.
> >
> >
> > ""John Tafasi""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Hi group,
> > >
> > > I have r2 (ntp server) and r5 (ntp client) exchnaging (or supposed to)
> ntp
> > > information accross an isdn link. r2 is configured to broadcast ntp
> packets
> > > via its bri0 interface and is doing so sucessfully. r5 is receiving
the
> ntp
> > > packets but the "debug ntp packets" on r5 does not produce any output.
I
> > can
> > > see the packets arriving at r5 from the output of the "debug ip
packet"
> on
> > > r5. r5 stil not synchronized. what is the problem?How ntp broadcast
> should
> > > be configured for this to be successfull? Has any one tried this on an
> > > ethernet segment? I have a feeling that ntp broadcast will not work on
> an
> > > isdn link
> > >
> > > I have included the following snippet from both routers'
configuration.
> > Also
> > > bear in mind that I am connected to both routers through the console.
> Thank
> > > you for any comment
> > >
> > > hostname r2-2516
> > > !
> > > interface BRI0
> > >  no ip address
> > >  no ip directed-broadcast
> > >  encapsulation ppp
> > >  dialer pool-member 1
> > >  isdn spid1 0835866101
> > >  isdn spid2 0835866301
> > > !
> > > interface Dialer1
> > >  ip address 10.10.10.1 255.255.255.0
> > >  no ip directed-broadcast
> > >  encapsulation ppp
> > >  dialer remote-name r5
> > >  dialer idle-timeout 2147483
> > >  dialer string 8358662
> > >  dialer pool 1
> > >  dialer-group 1
> > >  ntp broadcast
> > >  pulse-time 0
> > >  ppp chap hostname r2
> > > !
> > > !
> > > ntp clock-period 17179826
> > > ntp master
> > > end
> > >
> > > r2-2516#show ntp status
> > > Clock is synchronized, stratum 8, reference is 127.127.7.1
> > > nominal freq is 250. Hz, actual freq is 250.0006 Hz, precision is
> 2**19
> > > reference time is C197833E.E008EAFC (19:23:42.875 UTC Tue Dec 3 2002)
> > > clock offset is 0. msec, root delay is 0.00 msec
> > > root dispersion is 0.02 msec, peer dispersion is 0.02 msec
> > >
> > > r2-2516#show ntp associations
> > >
> > >   address ref clock st  when  poll reach  delay
offset
> > > disp
> > > *~127.127.7.1  127.127.7.1   75564  377 0.0
0.00
> > > 0.0
> > >  * master (synced), # master (unsynced), + selected, - candidate, ~
> > > configured
> > > r2-2516#
> > >
> > > ==
> > >
> > > hostname R5-2503
> > > !
> > > interface BRI0
> > >  ip address 10.10.10.2 255.255.255.0
> > >  encapsulation ppp
> > >  dialer idle-timeout 2147483
> > >  dialer map ip 10.10.10.1 name r2 broadcast 8358661
> > >  dialer-group 1
> > >  isdn switch-type basic-ni
> > >  isdn spid1 0835866201
> > >  isdn spid2 0835866401
> > >  cdapi buffers regular 0
> > >  cdapi buffers raw 0
> > >  cdapi buffers large 0
> > >  ppp authentication chap
> > >  ppp chap hostname r5
> > >  ppp multilink
> > > !
> > > ntp clock-period 17179601
> > > end
> > >
> > > R5-2503#show ntp stat
> > > Clock is unsynchronized, stratum 16, no reference clock
> > > nominal freq is 250. Hz, actual freq is 250.0039 Hz, precision is
> 2**19
> > > reference time is AF3BF1EE.0D8B939B (02:22:38.052 UTC Mon Mar 1 1993)
> > > clock offset is 0. msec, root delay is 0.00 msec
> > > root dispersion is 0.02 msec, peer dispersion is 0.02 msec
> > > R5-2503#
> > >
> > > R5-2503#show ntp associ
> > >
> > >   address ref clock st  when  poll reach  delay
offset
> > > disp
> > >  * master (synced), # master (unsynced), + selected, - candidate, ~
> > > configured
> > > R5-2503#




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58523&t=58515
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: MRTG related [7:58497]

[Mark Smith]

Kevin's right. The perl process stopped running (evidently at a high traffic
time on the firewall) on the Linux box I've got MRTG running on over a
weekend. I got a steady high traffic flat line over a weekend during which
time use is usually low.  Scratched my head on that one for a little while
until I decided to stop and restart the daemon, did a ps to find the process
ID to kill it and discovered it wasn't even running. It appeared to continue
to populate with the last good number it got from the firewall. As soon as I
restarted it all was well in mrtg-land again.


Quoting Kevin Stone :

> Check that MRTG is still connecting to the router.  If
> MRTG loses
> connectivity it will continue to use the last number
> it had.  If this
> was during a peak it would look like the utilization
> had jumped up.  It
> could also simply be increased usage.
> 
> -Kevin
> 
> 
> > -Original Message-
> > From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On 
> > Behalf Of puro prasad
> > Sent: Tuesday, December 03, 2002 5:50 PM
> > To: [EMAIL PROTECTED]
> > Subject: MRTG related [7:58497]
> > 
> > 
> > I am running mrtg to monitor one of my ethernet
> ports on the 
> > router. Since a few days, the utilization shown has
> raised 
> > 4fold though no major changes have been carried out
> on the 
> > intranet. Anybody aware of any such problem. regs.,
> prasad.
> > Report misconduct 
> > and Nondisclosure violations to [EMAIL PROTECTED]
> [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58524&t=58497
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Serial Ports [7:58525]

[nilesh bothra]

I have 4 serial ports on my home pc which are connected to 4 router console
ports through windows hyperterminal software.

I dont have any slots left either to install additional serial cards.

Is there any way I can use the USB ports to connect to the console ports (In
that case how will hyperterminal software report that port as e.g. com1,
com3...)

Thanks
Susan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58525&t=58525
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: rate-limit question [7:58423]

[pauldongso]

Willia,

By default, CAR is disabled. If you want to enable CAR, you are not 
allowed to complete the command without exceed-action explicitly defined.

So your question is not valid in some ways.

Regards,

Paul

William Lijewski wrote:
> For rate-limit, is there a default "exceed-action" ?  I have been looking
in
> the documents and all of the configs I seem to find all have the
> "exceed-action drop", what I am wondering is what happens if I leave the
> exceed-action command off of the statement?  Do the packets that don't
> conform still go through unchanged, or do they get dropped?
> 
> Thanks for the help.
> 
> Bill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58526&t=58423
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Specific BGP Question [7:58428]

[YASSER ALY]

Jim,

 I am confused here on what u are trying to accomplish. If your target is
to make downstream traffic of your client to enter your AS through the
16631 rather than the 701, then what u need to do is prepend the routes
received from your client using your AS many times before advertising
them inturn to 701. Like this to the rest of the world routes to your
client networks through 16631 will appear as a better route than through
the prepended routes advertised via 701. Which means that the route map
you need to apply will be applied on your 701 neighbor not on the client
neighbor.

 If u meant the upstream traffic of your client then this is a different
story and would take a different approach solving it.

Waiting for your feedback.

>From: "Jim Devane" > >Hello all, > >Long time lurker, first time poster.
> >I have a router that is multi-homed between 16631 and 701. >I have a
new client who is buying transit from us. >They are multi-homed to us and
1239. >A business decision was made to policy route their traffic out
16631. >As a result I will only publish 16631 routes to them. >However,
if 16631 goes away, I want to be able to push the 701 routes to >them.
>Injecting a default wouldn't be very effective here since 1239 will most
>likely have a more specific route! >So Conditional Adv to the rescue.
However..I have a few questions I am >unsure about and I don't have a lab
to try it out on. > >In this config: > >router bgp  >nei New_Client
remote-as Client_AS >nei New_Client filter-list 4 in >nei New_Client
filter-list 3 out > >ip as path access-list 3 permit .* >ip as-path
access-list 4 permit ^Client_AS$ > >so far so good >I want to add
this... > >nei New_Client advertise-map MAP1 non-exist-map MAP2 >
>route-map MAP1 permit 10 >match as-path 5 >route-map MAP2 permit 10
>match as-path 6 > >ip as-path access-list 5 ^$ _16631_ >ip as-path
access-list 6 ^$ _701_ > > >SO NOW THE QUESTIONS!!! > >1) What is the
order of operation for the advertisement out? Will the >Filter-list
showing all routes cancel any effect of the route-map? >2) Are the MAP1
and MAP2 route maps valid in this config because they use >as-path? The
config's I could find as example were based on Prefix. I made >up the
part about using the as-path, but it seems logical (boy, I wish I had >a
couple extra routers!) >3) Is there a better way to go about this! >
>Thanks in advance. And thanks to everybody who posts. I have taken away
misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Help STOP SPAM with the new MSN 8 and get 2 months FREE*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58527&t=58428
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Serial Ports [7:58525]

[Silju Pillai]

You can use USB port. But you need to buy an USB to Serial converter cable
along with the driver software. It will appear as COM port in the
hyperterminal software.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58528&t=58525
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]