Problem regarding naming of port numbers [7:59276]
Hi , There default ports given in the IOS .We can use both to refer those ports by names as well as port numbers .Can we customize it and to the defaut list ports by names not by numbers. or I want to use it use customized ports used for my applications by names in my access list. Is there any command to create customized ports by Name. See what my problem is when we make an extended access lists we can define source and destination ports.there is standard list of ports there to be used in access list that we can use by number or name.If we want to customize the port according to our default application we can add that port by number only.Is there a way to refer those ports by names in my access list.and can we add these customized TCP/UDP ports in the default list which is displayed, so that we can refer it when ever we like in our access-lists by name. Example: access-list 100 permit tcp any any eq Nortonvirus Here Nortonvirus keyword should refer to the port 5000. and this name and port mapping should get added to the default list so that i can refer later.here I am assuming nortons application is using port number 5000. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59276t=59276 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BR0:1 DDR: No callback negotiated [7:59277]
I have two isdn routers r2 (callback client) and r5 (callback server). without callback configuration r2 will connect to r5 successfully. With the callback configuration added, r5 will disconnect the call and will not callback r2. Can some one figure out what is wrong with my configuration? I have included configuration of both routers and the result of debug dialer on r5. It seems to me that r2 is not negotiating callback. R5-2503#show debug Dial on demand: Dial on demand events debugging is on R5-2503# 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up R5-2503# Mar 3 11:05:34.703: BR0:1 DDR: No callback negotiated Mar 3 11:05:34.703: BR0:1 DDR: disconnecting call 2d11h: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from 8358661 r2, call lasted 2 seconds 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down R5-2503# Mar 3 11:05:34.851: BR0:1 DDR: disconnecting call R5-2503# 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up R5-2503# Mar 3 11:05:40.179: BR0:1 DDR: No callback negotiated Mar 3 11:05:40.179: BR0:1 DDR: disconnecting call 2d11h: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from 8358661 r2, call lasted 4 seconds 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down R5-2503# Mar 3 11:05:40.331: BR0:1 DDR: disconnecting call R5-2503#show run hostname r5-2503 ! interface BRI0 ip address 10.10.10.2 255.255.255.0 ip access-group 101 in encapsulation ppp dialer callback-secure dialer map ip 10.10.10.1 name r2 class eng broadcast 8358661 dialer-group 1 isdn switch-type basic-ni isdn spid1 0835866201 isdn spid2 0835866401 cdapi buffers regular 0 cdapi buffers raw 0 cdapi buffers large 0 ppp callback accept ppp authentication chap ppp chap hostname r5 ppp multilink ! ! map-class dialer eng dialer callback-server username - hostname r2-2516 ! interface Dialer1 ip address 10.10.10.1 255.255.255.0 no ip directed-broadcast encapsulation ppp dialer remote-name r5 dialer string 8358662 dialer pool 1 dialer-group 1 ntp broadcast pulse-time 0 ppp callback request ppp chap hostname r2 ! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59277t=59277 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
WLANFE [7:59278]
Can some one tell me, what AP is focused on in the Wireless LAN for Field Engineers exam (WLANFE 9E0-581) Is it the 350,1100 or 1200, or just all of them Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59278t=59278 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MPLS MTU [7:59280]
when I put command MPLS MTU 1512 on both ends of a serial interface and try to ping from one side to the other with packet sizes greater than 1500 and less than or equal 1512 with don't fragment bit set the packets are dropped any ideas? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59280t=59280 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: All doors are closed.. [7:59233]
If this is a new cisco router and has an unconfigured serial port I suggest you put this on to another side of an active serial link and power on the router. The router will configure itself using slarp process it will get an incremental ip address. For eg: R1 R2 (damaged one) S0:-172.16.10.1/30 --Serial link-- S0:- 172.16.10.2/30 ( it will get this by slarp process). U cud try telnet into this ip address. I am assuming that the router is configured with basics. HTH Murali -Original Message- From: ciscoGo2002 [mailto:[EMAIL PROTECTED]] Sent: Sunday, December 15, 2002 5:05 PM To: [EMAIL PROTECTED] Subject:All doors are closed.. [7:59233] Hello folks, A friend of mine have a serius problem with a Cisco 1720 router. This router has the console port broken, it doesn't work. He usually get into the router using the aux port in order to configure the device.They tried to download a new config using Cisco Config Maker and downloading it by de aux port. The result is that now the aux port is closed and the Ethernet port doesn't respond anymore. We don't know what happened with Cisco Config Maker, the real important thing is that we need to recover the access to the router. We cannot use the console port because it is broken, the aux port is closed (I guess that Cisco Config Maker closed it by default), and the ethernet is not responding (maybe Cisco Works put it in shut??). All the doors are closed!!! There is no time, we need to install this box this week!!! Help! We have read the cisco cco and the 1720 has a dimm memory and a miniflash memory, (please correct us if we are wrong). We suppose that the miniflash memory stores the config (it works like nvram too?) and if we can open the box and replace this mini-flash with another one maybe it will work again... We really appreciate your help, and my friend will pay one beer if you can send us any idea... Very important: Please send your reply with a copy to these address: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] because we have a problem with our mail... Thanks a lot! ___ Yahoo! Sorteos Consulta si tu nzmero ha sido premiado en Yahoo! Sorteos http://loteria.yahoo.es Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59281t=59233 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN Client+IOS [7:59283]
Hello I am trying to run VPN beetwen VPN Client 3.6.2.A and Cisco 2651. On Cisco router I have: Software with 3DES/IP PLus/FW/IDS - Version 12.2(11)T2 Router has 4 interfaces: serial 0/1 - Internet here I gave cryptomap fasteth 0/1 -DMZ fasteth 0/0 -LAN ( here I want to be tgrough VPN) I have the same configuration like in TAC help : http://www.cisco.com/warp/customer/471/ipsecrouter_vpn.html VPN Client can login inside router, and I have ipaddress from router, but I don't see anything. I can't ping. I have question ? Where am Im inside the router ? I am in, but I don't see anything. When I will have : ip access-list out on fast0/0 (LAN) what should I enable ? I have nat inside on fast 0/0 and outside on ser 0/1 Regards JM Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59283t=59283 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Problem Regarding DLCI [7:59282]
Hi all, Can anybody tell me that whenever we buy a frame-relay connection from an ISP they should whether always give me the DLCI number as you know that on the multipoint interface (Main Interface) it can be autodetected also. if we dont have the hub and spoke model we dont require map commands also.The Questions is in that do ISPs always assign or there some ISPs is Market who dont assign DLCI numbers to their customers when going for frame-realy information.. Thanx in Advance. Regards, Munit Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59282t=59282 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: WIC-1t Compatibility [7:59223]
Thin blade connector? Are you referring to a smart serial interface? Check the IOS version and make sure it is compatible with the module. If that doesnt work, I'd say you've got a bad card. thanks, -Brad Ellis CCIE#5796 (RS / Security) Network Learning Inc [EMAIL PROTECTED] www.optsys.net (Cisco hardware) Phil Lorenz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a 2620 here @ the house and I purchased a new WIC-1T, with the semi annoying thin blade connector, off of Ebay. I installed the interface and it is not recognized by the router. I replaced this module with a known good WIC-2T and everything worked perfectly. Any advice here? Thanks Phil Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59240t=59223 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: WIC-1t Compatibility [7:59223]
Try to upgrade de IOS -Original Message- From: Phil Lorenz [mailto:[EMAIL PROTECTED]] Sent: domingo, 15 de Dezembro de 2002 16:11 To: [EMAIL PROTECTED] Subject: WIC-1t Compatibility [7:59223] I have a 2620 here @ the house and I purchased a new WIC-1T, with the semi annoying thin blade connector, off of Ebay. I installed the interface and it is not recognized by the router. I replaced this module with a known good WIC-2T and everything worked perfectly. Any advice here? Thanks Phil Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59279t=59223 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Cisco Accessories for Sale [7:59231]
Hello Group, I have some bits and pieces to sell that can be useful for a home lab: 5x Back-to-Back cables 5x Ethernet Transceivers (for 2500 routers) 7x 8MB Flash for 2500 1x 32MB DRAM for 2600 1x 16MB DRAM for 2600 2x 16MB Flash for 2600 2x WIC-1T modules 1x NM-4A/S module Thanks Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59231t=59231 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN within intranet? [7:59284]
Can I have a VPN within my organization.my setup as follows HostAin(PIX-A)dmz-out(Pix-B)dmz-HostB Can I have a VPN established between dmz of PIX A and outside of PIX B.both are in same segment (172.16.1.xxx)Let me know if u got any example.Just for testing _ Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year. http://login.mail.lycos.com/brandPage.shtml?pageId=plusref=lmtplus Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59284t=59284 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BR0:1 DDR: No callback negotiated [7:59277]
Hi, Take a look at this: Configuring ISDN Caller ID Callback http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_configuratio n_guide_chapter09186a0080087218.html#xtocid91368 John Tafasi wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have two isdn routers r2 (callback client) and r5 (callback server). without callback configuration r2 will connect to r5 successfully. With the callback configuration added, r5 will disconnect the call and will not callback r2. Can some one figure out what is wrong with my configuration? I have included configuration of both routers and the result of debug dialer on r5. It seems to me that r2 is not negotiating callback. R5-2503#show debug Dial on demand: Dial on demand events debugging is on R5-2503# 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up R5-2503# Mar 3 11:05:34.703: BR0:1 DDR: No callback negotiated Mar 3 11:05:34.703: BR0:1 DDR: disconnecting call 2d11h: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from 8358661 r2, call lasted 2 seconds 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down R5-2503# Mar 3 11:05:34.851: BR0:1 DDR: disconnecting call R5-2503# 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up R5-2503# Mar 3 11:05:40.179: BR0:1 DDR: No callback negotiated Mar 3 11:05:40.179: BR0:1 DDR: disconnecting call 2d11h: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from 8358661 r2, call lasted 4 seconds 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down R5-2503# Mar 3 11:05:40.331: BR0:1 DDR: disconnecting call R5-2503#show run hostname r5-2503 ! interface BRI0 ip address 10.10.10.2 255.255.255.0 ip access-group 101 in encapsulation ppp dialer callback-secure dialer map ip 10.10.10.1 name r2 class eng broadcast 8358661 dialer-group 1 isdn switch-type basic-ni isdn spid1 0835866201 isdn spid2 0835866401 cdapi buffers regular 0 cdapi buffers raw 0 cdapi buffers large 0 ppp callback accept ppp authentication chap ppp chap hostname r5 ppp multilink ! ! map-class dialer eng dialer callback-server username - hostname r2-2516 ! interface Dialer1 ip address 10.10.10.1 255.255.255.0 no ip directed-broadcast encapsulation ppp dialer remote-name r5 dialer string 8358662 dialer pool 1 dialer-group 1 ntp broadcast pulse-time 0 ppp callback request ppp chap hostname r2 ! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59286t=59277 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BR0:1 DDR: No callback negotiated [7:59277]
See John after looking at your problen can Just tell me that are u able to place a call from r5 to r2 and vice versa without cal back,You have mentioned from r2 to r5 but whart abt the reverse. More over where is the username and password command here for authentication in the configuration.Please send u full configurations and moreover do enable debug ppp authentication so that we may look into more deeply abt the problem. Munit Charlie wrote: Hi, Take a look at this: Configuring ISDN Caller ID Callback http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_configuratio n_guide_chapter09186a0080087218.html#xtocid91368 John Tafasi wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have two isdn routers r2 (callback client) and r5 (callback server). without callback configuration r2 will connect to r5 successfully. With the callback configuration added, r5 will disconnect the call and will not callback r2. Can some one figure out what is wrong with my configuration? I have included configuration of both routers and the result of debug dialer on r5. It seems to me that r2 is not negotiating callback. R5-2503#show debug Dial on demand: Dial on demand events debugging is on R5-2503# 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up R5-2503# Mar 3 11:05:34.703: BR0:1 DDR: No callback negotiated Mar 3 11:05:34.703: BR0:1 DDR: disconnecting call 2d11h: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from 8358661 r2, call lasted 2 seconds 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down R5-2503# Mar 3 11:05:34.851: BR0:1 DDR: disconnecting call R5-2503# 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up R5-2503# Mar 3 11:05:40.179: BR0:1 DDR: No callback negotiated Mar 3 11:05:40.179: BR0:1 DDR: disconnecting call 2d11h: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from 8358661 r2, call lasted 4 seconds 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down R5-2503# Mar 3 11:05:40.331: BR0:1 DDR: disconnecting call R5-2503#show run hostname r5-2503 ! interface BRI0 ip address 10.10.10.2 255.255.255.0 ip access-group 101 in encapsulation ppp dialer callback-secure dialer map ip 10.10.10.1 name r2 class eng broadcast 8358661 dialer-group 1 isdn switch-type basic-ni isdn spid1 0835866201 isdn spid2 0835866401 cdapi buffers regular 0 cdapi buffers raw 0 cdapi buffers large 0 ppp callback accept ppp authentication chap ppp chap hostname r5 ppp multilink ! ! map-class dialer eng dialer callback-server username - hostname r2-2516 ! interface Dialer1 ip address 10.10.10.1 255.255.255.0 no ip directed-broadcast encapsulation ppp dialer remote-name r5 dialer string 8358662 dialer pool 1 dialer-group 1 ntp broadcast pulse-time 0 ppp callback request ppp chap hostname r2 ! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59288t=59277 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BR0:1 DDR: No callback negotiated [7:59289]
Do you have username configured? Tony Schaffran Network Analyst CCNP, CCNA, CCDA, NNCDS, NNCSS, CNE, MCSE CCOnlineLabs.com http://www.cconlinelabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tafasi Sent: Monday, December 16, 2002 1:32 AM To: Cisco Group Study; ccielab Subject: BR0:1 DDR: No callback negotiated I have two isdn routers r2 (callback client) and r5 (callback server). without callback configuration r2 will connect to r5 successfully. With the callback configuration added, r5 will disconnect the call and will not callback r2. Can some one figure out what is wrong with my configuration? I have included configuration of both routers and the result of debug dialer on r5. It seems to me that r2 is not negotiating callback. R5-2503#show debug Dial on demand: Dial on demand events debugging is on R5-2503# 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up R5-2503# Mar 3 11:05:34.703: BR0:1 DDR: No callback negotiated Mar 3 11:05:34.703: BR0:1 DDR: disconnecting call 2d11h: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from 8358661 r2, call lasted 2 seconds 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down R5-2503# Mar 3 11:05:34.851: BR0:1 DDR: disconnecting call R5-2503# 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up R5-2503# Mar 3 11:05:40.179: BR0:1 DDR: No callback negotiated Mar 3 11:05:40.179: BR0:1 DDR: disconnecting call 2d11h: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from 8358661 r2, call lasted 4 seconds 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down R5-2503# Mar 3 11:05:40.331: BR0:1 DDR: disconnecting call R5-2503#show run hostname r5-2503 ! interface BRI0 ip address 10.10.10.2 255.255.255.0 ip access-group 101 in encapsulation ppp dialer callback-secure dialer map ip 10.10.10.1 name r2 class eng broadcast 8358661 dialer-group 1 isdn switch-type basic-ni isdn spid1 0835866201 isdn spid2 0835866401 cdapi buffers regular 0 cdapi buffers raw 0 cdapi buffers large 0 ppp callback accept ppp authentication chap ppp chap hostname r5 ppp multilink ! ! map-class dialer eng dialer callback-server username - hostname r2-2516 ! interface Dialer1 ip address 10.10.10.1 255.255.255.0 no ip directed-broadcast encapsulation ppp dialer remote-name r5 dialer string 8358662 dialer pool 1 dialer-group 1 ntp broadcast pulse-time 0 ppp callback request ppp chap hostname r2 ! FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BCRAN 640-605 test [7:59234]
Those I got (a month ago) were IOS based. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59290t=59234 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic - other CCIE study materials [7:59230]
You can also try my site. http://www.mymucus.com I'm offering no-cost rack access. (7 Routers, 1 Cat 2926). I just put it up, its a work in progress, however the important parts work. Jarett The Long and Winding Road wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... just ran into this one while cruising a particular auction site. www.lamernetworks.com CCIE rack rental at very reasonable prices. seem to have a single 3550 along with a 3900 switch. also appear to be auctioning CCIE level lab scenarios on you-know-where. FYI -- TANSTAAFL there ain't no such thing as a free lunch Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59291t=59230 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Selective NAT [7:59287]
Is it possible to use extended ip access-lists for NATing. Basically i want traffic from a particular subnet destined for a particular subnet only to be NATed?? All other traffic should not be NATed. Cheers Simon Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59287t=59287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Selective NAT [7:59287]
This one's for you Dwayne: I've never done it before but I know you can NAT based on source address. I believe you would use the ip nat inside source list command. Then, I guess you would apply an access-list to the destination subnet allowing only the NATed addresses and deny all others. Somebody correct me if I'm way off base. wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Is it possible to use extended ip access-lists for NATing. Basically i want traffic from a particular subnet destined for a particular subnet only to be NATed?? All other traffic should not be NATed. Cheers Simon Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59292t=59287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Selective NAT [7:59287]
wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Is it possible to use extended ip access-lists for NATing. Basically i want traffic from a particular subnet destined for a particular subnet only to be NATed?? All other traffic should not be NATed. it's a form of policy routing and can be done. it's kinda neet, actually. if you have a CCO account, check out http://www.cisco.com/en/US/customer/tech/tk648/tk361/technologies_tech_note0 9186a0080093fca.shtml watch the wrap I've played with this in my lab, and I have a customer network that has a variation of this as part of the security plan. Cheers Simon Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59293t=59287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Selective NAT [7:59287]
wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Is it possible to use extended ip access-lists for NATing. Basically i want traffic from a particular subnet destined for a particular subnet only to be NATed?? All other traffic should not be NATed. as a follow up - here is an excerpt from the link in the previous message: Route Map Approach The correct way to configure the example in this document is to use route maps. With a route map approach, you would do the following to translate the hosts on 10.1.1.0: ip nat pool pool-108 131.108.2.1 131.108.2.254 prefix-length 24 ip nat pool pool-118 131.118.2.1 131.118.2.254 prefix-length 24 ip nat inside source route-map MAP-108 pool pool-108 ip nat inside source route-map MAP-118 pool pool-118 interface ethernet0 ip address 10.1.1.1 255.255.255.0 ip nat inside interface ethernet1 ip address 10.1.2.1 255.255.255.0 ip nat outside access-list 108 permit ip 10.1.1.0 0.0.0.255 131.108.1.0 0.0.0.255 access-list 118 permit ip 10.1.1.0 0.0.0.255 131.118.1.0 0.0.0.255 route-map MAP-108 permit 10 match ip address 108 route-map MAP-118 permit 10 match ip address 118 Cheers Simon Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59294t=59287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic but interesting - RS networking future? [7:59296]
nrf wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Henry D. wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Since we're just throwing out our thoughts here... I tend to disagree, following your logic, if the IP network becomes such a commodity, I think this would just create more jobs for people like us, I mean R/S guys. Hardly. The total jobs in a commoditized world would be much less. That's not to say there will be zero jobs, just less. Again, consider the case of electric power. Or water. How many companies, unless they're huge, have an electrician or a plumber on staff? OK, every once in awhile the company's toilet will back up and you gotta bring somebody in. But for the most part, electricity and water just work. You plug something in a wall socket and it works. You flush the toilet and it works. You certainly don't need to keep somebody on staff to take care of electricity and water, unless maybe you're really really big and you can amortize the guy's salary over lots and lots of facilities. Net effect - less demand for R/S skills. CL: OTOH, there are plenty of guys driving around in their trucks doing just that. I don't know the typical annual income for Joe the plumber or Bill the electrician ( and just so the PC people don't get on my case, I have yet to meet Mary or Jill in those lines of business ) but I believe there are more of them today than there were a decade ago. In other words, the downwards pressure on salaries will continue longer term. CL: not too many years ago, just prior to the high tech boom, there were wise people out there reminding us that while the demand for tech related jobs would quintuple, in absolute numbers there would be need for more janitors than for high tech people. CL: just the kind of intelligent conversation I enjoy. thanks guys. Consider the new initiatives that Cisco is trying to retrench themselves into the service-provider environment (again). Things like NSF, GRIP, and things like that to increase reliability of gear. Hey, that's real good for Cisco, but that ultimately means that as IP networks become more reliable, they just fade into the background and become a commodity, just like electricity. Let's be perfectly honest. A network that is super-reliable and super-redundant is a network that doesn't really need you around to babysit it. Ok, they might need to bring in a consultant whenever they want to make changes. But again, the net effect is less overall R/S jobs. You seem to think that once the IP network is used for the services such as Voice, the Voice people will have taken the jobs. Either the existing voice people or other people who add VoX to their skillset. This may be so to some degree. But from the last few years of my experience, I doubt there will be a data network acting as reliably as PSTN any time soon - as you mention about broadband. Naturally not anytime soon. But the long-term trend is clear. IP networks will become more and more reliable, which ultimately means that they will fade more and more into the background. For this reason, I think R/S folks with few extra skills will still be in demand for the telcos, someone has to keep on making this thing work, fixing, upgrading, estimating, reporting, understanding data networks, etc. Again, I never said there will be zero demand. But there will be less. Right now, R/S skill demand is unusually heightened because the fact is that IP networks are still pretty flaky, and so you need a bunch of guys around just to keep the darn thing up. The less flaky it is, the less people you need to babysit it. I agree that VOIP on the Net will not change how the telcos work. It's one thing to have a customer use the Internet for placing calls, the customer's expectations are already set low, knowing the Quality will not be as great. But when you pick up the receiver at home, you expect current quality, no delays, no noise, no whatever. Internet is simply too unpredictable for Carrier class Voice. Yes, and so I expect private IP networks to take over. Convergence upon the Internet is most likely a red herring Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59296t=59296 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Load Balancing Firewalls [7:59183]
OK I figured this one out with some help :) I just need to get the 4 Port DMZ card and designate two of the interfaces as IN using security levels. The failover has a DMZ card too, so I can failover all 4 interfaces in an emergency. Plus 1 Port for the failover. Thanks to the people helping me offline, these scenarios are getting really complex. My next task is figuring how to take two T1s and make them act as a single unit while providing redundancy. Thanks :) -Original Message- From: Brian Zeitz Sent: Friday, December 13, 2002 2:02 PM To: [EMAIL PROTECTED] Subject: RE: Load Balancing Firewalls [7:59183] Actually, management change the diagram on me :( T1---3640---515UR with failover T1---3640---^ Both T1s going into a single 515UR with a standby unit. I figured out the first scenario, I just thought of it as it as being in different locations and use global load balancing on the LBs. This second scenario I don't know if it is possible, I would have 2 IPs coming from the e0/0 on the router, into only 1 Pix interface which I don't know if it is possible -Original Message- From: Brian Zeitz Sent: Friday, December 13, 2002 12:03 PM To: [EMAIL PROTECTED] Subject: Load Balancing Firewalls [7:59183] I have just been given the task of setting up a website with load balancing. T1 --- 3640Pix 515 UR+4E--Load balancer T1 --- 3640---Pix 515 UR+4ELoad balancer The Pix 515 are separate full units, I got another on because I know you cannot use the failover as an active unit. My load balancers are not active/active. But if I use them separately, they can run independently. I need to run just one website like www.mydomain.com My managers would like both T1s to be used, but can also act as a failover. Can anyone give me any pointers or tell me of any pitfalls before I dive into this task? I thought about HSRP, would this work if I had redundant firewalls? Can you cluster pix firwalls? I don't think you can, I wish I could. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59297t=59183 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IOS command question, pls help [7:59266]
You should be able to find these commands in the command reference (funnily enough)- http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122mindx/index.htm Get to know this site well, it is your life! - http://www.cisco.com/univercd/home/home.htm It contains all of the documentation you will ever need. Go to it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59298t=59266 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BR0:1 DDR: No callback negotiated [7:59300]
Yes, and the ping work fine when there is no callback configuration on the routers. - Original Message - From: Tony Schaffran To: 'John Tafasi' ; 'Cisco Group Study' ; 'ccielab' Sent: Monday, December 16, 2002 7:24 AM Subject: RE: BR0:1 DDR: No callback negotiated Do you have username configured? Tony Schaffran Network Analyst CCNP, CCNA, CCDA, NNCDS, NNCSS, CNE, MCSE CCOnlineLabs.com http://www.cconlinelabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tafasi Sent: Monday, December 16, 2002 1:32 AM To: Cisco Group Study; ccielab Subject: BR0:1 DDR: No callback negotiated I have two isdn routers r2 (callback client) and r5 (callback server). without callback configuration r2 will connect to r5 successfully. With the callback configuration added, r5 will disconnect the call and will not callback r2. Can some one figure out what is wrong with my configuration? I have included configuration of both routers and the result of debug dialer on r5. It seems to me that r2 is not negotiating callback. R5-2503#show debug Dial on demand: Dial on demand events debugging is on R5-2503# 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up R5-2503# Mar 3 11:05:34.703: BR0:1 DDR: No callback negotiated Mar 3 11:05:34.703: BR0:1 DDR: disconnecting call 2d11h: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from 8358661 r2, call lasted 2 seconds 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down R5-2503# Mar 3 11:05:34.851: BR0:1 DDR: disconnecting call R5-2503# 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up R5-2503# Mar 3 11:05:40.179: BR0:1 DDR: No callback negotiated Mar 3 11:05:40.179: BR0:1 DDR: disconnecting call 2d11h: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from 8358661 r2, call lasted 4 seconds 2d11h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down R5-2503# Mar 3 11:05:40.331: BR0:1 DDR: disconnecting call R5-2503#show run hostname r5-2503 ! interface BRI0 ip address 10.10.10.2 255.255.255.0 ip access-group 101 in encapsulation ppp dialer callback-secure dialer map ip 10.10.10.1 name r2 class eng broadcast 8358661 dialer-group 1 isdn switch-type basic-ni isdn spid1 0835866201 isdn spid2 0835866401 cdapi buffers regular 0 cdapi buffers raw 0 cdapi buffers large 0 ppp callback accept ppp authentication chap ppp chap hostname r5 ppp multilink ! ! map-class dialer eng dialer callback-server username - hostname r2-2516 ! interface Dialer1 ip address 10.10.10.1 255.255.255.0 no ip directed-broadcast encapsulation ppp dialer remote-name r5 dialer string 8358662 dialer pool 1 dialer-group 1 ntp broadcast pulse-time 0 ppp callback request ppp chap hostname r2 ! . Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59300t=59300 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Darth Reid R1 Access-list [7:58644]
You are assuming that I (and others in this discussion) do not know how to figure out wild card masks, which is not the focus of the question. Please, take a step back and really try to listen. I appreciate your opinion and I am very grateful that you are taking the time help. But, you are not really listening. Does Cisco want the smallest ACL or a practical answer to this question? I do not want to be in the Lab with a question like this and attack it with the wrong perspective. In addition, I made an attempt to figure it out on my own -Yes, I did use the BOSON to check my answer - nothing wrong with that. I asked the question to invite a technical discussion to attack the question as a Team. The level of experience among members of the discussion group is irrelevant to me. I just wanted a serious attempt to answer the question and not to be talk down too. Just to let you know I have failed the CCIE lab exam twice and I do not want to fail it again (like I can control that, though). I have my own opinion as to how Cisco wants the question answered, but I would like to hear from other experts, like yourself, in order to stay on track - call it a sanity check. In this way I can compare notes and make the best decision in order to be prepared for the next lab attempt. Anyway, working together, we should be able to tackle this - thanks Ted P.S. What's confusing to me is how Cisco's answer is not very practical. When working on routing protocols, the rules cannot be half-a**ed . But, this question is very misleading - at least from a practical viewpoint. I mean, suppose you get answer that is two ACL lines in size, but it blocks even more networks than the answer above. One could argue that it is also correct - just a bit more general than Cisco's answer. Seems too subjective to me. If that is the way it is - oh well. Any comments? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59299t=58644 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: dialer remote name/ppp chap hostname [7:59224]
Keith, Its to do with the order in which the call is handled. The dialer-remote name is what allows the incomming call to be bound to the dialer. Otherwise IOS has no way of knowing which dialer the call is for. The call must authenticate first, then get the remote name from chap, then lookup the dialer. No dialer remote name, no call binding. LCP will complete, but you will get no IPCP nego because the call has not bound to an IP enabled Dialer. PPP chap host is only used as an outgoing alternative hostname if the device at the other end is not a cisco router, or there is some other reason why you do not want to identify your router with its real hostname. Get rid of the ppp chap hostname commands put the dialer remote names back in, make sure the local prompt matches the remote user and remote dialer remote statement each way and it will work. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59301t=59224 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Selective NAT [7:59287]
Yes Dave [EMAIL PROTECTED] wrote: Is it possible to use extended ip access-lists for NATing. Basically i want traffic from a particular subnet destined for a particular subnet only to be NATed?? All other traffic should not be NATed. Cheers Simon -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59295t=59287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic but interesting - RS networking future? [7:59302]
CL: OTOH, there are plenty of guys driving around in their trucks doing just that. I don't know the typical annual income for Joe the plumber or Bill the electrician ( and just so the PC people don't get on my case, I have yet to meet Mary or Jill in those lines of business ) but I believe there are more of them today than there were a decade ago. In other words, the downwards pressure on salaries will continue longer term. Again, I didn't say that there would be no demand for plain-vanilla networking people, I said there would be less. Just like there still is demand for electricians and plumbers - but it's not like every company needs one (or several) on staff. Rather, I think the electrician/plumber model will be what networking will turn into.Landlords might have a few of these guys to handle all their properties (where they can amortize the salaries across their various real-estate holdings). But small to medium sized company won't have anybody on staff - when something breaks, they'll just whip out the Yellow Pages and 'call the IP guy'. This is a far cry from today when most companies of any size need a network guy. Net effect - less total jobs for networking. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59302t=59302 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Test Message!Please ignore [7:59304]
__ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59304t=59304 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
3550 L3 Setup [7:59305]
I need help on configuring L3 on a 3550. Currently, I have (2) 3550 12Ts that are connected to (2) 3508 Gs, which then connect to 3524/3548s. I am trying to configure L3 routing on the 3550s. The 3550s have GB ports and vlans. Do I use the GB port or the vlans? Since there are two 3550s don't I have to use HSRP. This is my first 3550 setup for L3. Any help will be appreciated. Naomi James Computer Services and Information Technology Savannah State University 912-356-2509 [GroupStudy.com removed an attachment of type image/gif which had a name of Mabelt.gif] [GroupStudy.com removed an attachment of type image/gif which had a name of Mabelb.gif] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59305t=59305 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
DSL/Cable Load Balancer [7:59306]
Hey, This is a little off topic, but I have been searching for hours with no results. There was a device featured in a magazine (Maximum or T3) that you could plug in both Cable and DSL lines and load balance in between both. Now I need this device and cannot find it. Does anybody know of it? I want a simple solution to this problem. Any help would be appreciated. Thanks, Robert Raver Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59306t=59306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DSL/Cable Load Balancer [7:59306]
Robert Raver wrote in message ... This is a little off topic, but I have been searching for hours with no results. There was a device featured in a magazine (Maximum or T3) that you could plug in both Cable and DSL lines and load balance in between both. Now I need this device and cannot find it. Does anybody know of it? I want a simple solution to this problem. Any help would be appreciated. It seems like you could only load balance sessions and not packets, which would be pretty useless in almost all circumstances. Might I instead suggest that you simply upgrade your bandwidth (simple, easy way) or use another hack like a download manager tool (about as tricky as a Cable/DSL load-balancer)? http://download.com.com/3150-2071-0.html?tag=stbc.gp -dre Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59307t=59306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ACS Logging / Accounting [7:59308]
Is there is a way to log or account for all the exec commands that are done on a router or switch on an ACS server. I have a setup where all my login authentication and accounting is done thru a ACS server but I was wondering if I could get more detailed accounting accomplished by some means (if possible). Any help would be greatly appreciated. Thanx. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59308t=59308 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Aironet 1200 [7:59310]
Dear All, I am purchasing (2) the Cisco Aironet 1200 and respective outdoor antennas to connect a remote office across the street, I am wondering if anyone has done this and has some advice for me.. -Kevin Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59310t=59310 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BRI config [7:59311]
I have alot of isdn experience as it relates to configuring PRI fro voice circuits for VOIP however very little bri data config experience. In preparation for the lab i have to bri's configured back to back that I am having difficulty with. what am i missing related config r1 interface BRI0 ip address 100.100.1.1 255.255.255.252 encapsulation ppp dialer map ip 100.100.1.2 name r2 speed 56 broadcast r6 dialer-group 1 isdn switch-type basic-ni isdn spid1 0625866201 7356661 isdn spid2 0835866301 4356662 ! ! access-list 101 permit ip any any dialer-list 1 protocol ip list 101 r2 interface BRI0 ip address 100.100.1.2 255.255.255.252 encapsulation ppp dialer map ip 100.100.1.1 name r1 speed 56 broadcast dialer-group 1 isdn switch-type basic-ni isdn spid1 0703866201 7357662 isdn spid2 0743866401 7357664 ! ! access-list 101 permit ip any any dialer-list 1 protocol ip list 101 i realize this is very basic but thanks for any help Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59311t=59311 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Selective NAT [7:59287]
Yes, I had to do this for a customer and it is quite straight forward. Symon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: 16 December 2002 15:15 To: [EMAIL PROTECTED] Subject: Selective NAT [7:59287] Is it possible to use extended ip access-lists for NATing. Basically i want traffic from a particular subnet destined for a particular subnet only to be NATed?? All other traffic should not be NATed. Cheers Simon = This email has been content filtered and subject to spam filtering. If you consider this email is unsolicited please forward the email to [EMAIL PROTECTED] and request that the sender's domain be blocked from sending any further emails. = Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59309t=59287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Work 2000 Manual user guide [7:58959]
I think that you're right. This is (probably) one of the many sales-oriented tools. It might have something technical, but not at the level you are looking for. But it's cheap, isn't it? I'll look for something else then. -- Leonardo Furtado Network Engineering and Security Architecture Mark Smith wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... How is that CBT, Leonardo? Most of the Cisco CBT's I see on eBay are geared more to sales folks and, from what I gather, not too technical. Is this one for folks that acutally install/configure/use the product or a 500 feet high overview that highlights the strong points from a selling prespective? Thanks. Quoting Leonardo FUK : You may try these links: Documentation: http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/index.htm Self-paced CBT http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem 79712034category225 Leonardo Han Chuan Alex Ang wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... hi, Anybody have ideas on book or site that reveal good information on how to install, configure and use Cisco Work 2000, thanks [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59303t=58959 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 3550 L3 Setup [7:59305]
Naomi James wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I need help on configuring L3 on a 3550. Currently, I have (2) 3550 12Ts that are connected to (2) 3508 Gs, which then connect to 3524/3548s. I am trying to configure L3 routing on the 3550s. The 3550s have GB ports and vlans. Do I use the GB port or the vlans? yes! ( can use either the physical port or the SVI ) Since there are two 3550s don't I have to use HSRP. only if you want to, but yes you can HSRP peer to either another L3 switch or a router on the same segment. This is my first 3550 setup for L3. Any help will be appreciated. the 3550 docs on CCO are pretty good. check 'em out. Naomi James Computer Services and Information Technology Savannah State University 912-356-2509 [GroupStudy.com removed an attachment of type image/gif which had a name of Mabelt.gif] [GroupStudy.com removed an attachment of type image/gif which had a name of Mabelb.gif] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59312t=59305 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 3550 L3 Setup [7:59305]
You can use a vlan interface or a gig or copper interface. Thats your call... you can also use one interface on each 3550 and use hsrp if you so desire Larry Naomi James wrote: I need help on configuring L3 on a 3550. Currently, I have (2) 3550 12Ts that are connected to (2) 3508 Gs, which then connect to 3524/3548s. I am trying to configure L3 routing on the 3550s. The 3550s have GB ports and vlans. Do I use the GB port or the vlans? Since there are two 3550s don't I have to use HSRP. This is my first 3550 setup for L3. Any help will be appreciated. Naomi James Computer Services and Information Technology Savannah State University 912-356-2509 [GroupStudy.com removed an attachment of type image/gif which had a name of Mabelt.gif] [GroupStudy.com removed an attachment of type image/gif which had a name of Mabelb.gif] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59313t=59305 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Selective NAT [7:59287]
IIRC when you use route-maps you should note that the NAT is session-based (like with twice-NAT) with various consequences: you cannot make new connections into the inside global address without NAPT (PAT) you may use your pool addresses rather quicker than you envisaged rgds Marc The Long and Winding Road wrote: wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Is it possible to use extended ip access-lists for NATing. Basically i want traffic from a particular subnet destined for a particular subnet only to be NATed?? All other traffic should not be NATed. as a follow up - here is an excerpt from the link in the previous message: Route Map Approach The correct way to configure the example in this document is to use route maps. With a route map approach, you would do the following to translate the hosts on 10.1.1.0: ip nat pool pool-108 131.108.2.1 131.108.2.254 prefix-length 24 ip nat pool pool-118 131.118.2.1 131.118.2.254 prefix-length 24 ip nat inside source route-map MAP-108 pool pool-108 ip nat inside source route-map MAP-118 pool pool-118 interface ethernet0 ip address 10.1.1.1 255.255.255.0 ip nat inside interface ethernet1 ip address 10.1.2.1 255.255.255.0 ip nat outside access-list 108 permit ip 10.1.1.0 0.0.0.255 131.108.1.0 0.0.0.255 access-list 118 permit ip 10.1.1.0 0.0.0.255 131.118.1.0 0.0.0.255 route-map MAP-108 permit 10 match ip address 108 route-map MAP-118 permit 10 match ip address 118 Cheers Simon Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59314t=59287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN Client+IOS [7:59283]
The IP address that your VPN Client gets from the router, are you advertising that route through your network? JM wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello I am trying to run VPN beetwen VPN Client 3.6.2.A and Cisco 2651. On Cisco router I have: Software with 3DES/IP PLus/FW/IDS - Version 12.2(11)T2 Router has 4 interfaces: serial 0/1 - Internet here I gave cryptomap fasteth 0/1 -DMZ fasteth 0/0 -LAN ( here I want to be tgrough VPN) I have the same configuration like in TAC help : http://www.cisco.com/warp/customer/471/ipsecrouter_vpn.html VPN Client can login inside router, and I have ipaddress from router, but I don't see anything. I can't ping. I have question ? Where am Im inside the router ? I am in, but I don't see anything. When I will have : ip access-list out on fast0/0 (LAN) what should I enable ? I have nat inside on fast 0/0 and outside on ser 0/1 Regards JM Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59315t=59283 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: All doors are closed.. [7:59233]
do you have another 1720 router? you can try taking the flash out, putting it in the good 1720, fixing the config and put it back. ciscoGo2002 wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello folks, A friend of mine have a serius problem with a Cisco 1720 router. This router has the console port broken, it doesn't work. He usually get into the router using the aux port in order to configure the device.They tried to download a new config using Cisco Config Maker and downloading it by de aux port. The result is that now the aux port is closed and the Ethernet port doesn't respond anymore. We don't know what happened with Cisco Config Maker, the real important thing is that we need to recover the access to the router. We cannot use the console port because it is broken, the aux port is closed (I guess that Cisco Config Maker closed it by default), and the ethernet is not responding (maybe Cisco Works put it in shut??). All the doors are closed!!! There is no time, we need to install this box this week!!! Help! We have read the cisco cco and the 1720 has a dimm memory and a miniflash memory, (please correct us if we are wrong). We suppose that the miniflash memory stores the config (it works like nvram too?) and if we can open the box and replace this mini-flash with another one maybe it will work again... We really appreciate your help, and my friend will pay one beer if you can send us any idea... Very important: Please send your reply with a copy to these address: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] because we have a problem with our mail... Thanks a lot! ___ Yahoo! Sorteos Consulta si tu nzmero ha sido premiado en Yahoo! Sorteos http://loteria.yahoo.es Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59316t=59233 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN Client+IOS [7:59283]
I have 4 interfaces: Serial 0/1 - public IP for example 1.1.1.1 fast 0/1 -public IP for example 2.2.2.2 fast 0/0 -LAN IP : 192.168.1.1/24 My ip address pool for VPN : 192.168.1.170-192.168.1.190 On VPN padlock i haver Ip address from router for example 192.168.1.170 but I can't ping any address on LAN. I don't know I am using the newest VPN Client : vpnclient-win-is-3.6.3.Rel-k9 I have ip nat inside on Fast 0/0 and outside on ser 0/1 but without doesn't work to :(. Ben Woltz wrote: The IP address that your VPN Client gets from the router, are you advertising that route through your network? JM wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello I am trying to run VPN beetwen VPN Client 3.6.2.A and Cisco 2651. On Cisco router I have: Software with 3DES/IP PLus/FW/IDS - Version 12.2(11)T2 Router has 4 interfaces: serial 0/1 - Internet here I gave cryptomap fasteth 0/1 -DMZ fasteth 0/0 -LAN ( here I want to be tgrough VPN) I have the same configuration like in TAC help : http://www.cisco.com/warp/customer/471/ipsecrouter_vpn.html VPN Client can login inside router, and I have ipaddress from router, but I don't see anything. I can't ping. I have question ? Where am Im inside the router ? I am in, but I don't see anything. When I will have : ip access-list out on fast0/0 (LAN) what should I enable ? I have nat inside on fast 0/0 and outside on ser 0/1 Regards JM Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59318t=59283 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Problem Regarding DLCI [7:59282]
Always ... Always get your DLCI numbers from the carrier/provider. I have never seen any WAN where the customer did not have them regardless of the setup technique. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59319t=59282 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN within intranet? [7:59284]
yes.. given you have the proper routing in place, security policies to support it, and your IPSEC configs to allow it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59320t=59284 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Problem Regarding DLCI [7:59282]
True, even if you discover them, a static map, in my experience, passes traffic faster. Also, typically in a cloud there are tons of customers connected, dlcis help define which customers can talk to which. Bri On Mon, 16 Dec 2002, test test wrote: Always ... Always get your DLCI numbers from the carrier/provider. I have never seen any WAN where the customer did not have them regardless of the setup technique. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59321t=59282 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MPLS MTU [7:59280]
Mohamad saro wrote: when I put command MPLS MTU 1512 on both ends of a serial interface and try to ping from one side to the other with packet sizes greater than 1500 and less than or equal 1512 with don't fragment bit set the packets are dropped any ideas? How are you specifying the packet size and what layer does the size refer to? Perhaps it refers to payload of the ICMP/IP packet. Generic IP adds 20 bytes for the IP header. ICMP adds 8 bytes. MPLS adds some bytes. The serial data-link-layer adds some bytes. You are probably beyond 1512 at this point. Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59322t=59280 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem Regarding DLCI [7:59282]
Thanx for the inf. Regards, Munit test test wrote: Always ... Always get your DLCI numbers from the carrier/provider. I have never seen any WAN where the customer did not have them regardless of the setup technique. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59323t=59282 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco Work 2000 Manual user guide [7:58959]
I was just curious. I've almost bought that one a couple of different times in the past (at any given moment there are always two or three of them listed) as it doesn't specifically state Sales Essentials as some of the ones obviously geared towards sales folks do but I still wonder if it's very detailed. I think the info on Cisco's link that you also posted is just what the doctor ordered. Thanks. Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Leonardo FUK Sent: Monday, December 16, 2002 1:57 PM To: [EMAIL PROTECTED] Subject: Re: Cisco Work 2000 Manual user guide [7:58959] I think that you're right. This is (probably) one of the many sales-oriented tools. It might have something technical, but not at the level you are looking for. But it's cheap, isn't it? I'll look for something else then. -- Leonardo Furtado Network Engineering and Security Architecture Mark Smith wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... How is that CBT, Leonardo? Most of the Cisco CBT's I see on eBay are geared more to sales folks and, from what I gather, not too technical. Is this one for folks that acutally install/configure/use the product or a 500 feet high overview that highlights the strong points from a selling prespective? Thanks. Quoting Leonardo FUK : You may try these links: Documentation: http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/index.htm Self-paced CBT http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem 79712034category225 Leonardo Han Chuan Alex Ang wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... hi, Anybody have ideas on book or site that reveal good information on how to install, configure and use Cisco Work 2000, thanks [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59317t=58959 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Problem regarding naming of port numbers [7:59276]
You're assuming IOS is a modern operating system or something akin to a data dictionary or programming language. It's not. :-) If the IOS engineers include keywords in the command line interface, then you can use them. If they don't, you can't. Your idea sounds like a good one though. You could suggest it to Cisco, but I don't think they could easily accomdate such a change in philosophy. Priscilla Munit Singla wrote: Hi , There default ports given in the IOS .We can use both to refer those ports by names as well as port numbers .Can we customize it and to the defaut list ports by names not by numbers. or I want to use it use customized ports used for my applications by names in my access list. Is there any command to create customized ports by Name. See what my problem is when we make an extended access lists we can define source and destination ports.there is standard list of ports there to be used in access list that we can use by number or name.If we want to customize the port according to our default application we can add that port by number only.Is there a way to refer those ports by names in my access list.and can we add these customized TCP/UDP ports in the default list which is displayed, so that we can refer it when ever we like in our access-lists by name. Example: access-list 100 permit tcp any any eq Nortonvirus Here Nortonvirus keyword should refer to the port 5000. and this name and port mapping should get added to the default list so that i can refer later.here I am assuming nortons application is using port number 5000. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59324t=59276 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem Regarding DLCI [7:59282]
Hi Brian, I agree with all your comments but can you little bit elborate on this part,Traffic passes faster in such a case. Regards, Munit Brian wrote: True, even if you discover them, a static map, in my experience, passes traffic faster. Also, typically in a cloud there are tons of customers connected, dlcis help define which customers can talk to which. Bri On Mon, 16 Dec 2002, test test wrote: Always ... Always get your DLCI numbers from the carrier/provider. I have never seen any WAN where the customer did not have them regardless of the setup technique. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59325t=59282 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Pix and QOS or Cutom Queueing [7:59326]
I can't find it in the archives but I know it has been asked before. Can you do any type of custom que to limit the amount of traffic to a specific protocol like say ftp. If you only want ftp to use up a certain percentage of bandwidth is this possible on the pix? I think this has been asked before and I used the beta search in the archive and only came across turbo acls. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59326t=59326 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Pix and QOS or Cutom Queueing [7:59326]
Ah I found some info this is not supported on the pix I answered my own question sorry to bother everyone. -Original Message- From: Elijah Savage III Sent: Monday, December 16, 2002 6:16 PM To: [EMAIL PROTECTED] Subject: Pix and QOS or Cutom Queueing [7:59326] I can't find it in the archives but I know it has been asked before. Can you do any type of custom que to limit the amount of traffic to a specific protocol like say ftp. If you only want ftp to use up a certain percentage of bandwidth is this possible on the pix? I think this has been asked before and I used the beta search in the archive and only came across turbo acls. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59327t=59326 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Rainy Days, Sundays, and OSPF [7:59269]
I thought this stuff was supposed to be like plumbing or electricity? You mean, it doesn't just work? This is in reference to another thread, for anyone who is completely confused by my answer. :-) Priscilla The Long and Winding Road wrote: always get me down. I had to cover for someone who is out on vacation. Simple customer network, hub and 6 spokes over frame relay. no biggie, except the installation people couldn't get it to work, so they had to call in the designer or the poor fool covering for him. hub site uses a single subinterface, and manual frame mapping. each spoke uses the physical interface. don't get me started. I would have done multiple point-to-point subinterfaces, and I would have knee jerked to EIGRP, but that's another story. Besides, the customer was probably a cheapskate, and didn't want to pay the few extra bucks a month for more PVC's at the hub. In any case, the configs looked good to me and I was able to mock something up in my home lab. ospf network type point-to-multipoint on all interfaces and the hub site subinterface. works like a charm. however, in the customer network, two of the spoke sites just would not come up or form ospf neighbor relationships. all the frame mappings were ok. I could ping from any router to any other router. so what gives? when I checked the debugs on the spoke sites that were failing, I could see an error about the link going down every time I put an ospf network point-to-multipoint command on the interface. as soon as I changed the ospf network type to broadcast, the link came up and adjacencies formed. I checked CCO and did not find anything in particular. There is a bug listed for ospf point-to-multipoint and unnumbered interfaces. I called TAC, but no help there. this got me to wondering if anyone has run into anything like this before? Chuck -- TANSTAAFL there ain't no such thing as a free lunch Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59328t=59269 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Post failure on 2912, how to repair? [7:59329]
Hi guys, I searched the archives about this, but couldn't find anything. I have a Cat 2912 switch, that has 4 faulty ports. It fails post, here is a snippet: C2900xl POST: System Board Test: Passed C2900xl POST: Daughter Card Test: Passed C2900xl POST: CPU Buffer Test: Passed C2900xl POST: CPU Notify RAM Test: Passed C2900xl POST: CPU Interface Test: Passed C2900xl POST: Testing Switch Core: Passed C2900xl POST: Testing Buffer Table: Passed C2900xl POST: Data Buffer Test: Passed C2900xl POST: Configuring Switch Parameters: Passed C2900xl POST: Ethernet Controller Test: Passed C2900xl POST FAILURE: front-end post: FastEthernet0/9: C2900xl POST FAILURE: looped-back packet not received C2900xl POST FAILURE: front-end post: FastEthernet0/10: C2900xl POST FAILURE: looped-back packet not received C2900xl POST FAILURE: front-end post: FastEthernet0/11: C2900xl POST FAILURE: looped-back packet not received C2900xl POST FAILURE: front-end post: FastEthernet0/12: C2900xl POST FAILURE: looped-back packet not received C2900xl POST: MII Test: Passed cisco WS-C2912-XL (PowerPC403GA) processor (revision 0x11) with 8192K/1024K bytes of memory. Last reset from power-on Processor is running Enterprise Edition Software Cluster command switch capable Cluster member switch capable 8 FastEthernet/IEEE 802.3 interface(s) You can see it only recognises 8 ports. I searched CCO, and found a bknown bug where ESD can fry the controllers. Each controller operates 4 ports. Is there a way to get it reapired? Can you buy the controller from somewhere and replace it? Any help greatly appreciateed, Symon Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59329t=59329 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rainy Days, Sundays, and OSPF [7:59269]
Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I thought this stuff was supposed to be like plumbing or electricity? You mean, it doesn't just work? This is in reference to another thread, for anyone who is completely confused by my answer. :-) ah, Cil, now you're assuming that OSPF is a modern operating system or something akin to a data dictionary or programming language. It's not. This is in reference to another thread, for anyone who is completely confused by my answer. :- cut and paste is so wonderful! Priscilla The Long and Winding Road wrote: always get me down. I had to cover for someone who is out on vacation. Simple customer network, hub and 6 spokes over frame relay. no biggie, except the installation people couldn't get it to work, so they had to call in the designer or the poor fool covering for him. hub site uses a single subinterface, and manual frame mapping. each spoke uses the physical interface. don't get me started. I would have done multiple point-to-point subinterfaces, and I would have knee jerked to EIGRP, but that's another story. Besides, the customer was probably a cheapskate, and didn't want to pay the few extra bucks a month for more PVC's at the hub. In any case, the configs looked good to me and I was able to mock something up in my home lab. ospf network type point-to-multipoint on all interfaces and the hub site subinterface. works like a charm. however, in the customer network, two of the spoke sites just would not come up or form ospf neighbor relationships. all the frame mappings were ok. I could ping from any router to any other router. so what gives? when I checked the debugs on the spoke sites that were failing, I could see an error about the link going down every time I put an ospf network point-to-multipoint command on the interface. as soon as I changed the ospf network type to broadcast, the link came up and adjacencies formed. I checked CCO and did not find anything in particular. There is a bug listed for ospf point-to-multipoint and unnumbered interfaces. I called TAC, but no help there. this got me to wondering if anyone has run into anything like this before? Chuck -- TANSTAAFL there ain't no such thing as a free lunch Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59330t=59269 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP/DP recertification [7:58564]
Tis an interesting question. I went into the online tracking system for an opinion. There, CCIE allows you to skip the CCNA and common exams requirement, but you still have to have to have CCDA and a valid CID exam. The CCIE option did not appear under my CCNP options. jeff sicuranza wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Folks, I just received my 6 mos. heads up for my CCNP. My CCNP expires in May of 03 and my DP in June of 03. My second and hopefully last CCIE lab date is on for 7/30 but can be pushed out into September. Are there any re-certification books that specifically cover the recert. exam? Or, is the exam just a rehash of the same stuff with a few newer items in it? Has anyone taken these re-certifications exams yet? Any tips.. Greatly appreciated... With work and the CCIE stuff should I even bother to re-certify??? Regards... /JS Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59331t=58564 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Written Exam [7:59332]
Hi All Can anybody shed some experineces or information on how long it takes to study for the CCIE Written exam? What study material is good ? Methods for studying for the CCIE Written Exam? Thanks Thuveshen Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59332t=59332 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem Regarding DLCI [7:59282]
well, although its been a few years since I touched frame relay, my memory was that if I let the cisco autodiscover frame relay mappings, traffic flowed through it more slowly than if I did a static frame relay map. Its been a few years, this was 11.2 days, so take it with a grain of salt if auto discovery has improved. Bri - Original Message - From: Munit Singla To: Sent: Monday, December 16, 2002 3:06 PM Subject: Re: Problem Regarding DLCI [7:59282] Hi Brian, I agree with all your comments but can you little bit elborate on this part,Traffic passes faster in such a case. Regards, Munit Brian wrote: True, even if you discover them, a static map, in my experience, passes traffic faster. Also, typically in a cloud there are tons of customers connected, dlcis help define which customers can talk to which. Bri On Mon, 16 Dec 2002, test test wrote: Always ... Always get your DLCI numbers from the carrier/provider. I have never seen any WAN where the customer did not have them regardless of the setup technique. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59333t=59282 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Aironet 1200 [7:59310]
What type of throughput does the remote office need? With two 1200 series access points you can: a) Run one AP as Root and the other in Repeater mode. b) Blast the signal across the street with just one AP I don't think you can bridge with 1200s series APs. You might be better off buying 350 bridges instead depending on your environment. You could also buy a WGB to connect to one of the APs. That's another option. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59334t=59310 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Question for designers (WLAN) [7:59216]
If your not going to run 802.11a then there might not be a significant advantage to going with the 1200 series AP. However, hospitals normally have a lot of long hallways that are perfect for using a patch antenna. (A lot of times you can cover an area with one diversity 6.5dBi patch that might take 2 1100 series APs to cover otherwise.) The external antennas would probably be the biggest advantage of going with the 1200 series vs a 1100 series for you. Other than that... there aren't very many differences. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59335t=59216 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Question for designers (WLAN) [7:59216]
Forgot to ask... what country are you from? I know some countries put restrictions on the power and antennas that are available. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59336t=59216 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: WLANFE [7:59278]
When was the WLANFE 9E0-581 exam first available? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59337t=59278 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco 2000 Problems [7:59338]
I have some problems with the Cisco 2000, here is the scenario, I have add in all the necessary Cisco device and checked their attributes to be correct however , when I try a topology services in Campus Manager , I am only able to see the cisco 6006 and cisco 3548 switches , not a single 3524 and 3512 switches that are supposed to be detected , any patches need to done ? and how do I go about doing it . thank Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59338t=59338 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Aironet 1200 [7:59310]
I am looking to get rid of the fractional T1. We have 12 voice 12 data.. We can save money going wireless and increse the throughput.. I want to go 802.11b all the way.. Isnt the bridge 11a. If I have antennas on both sides wont that be enough? Please let me know your thoughts.. there will be about 20 users in the remote office.. TIA, Kevin From: Charlie Wehner Reply-To: Charlie Wehner To: [EMAIL PROTECTED] Subject: RE: Aironet 1200 [7:59310] Date: Tue, 17 Dec 2002 02:07:40 GMT What type of throughput does the remote office need? With two 1200 series access points you can: a) Run one AP as Root and the other in Repeater mode. b) Blast the signal across the street with just one AP I don't think you can bridge with 1200s series APs. You might be better off buying 350 bridges instead depending on your environment. You could also buy a WGB to connect to one of the APs. That's another option. _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59339t=59310 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Problem regarding naming of port numbers [7:59276]
Agreed. They do have a way to map additional ports to the pre-defined services though. So for telnet for example you can add port 233, 2333, etc so when you specify 'telnet' in an ACL (or similar list) it matches port 23, 233, and 2333. Whats weird is I was looking at this yesterday, and for some ACL stuff the keyword is http and for other stuff it is www. I'm sure theres other keywords that mean the same as others but thats the one I noticed. Then again i don't port-map matches up to all the ACL keywords, I think it matches up against some other security features. I've used it for telnet in ACLs though with no problems in past. I guess consistency with port #s and service names would be a good thing. Maybe it would be nice if they didn't hardcode these in IOS but referenced a services file on the flash that could be editable like in most OS's. I think this may happen... it seems they are starting to clean up IOS and get rid of old protocols and modularize stuff so it uses similar syntax. MQC for example. --- Priscilla Oppenheimer wrote: You're assuming IOS is a modern operating system or something akin to a data dictionary or programming language. It's not. :-) If the IOS engineers include keywords in the command line interface, then you can use them. If they don't, you can't. Your idea sounds like a good one though. You could suggest it to Cisco, but I don't think they could easily accomdate such a change in philosophy. Priscilla Munit Singla wrote: Hi , There default ports given in the IOS .We can use both to refer those ports by names as well as port numbers .Can we customize it and to the defaut list ports by names not by numbers. or I want to use it use customized ports used for my applications by names in my access list. Is there any command to create customized ports by Name. See what my problem is when we make an extended access lists we can define source and destination ports.there is standard list of ports there to be used in access list that we can use by number or name.If we want to customize the port according to our default application we can add that port by number only.Is there a way to refer those ports by names in my access list.and can we add these customized TCP/UDP ports in the default list which is displayed, so that we can refer it when ever we like in our access-lists by name. Example: access-list 100 permit tcp any any eq Nortonvirus Here Nortonvirus keyword should refer to the port 5000. and this name and port mapping should get added to the default list so that i can refer later.here I am assuming nortons application is using port number 5000. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59341t=59276 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 2000 Problems [7:59338]
Campus Manager relies on CDP to search out and populate. Can all switches see each other using CDP from your seed device? Darren Ward (PGradCS, CCIE #8245, SCSA, CCDP, MCP) On Tue, 17 Dec 2002, Han Chuan Alex Ang wrote: I have some problems with the Cisco 2000, here is the scenario, I have add in all the necessary Cisco device and checked their attributes to be correct however , when I try a topology services in Campus Manager , I am only able to see the cisco 6006 and cisco 3548 switches , not a single 3524 and 3512 switches that are supposed to be detected , any patches need to done ? and how do I go about doing it . thank Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59342t=59338 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic but interesting - RS networking future? [7:59344]
Perhaps your most important point is at the end, but I'd like to amplify on it. The idea of a converged public Internet is probably not achievable. I prefer to call service providers that move packets IP Service Providers, as opposed to Internet Service Providers. It's more accurate, and reflects the very different availability and QoS requirements of applications, balanced against costs. Right now, a lot of world-class router designers are unemployed or underemployed, because there is so much optical overcapacity that sophistication isn't needed, especially with private networks. Much of this, of course, is the current economy, which I do expect to turn around. From my IETF/IRTF work, I do know that the current global routing system isn't going to grow forever with the BGP paradigm, and the best replacement is still a research problem. Luckily, I'm able to keep a hand in that. We are a long way from having every application run on a commoditized transport. I'll freely say that more of my income, these days, comes from both network and application architecture for bleeding-edge (a phrase the surgeons HATE) medical systems. Now, some people here say you need host as well as network experience. While I'm reasonable at UNIX, there's also the aspect of being able to communicate with the users of particularly challenging applications. I speak fluent Doctor, which helps greatly, and can actually contribute to the clinical application designs. Don't assume that you necessarily have to have extra computer skills (e.g., server administration). Understanding an application area from its user perspective can generate lots of work, be that application telephony, medicine, law, etc. I have a friend who has developed a specialty in automating car dealerships, and he has more work than he can handle. At 12:41 AM + 12/16/02, nrf wrote: Henry D. wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Since we're just throwing out our thoughts here... I tend to disagree, following your logic, if the IP network becomes such a commodity, I think this would just create more jobs for people like us, I mean R/S guys. Hardly. The total jobs in a commoditized world would be much less. That's not to say there will be zero jobs, just less. Again, consider the case of electric power. Or water. How many companies, unless they're huge, have an electrician or a plumber on staff? OK, every once in awhile the company's toilet will back up and you gotta bring somebody in. But for the most part, electricity and water just work. You plug something in a wall socket and it works. You flush the toilet and it works. You certainly don't need to keep somebody on staff to take care of electricity and water, unless maybe you're really really big and you can amortize the guy's salary over lots and lots of facilities. Net effect - less demand for R/S skills. Consider the new initiatives that Cisco is trying to retrench themselves into the service-provider environment (again). Things like NSF, GRIP, and things like that to increase reliability of gear. Even though we have some of these mechanisms, we lack good management tools and they are still expert-intensive to set up. Cisco could do a much better job describing NSF, which is only a subset of some of the routing protocol high-availability techniques in early deployment. Yes, it's an adequate explanation for how to set it up for failure, but its effect (basically good) on provider routing can get quite subtle. MPLS introduces some interesting failover methods that complement it. You seem to think that once the IP network is used for the services such as Voice, the Voice people will have taken the jobs. Either the existing voice people or other people who add VoX to their skillset. From direct experience, it's much easier to train a data person in voice than vice versa. Learning to speak telco, however, is as important as knowing what G.703 or SIP does. This may be so to some degree. But from the last few years of my experience, I doubt there will be a data network acting as reliably as PSTN any time soon - as you mention about broadband. Naturally not anytime soon. But the long-term trend is clear. IP networks will become more and more reliable, which ultimately means that they will fade more and more into the background. For this reason, I think R/S folks with few extra skills will still be in demand for the telcos, someone has to keep on making this thing work, fixing, upgrading, estimating, reporting, understanding data networks, etc. Again, I never said there will be zero demand. But there will be less. Right now, R/S skill demand is unusually heightened because the fact is that IP networks are still pretty flaky, and so you need a bunch of guys around just to keep the darn thing up. The less flaky it is, the less people you need to babysit it. I agree that VOIP on the Net
Re: Question for designers (WLAN) [7:59216]
At 11:03 PM + 12/15/02, MikeS wrote: The only app on the palms that seems to have staying power is the writing of perscriptions and then sending it via wireless to be distributed. It's a godsend given how badly some of the Docs write. MikeS Have you looked at the new DEA requirements for electronic prescribing of controlled substances? Now, I'm not saying these apply to a simple system that just prints the prescription at the front desk, but those that electronically transmit things that will go to an outside pharmacy. Extensive security requirements, including PKI, time synchronization, audit, etc., that may be marginal for a Palm. In some respects, it's even more challenging to be more than just an electronic prescription pad. There are great numbers of medical variables, even if you've got the drug name straight. I've been working on some expert systems for prescribing cardiac drugs, and it isn't a simple process. Yet other challenges come from the influence of insurers and other third-party payors, who may have a formulary of which drugs in a class they will allow, or allow under certain circumstances. There are quite a few plans that first require the doctor to certify either that over-the-counter NSAIDs (nonsteroidal anti-inflammatory drugs, such as ibuprofen and many prescription drugs) have been used, or there is medical necessity for a specific prescription NSAID. There are six chemical families of NSAIDs, and the insurer may want you to use only one in each family -- and different insurers have different requirements. Other insurers have requirements such as allowing the prescribing of the much more expensive angiotensin-2 receptor blockers for high blood pressure, only if three separate (and cheaper) angiotensin converting enzyme inhibitors have been tried and failed. In other words, real-world prescribing is going to start needing lots of data base interactions. Howard C. Berkowitz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... At 9:41 AM + 12/14/02, David j wrote: Hello friends, I have to advice what kind of wireless device we are going to buy for a hospital. If money was not a big problem what Aironet would you buy? I thought about 1200 series, but it isn't approved for using 802.11a in my country (only 802.11b) so I think it hasn't got many benefits over 1100 series (these are cheaper). What do you think? someone has implemented a wireless network in a big hospital (1200 beds)? Any feedback would be helpful, thanks in advance. I'm going to answer generally with considerations about wireless in hospitals, rather than on the specific devices. First, there's a brief review of the US privacy regulations at http://www.medscape.com/viewarticle/445787_print. You may need to register (it's free) for Medscape, which I use daily as a source of primarily pure medical information. Now, we probably haven't installed one in 12-18 months, and had bad interference problems with handheld devices that operated over a large area. Handhelds to a bed monitor, or even in a ward, tended to work reasonably well, but, as has been pointed out, there are LOTS of interfering devices. I am not aware of safety studies of wireless transmission in units where conductors go through the skin. Also remember that some instrument rooms will be electromagnetically shielded. During the process of installation, be sure to have plenty of Ethernet docking stations available that are compatible with handhelds. Our experience with PDAs is they are simply too limited for any serious medical application other than electronic reference books. We've tended to use handheld or tablet PCs, depending on display size and input requirements. For support reasons, we've tried to emphasize LINUX for these handhelds, if for no other reason that if they are running Windows, doctors (especially) will put games, stock quote, etc., applications on them, to the point that we don't know the software environment of the potentially life-critical devices we are trying to support. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59345t=59216 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem regarding naming of port numbers [7:59276]
At 8:27 AM + 12/16/02, Munit Singla wrote: Hi , There default ports given in the IOS .We can use both to refer those ports by names as well as port numbers .Can we customize it and to the defaut list ports by names not by numbers. or I want to use it use customized ports used for my applications by names in my access list. Is there any command to create customized ports by Name. See what my problem is when we make an extended access lists we can define source and destination ports.there is standard list of ports there to be used in access list that we can use by number or name.If we want to customize the port according to our default application we can add that port by number only.Is there a way to refer those ports by names in my access list.and can we add these customized TCP/UDP ports in the default list which is displayed, so that we can refer it when ever we like in our access-lists by name. Example: access-list 100 permit tcp any any eq Nortonvirus Here Nortonvirus keyword should refer to the port 5000. and this name and port mapping should get added to the default list so that i can refer later.here I am assuming nortons application is using port number 5000. This is one of the reasons why I keep my configs on a server, preferably UNIX. It's a trivial matter to define Nortonvirus as a macro string when you write a config, which then runs through a macro processor before the configuration goes into the router by TFTP or Telnet. The macro processor will substitute whatever you've told it -- once -- what Nortonvirus maps to. In like manner, you can write your standard passwords, access lists, etc., as macros. The configurations you actually read and write (as a human) become much easier to follow. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59346t=59276 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic but interesting - RS networking future? [7:59347]
Howard C. Berkowitz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Perhaps your most important point is at the end, but I'd like to amplify on it. The idea of a converged public Internet is probably not achievable. I prefer to call service providers that move packets IP Service Providers, as opposed to Internet Service Providers. It's more accurate, and reflects the very different availability and QoS requirements of applications, balanced against costs. Yes, absolutely. And it also has to do with security as well - especially as it relates to accountability. On the Internet, people have the presupposition of anonymity which, while important, also can be used a shield by criminals like hackers. A private IP network carries little presupposition of anonymity, so if you're a customer of a private network and you're committing mischief, it is much easier to find out who you are and terminate your connection. There is no God-given right to a private IP network connection the way there is with the Internet. Right now, a lot of world-class router designers are unemployed or underemployed, because there is so much optical overcapacity that sophistication isn't needed, especially with private networks. This is also true and hurts not just world-class designers, but network engineers of all stripes. Moore's Law churns inexorably and so do advances in optical technology. Things like QoS matter less when you can cheaply throw bandwidth at a problem. Things like voice over IP matter less when it's inexpensive to have lots of separate networks. The ability to carefully engineer and tweak your network is relatively less important when bandwidth is plentiful and it therefore doesn't really matter if your traffic takes suboptimal paths. Much of this, of course, is the current economy, which I do expect to turn around. From my IETF/IRTF work, I do know that the current global routing system isn't going to grow forever with the BGP paradigm, and the best replacement is still a research problem. Luckily, I'm able to keep a hand in that. I think more thought needs to go to how to turn an IP network into a profitable service. For all the problems of ATM, one indisputable thing about it is that it actually creates profitable services. I think there has been too much emphasis on developing 'cool' IP technologies and not enough has been made on creating profitable IP technologies. We are a long way from having every application run on a commoditized transport. I'll freely say that more of my income, these days, comes from both network and application architecture for bleeding-edge (a phrase the surgeons HATE) medical systems. Now, some people here say you need host as well as network experience. While I'm reasonable at UNIX, there's also the aspect of being able to communicate with the users of particularly challenging applications. I speak fluent Doctor, which helps greatly, and can actually contribute to the clinical application designs. Don't assume that you necessarily have to have extra computer skills (e.g., server administration). Understanding an application area from its user perspective can generate lots of work, be that application telephony, medicine, law, etc. I have a friend who has developed a specialty in automating car dealerships, and he has more work than he can handle. My point was not to say that you necessarily need to have strong server knowledge. My point was that you needed to stretch beyond R/S. Anybody who tries to live on R/S alone is living on borrowed time. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59347t=59347 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Aironet 1200 [7:59310]
You will have to buy 2 wireless bridges. The 350 series wireless bridges are 802.11b. 100 milliwat, and support rp-tnc connectors, this will allow you to choose a range of antennas to use. I would supose you have 3 major issues to worry about 1. I am assuming you have line of sight currently, are there any trees that will grow leaves in the spring in your path? 2. Current voice and data integration - there are 2 likely ways that you may be intagrated a. using a channel bank on your csu-dsu e.g. 1 serial port to your pbx, 1 to your router, and the same thing on the oposite side of the T1 line b. you are doing a voip integration with Drop and Insert cards if you are running choice a, then you will have to deal with your voice integration, if choice b, then you will just to reconfigure your router to support the new wan integration 3. Wireless security- Luckily cisco access points and bridges support dynamic wep key rotation. If you are implimenting bridges then you will have to configure Leap. This makes it necessary to configure Internet Authentication Server, or Cisco Secure ACS server, or whater radius implimentation of your choice. Hope this helps, Colin McNamara Kevin O'Gilvie wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am looking to get rid of the fractional T1. We have 12 voice 12 data.. We can save money going wireless and increse the throughput.. I want to go 802.11b all the way.. Isnt the bridge 11a. If I have antennas on both sides wont that be enough? Please let me know your thoughts.. there will be about 20 users in the remote office.. TIA, Kevin From: Charlie Wehner Reply-To: Charlie Wehner To: [EMAIL PROTECTED] Subject: RE: Aironet 1200 [7:59310] Date: Tue, 17 Dec 2002 02:07:40 GMT What type of throughput does the remote office need? With two 1200 series access points you can: a) Run one AP as Root and the other in Repeater mode. b) Blast the signal across the street with just one AP I don't think you can bridge with 1200s series APs. You might be better off buying 350 bridges instead depending on your environment. You could also buy a WGB to connect to one of the APs. That's another option. _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59348t=59310 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ACS Logging / Accounting [7:59308]
In your AAA config specify a line for aaa accounting commands 15 default start-stop specify whatever group or method list you wish Cheers, Colin McNamara Amer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Is there is a way to log or account for all the exec commands that are done on a router or switch on an ACS server. I have a setup where all my login authentication and accounting is done thru a ACS server but I was wondering if I could get more detailed accounting accomplished by some means (if possible). Any help would be greatly appreciated. Thanx. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59349t=59308 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: WLANFE [7:59278]
it is the web interface to the 350 bridge, workgroup bridge, and Access point Arni V. Skarphedinsson wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Can some one tell me, what AP is focused on in the Wireless LAN for Field Engineers exam (WLANFE 9E0-581) Is it the 350,1100 or 1200, or just all of them Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59350t=59278 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN Client+IOS [7:59283]
Last time iot worked for me I used another private range (than i use in the lan) for the vpn clients, and had to triple check my access-lists, especially the one that encrypts from lan to vpn client. Make sure that your vpn headend (2600) is the default gateway for that vpn client lan, or give away a static route per server. Martijn -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Jacek Malinowski Verzonden: maandag 16 december 2002 22:53 Aan: [EMAIL PROTECTED] Onderwerp: Re: VPN Client+IOS [7:59283] I have 4 interfaces: Serial 0/1 - public IP for example 1.1.1.1 fast 0/1 -public IP for example 2.2.2.2 fast 0/0 -LAN IP : 192.168.1.1/24 My ip address pool for VPN : 192.168.1.170-192.168.1.190 On VPN padlock i haver Ip address from router for example 192.168.1.170 but I can't ping any address on LAN. I don't know I am using the newest VPN Client : vpnclient-win-is-3.6.3.Rel-k9 I have ip nat inside on Fast 0/0 and outside on ser 0/1 but without doesn't work to :(. Ben Woltz wrote: The IP address that your VPN Client gets from the router, are you advertising that route through your network? JM wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello I am trying to run VPN beetwen VPN Client 3.6.2.A and Cisco 2651. On Cisco router I have: Software with 3DES/IP PLus/FW/IDS - Version 12.2(11)T2 Router has 4 interfaces: serial 0/1 - Internet here I gave cryptomap fasteth 0/1 -DMZ fasteth 0/0 -LAN ( here I want to be tgrough VPN) I have the same configuration like in TAC help : http://www.cisco.com/warp/customer/471/ipsecrouter_vpn.html VPN Client can login inside router, and I have ipaddress from router, but I don't see anything. I can't ping. I have question ? Where am Im inside the router ? I am in, but I don't see anything. When I will have : ip access-list out on fast0/0 (LAN) what should I enable ? I have nat inside on fast 0/0 and outside on ser 0/1 Regards JM Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59352t=59283 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
regL ICMP in ATM network [7:59354]
I have a doubt is ICMP works on ATM Network, as I tried to pring to any one on external network through ATM Network of a service provider is not going, why-can any one clarify me in this regard. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59354t=59354 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]