Problem regarding naming of port numbers [7:59276]

[Munit Singla]

Hi ,
There default ports given in the IOS .We can use both to refer those
ports by names as well as port numbers .Can we customize it and to the
defaut list ports by names not by numbers. or I want to use it use
customized ports used for my applications by names in my access list.
Is there any command to create customized ports by Name.
See what my problem is when we make an extended access lists we can
define source and destination ports.there is standard list of ports
there to be used in access list that we can use by number or name.If we
want to customize the port according to our default application we can
add that port by number only.Is there a way to refer those ports by
names in my access list.and can we add these customized TCP/UDP ports in
the default list which is displayed, so that we can refer it when ever
we like in our access-lists by name.
Example:
access-list 100 permit tcp any any eq Nortonvirus
Here Nortonvirus keyword should refer to the port 5000. and this name
and port mapping should get added to the default list so that i can
refer later.here I am assuming nortons application is using port number
5000.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59276t=59276
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

BR0:1 DDR: No callback negotiated [7:59277]

[John Tafasi]

I have two isdn routers r2 (callback client) and r5 (callback server).
without callback configuration r2 will connect to r5 successfully. With the
callback configuration added, r5 will disconnect the call and will not
callback r2. Can some one figure out what is wrong with my configuration? I
have included configuration of both routers and the result of debug dialer
on r5. It seems to me that r2 is not negotiating callback.

R5-2503#show debug
Dial on demand:
  Dial on demand events debugging is on
R5-2503#
2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
R5-2503#
Mar  3 11:05:34.703: BR0:1 DDR: No callback negotiated
Mar  3 11:05:34.703: BR0:1 DDR: disconnecting call
2d11h: %ISDN-6-DISCONNECT: Interface BRI0:1  disconnected from 8358661 r2,
call lasted 2 seconds
2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
R5-2503#
Mar  3 11:05:34.851: BR0:1 DDR: disconnecting call
R5-2503#
2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
R5-2503#
Mar  3 11:05:40.179: BR0:1 DDR: No callback negotiated
Mar  3 11:05:40.179: BR0:1 DDR: disconnecting call
2d11h: %ISDN-6-DISCONNECT: Interface BRI0:1  disconnected from 8358661 r2,
call lasted 4 seconds
2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
R5-2503#
Mar  3 11:05:40.331: BR0:1 DDR: disconnecting call


R5-2503#show run

hostname r5-2503
!
interface BRI0
 ip address 10.10.10.2 255.255.255.0
 ip access-group 101 in
 encapsulation ppp
dialer callback-secure
 dialer map ip 10.10.10.1 name r2 class eng broadcast 8358661
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 0835866201
 isdn spid2 0835866401
 cdapi buffers regular 0
 cdapi buffers raw 0
 cdapi buffers large 0
 ppp callback accept
 ppp authentication chap
 ppp chap hostname r5
 ppp multilink
!
!
map-class dialer eng
 dialer callback-server username
-

hostname r2-2516
!
interface Dialer1
 ip address 10.10.10.1 255.255.255.0
 no ip directed-broadcast
 encapsulation ppp
 dialer remote-name r5
 dialer string 8358662
 dialer pool 1
 dialer-group 1
 ntp broadcast
 pulse-time 0
 ppp callback request
 ppp chap hostname r2
!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59277t=59277
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

WLANFE [7:59278]

[Arni V. Skarphedinsson]

Can some one tell me, what AP is focused on in the Wireless LAN for Field
Engineers exam (WLANFE 9E0-581)

Is it the 350,1100 or 1200, or just all of them


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59278t=59278
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

MPLS MTU [7:59280]

[Mohamad saro]

when I put command MPLS MTU 1512 on both ends of a serial interface and
try to ping from one side to  the other with packet sizes greater than
1500 and less than or equal 1512 with don't fragment bit set the packets
are dropped any ideas?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59280t=59280
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: All doors are closed.. [7:59233]

[[EMAIL PROTECTED]]

If this is a new cisco router and has an unconfigured serial port I suggest
you put this on to another side of an active serial link and power on the
router. The router will configure itself using slarp process it will get an
incremental ip address.

For eg: 

R1  R2 (damaged one)
S0:-172.16.10.1/30 --Serial link-- S0:-
172.16.10.2/30 ( it will get this by slarp process).

U cud try telnet into this ip address. I am assuming that the router is
configured with basics.
HTH
Murali 

 -Original Message-
From:   ciscoGo2002 [mailto:[EMAIL PROTECTED]] 
Sent:   Sunday, December 15, 2002 5:05 PM
To: [EMAIL PROTECTED]
Subject:All doors are closed.. [7:59233]

Hello folks,

A friend of mine have a serius problem with a Cisco 
1720 router. This router has the console port broken,
it doesn't work. He usually get into the router using 
the aux port in order to configure the device.They
tried to download a new config using Cisco Config
Maker and downloading it by de aux port. The result is
that now the aux port is closed and the Ethernet port
doesn't respond anymore. We don't know what happened
with Cisco Config Maker, the real important thing is 
that we need to recover the access to the router. We
cannot use the console port because it is broken, the 
aux port is closed (I guess that Cisco Config Maker
closed it by default), and the ethernet is not
responding (maybe Cisco Works put it in shut??). All 
the doors are closed!!! There is no time, we need to
install this box this week!!! Help!
We have read the cisco cco and the 1720 has a dimm
memory and a miniflash memory, (please correct us if
we are wrong). We suppose that the miniflash memory
stores the config (it works like nvram too?) and if we
can open the box and replace this mini-flash with
another one maybe it will work again...
We really appreciate your help, and my friend will pay
one beer if you can send us any idea...

Very important: Please send your reply with a copy to
these address: [EMAIL PROTECTED],
[EMAIL PROTECTED],
[EMAIL PROTECTED] because we have a
problem with our mail...

Thanks a lot!



___
Yahoo! Sorteos
Consulta si tu nzmero ha sido premiado en
Yahoo! Sorteos http://loteria.yahoo.es




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59281t=59233
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

VPN Client+IOS [7:59283]

[JM]

Hello
I am trying to run VPN beetwen VPN Client 3.6.2.A and Cisco 2651.
On Cisco router I have:
Software with 3DES/IP PLus/FW/IDS - Version 12.2(11)T2
Router has 4 interfaces:
serial 0/1 - Internet here I gave cryptomap
fasteth 0/1 -DMZ
fasteth 0/0 -LAN ( here I want to be tgrough VPN)
I have the same configuration like in TAC help :
http://www.cisco.com/warp/customer/471/ipsecrouter_vpn.html
VPN Client can login inside router, and I have ipaddress from router, 
but I don't see anything. I can't ping.
I have question ?
Where am Im inside the router ? I am in,  but I don't see anything.
When I will have : ip access-list out on fast0/0 (LAN) what should I 
enable ? I have nat inside on fast 0/0 and outside on ser 0/1
Regards
JM




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59283t=59283
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Problem Regarding DLCI [7:59282]

[Munit Singla]

Hi all,
Can anybody tell me that whenever we buy a frame-relay connection from
an ISP they should whether  always give me the DLCI number as you know
that on the multipoint interface (Main Interface) it can be autodetected
also. if we dont have the hub and spoke model we dont require map
commands also.The Questions is in that do ISPs always assign or there
some ISPs is Market who dont assign DLCI numbers to their customers when
going for frame-realy information..
Thanx in Advance.
Regards,
Munit




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59282t=59282
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: WIC-1t Compatibility [7:59223]

[Brad]

Thin blade connector?  Are you referring to a smart serial interface?  Check
the IOS version and make sure it is compatible with the module.  If that
doesnt work, I'd say you've got a bad card.

thanks,
-Brad Ellis
CCIE#5796 (RS / Security)
Network Learning Inc
[EMAIL PROTECTED]
www.optsys.net (Cisco hardware)

Phil Lorenz  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I have a 2620 here @ the house and I purchased a new WIC-1T, with the
 semi annoying thin blade connector, off of Ebay.  I installed the
 interface and it is not recognized by the router.  I replaced this
 module with a known good WIC-2T and everything worked perfectly.



 Any advice here?



 Thanks

 Phil




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59240t=59223
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: WIC-1t Compatibility [7:59223]

[GOMES Claudio Gustavo]

Try to upgrade de IOS

-Original Message-
From: Phil Lorenz [mailto:[EMAIL PROTECTED]]
Sent: domingo, 15 de Dezembro de 2002 16:11
To: [EMAIL PROTECTED]
Subject: WIC-1t Compatibility [7:59223]


I have a 2620 here @ the house and I purchased a new WIC-1T, with the
semi annoying thin blade connector, off of Ebay.  I installed the
interface and it is not recognized by the router.  I replaced this
module with a known good WIC-2T and everything worked perfectly.

 

Any advice here?

 

Thanks

Phil




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59279t=59223
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: Cisco Accessories for Sale [7:59231]

[Albert Lu]

Hello Group,

I have some bits and pieces to sell that can be useful for a home lab:

5x Back-to-Back cables
5x Ethernet Transceivers (for 2500 routers)
7x 8MB Flash for 2500

1x 32MB DRAM for 2600
1x 16MB DRAM for 2600
2x 16MB Flash for 2600

2x WIC-1T modules
1x NM-4A/S module

Thanks

Albert




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59231t=59231
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

VPN within intranet? [7:59284]

[ramesh c]

Can I have a VPN within my organization.my setup as follows

HostAin(PIX-A)dmz-out(Pix-B)dmz-HostB

Can I have a VPN established between dmz of PIX A and outside of PIX B.both
are in same segment (172.16.1.xxx)Let me know if u got any example.Just for
testing


_
Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year.
http://login.mail.lycos.com/brandPage.shtml?pageId=plusref=lmtplus




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59284t=59284
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BR0:1 DDR: No callback negotiated [7:59277]

[Charlie]

Hi,

Take a look at this:

Configuring ISDN Caller ID Callback
http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_configuratio
n_guide_chapter09186a0080087218.html#xtocid91368


John Tafasi  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I have two isdn routers r2 (callback client) and r5 (callback server).
 without callback configuration r2 will connect to r5 successfully. With
the
 callback configuration added, r5 will disconnect the call and will not
 callback r2. Can some one figure out what is wrong with my configuration?
I
 have included configuration of both routers and the result of debug dialer
 on r5. It seems to me that r2 is not negotiating callback.

 R5-2503#show debug
 Dial on demand:
   Dial on demand events debugging is on
 R5-2503#
 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
 R5-2503#
 Mar  3 11:05:34.703: BR0:1 DDR: No callback negotiated
 Mar  3 11:05:34.703: BR0:1 DDR: disconnecting call
 2d11h: %ISDN-6-DISCONNECT: Interface BRI0:1  disconnected from 8358661 r2,
 call lasted 2 seconds
 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
 R5-2503#
 Mar  3 11:05:34.851: BR0:1 DDR: disconnecting call
 R5-2503#
 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
 R5-2503#
 Mar  3 11:05:40.179: BR0:1 DDR: No callback negotiated
 Mar  3 11:05:40.179: BR0:1 DDR: disconnecting call
 2d11h: %ISDN-6-DISCONNECT: Interface BRI0:1  disconnected from 8358661 r2,
 call lasted 4 seconds
 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
 R5-2503#
 Mar  3 11:05:40.331: BR0:1 DDR: disconnecting call


 R5-2503#show run

 hostname r5-2503
 !
 interface BRI0
  ip address 10.10.10.2 255.255.255.0
  ip access-group 101 in
  encapsulation ppp
 dialer callback-secure
  dialer map ip 10.10.10.1 name r2 class eng broadcast 8358661
  dialer-group 1
  isdn switch-type basic-ni
  isdn spid1 0835866201
  isdn spid2 0835866401
  cdapi buffers regular 0
  cdapi buffers raw 0
  cdapi buffers large 0
  ppp callback accept
  ppp authentication chap
  ppp chap hostname r5
  ppp multilink
 !
 !
 map-class dialer eng
  dialer callback-server username
 -

 hostname r2-2516
 !
 interface Dialer1
  ip address 10.10.10.1 255.255.255.0
  no ip directed-broadcast
  encapsulation ppp
  dialer remote-name r5
  dialer string 8358662
  dialer pool 1
  dialer-group 1
  ntp broadcast
  pulse-time 0
  ppp callback request
  ppp chap hostname r2
 !




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59286t=59277
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BR0:1 DDR: No callback negotiated [7:59277]

[Munit Singla]

See John after looking at your problen can Just tell me that are u able to
place a call
from r5 to r2 and vice versa without cal back,You have mentioned from r2 to
r5 but whart
abt the reverse.
More over where is the username and password command here for authentication
in the
configuration.Please send u full configurations and moreover do enable debug
ppp
authentication so that we may look into more deeply abt the problem.
Munit

Charlie wrote:

 Hi,

 Take a look at this:

 Configuring ISDN Caller ID Callback

http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_configuratio
 n_guide_chapter09186a0080087218.html#xtocid91368

 John Tafasi  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  I have two isdn routers r2 (callback client) and r5 (callback server).
  without callback configuration r2 will connect to r5 successfully. With
 the
  callback configuration added, r5 will disconnect the call and will not
  callback r2. Can some one figure out what is wrong with my configuration?
 I
  have included configuration of both routers and the result of debug
dialer
  on r5. It seems to me that r2 is not negotiating callback.
 
  R5-2503#show debug
  Dial on demand:
Dial on demand events debugging is on
  R5-2503#
  2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
  R5-2503#
  Mar  3 11:05:34.703: BR0:1 DDR: No callback negotiated
  Mar  3 11:05:34.703: BR0:1 DDR: disconnecting call
  2d11h: %ISDN-6-DISCONNECT: Interface BRI0:1  disconnected from 8358661
r2,
  call lasted 2 seconds
  2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
  R5-2503#
  Mar  3 11:05:34.851: BR0:1 DDR: disconnecting call
  R5-2503#
  2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
  R5-2503#
  Mar  3 11:05:40.179: BR0:1 DDR: No callback negotiated
  Mar  3 11:05:40.179: BR0:1 DDR: disconnecting call
  2d11h: %ISDN-6-DISCONNECT: Interface BRI0:1  disconnected from 8358661
r2,
  call lasted 4 seconds
  2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
  R5-2503#
  Mar  3 11:05:40.331: BR0:1 DDR: disconnecting call
 
 
  R5-2503#show run
 
  hostname r5-2503
  !
  interface BRI0
   ip address 10.10.10.2 255.255.255.0
   ip access-group 101 in
   encapsulation ppp
  dialer callback-secure
   dialer map ip 10.10.10.1 name r2 class eng broadcast 8358661
   dialer-group 1
   isdn switch-type basic-ni
   isdn spid1 0835866201
   isdn spid2 0835866401
   cdapi buffers regular 0
   cdapi buffers raw 0
   cdapi buffers large 0
   ppp callback accept
   ppp authentication chap
   ppp chap hostname r5
   ppp multilink
  !
  !
  map-class dialer eng
   dialer callback-server username
  -
 
  hostname r2-2516
  !
  interface Dialer1
   ip address 10.10.10.1 255.255.255.0
   no ip directed-broadcast
   encapsulation ppp
   dialer remote-name r5
   dialer string 8358662
   dialer pool 1
   dialer-group 1
   ntp broadcast
   pulse-time 0
   ppp callback request
   ppp chap hostname r2
  !




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59288t=59277
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BR0:1 DDR: No callback negotiated [7:59289]

[Tony Schaffran]

Do you have username configured?

 
Tony Schaffran
Network Analyst
CCNP, CCNA, CCDA, 
NNCDS, NNCSS, CNE, MCSE
 
CCOnlineLabs.com
http://www.cconlinelabs.com
 
 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
John Tafasi
Sent: Monday, December 16, 2002 1:32 AM
To: Cisco Group Study; ccielab
Subject: BR0:1 DDR: No callback negotiated

I have two isdn routers r2 (callback client) and r5 (callback server).
without callback configuration r2 will connect to r5 successfully. With
the
callback configuration added, r5 will disconnect the call and will not
callback r2. Can some one figure out what is wrong with my
configuration? I
have included configuration of both routers and the result of debug
dialer
on r5. It seems to me that r2 is not negotiating callback.

R5-2503#show debug
Dial on demand:
  Dial on demand events debugging is on
R5-2503#
2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
R5-2503#
Mar  3 11:05:34.703: BR0:1 DDR: No callback negotiated
Mar  3 11:05:34.703: BR0:1 DDR: disconnecting call
2d11h: %ISDN-6-DISCONNECT: Interface BRI0:1  disconnected from 8358661
r2,
call lasted 2 seconds
2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
R5-2503#
Mar  3 11:05:34.851: BR0:1 DDR: disconnecting call
R5-2503#
2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
R5-2503#
Mar  3 11:05:40.179: BR0:1 DDR: No callback negotiated
Mar  3 11:05:40.179: BR0:1 DDR: disconnecting call
2d11h: %ISDN-6-DISCONNECT: Interface BRI0:1  disconnected from 8358661
r2,
call lasted 4 seconds
2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
R5-2503#
Mar  3 11:05:40.331: BR0:1 DDR: disconnecting call


R5-2503#show run

hostname r5-2503
!
interface BRI0
 ip address 10.10.10.2 255.255.255.0
 ip access-group 101 in
 encapsulation ppp
dialer callback-secure
 dialer map ip 10.10.10.1 name r2 class eng broadcast 8358661
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 0835866201
 isdn spid2 0835866401
 cdapi buffers regular 0
 cdapi buffers raw 0
 cdapi buffers large 0
 ppp callback accept
 ppp authentication chap
 ppp chap hostname r5
 ppp multilink
!
!
map-class dialer eng
 dialer callback-server username
-

hostname r2-2516
!
interface Dialer1
 ip address 10.10.10.1 255.255.255.0
 no ip directed-broadcast
 encapsulation ppp
 dialer remote-name r5
 dialer string 8358662
 dialer pool 1
 dialer-group 1
 ntp broadcast
 pulse-time 0
 ppp callback request
 ppp chap hostname r2
!
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BCRAN 640-605 test [7:59234]

[Xueyan Liu]

Those I got (a month ago) were IOS based.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59290t=59234
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Off Topic - other CCIE study materials [7:59230]

[J.D. Chaiken]

You can also try my site.  http://www.mymucus.com  I'm offering no-cost rack
access.  (7 Routers, 1 Cat 2926).  I just put it up, its a work in progress,
however the important parts work.

Jarett


The Long and Winding Road  wrote in
message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 just ran into this one while cruising a particular auction site.

 www.lamernetworks.com

 CCIE rack rental at very reasonable prices. seem to have a single 3550
along
 with a 3900 switch.

 also appear to be auctioning CCIE level lab scenarios on you-know-where.

 FYI

 --
 TANSTAAFL
 there ain't no such thing as a free lunch




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59291t=59230
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Selective NAT [7:59287]

[[EMAIL PROTECTED]]

Is it possible to use extended ip access-lists for NATing. Basically i want
traffic from a particular subnet destined for a particular subnet only to be
NATed?? All other traffic should not be NATed.

 
Cheers
Simon




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59287t=59287
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Selective NAT [7:59287]

[Robert Edmonds]

This one's for you Dwayne:

I've never done it before but I know you can NAT based on source address.  I
believe you would use the ip nat inside source list 
command.  Then, I guess you would apply an access-list to the destination
subnet allowing only the NATed addresses and deny all others.  Somebody
correct me if I'm way off base.

 wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Is it possible to use extended ip access-lists for NATing. Basically i
want
 traffic from a particular subnet destined for a particular subnet only to
be
 NATed?? All other traffic should not be NATed.


 Cheers
 Simon




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59292t=59287
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Selective NAT [7:59287]

[The Long and Winding Road]

wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Is it possible to use extended ip access-lists for NATing. Basically i
want
 traffic from a particular subnet destined for a particular subnet only to
be
 NATed?? All other traffic should not be NATed.


it's a form of policy routing and can be done. it's kinda neet, actually.

if you have a CCO account, check out

http://www.cisco.com/en/US/customer/tech/tk648/tk361/technologies_tech_note0
9186a0080093fca.shtml
watch the wrap

I've played with this in my lab, and I have a customer network that has a
variation of this as part of the security plan.





 Cheers
 Simon




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59293t=59287
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Selective NAT [7:59287]

[The Long and Winding Road]

wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Is it possible to use extended ip access-lists for NATing. Basically i
want
 traffic from a particular subnet destined for a particular subnet only to
be
 NATed?? All other traffic should not be NATed.



as a follow up - here is an excerpt from the link in the previous message:


Route Map Approach
The correct way to configure the example in this document is to use route
maps. With a route map approach, you would do the following to translate the
hosts on 10.1.1.0:

ip nat pool pool-108 131.108.2.1 131.108.2.254 prefix-length 24
 ip nat pool pool-118 131.118.2.1 131.118.2.254 prefix-length 24

 ip nat inside source route-map MAP-108 pool pool-108
 ip nat inside source route-map MAP-118 pool pool-118

 interface ethernet0
   ip address 10.1.1.1 255.255.255.0
   ip nat inside
 interface ethernet1
   ip address 10.1.2.1 255.255.255.0
   ip nat outside

 access-list 108 permit ip 10.1.1.0 0.0.0.255 131.108.1.0 0.0.0.255
 access-list 118 permit ip 10.1.1.0 0.0.0.255 131.118.1.0 0.0.0.255

 route-map MAP-108 permit 10
 match ip address 108

 route-map MAP-118 permit 10
 match ip address 118






 Cheers
 Simon




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59294t=59287
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Off Topic but interesting - RS networking future? [7:59296]

[The Long and Winding Road]

nrf  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Henry D.  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Since we're just throwing out our thoughts here...
 
  I tend to disagree, following your logic, if the IP network
  becomes such a commodity, I think this would just create more
  jobs for people like us, I mean R/S guys.

 Hardly.  The total jobs in a commoditized world would be much less.
That's
 not to say there will be zero jobs, just less.   Again, consider the case
of
 electric power.  Or water.  How many companies, unless they're huge, have
an
 electrician or a plumber on staff?   OK, every once in awhile the
company's
 toilet will back up and you gotta bring somebody in.  But for the most
part,
 electricity and water just work.  You plug something in a wall socket and
it
 works.  You flush the toilet and it works.  You certainly don't need to
keep
 somebody on staff to take care of electricity and water, unless maybe
you're
 really really big and you can amortize the guy's salary over lots and lots
 of facilities.  Net effect - less demand for R/S skills.


CL: OTOH, there are plenty of guys driving around in their trucks doing just
that. I don't know the typical annual income for Joe the plumber or Bill the
electrician ( and just so the PC people don't get on my case, I have yet to
meet Mary or Jill in those lines of business ) but I believe there are more
of them today than there were a decade ago. In other words, the downwards
pressure on salaries will continue longer term.

CL: not too many years ago, just prior to the high tech boom, there were
wise people out there reminding us that while the demand for tech related
jobs would quintuple, in absolute numbers there would be need for more
janitors than for high tech people.

CL: just the kind of intelligent conversation I enjoy. thanks guys.




 Consider the new initiatives that Cisco is trying to retrench themselves
 into the service-provider environment (again).  Things like NSF, GRIP, and
 things like that to increase reliability of gear.  Hey, that's real good
for
 Cisco, but that ultimately means that as IP networks become more reliable,
 they just fade into the background and become a commodity, just like
 electricity.   Let's be perfectly honest.  A network that is
super-reliable
 and super-redundant is a network that doesn't really need you around to
 babysit it.   Ok, they might need to bring in a consultant whenever they
 want to make changes.  But again, the net effect is less overall R/S jobs.

 You seem to think that once the IP
  network
  is used for the services such as Voice, the Voice people
  will have taken the jobs.

 Either the existing voice people or other people who add VoX to their
 skillset.

 This may be so to some degree. But from the
  last few years of my experience, I doubt there will be a data network
  acting as reliably as PSTN any time soon - as you mention about
  broadband.

 Naturally not anytime soon.  But the long-term trend is clear.  IP
networks
 will become more and more reliable, which ultimately means that they will
 fade more and more into the background.

 For this reason, I think R/S folks with few extra skills
  will still be in demand for the telcos, someone has to keep on making
  this thing work, fixing, upgrading, estimating, reporting, understanding
  data networks, etc.

 Again, I never said there will be zero demand.  But there will be less.
 Right now, R/S skill demand is unusually heightened because the fact is
that
 IP networks are still pretty flaky, and so you need a bunch of guys around
 just to keep the darn thing up.  The less flaky it is, the less people you
 need to babysit it.

 
  I agree that VOIP on the Net will not change how the telcos work.
  It's one thing to have a customer use the Internet for placing calls,
  the customer's expectations are already set low, knowing the Quality
will
  not be as great. But when you pick up the receiver at home, you expect
  current quality, no delays, no noise, no whatever. Internet is simply
too
  unpredictable for Carrier class Voice.

 Yes, and so I expect private IP networks to take over.  Convergence upon
the
 Internet is most likely a red herring




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59296t=59296
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Load Balancing Firewalls [7:59183]

[Brian Zeitz]

OK I figured this one out with some help :) I just need to get the 4
Port DMZ card and designate two of the interfaces as IN using security
levels. The failover has a DMZ card too, so I can failover all 4
interfaces in an emergency. Plus 1 Port for the failover.

Thanks to the people helping me offline, these scenarios are getting
really complex. My next task is figuring how to take two T1s and make
them act as a single unit while providing redundancy. 

Thanks :)

-Original Message-
From: Brian Zeitz 
Sent: Friday, December 13, 2002 2:02 PM
To: [EMAIL PROTECTED]
Subject: RE: Load Balancing Firewalls [7:59183]

Actually, management change the diagram on me :(

T1---3640---515UR with failover
T1---3640---^

Both T1s going into a single 515UR with a standby unit.

I figured out the first scenario, I just thought of it as it as being in
different locations and use global load balancing on the LBs.

This second scenario I don't know if it is possible, I would have 2 IPs
coming from the e0/0 on the router, into only 1 Pix interface which I
don't know if it is possible


-Original Message-
From: Brian Zeitz 
Sent: Friday, December 13, 2002 12:03 PM
To: [EMAIL PROTECTED]
Subject: Load Balancing Firewalls [7:59183]

I have just been given the task of setting up a website with load
balancing.





T1 --- 3640Pix 515  UR+4E--Load balancer

T1 --- 3640---Pix 515 UR+4ELoad balancer



The Pix 515 are separate full units, I got another on because I know you
cannot use the failover as an active unit.



My load balancers are not active/active. But if I use them separately,
they can run independently.



I need to run just one website like www.mydomain.com




My managers would like both T1s to be used, but can also act as a
failover.



Can anyone give me any pointers or tell me of any pitfalls before I dive
into this task?



I thought about HSRP, would this work if I had redundant firewalls? Can
you cluster pix firwalls? I don't think you can, I wish I could.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59297t=59183
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IOS command question, pls help [7:59266]

[pete bateman]

You should be able to find these commands in the command reference (funnily
enough)-

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122mindx/index.htm

Get to know this site well, it is your life! -

http://www.cisco.com/univercd/home/home.htm

It contains all of the documentation you will ever need. Go to it


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59298t=59266
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BR0:1 DDR: No callback negotiated [7:59300]

[John Tafasi]

Yes, and the ping work fine when there is no callback configuration on the
routers.

- Original Message -
From: Tony Schaffran 
To: 'John Tafasi' ; 'Cisco Group Study'
; 'ccielab' 
Sent: Monday, December 16, 2002 7:24 AM
Subject: RE: BR0:1 DDR: No callback negotiated


 Do you have username configured?


 Tony Schaffran
 Network Analyst
 CCNP, CCNA, CCDA,
 NNCDS, NNCSS, CNE, MCSE

 CCOnlineLabs.com
 http://www.cconlinelabs.com



 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
 John Tafasi
 Sent: Monday, December 16, 2002 1:32 AM
 To: Cisco Group Study; ccielab
 Subject: BR0:1 DDR: No callback negotiated

 I have two isdn routers r2 (callback client) and r5 (callback server).
 without callback configuration r2 will connect to r5 successfully. With
 the
 callback configuration added, r5 will disconnect the call and will not
 callback r2. Can some one figure out what is wrong with my
 configuration? I
 have included configuration of both routers and the result of debug
 dialer
 on r5. It seems to me that r2 is not negotiating callback.

 R5-2503#show debug
 Dial on demand:
   Dial on demand events debugging is on
 R5-2503#
 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
 R5-2503#
 Mar  3 11:05:34.703: BR0:1 DDR: No callback negotiated
 Mar  3 11:05:34.703: BR0:1 DDR: disconnecting call
 2d11h: %ISDN-6-DISCONNECT: Interface BRI0:1  disconnected from 8358661
 r2,
 call lasted 2 seconds
 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
 R5-2503#
 Mar  3 11:05:34.851: BR0:1 DDR: disconnecting call
 R5-2503#
 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
 R5-2503#
 Mar  3 11:05:40.179: BR0:1 DDR: No callback negotiated
 Mar  3 11:05:40.179: BR0:1 DDR: disconnecting call
 2d11h: %ISDN-6-DISCONNECT: Interface BRI0:1  disconnected from 8358661
 r2,
 call lasted 4 seconds
 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
 R5-2503#
 Mar  3 11:05:40.331: BR0:1 DDR: disconnecting call


 R5-2503#show run

 hostname r5-2503
 !
 interface BRI0
  ip address 10.10.10.2 255.255.255.0
  ip access-group 101 in
  encapsulation ppp
 dialer callback-secure
  dialer map ip 10.10.10.1 name r2 class eng broadcast 8358661
  dialer-group 1
  isdn switch-type basic-ni
  isdn spid1 0835866201
  isdn spid2 0835866401
  cdapi buffers regular 0
  cdapi buffers raw 0
  cdapi buffers large 0
  ppp callback accept
  ppp authentication chap
  ppp chap hostname r5
  ppp multilink
 !
 !
 map-class dialer eng
  dialer callback-server username
 -

 hostname r2-2516
 !
 interface Dialer1
  ip address 10.10.10.1 255.255.255.0
  no ip directed-broadcast
  encapsulation ppp
  dialer remote-name r5
  dialer string 8358662
  dialer pool 1
  dialer-group 1
  ntp broadcast
  pulse-time 0
  ppp callback request
  ppp chap hostname r2
 !
 .




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59300t=59300
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Darth Reid R1 Access-list [7:58644]

[Ted Marinich]

You are assuming that I (and others in this discussion) do not know how to
figure out wild card masks, which is not the focus of the question.  Please,
take a step back and really try to listen.  I appreciate your opinion and I
am very grateful that you are taking the time help.  But, you are not really
listening.

Does Cisco want the smallest ACL or a practical answer to this question?  I
do not want to be in the Lab with a question like this and attack it with
the wrong perspective.

In addition, I made an attempt to figure it out on my own -Yes, I did use
the BOSON to check my answer - nothing wrong with that. I asked the question
to invite a technical discussion to attack the question as a Team.  The
level of experience among members of the discussion group is irrelevant to
me.  I just wanted a serious attempt to answer the question and not to be
talk down too.

Just to let you know I have failed the CCIE lab exam twice and I do not want
to fail it again (like I can control that, though).  I have my own opinion
as to how Cisco wants the question answered, but I would like to hear from
other experts, like yourself, in order to stay on track - call it a sanity
check. In this way I can compare notes and make the best decision in order
to be prepared for the next lab attempt.

Anyway, working together, we should be able to tackle this - thanks

Ted

P.S. What's confusing to me is how Cisco's answer is not very practical. 
When working on routing protocols, the rules cannot be half-a**ed .  But,
this question is very misleading - at least from a practical viewpoint.  I
mean, suppose you get answer that is two ACL lines in size, but it blocks
even more networks than the answer above.  One could argue that it is also
correct - just a bit more general than Cisco's answer.  Seems too subjective
to me.

If that is the way it is - oh well.  Any comments?


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59299t=58644
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: dialer remote name/ppp chap hostname [7:59224]

[pete bateman]

Keith,

Its to do with the order in which the call is handled. The dialer-remote
name is what allows the incomming call to be bound to the dialer. Otherwise
IOS has no way of knowing which dialer the call is for. The call must
authenticate first, then get the remote name from chap, then lookup the
dialer. No dialer remote name, no call binding. LCP will complete, but you
will get no IPCP nego because the call has not bound to an IP enabled Dialer.

PPP chap host is only used as an outgoing alternative hostname if the device
at the other end is not a cisco router, or there is some other reason why
you do not want to identify your router with its real hostname.

Get rid of the ppp chap hostname commands put the dialer remote names back
in, make sure the local prompt matches the remote user and remote dialer
remote statement each way and it will work.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59301t=59224
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Selective NAT [7:59287]

[MADMAN]

Yes

 Dave

[EMAIL PROTECTED] wrote:
 
 Is it possible to use extended ip access-lists for NATing. Basically i want
 traffic from a particular subnet destined for a particular subnet only to
be
 NATed?? All other traffic should not be NATed.
 
 
 Cheers
 Simon
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

You don't make the poor richer by making the rich poorer. --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59295t=59287
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Off Topic but interesting - RS networking future? [7:59302]

[nrf]

 CL: OTOH, there are plenty of guys driving around in their trucks doing
just
 that. I don't know the typical annual income for Joe the plumber or Bill
the
 electrician ( and just so the PC people don't get on my case, I have yet
to
 meet Mary or Jill in those lines of business ) but I believe there are
more
 of them today than there were a decade ago. In other words, the downwards
 pressure on salaries will continue longer term.

Again, I didn't say that there would be no demand for plain-vanilla
networking people, I said there would be less.  Just like there still is
demand for electricians and plumbers - but it's not like every company needs
one (or several) on staff.

Rather, I think the electrician/plumber model will be what networking will
turn into.Landlords might have a few of these guys to handle all their
properties (where they can amortize the salaries across their various
real-estate holdings).  But small to medium sized company won't have anybody
on staff - when something breaks, they'll just whip out the Yellow Pages and
'call the IP guy'.   This is a far cry from today when most companies of any
size need a network guy.  Net effect - less total jobs for networking.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59302t=59302
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Test Message!Please ignore [7:59304]

[Mohammad Ruhi]

__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59304t=59304
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

3550 L3 Setup [7:59305]

[Naomi James]

I need help on configuring L3 on a 3550.  Currently, I have (2) 3550 12Ts
that are connected to (2) 3508 Gs, which then connect to 3524/3548s.
 
I am trying to configure L3 routing on the 3550s.  The 3550s have GB ports
and vlans.  Do I use the GB port or the vlans?  Since there are two 3550s
don't I have to use HSRP.
 
This is my first 3550 setup for L3.  Any help will be appreciated.
 
 
Naomi James
Computer Services and Information Technology
Savannah State University
912-356-2509

[GroupStudy.com removed an attachment of type image/gif which had a name of
Mabelt.gif]

[GroupStudy.com removed an attachment of type image/gif which had a name of
Mabelb.gif]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59305t=59305
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

DSL/Cable Load Balancer [7:59306]

[Robert Raver]

Hey,

This is a little off topic, but I have been searching for hours with no
results.  There was a device featured in a magazine (Maximum or T3) that you
could plug in both Cable and DSL lines and load balance in between both.  Now
I need this device and cannot find it.  Does anybody know of it?  I want a
simple solution to this problem.  Any help would be appreciated.

Thanks,
Robert Raver




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59306t=59306
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DSL/Cable Load Balancer [7:59306]

[dre]

Robert Raver  wrote in message ...
 This is a little off topic, but I have been searching for hours
 with no results.  There was a device featured in a magazine
 (Maximum or T3) that you could plug in both Cable and DSL lines
 and load balance in between both.  Now I need this device and
 cannot find it.  Does anybody know of it?  I want a simple solution
 to this problem.  Any help would be appreciated.

It seems like you could only load balance sessions and not packets,
which would be pretty useless in almost all circumstances.  Might
I instead suggest that you simply upgrade your bandwidth (simple,
easy way) or use another hack like a download manager tool (about
as tricky as a Cable/DSL load-balancer)?
http://download.com.com/3150-2071-0.html?tag=stbc.gp

-dre




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59307t=59306
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ACS Logging / Accounting [7:59308]

[Amer]

Is there is a way to log or account for all the exec commands that are done
on a router or switch on an ACS server.  I have a setup where all my login
authentication and accounting is done thru a ACS server but I was
wondering if I could get more detailed accounting accomplished by some means
(if possible).  Any help would be greatly appreciated.  Thanx.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59308t=59308
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Aironet 1200 [7:59310]

[Kevin O'Gilvie]

Dear All,

I am purchasing (2) the Cisco Aironet 1200 and respective outdoor antennas
to connect a remote office across the street, I am wondering if anyone has
done this and has some advice for me..

-Kevin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59310t=59310
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

BRI config [7:59311]

[mike simon]

I have alot of isdn experience as it relates to configuring PRI fro voice
circuits for VOIP however very little bri data config experience. In
preparation for the lab i have to bri's configured back to back that I am
having difficulty with. what am i missing

related config

r1
interface BRI0
 ip address 100.100.1.1 255.255.255.252
 encapsulation ppp
 dialer map ip 100.100.1.2 name r2 speed 56 broadcast r6
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 0625866201 7356661
 isdn spid2 0835866301 4356662
!

!
access-list 101 permit ip any any
dialer-list 1 protocol ip list 101




r2

interface BRI0
 ip address 100.100.1.2 255.255.255.252
 encapsulation ppp
 dialer map ip 100.100.1.1 name r1 speed 56 broadcast
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 0703866201 7357662
 isdn spid2 0743866401 7357664
!

!
access-list 101 permit ip any any
dialer-list 1 protocol ip list 101

i realize this is very basic but thanks for any help 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59311t=59311
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Selective NAT [7:59287]

[Symon Thurlow]

Yes, I had to do this for a customer and it is quite straight forward.

Symon

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: 16 December 2002 15:15
To: [EMAIL PROTECTED]
Subject: Selective NAT [7:59287]


Is it possible to use extended ip access-lists for NATing. Basically i
want traffic from a particular subnet destined for a particular subnet
only to be NATed?? All other traffic should not be NATed.

 
Cheers
Simon
=

 This email has been content filtered and
 subject to spam filtering. If you consider
 this email is unsolicited please forward
 the email to [EMAIL PROTECTED] and
 request that the sender's domain be
 blocked from sending any further emails.

=




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59309t=59287
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco Work 2000 Manual user guide [7:58959]

[Leonardo FUK]

I think that you're right. This is (probably) one of the many sales-oriented
tools. It might have something technical, but not at the level you are
looking for.

But it's cheap, isn't it?

I'll look for something else then.

--
Leonardo Furtado
Network Engineering and Security Architecture



Mark Smith  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 How is that CBT, Leonardo? Most of the Cisco CBT's I see on eBay are
geared
 more to sales folks and, from what I gather, not too technical. Is this
one
 for folks that acutally install/configure/use the product or a 500 feet
high
 overview that highlights the strong points from a selling prespective?
 Thanks.


 Quoting Leonardo FUK :

  You may try these links:
 
  Documentation:
  http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/index.htm
 
  Self-paced CBT
  http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem 79712034category225
 
  Leonardo
 
  Han Chuan Alex Ang  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   hi, Anybody have ideas on book or site that reveal
  good information on how
   to install, configure and use Cisco Work 2000,
  thanks
  [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59303t=58959
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 3550 L3 Setup [7:59305]

[The Long and Winding Road]

Naomi James  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I need help on configuring L3 on a 3550.  Currently, I have (2) 3550 12Ts
 that are connected to (2) 3508 Gs, which then connect to 3524/3548s.

 I am trying to configure L3 routing on the 3550s.  The 3550s have GB ports
 and vlans.  Do I use the GB port or the vlans?

yes!

( can use either the physical port or the SVI )


Since there are two 3550s
 don't I have to use HSRP.


only if you want to, but yes you can HSRP peer to either another L3 switch
or a router on the same segment.


 This is my first 3550 setup for L3.  Any help will be appreciated.


the 3550 docs on CCO are pretty good. check 'em out.



 Naomi James
 Computer Services and Information Technology
 Savannah State University
 912-356-2509

 [GroupStudy.com removed an attachment of type image/gif which had a name
of
 Mabelt.gif]

 [GroupStudy.com removed an attachment of type image/gif which had a name
of
 Mabelb.gif]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59312t=59305
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 3550 L3 Setup [7:59305]

[Larry Letterman]

You can use a vlan interface or a gig or copper interface. Thats your 
call...
you can also use one interface on each 3550 and use hsrp if you so 
desire

Larry

Naomi James wrote:

I need help on configuring L3 on a 3550.  Currently, I have (2) 3550 12Ts
that are connected to (2) 3508 Gs, which then connect to 3524/3548s.
 
I am trying to configure L3 routing on the 3550s.  The 3550s have GB ports
and vlans.  Do I use the GB port or the vlans?  Since there are two 3550s
don't I have to use HSRP.
 
This is my first 3550 setup for L3.  Any help will be appreciated.
 
 
Naomi James
Computer Services and Information Technology
Savannah State University
912-356-2509

[GroupStudy.com removed an attachment of type image/gif which had a name of
Mabelt.gif]

[GroupStudy.com removed an attachment of type image/gif which had a name of
Mabelb.gif]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59313t=59305
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Selective NAT [7:59287]

[Marc Thach Xuan Ky]

IIRC when you use route-maps you should note that the NAT is
session-based (like with twice-NAT) with various consequences:
you cannot make new connections into the inside global address
without NAPT (PAT) you may use your pool addresses rather quicker than
you envisaged
rgds
Marc


The Long and Winding Road wrote:
 
 wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Is it possible to use extended ip access-lists for NATing. Basically i
 want
  traffic from a particular subnet destined for a particular subnet only to
 be
  NATed?? All other traffic should not be NATed.
 
 
 as a follow up - here is an excerpt from the link in the previous message:
 
 Route Map Approach
 The correct way to configure the example in this document is to use route
 maps. With a route map approach, you would do the following to translate
the
 hosts on 10.1.1.0:
 
 ip nat pool pool-108 131.108.2.1 131.108.2.254 prefix-length 24
  ip nat pool pool-118 131.118.2.1 131.118.2.254 prefix-length 24
 
  ip nat inside source route-map MAP-108 pool pool-108
  ip nat inside source route-map MAP-118 pool pool-118
 
  interface ethernet0
ip address 10.1.1.1 255.255.255.0
ip nat inside
  interface ethernet1
ip address 10.1.2.1 255.255.255.0
ip nat outside
 
  access-list 108 permit ip 10.1.1.0 0.0.0.255 131.108.1.0 0.0.0.255
  access-list 118 permit ip 10.1.1.0 0.0.0.255 131.118.1.0 0.0.0.255
 
  route-map MAP-108 permit 10
  match ip address 108
 
  route-map MAP-118 permit 10
  match ip address 118
 
 
  Cheers
  Simon




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59314t=59287
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN Client+IOS [7:59283]

[Ben Woltz]

The IP address that your VPN Client gets from the router, are you
advertising that route through your network?

JM  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hello
 I am trying to run VPN beetwen VPN Client 3.6.2.A and Cisco 2651.
 On Cisco router I have:
 Software with 3DES/IP PLus/FW/IDS - Version 12.2(11)T2
 Router has 4 interfaces:
 serial 0/1 - Internet here I gave cryptomap
 fasteth 0/1 -DMZ
 fasteth 0/0 -LAN ( here I want to be tgrough VPN)
 I have the same configuration like in TAC help :
 http://www.cisco.com/warp/customer/471/ipsecrouter_vpn.html
 VPN Client can login inside router, and I have ipaddress from router,
 but I don't see anything. I can't ping.
 I have question ?
 Where am Im inside the router ? I am in,  but I don't see anything.
 When I will have : ip access-list out on fast0/0 (LAN) what should I
 enable ? I have nat inside on fast 0/0 and outside on ser 0/1
 Regards
 JM




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59315t=59283
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: All doors are closed.. [7:59233]

[Ben Woltz]

do you have another 1720 router?  you can try taking the flash out, putting
it in the good 1720, fixing the config and put it back.

ciscoGo2002  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hello folks,

 A friend of mine have a serius problem with a Cisco
 1720 router. This router has the console port broken,
 it doesn't work. He usually get into the router using
 the aux port in order to configure the device.They
 tried to download a new config using Cisco Config
 Maker and downloading it by de aux port. The result is
 that now the aux port is closed and the Ethernet port
 doesn't respond anymore. We don't know what happened
 with Cisco Config Maker, the real important thing is
 that we need to recover the access to the router. We
 cannot use the console port because it is broken, the
 aux port is closed (I guess that Cisco Config Maker
 closed it by default), and the ethernet is not
 responding (maybe Cisco Works put it in shut??). All
 the doors are closed!!! There is no time, we need to
 install this box this week!!! Help!
 We have read the cisco cco and the 1720 has a dimm
 memory and a miniflash memory, (please correct us if
 we are wrong). We suppose that the miniflash memory
 stores the config (it works like nvram too?) and if we
 can open the box and replace this mini-flash with
 another one maybe it will work again...
 We really appreciate your help, and my friend will pay
 one beer if you can send us any idea...

 Very important: Please send your reply with a copy to
 these address: [EMAIL PROTECTED],
 [EMAIL PROTECTED],
 [EMAIL PROTECTED] because we have a
 problem with our mail...

 Thanks a lot!



 ___
 Yahoo! Sorteos
 Consulta si tu nzmero ha sido premiado en
 Yahoo! Sorteos http://loteria.yahoo.es




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59316t=59233
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN Client+IOS [7:59283]

[Jacek Malinowski]

I have 4 interfaces:
Serial 0/1 - public IP for example 1.1.1.1
fast 0/1 -public IP for example 2.2.2.2
fast 0/0 -LAN IP : 192.168.1.1/24
My ip address pool for VPN : 192.168.1.170-192.168.1.190
On VPN padlock i haver Ip address from router for example 192.168.1.170 
but I can't ping any address on LAN.
I don't know I am using the newest VPN Client : 
vpnclient-win-is-3.6.3.Rel-k9
I have ip nat inside on Fast 0/0 and outside on ser 0/1 but without 
doesn't work to :(.

Ben Woltz wrote:
 The IP address that your VPN Client gets from the router, are you
 advertising that route through your network?
 
 JM  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 
Hello
I am trying to run VPN beetwen VPN Client 3.6.2.A and Cisco 2651.
On Cisco router I have:
Software with 3DES/IP PLus/FW/IDS - Version 12.2(11)T2
Router has 4 interfaces:
serial 0/1 - Internet here I gave cryptomap
fasteth 0/1 -DMZ
fasteth 0/0 -LAN ( here I want to be tgrough VPN)
I have the same configuration like in TAC help :
http://www.cisco.com/warp/customer/471/ipsecrouter_vpn.html
VPN Client can login inside router, and I have ipaddress from router,
but I don't see anything. I can't ping.
I have question ?
Where am Im inside the router ? I am in,  but I don't see anything.
When I will have : ip access-list out on fast0/0 (LAN) what should I
enable ? I have nat inside on fast 0/0 and outside on ser 0/1
Regards
JM




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59318t=59283
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Problem Regarding DLCI [7:59282]

[test test]

Always ... Always

get your DLCI numbers from the carrier/provider.

I have never seen any WAN where the customer did
not have them regardless of the setup technique.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59319t=59282
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN within intranet? [7:59284]

[test test]

yes..


given you have the proper routing in place,
security policies to support it, and your
IPSEC configs to allow it.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59320t=59284
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Problem Regarding DLCI [7:59282]

[Brian]

True, even if you discover them, a static map, in my experience, passes
traffic faster.  Also, typically in a cloud there are tons of customers
connected, dlcis help define which customers can talk to which.

Bri

On Mon, 16 Dec 2002, test test wrote:

 Always ... Always

 get your DLCI numbers from the carrier/provider.

 I have never seen any WAN where the customer did
 not have them regardless of the setup technique.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59321t=59282
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: MPLS MTU [7:59280]

[Priscilla Oppenheimer]

Mohamad saro wrote:
 
 when I put command MPLS MTU 1512 on both ends of a serial
 interface and
 try to ping from one side to  the other with packet sizes
 greater than
 1500 and less than or equal 1512 with don't fragment bit set
 the packets
 are dropped any ideas?

How are you specifying the packet size and what layer does the size refer
to? Perhaps it refers to payload of the ICMP/IP packet.

Generic IP adds 20 bytes for the IP header.

ICMP adds 8 bytes.

MPLS adds some bytes.

The serial data-link-layer adds some bytes.

You are probably beyond 1512 at this point.

Priscilla

 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59322t=59280
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Problem Regarding DLCI [7:59282]

[Munit Singla]

Thanx for the inf.
Regards,
Munit

test test wrote:

 Always ... Always

 get your DLCI numbers from the carrier/provider.

 I have never seen any WAN where the customer did
 not have them regardless of the setup technique.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59323t=59282
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco Work 2000 Manual user guide [7:58959]

[Mark Smith]

I was just curious. I've almost bought that one a couple of different times
in the past (at any given moment there are always two or three of them
listed) as it doesn't specifically state Sales Essentials as some of the
ones obviously geared towards sales folks do but I still wonder if it's very
detailed.  I think the info on Cisco's link that you also posted is just
what the doctor ordered.
Thanks.

Mark



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Leonardo FUK
Sent: Monday, December 16, 2002 1:57 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco Work 2000 Manual user guide [7:58959]


I think that you're right. This is (probably) one of the many sales-oriented
tools. It might have something technical, but not at the level you are
looking for.

But it's cheap, isn't it?

I'll look for something else then.

--
Leonardo Furtado
Network Engineering and Security Architecture



Mark Smith  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 How is that CBT, Leonardo? Most of the Cisco CBT's I see on eBay are
geared
 more to sales folks and, from what I gather, not too technical. Is this
one
 for folks that acutally install/configure/use the product or a 500 feet
high
 overview that highlights the strong points from a selling prespective?
 Thanks.


 Quoting Leonardo FUK :

  You may try these links:
 
  Documentation:
  http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/index.htm
 
  Self-paced CBT
  http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem 79712034category225
 
  Leonardo
 
  Han Chuan Alex Ang  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   hi, Anybody have ideas on book or site that reveal
  good information on how
   to install, configure and use Cisco Work 2000,
  thanks
  [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59317t=58959
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Problem regarding naming of port numbers [7:59276]

[Priscilla Oppenheimer]

You're assuming IOS is a modern operating system or something akin to a data
dictionary or programming language. It's not. :-) If the IOS engineers
include keywords in the command line interface, then you can use them. If
they don't, you can't.

Your idea sounds like a good one though. You could suggest it to Cisco, but
I don't think they could easily accomdate such a change in philosophy.

Priscilla

Munit Singla wrote:
 
 Hi ,
 There default ports given in the IOS .We can use both to refer
 those
 ports by names as well as port numbers .Can we customize it and
 to the
 defaut list ports by names not by numbers. or I want to use it
 use
 customized ports used for my applications by names in my access
 list.
 Is there any command to create customized ports by Name.
 See what my problem is when we make an extended access lists we
 can
 define source and destination ports.there is standard list of
 ports
 there to be used in access list that we can use by number or
 name.If we
 want to customize the port according to our default application
 we can
 add that port by number only.Is there a way to refer those
 ports by
 names in my access list.and can we add these customized TCP/UDP
 ports in
 the default list which is displayed, so that we can refer it
 when ever
 we like in our access-lists by name.
 Example:
 access-list 100 permit tcp any any eq Nortonvirus
 Here Nortonvirus keyword should refer to the port 5000. and
 this name
 and port mapping should get added to the default list so that i
 can
 refer later.here I am assuming nortons application is using
 port number
 5000.
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59324t=59276
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Problem Regarding DLCI [7:59282]

[Munit Singla]

Hi Brian,
I agree with all your comments but can you little bit elborate on this
part,Traffic
passes faster in such a case.
Regards,
Munit

Brian wrote:

 True, even if you discover them, a static map, in my experience, passes
 traffic faster.  Also, typically in a cloud there are tons of customers
 connected, dlcis help define which customers can talk to which.

 Bri

 On Mon, 16 Dec 2002, test test wrote:

  Always ... Always
 
  get your DLCI numbers from the carrier/provider.
 
  I have never seen any WAN where the customer did
  not have them regardless of the setup technique.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59325t=59282
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Pix and QOS or Cutom Queueing [7:59326]

[Elijah Savage III]

I can't find it in the archives but I know it has been asked before. Can
you do any type of custom que to limit the amount of traffic to a
specific protocol like say ftp. If you only want ftp to use up a certain
percentage of bandwidth is this possible on the pix?

I think this has been asked before and I used the beta search in the
archive and only came across turbo acls.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59326t=59326
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Pix and QOS or Cutom Queueing [7:59326]

[Elijah Savage III]

Ah I found some info this is not supported on the pix I answered my own
question sorry to bother everyone.

-Original Message-
From: Elijah Savage III 
Sent: Monday, December 16, 2002 6:16 PM
To: [EMAIL PROTECTED]
Subject: Pix and QOS or Cutom Queueing [7:59326]


I can't find it in the archives but I know it has been asked before. Can
you do any type of custom que to limit the amount of traffic to a
specific protocol like say ftp. If you only want ftp to use up a certain
percentage of bandwidth is this possible on the pix?

I think this has been asked before and I used the beta search in the
archive and only came across turbo acls.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59327t=59326
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Rainy Days, Sundays, and OSPF [7:59269]

[Priscilla Oppenheimer]

I thought this stuff was supposed to be like plumbing or electricity? You
mean, it doesn't just work?

This is in reference to another thread, for anyone who is completely
confused by my answer. :-)

Priscilla

The Long and Winding Road wrote:
 
 always get me down.
 
 I had to cover for someone who is out on vacation. Simple
 customer network,
 hub and 6 spokes over frame relay. no biggie, except the
 installation people
 couldn't get it to work, so they had to call in the designer or
 the poor
 fool covering for him.
 
 hub site uses a single subinterface, and manual frame mapping.
 each spoke
 uses the physical interface.
 
 don't get me started. I would have done multiple point-to-point
 subinterfaces, and I would have knee jerked to EIGRP, but
 that's another
 story. Besides, the customer was probably a cheapskate, and
 didn't want to
 pay the few extra bucks a month for more PVC's at the hub.
 
 In any case, the configs looked good to me and I was able to
 mock something
 up in my home lab. ospf network type point-to-multipoint on all
 interfaces
 and the hub site subinterface. works like a charm.
 
 however, in the customer network, two of the spoke sites just
 would not come
 up or form ospf neighbor relationships. all the frame mappings
 were ok. I
 could ping from any router to any other router. so what gives?
 when I
 checked the debugs on the spoke sites that were failing, I
 could see an
 error about the link going down every time I put an ospf network
 point-to-multipoint command on the interface. as soon as I
 changed the ospf
 network type to broadcast, the link came up and adjacencies
 formed.
 
 I checked CCO and did not find anything in particular. There is
 a bug listed
 for ospf point-to-multipoint and unnumbered interfaces. I
 called TAC, but no
 help there.
 
 this got me to wondering if anyone has run into anything like
 this before?
 
 Chuck
 
 
 --
 TANSTAAFL
 there ain't no such thing as a free lunch
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59328t=59269
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Post failure on 2912, how to repair? [7:59329]

[Symon Thurlow]

Hi guys,

I searched the archives about this, but couldn't find anything.

I have a Cat 2912 switch, that has 4 faulty ports. It fails post, here
is a snippet:

C2900xl POST: System Board Test: Passed
C2900xl POST: Daughter Card Test: Passed
C2900xl POST: CPU Buffer Test: Passed
C2900xl POST: CPU Notify RAM Test: Passed
C2900xl POST: CPU Interface Test: Passed
C2900xl POST: Testing Switch Core: Passed
C2900xl POST: Testing Buffer Table: Passed
C2900xl POST: Data Buffer Test: Passed
C2900xl POST: Configuring Switch Parameters: Passed
C2900xl POST: Ethernet Controller Test: Passed
C2900xl POST FAILURE: front-end post: FastEthernet0/9:
C2900xl POST FAILURE: looped-back packet not received
C2900xl POST FAILURE: front-end post: FastEthernet0/10:
C2900xl POST FAILURE: looped-back packet not received
C2900xl POST FAILURE: front-end post: FastEthernet0/11:
C2900xl POST FAILURE: looped-back packet not received
C2900xl POST FAILURE: front-end post: FastEthernet0/12:
C2900xl POST FAILURE: looped-back packet not received
C2900xl POST: MII Test: Passed
cisco WS-C2912-XL (PowerPC403GA) processor (revision 0x11) with
8192K/1024K bytes of memory.
Last reset from power-on

Processor is running Enterprise Edition Software
Cluster command switch capable
Cluster member switch capable
8 FastEthernet/IEEE 802.3 interface(s)

You can see it only recognises 8 ports.

I searched CCO, and found a bknown bug where ESD can fry the
controllers. Each controller operates 4 ports.

Is there a way to get it reapired? Can you buy the controller from
somewhere and replace it?

Any help greatly appreciateed,

Symon




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59329t=59329
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Rainy Days, Sundays, and OSPF [7:59269]

[The Long and Winding Road]

Priscilla Oppenheimer  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I thought this stuff was supposed to be like plumbing or electricity? You
 mean, it doesn't just work?

 This is in reference to another thread, for anyone who is completely
 confused by my answer. :-)

ah, Cil, now you're assuming that OSPF is a modern operating system  or
something akin to a data
dictionary or programming language. It's not.

This is in reference to another thread, for anyone who is completely
 confused by my answer.   :-

cut and paste is so wonderful!



 Priscilla

 The Long and Winding Road wrote:
 
  always get me down.
 
  I had to cover for someone who is out on vacation. Simple
  customer network,
  hub and 6 spokes over frame relay. no biggie, except the
  installation people
  couldn't get it to work, so they had to call in the designer or
  the poor
  fool covering for him.
 
  hub site uses a single subinterface, and manual frame mapping.
  each spoke
  uses the physical interface.
 
  don't get me started. I would have done multiple point-to-point
  subinterfaces, and I would have knee jerked to EIGRP, but
  that's another
  story. Besides, the customer was probably a cheapskate, and
  didn't want to
  pay the few extra bucks a month for more PVC's at the hub.
 
  In any case, the configs looked good to me and I was able to
  mock something
  up in my home lab. ospf network type point-to-multipoint on all
  interfaces
  and the hub site subinterface. works like a charm.
 
  however, in the customer network, two of the spoke sites just
  would not come
  up or form ospf neighbor relationships. all the frame mappings
  were ok. I
  could ping from any router to any other router. so what gives?
  when I
  checked the debugs on the spoke sites that were failing, I
  could see an
  error about the link going down every time I put an ospf network
  point-to-multipoint command on the interface. as soon as I
  changed the ospf
  network type to broadcast, the link came up and adjacencies
  formed.
 
  I checked CCO and did not find anything in particular. There is
  a bug listed
  for ospf point-to-multipoint and unnumbered interfaces. I
  called TAC, but no
  help there.
 
  this got me to wondering if anyone has run into anything like
  this before?
 
  Chuck
 
 
  --
  TANSTAAFL
  there ain't no such thing as a free lunch




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59330t=59269
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCNP/DP recertification [7:58564]

[Steve Ringley]

Tis an interesting question.  I went into the online tracking system for an
opinion.  There, CCIE allows you to skip the CCNA and common exams
requirement, but you still have to have to have CCDA and a valid CID exam.
The CCIE option did not appear under my CCNP options.

jeff sicuranza  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Folks, I just received my 6 mos. heads up for my CCNP. My CCNP expires in
May of 03 and my DP in June of 03. My second and hopefully last CCIE lab
date is on for 7/30 but can be pushed out into September.

Are there any re-certification books that specifically cover the recert.
exam? Or, is the exam just a rehash of the same stuff with a few newer items
in it?

Has anyone taken these re-certifications exams yet? Any tips.. Greatly
appreciated...

With work and the CCIE stuff should I even bother to re-certify???

Regards...

/JS




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59331t=58564
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE Written Exam [7:59332]

[Thuveshen Cooppan]

Hi All

Can anybody shed some experineces or information on how long it takes to
study for the CCIE Written exam?  What study material is good ?  Methods for
studying for the CCIE Written Exam?


Thanks

Thuveshen


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59332t=59332
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Problem Regarding DLCI [7:59282]

[Brian]

well, although its been a few years since I touched frame relay, my memory
was that if I let the cisco autodiscover frame relay mappings, traffic
flowed through it more slowly than if I did a static frame relay map.  Its
been a few years, this was 11.2 days, so take it with a grain of salt if
auto discovery has improved.

Bri

- Original Message -
From: Munit Singla 
To: 
Sent: Monday, December 16, 2002 3:06 PM
Subject: Re: Problem Regarding DLCI [7:59282]


 Hi Brian,
 I agree with all your comments but can you little bit elborate on this
 part,Traffic
 passes faster in such a case.
 Regards,
 Munit

 Brian wrote:

  True, even if you discover them, a static map, in my experience, passes
  traffic faster.  Also, typically in a cloud there are tons of customers
  connected, dlcis help define which customers can talk to which.
 
  Bri
 
  On Mon, 16 Dec 2002, test test wrote:
 
   Always ... Always
  
   get your DLCI numbers from the carrier/provider.
  
   I have never seen any WAN where the customer did
   not have them regardless of the setup technique.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59333t=59282
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Aironet 1200 [7:59310]

[Charlie Wehner]

What type of throughput does the remote office need?  With two 1200 series
access points you can:

a) Run one AP as Root and the other in Repeater mode.  
b) Blast the signal across the street with just one AP

I don't think you can bridge with 1200s series APs.  You might be better off
buying 350 bridges instead depending on your environment.

You could also buy a WGB to connect to one of the APs.  That's another
option.



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59334t=59310
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Question for designers (WLAN) [7:59216]

[Charlie Wehner]

If your not going to run 802.11a then there might not be a significant
advantage to going with the 1200 series AP.

However, hospitals normally have a lot of long hallways that are perfect for
using a patch antenna.  (A lot of times you can cover an area with one
diversity 6.5dBi patch that might take 2 1100 series APs to cover otherwise.)

The external antennas would probably be the biggest advantage of going with
the 1200 series vs a 1100 series for you.

Other than that...  there aren't very many differences.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59335t=59216
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Question for designers (WLAN) [7:59216]

[Charlie Wehner]

Forgot to ask... what country are you from?  I know some countries put
restrictions on the power and antennas that are available.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59336t=59216
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: WLANFE [7:59278]

[Charlie Wehner]

When was the WLANFE 9E0-581 exam first available?


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59337t=59278
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco 2000 Problems [7:59338]

[Han Chuan Alex Ang]

I have some problems with the Cisco 2000,

here is the scenario, I have add in all the necessary Cisco device and
checked their attributes to be correct

however , when I try a topology services in Campus Manager , I am only able
to see the cisco 6006 and cisco 3548 switches , not a single 3524 and 3512
switches that are supposed to be detected , any patches need to done ? and
how do I go about doing it . thank





Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59338t=59338
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Aironet 1200 [7:59310]

[Kevin O'Gilvie]

I am looking to get rid of the fractional T1.
We have 12 voice 12 data..
We can save money going wireless and increse the throughput..
I want to go 802.11b all the way..
Isnt the bridge 11a.
If I have antennas on both sides wont that be enough?
Please let me know your thoughts..
there will be about 20 users in the remote office..

TIA,

Kevin



From: Charlie Wehner 
Reply-To: Charlie Wehner 
To: [EMAIL PROTECTED]
Subject: RE: Aironet 1200 [7:59310]
Date: Tue, 17 Dec 2002 02:07:40 GMT

What type of throughput does the remote office need?  With two 1200 series
access points you can:

a) Run one AP as Root and the other in Repeater mode.
b) Blast the signal across the street with just one AP

I don't think you can bridge with 1200s series APs.  You might be better 
off
buying 350 bridges instead depending on your environment.

You could also buy a WGB to connect to one of the APs.  That's another
option.
_
Add photos to your e-mail with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59339t=59310
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Problem regarding naming of port numbers [7:59276]

[Erick B.]

Agreed. They do have a way to map additional ports to
the pre-defined services though. So for telnet for
example you can add port 233, 2333, etc so when you
specify 'telnet' in an ACL (or similar list) it
matches port 23, 233, and 2333. 

Whats weird is I was looking at this yesterday, and
for some ACL stuff the keyword is http and for other
stuff it is www. I'm sure theres other keywords that
mean the same as others but thats the one I noticed.
Then again i don't port-map matches up to all the ACL
keywords, I think it matches up against some other
security features. I've used it for telnet in ACLs
though with no problems in past.

I guess consistency with port #s and service names
would be a good thing. Maybe it would be nice if they
didn't hardcode these in IOS but referenced a services
file on the flash that could be editable  like in most
OS's. I think this may happen... it seems they are
starting to clean up IOS and get rid of old protocols
and modularize stuff so it uses similar syntax. MQC
for example.

--- Priscilla Oppenheimer 
wrote:
 You're assuming IOS is a modern operating system or
 something akin to a data
 dictionary or programming language. It's not. :-) If
 the IOS engineers
 include keywords in the command line interface, then
 you can use them. If
 they don't, you can't.
 
 Your idea sounds like a good one though. You could
 suggest it to Cisco, but
 I don't think they could easily accomdate such a
 change in philosophy.
 
 Priscilla
 
 Munit Singla wrote:
  
  Hi ,
  There default ports given in the IOS .We can use
 both to refer
  those
  ports by names as well as port numbers .Can we
 customize it and
  to the
  defaut list ports by names not by numbers. or I
 want to use it
  use
  customized ports used for my applications by names
 in my access
  list.
  Is there any command to create customized ports by
 Name.
  See what my problem is when we make an extended
 access lists we
  can
  define source and destination ports.there is
 standard list of
  ports
  there to be used in access list that we can use by
 number or
  name.If we
  want to customize the port according to our
 default application
  we can
  add that port by number only.Is there a way to
 refer those
  ports by
  names in my access list.and can we add these
 customized TCP/UDP
  ports in
  the default list which is displayed, so that we
 can refer it
  when ever
  we like in our access-lists by name.
  Example:
  access-list 100 permit tcp any any eq Nortonvirus
  Here Nortonvirus keyword should refer to the port
 5000. and
  this name
  and port mapping should get added to the default
 list so that i
  can
  refer later.here I am assuming nortons application
 is using
  port number
  5000.



__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59341t=59276
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco 2000 Problems [7:59338]

[Darren Ward]

Campus Manager relies on CDP to search out and populate.

Can all switches see each other using CDP from your seed device?

Darren Ward
(PGradCS, CCIE #8245, SCSA, CCDP, MCP)


On Tue, 17 Dec 2002, Han Chuan Alex Ang wrote:

 I have some problems with the Cisco 2000,

 here is the scenario, I have add in all the necessary Cisco device and
 checked their attributes to be correct

 however , when I try a topology services in Campus Manager , I am only able
 to see the cisco 6006 and cisco 3548 switches , not a single 3524 and 3512
 switches that are supposed to be detected , any patches need to done ? and
 how do I go about doing it . thank




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59342t=59338
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Off Topic but interesting - RS networking future? [7:59344]

[Howard C. Berkowitz]

Perhaps your most important point is at the end, but I'd like to 
amplify on it. The idea of a converged public Internet is probably 
not achievable. I prefer to call service providers that move packets 
IP Service Providers, as opposed to Internet Service Providers. 
It's more accurate, and reflects the very different availability and 
QoS requirements of applications, balanced against costs.

Right now, a lot of world-class router designers are unemployed or 
underemployed, because there is so much optical overcapacity that 
sophistication isn't needed, especially with private networks.  Much 
of this, of course, is the current economy, which I do expect to turn 
around. From my IETF/IRTF work, I do know that the current global 
routing system isn't going to grow forever with the BGP paradigm, and 
the best replacement is still a research problem.  Luckily, I'm able 
to keep a hand in that.

We are a long way from having every application run on a commoditized 
transport. I'll freely say that more of my income,  these days, comes 
from both network and application architecture for bleeding-edge (a 
phrase the surgeons HATE) medical systems. Now, some people here say 
you need host as well as network experience.  While I'm reasonable at 
UNIX, there's also the aspect of being able to communicate with the 
users of particularly challenging applications.  I speak fluent 
Doctor, which helps greatly, and can actually contribute to the 
clinical application designs.

Don't assume that you necessarily have to have extra computer skills 
(e.g., server administration).  Understanding an application area 
from its user perspective can generate lots of work, be that 
application telephony, medicine, law, etc. I have a friend who has 
developed a specialty in automating car dealerships, and he has more 
work than he can handle.

At 12:41 AM + 12/16/02, nrf wrote:
Henry D.  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Since we're just throwing out our thoughts here...

  I tend to disagree, following your logic, if the IP network
  becomes such a commodity, I think this would just create more
  jobs for people like us, I mean R/S guys.

Hardly.  The total jobs in a commoditized world would be much less.  That's
not to say there will be zero jobs, just less.   Again, consider the case of
electric power.  Or water.  How many companies, unless they're huge, have an
electrician or a plumber on staff?   OK, every once in awhile the company's
toilet will back up and you gotta bring somebody in.  But for the most part,
electricity and water just work.  You plug something in a wall socket and it
works.  You flush the toilet and it works.  You certainly don't need to keep
somebody on staff to take care of electricity and water, unless maybe you're
really really big and you can amortize the guy's salary over lots and lots
of facilities.  Net effect - less demand for R/S skills.

Consider the new initiatives that Cisco is trying to retrench themselves
into the service-provider environment (again).  Things like NSF, GRIP, and
things like that to increase reliability of gear.

Even though we have some of these mechanisms, we lack good management 
tools and they are still expert-intensive to set up. Cisco could do a 
much better job describing NSF, which is only a subset of some of the 
routing protocol high-availability techniques in early deployment. 
Yes, it's an adequate explanation for how to set it up for failure, 
but its effect (basically good) on provider routing can get quite 
subtle.  MPLS introduces some interesting failover methods that 
complement it.


You seem to think that once the IP
  network
  is used for the services such as Voice, the Voice people
  will have taken the jobs.

Either the existing voice people or other people who add VoX to their
skillset.


 From direct experience, it's much easier to train a data person in 
voice than vice versa.  Learning to speak telco, however, is as 
important as knowing what G.703 or SIP does.


This may be so to some degree. But from the
  last few years of my experience, I doubt there will be a data network
  acting as reliably as PSTN any time soon - as you mention about
  broadband.

Naturally not anytime soon.  But the long-term trend is clear.  IP networks
will become more and more reliable, which ultimately means that they will
fade more and more into the background.

For this reason, I think R/S folks with few extra skills
  will still be in demand for the telcos, someone has to keep on making
  this thing work, fixing, upgrading, estimating, reporting, understanding
  data networks, etc.

Again, I never said there will be zero demand.  But there will be less.
Right now, R/S skill demand is unusually heightened because the fact is that
IP networks are still pretty flaky, and so you need a bunch of guys around
just to keep the darn thing up.  The less flaky it is, the less people you
need to babysit it.


  I agree that VOIP on the Net 

Re: Question for designers (WLAN) [7:59216]

[Howard C. Berkowitz]

At 11:03 PM + 12/15/02, MikeS wrote:
The only app on the palms that seems to have staying power is the writing of
perscriptions and then sending it via wireless to be distributed. It's a
godsend given how badly some of the Docs write.

MikeS


Have you looked at the new DEA requirements for electronic 
prescribing of controlled substances? Now, I'm not saying these apply 
to a simple system that just prints the prescription at the front 
desk, but those that electronically transmit things that will go to 
an outside pharmacy. Extensive security requirements, including PKI, 
time synchronization, audit, etc., that may be marginal for a Palm.

In some respects, it's even more challenging to be more than just an 
electronic prescription pad.  There are great numbers of medical 
variables, even if you've got the drug name straight. I've been 
working on some expert systems for prescribing cardiac drugs, and it 
isn't a simple process.

Yet other challenges come from the influence of insurers and other 
third-party payors, who may have a formulary of which drugs in a 
class they will allow, or allow under certain circumstances.  There 
are quite a few plans that first require the doctor to certify either 
that over-the-counter NSAIDs (nonsteroidal anti-inflammatory drugs, 
such as ibuprofen and many prescription drugs) have been used, or 
there is medical necessity for a specific prescription NSAID. There 
are six chemical families of NSAIDs, and the insurer may want you to 
use only one in each family -- and different insurers have different 
requirements.

Other insurers have requirements such as allowing the prescribing of 
the much more expensive angiotensin-2 receptor blockers for high 
blood pressure, only if three separate (and cheaper) angiotensin 
converting enzyme inhibitors have been tried and failed.

In other words, real-world prescribing is going to start needing lots 
of data base interactions.


Howard C. Berkowitz  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  At 9:41 AM + 12/14/02, David j wrote:
  Hello friends, I have to advice what kind of wireless device we are
going
to
  buy for a hospital. If money was not a big problem what Aironet would
you
  buy? I thought about 1200 series, but it isn't approved for using
802.11a
in
  my country (only 802.11b) so I think it hasn't got many benefits over
1100
  series (these are cheaper).
  What do you think? someone has implemented a wireless network in a big
  hospital (1200 beds)?
  Any feedback would be helpful, thanks in advance.

  I'm going to answer generally with considerations about wireless in
  hospitals, rather than on the specific devices.  First, there's a
  brief review of the US privacy regulations at
  http://www.medscape.com/viewarticle/445787_print. You may need to
  register (it's free) for Medscape, which I use daily as a source of
  primarily pure medical information.

  Now, we probably haven't installed one in 12-18 months, and had bad
  interference problems with handheld devices that operated over a
  large area.  Handhelds to a bed monitor, or even in a ward, tended to
  work reasonably well, but, as has been pointed out, there are LOTS of
  interfering devices.

  I am not aware of safety studies of wireless transmission in units
  where conductors go through the skin.  Also remember that some
  instrument rooms will be electromagnetically shielded.

  During the process of installation, be sure to have plenty of
  Ethernet docking stations available that are compatible with
  handhelds.

  Our experience with PDAs is they are simply too limited for any
  serious medical application other than electronic reference books.
  We've tended to use handheld or tablet PCs, depending on display size
  and input requirements.

  For support reasons, we've tried to emphasize LINUX for these
  handhelds, if for no other reason that if they are running Windows,
  doctors (especially) will put games, stock quote, etc., applications
   on them, to the point that we don't know the software environment of
  the potentially life-critical devices we are trying to support.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59345t=59216
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Problem regarding naming of port numbers [7:59276]

[Howard C. Berkowitz]

At 8:27 AM + 12/16/02, Munit Singla wrote:
Hi ,
There default ports given in the IOS .We can use both to refer those
ports by names as well as port numbers .Can we customize it and to the
defaut list ports by names not by numbers. or I want to use it use
customized ports used for my applications by names in my access list.
Is there any command to create customized ports by Name.
See what my problem is when we make an extended access lists we can
define source and destination ports.there is standard list of ports
there to be used in access list that we can use by number or name.If we
want to customize the port according to our default application we can
add that port by number only.Is there a way to refer those ports by
names in my access list.and can we add these customized TCP/UDP ports in
the default list which is displayed, so that we can refer it when ever
we like in our access-lists by name.
Example:
access-list 100 permit tcp any any eq Nortonvirus
Here Nortonvirus keyword should refer to the port 5000. and this name
and port mapping should get added to the default list so that i can
refer later.here I am assuming nortons application is using port number
5000.

This is one of the reasons why I keep my configs on a server, 
preferably UNIX.  It's a trivial matter to define Nortonvirus as a 
macro string when you write a config, which then runs through a macro 
processor before the configuration goes into the router by TFTP or 
Telnet.  The macro processor will substitute whatever you've told it 
-- once -- what Nortonvirus maps to.

In like manner, you can write your standard passwords, access lists, 
etc., as macros.  The configurations you actually read and write (as 
a human) become much easier to follow.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59346t=59276
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Off Topic but interesting - RS networking future? [7:59347]

[nrf]

Howard C. Berkowitz  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Perhaps your most important point is at the end, but I'd like to
 amplify on it. The idea of a converged public Internet is probably
 not achievable. I prefer to call service providers that move packets
 IP Service Providers, as opposed to Internet Service Providers.
 It's more accurate, and reflects the very different availability and
 QoS requirements of applications, balanced against costs.

Yes, absolutely.  And it also has to do with security as well - especially
as it relates to accountability.  On the Internet, people have the
presupposition of anonymity which, while important, also can be used a
shield by criminals like hackers.  A private IP network carries little
presupposition of anonymity, so if you're a customer of a private network
and you're committing mischief, it is much easier to find out who you are
and terminate your connection.  There is no God-given right to a private IP
network connection the way there is with the Internet.


 Right now, a lot of world-class router designers are unemployed or
 underemployed, because there is so much optical overcapacity that
 sophistication isn't needed, especially with private networks.

This is also true and hurts not just world-class designers, but network
engineers of all stripes.  Moore's Law churns inexorably and so do advances
in optical technology.  Things like QoS matter less when you can cheaply
throw bandwidth at a problem.  Things like voice over IP matter less when
it's inexpensive to have lots of separate networks.  The ability to
carefully engineer and tweak your network is relatively less important when
bandwidth is plentiful and it therefore doesn't really matter if your
traffic takes suboptimal paths.


 Much
 of this, of course, is the current economy, which I do expect to turn
 around. From my IETF/IRTF work, I do know that the current global
 routing system isn't going to grow forever with the BGP paradigm, and
 the best replacement is still a research problem.  Luckily, I'm able
 to keep a hand in that.

I think more thought needs to go to how to turn an IP network into a
profitable service.  For all the problems of ATM, one indisputable thing
about it is that it actually creates profitable services.   I think there
has been too much emphasis on developing 'cool' IP technologies and not
enough has been made on creating profitable IP technologies.


 We are a long way from having every application run on a commoditized
 transport. I'll freely say that more of my income,  these days, comes
 from both network and application architecture for bleeding-edge (a
 phrase the surgeons HATE) medical systems. Now, some people here say
 you need host as well as network experience.  While I'm reasonable at
 UNIX, there's also the aspect of being able to communicate with the
 users of particularly challenging applications.  I speak fluent
 Doctor, which helps greatly, and can actually contribute to the
 clinical application designs.

 Don't assume that you necessarily have to have extra computer skills
 (e.g., server administration).  Understanding an application area
 from its user perspective can generate lots of work, be that
 application telephony, medicine, law, etc. I have a friend who has
 developed a specialty in automating car dealerships, and he has more
 work than he can handle.

My point was not to say that you necessarily need to have strong server
knowledge.  My point was that you needed to stretch beyond R/S.  Anybody who
tries to live on R/S alone is living on borrowed time.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59347t=59347
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Aironet 1200 [7:59310]

[Mac]

You will have to buy 2 wireless bridges.
The 350 series wireless bridges are 802.11b. 100 milliwat, and support
rp-tnc connectors, this will allow you to choose a range of antennas to use.
I would supose you have 3 major issues to worry about
1. I am assuming you have line of sight currently, are there any trees that
will grow leaves in the spring in your path?
2. Current voice and data integration - there are 2 likely ways that you may
be intagrated
a. using a channel bank on your csu-dsu e.g. 1 serial port to your pbx,
1 to your router, and the same thing on the oposite side of the T1 line
b. you are doing a voip integration with Drop and Insert cards
if you are running choice a, then you will have to deal with your voice
integration, if choice b, then you will just to reconfigure your router to
support the new wan
integration
3. Wireless security- Luckily cisco access points and bridges support
dynamic wep key rotation. If you are implimenting bridges then you will have
to configure
Leap. This makes it necessary to configure Internet Authentication
Server, or Cisco Secure ACS server, or whater radius implimentation of your
choice.

Hope this helps,
Colin McNamara


Kevin O'Gilvie  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I am looking to get rid of the fractional T1.
 We have 12 voice 12 data..
 We can save money going wireless and increse the throughput..
 I want to go 802.11b all the way..
 Isnt the bridge 11a.
 If I have antennas on both sides wont that be enough?
 Please let me know your thoughts..
 there will be about 20 users in the remote office..

 TIA,

 Kevin



 From: Charlie Wehner
 Reply-To: Charlie Wehner
 To: [EMAIL PROTECTED]
 Subject: RE: Aironet 1200 [7:59310]
 Date: Tue, 17 Dec 2002 02:07:40 GMT
 
 What type of throughput does the remote office need?  With two 1200
series
 access points you can:
 
 a) Run one AP as Root and the other in Repeater mode.
 b) Blast the signal across the street with just one AP
 
 I don't think you can bridge with 1200s series APs.  You might be better
 off
 buying 350 bridges instead depending on your environment.
 
 You could also buy a WGB to connect to one of the APs.  That's another
 option.
 _
 Add photos to your e-mail with MSN 8. Get 2 months FREE*.
 http://join.msn.com/?page=features/featuredemail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59348t=59310
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ACS Logging / Accounting [7:59308]

[Mac]

In your AAA config specify a line for
aaa accounting commands 15 default start-stop
specify whatever group or method list you wish

Cheers,
Colin McNamara




Amer  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Is there is a way to log or
account for all the exec commands that are done
 on a router or switch on an ACS server.  I have a setup where all my login
 authentication and accounting is done thru a ACS server but I was
 wondering if I could get more detailed accounting accomplished by some
means
 (if possible).  Any help would be greatly appreciated.  Thanx.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59349t=59308
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: WLANFE [7:59278]

[Mac]

it is the web interface to the 350 bridge, workgroup bridge, and Access
point
Arni V. Skarphedinsson  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Can some one tell me, what AP is focused on in the Wireless LAN for Field
 Engineers exam (WLANFE 9E0-581)

 Is it the 350,1100 or 1200, or just all of them




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59350t=59278
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN Client+IOS [7:59283]

[mjans001]

Last time iot worked for me I used another private range (than i use in
the lan) for the vpn clients, and had to triple check my access-lists,
especially the one that encrypts from lan to vpn client. Make sure that
your vpn headend (2600) is the default gateway for that vpn client lan,
or give away a static route per server.

Martijn

-Oorspronkelijk bericht-
Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Jacek
Malinowski
Verzonden: maandag 16 december 2002 22:53
Aan: [EMAIL PROTECTED]
Onderwerp: Re: VPN Client+IOS [7:59283]


I have 4 interfaces:
Serial 0/1 - public IP for example 1.1.1.1
fast 0/1 -public IP for example 2.2.2.2
fast 0/0 -LAN IP : 192.168.1.1/24
My ip address pool for VPN : 192.168.1.170-192.168.1.190
On VPN padlock i haver Ip address from router for example 192.168.1.170 
but I can't ping any address on LAN.
I don't know I am using the newest VPN Client : 
vpnclient-win-is-3.6.3.Rel-k9
I have ip nat inside on Fast 0/0 and outside on ser 0/1 but without 
doesn't work to :(.

Ben Woltz wrote:
 The IP address that your VPN Client gets from the router, are you 
 advertising that route through your network?
 
 JM  wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 
Hello
I am trying to run VPN beetwen VPN Client 3.6.2.A and Cisco 2651. On 
Cisco router I have: Software with 3DES/IP PLus/FW/IDS - Version 
12.2(11)T2 Router has 4 interfaces:
serial 0/1 - Internet here I gave cryptomap
fasteth 0/1 -DMZ
fasteth 0/0 -LAN ( here I want to be tgrough VPN)
I have the same configuration like in TAC help :
http://www.cisco.com/warp/customer/471/ipsecrouter_vpn.html
VPN Client can login inside router, and I have ipaddress from router,
but I don't see anything. I can't ping.
I have question ?
Where am Im inside the router ? I am in,  but I don't see anything.
When I will have : ip access-list out on fast0/0 (LAN) what should I
enable ? I have nat inside on fast 0/0 and outside on ser 0/1
Regards
JM




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59352t=59283
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

regL ICMP in ATM network [7:59354]

[swamy]

I have a doubt is ICMP works on ATM Network, as I  tried to pring to any one
on external network through ATM Network of a service provider is not going,
why-can any one clarify me in this regard.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59354t=59354
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]