Help needed with 640-901... [7:59712]
Hi, I'll be taking the exam shortly. I was hoping someone could help me with a few questions. - q1. Two advantages of using subinterfaces in NBMA topology? a. ip address space conserved b. routing protocols avoid split horizon c. logical interfaces more reliable that physical d. when subinterface state changes to down, the physical remains up I know b is one correct answer. I was then looking at either c or d as the other answer. However I have read somewhere that a subinterface cannot change its state to down, it always remains up, so long as the physical interface remains up. My answer: B & C q2. youre configuring network routers with IBGP. What is true about BGP peer group in the network? a. peer members inherit all options of the peer group b. peer groups can be used to simplify BGP configs c. peer groups are optional non-transitive attributes of BGP d. a peer group allows options that affect outbound updates to be overridden. e. a common name should be used on all routers because this information is passed between neighbours I know A is wrong because you can set attributes per router and these will override peer group options. B is correct. With C, 'peer group' isnt defined under the attribute list... so this is wrong. D is wrong as it only allows options for inbound. E is a little strange as I thought neighbours are defined by using the 'neighbor' command, not by giving the router a common name. Well maybe this common name is the name of the peer group defined in the 'neighbor' command, so maybe this is correct. My answer: B & E How is the test in general? What is the duration of the exam? I noticed that I wasn't able to book the exam at my regular testing centre. I think this is due to the fact that the 640-901 exam is a flash exam and required additional software to get it up and going. Thanks so much for your help. Cheers, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59712&t=59712 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Finally CCNP! [7:59706]
Congrats John How are things in austin ? John McCartney wrote: >I wanted to say thanks to all who have posted to this board. I don't post >much but I have learned alot from everyone and it helped me on my journey. >Next the CCIE, special thanks to Priscilla Oppenheimer whos Troubleshooting >page helped greatly! > >John -- Larry Letterman Network Engineer Cisco Systems Inc. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59713&t=59706 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco CE590 issue! [7:59714]
Hi all, I really looking for someone who can help me in this issue, I have a client I installed cisco ce590 on his site and the CE590 works properly saving rate is about 39%. When I checked its contents by requesting a homepage when the CE connected to the internet and I disconnect my main router and rerequest the same homepage I get an error on my browser tells me this page cannot be displayed... by logic it will display on my browser, because it's already cached on the CE... Is that true??? and if Yes, what must be the problem when I disconnect the main router and request site already cached but my browser give this page cannot be displayed? I faced this problem and I do not know how to fix it... Please help me thanx Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59714&t=59714 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Does anybody have the wireless Cisco Distance Calculation [7:59715]
The Cisco Distance Calculation sheet is mentioned in the requirements for the wireless design exam, but I can't find a reference on the CCO. I was hoping somebody on the list might have a copy or URL, so I could know what they're talking about. Thanks... --- Dennis Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59715&t=59715 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Does anybody have the wireless Cisco Distance Calculation [7:59716]
Hi Dennis, http://www.cisco.com/warp/public/102/us-calc.xls is what I think you are after? HTH, Mark. -Original Message- From: Dennis Laganiere [mailto:[EMAIL PROTECTED]] Sent: Sunday, December 22, 2002 1:38 AM To: [EMAIL PROTECTED] Subject: Does anybody have the wireless Cisco Distance Calculation [7:59715] The Cisco Distance Calculation sheet is mentioned in the requirements for the wireless design exam, but I can't find a reference on the CCO. I was hoping somebody on the list might have a copy or URL, so I could know what they're talking about. Thanks... --- Dennis Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59716&t=59716 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: E1 back to back connection [7:59600]
Hi Liu Thanks. I tried with this cable but it didnt work. Infact this works for T1 csu/dsu. But here i am using NM-2CE1B on both ends which has DB-15 female. This NM should be supported by external CSU/DSU. But i am trying to connect without csu/dsu for cross connection. I have DB-15 male to RJ-45 cables. I tried cross connecting them,using cross cable in between the extenders. but didnt work. any idea of DB-15 male to DB-15 male connector for cross connection.IF such a cable is availble could anyone give me the details of the cable so that i can buy one for my testing E1 connection. Regards Deepak Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59717&t=59600 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: SPAN on a 6006 [7:59373]
sorry to take so long to get back. Took some time off I believe that if you are trying to span more than one port at a time, you have to put those ports in the same VLAN and span the whole VLAN. of course, by this point you probably figured this out already. good luck David Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59720&t=59373 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NP-2C ??? [7:59603]
On May 12, 11:49am, "Daniel Cotts" wrote: } } So I went to the bottom drawer of my file cabinet and pulled out an Oct '96 } print catalog ... also checked a July '98. } The photo matches a one port ATM DS3/E3 module. NP-1A-DS3 or NP-1A-E3. The } seller might have fudged a part number with 2C for two coax connectors?? I suspect they did. } HTH It does. Thanks. } > -Original Message- } > From: [EMAIL PROTECTED] (John Nemeth) } > Sent: Friday, December 20, 2002 7:38 AM } > To: [EMAIL PROTECTED] } > } > There was an auction on eBay recently for a Cisco 4700 with NP-2E } > and NP-2C. The picture shows a card with two coax connectors. I've } > never heard of an NP-2C before and it wasn't listed in the Quick } > Reference Guide that I looked in. Does anybody know what it is? I'm } > guessing that it might be a DS3 interface. The auction number is } > 2081362264. } }-- End of excerpt from "Daniel Cotts" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59719&t=59603 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NP-2C ??? [7:59603]
On May 12, 9:59am, "Black Jack" wrote: } [EMAIL PROTECTED] (John Nemeth) wrote: } > } > There was an auction on eBay recently for a Cisco 4700 with NP-2E } > and NP-2C. The picture shows a card with two coax connectors. I've } > never heard of an NP-2C before and it wasn't listed in the Quick } > Reference Guide that I looked in. Does anybody know what it is? I'm } > guessing that it might be a DS3 interface. The auction number is } > 2081362264. } } Look like the ATM Network Processor Module With E3/DS-3 PLIM Yeah, that is probably it. I figured it would be some kind of DS-3 interface, since that is the only kind of interface that I could come up with that would use two coax connectors. There was 10Base2, but I don't know of any Cisco router that supported it. } Pretty good deal on this I'd say. Did you buy it? Has anyone else noticed Yep. However, I've seen other 4[57]00 routers with more useful interfaces in the same price range. No, I didn't buy it. Unfortunately, I'm a little short on play money right now. But, I did get a screaming deal on a 2515 (dual token ring) for $66US. Now I really have to concentrate on ethernet equipment and probably something that can do both. } the eBay router prices have fallen significantly lately? Good news for those } of us trying to build labs on the cheap. But, not if you ever plan on reselling it. When I first started getting equipment from eBay, I got two 2502s which cost me $375US and $400US. Now, $150US would be top-end for them. Luckily, I don't have any plans to sell my lab equipment in the near future. }-- End of excerpt from "Black Jack" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59718&t=59603 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Vs. BS or MS dergree [7:59481]
At 7:10 PM + 12/21/02, nrf wrote: >The thing about comparing degrees to certs is that they aren't totally >comparable because they serve different purposes. The degree is designed to >teach you general knowledge - basically to teach you how to think. and pass academic tests. Outside the sciences and engineering, there's a tendency, fortunately not universal, for the professor to want answers that agree with her or his particular viewpoint. I've had some, however, that would give you an A on a paper that tore apart their viewpoint, but did it logically, according to the academic rules. > >Let's face it. The vast majority of college graduate use very little of >what they actually learned in college. How many English majors really get >jobs where they do critical analyses of Elizabethan poetry? Perhaps not Elizabethan, but you do bring up the interesting possibility that some of the Cisco test writers' language skill comes from Old English. Other languages are possible, though. I remember some documentation on OSPF demand circuits that were, at best, a word-by-word translation of Old High Norse, Heian Period Court Japanese, or Klingon into modern English. I knew the developer and knew he didn't write like that. To figure out what the documentation was saying, I reviewed the RFC, tried some commands, and did drop a note to the guy that wrote the code. If his code was like that writing, it wasn't what we usually deprecate as "spaghetti code." It was code made of stale g'agh. > How many math >majors really spend the rest of their lives doing proofs and theorems? Yes, >there are some (particularly those who choose careers in academia) but they >are in the minority. The majority go into the working world and take jobs >that have very little association with whatever they studied. > >But that's not really the point. Unless you really are going to be a >professor, the goal of an English degree is not so that you can memorize >Chaucer. The goal is to provide you with a solid grounding of general >knowledge and training in critical thinking and creativity - skills that >improve your productivity as a worker. This is a valid point. There are ways to show critical thinking and creativity, with demonstrable experience being a start. Participating in engineering and computer science forums (societies like ACM and IEEE, organizations like IETF and NANOG) is another way to establish a reputation, as well as speaking at trade shows/local professional meetings and publishing in the trade press or more formal media. This IS an area where you can do something on your own, if you take the initiative. > >Certs, on the other hand, make no bones about trying to provide you with a >broad education. Certs are designed, ideally, to measure your knowledge of >specific skills. Period. > >As stated by someone else on this thread, the CCIE may prove to be valuable >in the network engineering profession, but has essentially zero value in any >other profession. And a fairly specific part of network engineering, which is Cisco enterprise support oriented. As currently defined, it has relatively little relevance to ISPs, and doesn't test large-scale design skills. >For example, you can't get your CCIE and then decide you >wanna be an investment banker.But you can do that with an MBA. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59722&t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ccie written quiz tests [7:59721]
Hello All, Looking for some recommendations on which quiz tests to buy for the above exam Boson has been recommended often, and they have three different testsshould just 1 out of 3 be a good bet? also, any free quiz tests out there that anyone knows of... Thanks. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59721&t=59721 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: New to vlans...HELP [7:59655]
Thanks for your reply. Can you or someone please give me an example of what the following would look like configured on the switch? 1. The server port be a member of 2 vlans 2. The same server port configured for tagging 3. The 2 DSLAM ethernet ports (UPLINK and MNGT) be configured as an untagged member of the vlan Thanks. Dave s vermill wrote: Me Morpheus wrote: > > Hello. I am new to the list and glad I found it. I am just > starting out with vlans and I need some clarification. Can > someone clarify the following statement: > > I have the following layout: > > I have 1 DSLAM with 2 ethernet ports (UPLINK and MNGT) that are > both going into a Cisco 2650 switch. The switch is supposed to > have 2 vlans, (A and B). I also have a server that is connected > to this switch. The requirement that was told to me was that > the port connected to the server must be a member of both VLANs > and traffic sent from this port must be tagged (for both > vlans). The port connected to the UPLINK port must be an > untagged member of one of the VLANs. The port connected to the > MGMT port must be an untagged member of the other VLAN. > > I am interested to know about what it means to have a port be > part of an untagged vlan and what it means to have traffic > coming in from a port be tagged for both vlans? Essentially you're dealing with the difference between access ports and trunk ports. An access port is what you would typically connect a PC to. No VLAN tags are appended onto or inserted into the layer 2 frames. A trunk port would typically be found between switches or between a switch and a router. VLAN tags are used to differentiate the traffic. Having said all of that, some NICs are dot1q enabled. That must be the case where your server is concerned. > > Can someone answer these question and preferrably post an > example that would show me what it means? I can't think of any example that would be more illustrative than your own above. VLANs aren't terribly difficult once you get the basics. But keeping in mind where the traffic jumps layers will be critical when you start dealing with a lot of layer 2 / layer 3 boxes. > > Thanks. > > Dave Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59723&t=59655 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: campus LAN Design w/DHCP Server [7:59724]
Priscilla, Well, its been an interesting project. Unfortunately, the DHCP server app that I wound up trying (Vicomsoft) was so buggy that I couldnt keep it from crashing. Even when it was running, it was highly, highly unstable. Granted, it was a demo, but I would think a demo would have basic functionality. Furthermore, I couldnt get into the console port of the 2900XL. Tried everything. The darned port is fried. So here is what I came up with: 2621 | | <--100Mb/s dot1q trunk | Foundry Networks switch | | | | <--100Mb/s access ports | | DHCP Serv DHCP Client The 2621, with 64M of memory and 8M of flash, is running 12.1-18 IP Plus. I dont know much about the Foundry switch. It was straight out of the box just yesterday. I configured it with a dot1q trunk to the router, an access port in vlan 100 (192.168.1.0/24), and an access port in vlan 200 (192.168.2.0/24). The server (192.168.1.100) was attached to VLAN 100 and the client (192.168.2.?) to vlan 200. The router subinterfaces were the .1 address. Subinterface F0/0.2 had an IP helper address of 192.168.1.100. On a couple of occasions I moved the client to vlan 100. The server did actually work two or three times with a local client. It never once worked with a non-local client. The good news is that the DHCP Discovery crossed the vlans via the 2621 and looked to be in pretty good shape: Frame 44 (343 bytes on wire, 343 bytes captured) Arrival Time: Dec 21, 2002 18:01:21.694951000 Time delta from previous packet: 0.721309000 seconds Time relative to first packet: 40.720429000 seconds Frame Number: 44 Packet Length: 343 bytes Capture Length: 343 bytes Ethernet II, Src: 00:02:fd:1d:c0:20, Dst: 00:08:74:03:77:b5 Destination: 00:08:74:03:77:b5 (Dell_Com_03:77:b5) Source: 00:02:fd:1d:c0:20 (Cisco_1d:c0:20) Type: IP (0x0800) Internet Protocol, Src Addr: 192.168.2.1 (192.168.2.1), Dst Addr: 192.168.1.100 (192.168.1.100) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 00.. = Differentiated Services Codepoint: Default (0x00) ..0. = ECN-Capable Transport (ECT): 0 ...0 = ECN-CE: 0 Total Length: 329 Identification: 0x0061 Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 255 Protocol: UDP (0x11) Header checksum: 0x358d (correct) Source: 192.168.2.1 (192.168.2.1) Destination: 192.168.1.100 (192.168.1.100) User Datagram Protocol, Src Port: bootps (67), Dst Port: bootps (67) Source port: bootps (67) Destination port: bootps (67) Length: 309 Checksum: 0xde84 (correct) Bootstrap Protocol Message type: Boot Request (1) Hardware type: Ethernet Hardware address length: 6 Hops: 1 Transaction ID: 0xcb4d080c Seconds elapsed: 17250 Bootp flags: 0x8000 (Broadcast) 1... = Broadcast flag: Broadcast .000 = Reserved flags: 0x Client IP address: 0.0.0.0 (0.0.0.0) Your (client) IP address: 0.0.0.0 (0.0.0.0) Next server IP address: 0.0.0.0 (0.0.0.0) Relay agent IP address: 192.168.2.1 (192.168.2.1) Client hardware address: 00:06:5b:e4:d3:97 Server host name not given Boot file name not given Magic cookie: (OK) Option 53: DHCP Message Type = DHCP Discover Unknown Option Code: 251 (1 bytes) Option 61: Client identifier Hardware type: Ethernet Client hardware address: 00:06:5b:e4:d3:97 Option 50: Requested IP Address = 192.168.1.2 Option 12: Host Name = "laprmccarverGFE" Option 60: Vendor class identifier = "MSFT 5.0" Option 55: Parameter Request List 1 = Subnet Mask 15 = Domain Name 3 = Router Notice the relay agent address of 192.168.2.1. That bodes well. However, for some reason, this was the response: Frame 45 (70 bytes on wire, 70 bytes captured) Arrival Time: Dec 21, 2002 18:01:21.69501 Time delta from previous packet: 0.59000 seconds Time relative to first packet: 40.720488000 seconds Frame Number: 45 Packet Length: 70 bytes Capture Length: 70 bytes Ethernet II, Src: 00:08:74:03:77:b5, Dst: 00:02:fd:1d:c0:20 Destination: 00:02:fd:1d:c0:20 (Cisco_1d:c0:20) Source: 00:08:74:03:77:b5 (Dell_Com_03:77:b5) Type: IP (0x0800) Internet Protocol, Src Addr: 192.168.1.100 (192.168.1.100), Dst Addr: 192.168.2.1 (192.168.2.1) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 00.. = Differentiated Services Codepoint: Default (0x00) ..0. = ECN-Ca
Re: Routers multicast address 224.0.0.2 ?! [7:59609]
Mohannad Khuffash wrote: > Hi ... > > I have tried to configure HSRP on two 3660 routers, I configured them > straight forward where only a little commands needed.But HSRP don't worked > well ! The reason simply was that they are not seeing the HSRP hello > messages so every one act as the active one ! When I checked the problem > more, I discovered that both of them are not seeing the 224.0.0.2 messages > by using the SHOW IP INTERFACE command where none of the interfaces of the > two routers are joined for this multicast group ! > My question now is how I can make them joined to 224.0.0.2 which should be > the default configuration ? Or may be I'm wrong in my investigation ?! > hi, try "show standby", maybe this will help you. hth -bis Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59725&t=59609 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Vs. BS or MS dergree [7:59481]
> >As stated by someone else on this thread, the CCIE may prove to be valuable > >in the network engineering profession, but has essentially zero value in any > >other profession. > > And a fairly specific part of network engineering, which is Cisco > enterprise support oriented. As currently defined, it has relatively > little relevance to ISPs, and doesn't test large-scale design skills. Agreed. I was always disappointed with this aspect of the cert. I realize it's hard to simulate Internet routing in a lab, but at least the design principles could have been covered. Also, my R&S CCIE didn't cover access at all. There was a CCIE Dial for that, but it wouldn't have hurt to at least addresss the issues a bit. -sd Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59726&t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: New to vlans...HELP [7:59655]
Hi, see the nic card should itself support itself be dot1q enabled.If it is just go into the properties and confgure it for different vlans.but this is not the optimzed sol since broadcast effectting one vlan will affect the server.this server will recive all the brodcasts,multicasts and unknown packets.so It can be reduce the performance of server too.Its best you introduce some other layer 3 device for Vlan routing. Moreover Please search on cisco site so that you may clear before hand asking for doubts,I mean to say then you can focus on the problem more by that way. Cheers Cisco Newbie wrote: > Thanks for your reply. Can you or someone please give me an example of what > the following would look like configured on the switch? > 1. The server port be a member of 2 vlans > 2. The same server port configured for tagging > 3. The 2 DSLAM ethernet ports (UPLINK and MNGT) be configured as an > untagged member of the vlan > Thanks. > Dave > > > > s vermill wrote: > Me Morpheus wrote: > > > > Hello. I am new to the list and glad I found it. I am just > > starting out with vlans and I need some clarification. Can > > someone clarify the following statement: > > > > I have the following layout: > > > > I have 1 DSLAM with 2 ethernet ports (UPLINK and MNGT) that are > > both going into a Cisco 2650 switch. The switch is supposed to > > have 2 vlans, (A and B). I also have a server that is connected > > to this switch. The requirement that was told to me was that > > the port connected to the server must be a member of both VLANs > > and traffic sent from this port must be tagged (for both > > vlans). The port connected to the UPLINK port must be an > > untagged member of one of the VLANs. The port connected to the > > MGMT port must be an untagged member of the other VLAN. > > > > I am interested to know about what it means to have a port be > > part of an untagged vlan and what it means to have traffic > > coming in from a port be tagged for both vlans? > > Essentially you're dealing with the difference between access ports and > trunk ports. An access port is what you would typically connect a PC to. > No VLAN tags are appended onto or inserted into the layer 2 frames. A trunk > port would typically be found between switches or between a switch and a > router. VLAN tags are used to differentiate the traffic. Having said all > of that, some NICs are dot1q enabled. That must be the case where your > server is concerned. > > > > > Can someone answer these question and preferrably post an > > example that would show me what it means? > > I can't think of any example that would be more illustrative than your own > above. VLANs aren't terribly difficult once you get the basics. But > keeping in mind where the traffic jumps layers will be critical when you > start dealing with a lot of layer 2 / layer 3 boxes. > > > > > Thanks. > > > > Dave > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59727&t=59655 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Finally CCNP! [7:59706]
Hi Larry. Things are slowly coming to life. I have an interview this week and some other calls are starting to roll in. Hoping that Jan will get the ball rolling. Thanks for the kudos. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59728&t=59706 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISL & 802.1q in one switch [7:59512]
Yes, it is possible... It is dependant upon the type of switch you are using... If it is a 3550, 2950, 4000, etc... You would do switchport mode trunk switchport trunk encapsulation (dot1q or isl) This is off the top of my head, so verify the exact syntax... Not all switches support both so you will need to check your hardware and software... Mark ---Original Message--- From: "[EMAIL PROTECTED]" Sent: 12/19/02 04:09 AM To: [EMAIL PROTECTED] Subject: ISL & 802.1q in one switch [7:59512] > > Hi folks, Does anybody have experience with using ISL en 802.1q within the same switch. I have ISL trunk between my access and distribution layer. Now I want to connect a firewall on my access switch with 802.1q trunking protocol. Is it possible? if the answer is YES, should I change anything in my configuration? My firewall talks 802.1q with the access switch and the vlan's should go from access to distribution switch which talk ISL. thanks, Mehrdad Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59729&t=59512 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
problem regarding redundancy of inf [7:59730]
Hi guys, Sorry if this question is too amateurish, but I am clueless on how to solve this problem. The story is like this - I have a 7204VXR router connected to a 45 Mbps satellite downlink via a HSSI interface. I have a PA-2FE-TX module on the router and currently Fa1/0 (IP: 10.1.1.254) is connected to Server A (IP: 10.1.1.1). Traffic coming in from the satellite is being routed to Server A. There is a default ip route which goes like this: ip route 0.0.0.0 0.0.0.0 10.1.1.1 There are access-lists implemented on Fa1/0 such that only certain ports are being permitted to be routed to Server A. The question: I would like to make use of the other FE port and implement another set of different access rules such that the traffic from the satellite will also go to Server B (IP: 10.2.2.2). The problem is traffic is only flowing to the Fa1/0 interface, and not onto the other Fa1/1 interface. How could I have two streams of data duplicated out onto the two interfaces? Some guy Ive asked mentioned something about IRB. Is this correct? Basically if this is a switch, I could think of doing a SPAN where the satellite downstream is being replicated onto 2 FE ports. How could I achieve this on a router? Thanks for any suggestions. Appreciated it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59730&t=59730 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISL & 802.1q in one switch [7:59512]
I noticed that on my 4006, I could only have isl enabled on the first 2 gige ports. It took me 2 calls to tac to wor this out, by default all were dot1q.. Hope this helps.. -Original Message- From: Mark Johnson [mailto:[EMAIL PROTECTED]] Sent: Monday, 23 December 2002 10:21 AM To: [EMAIL PROTECTED] Subject: Re: ISL & 802.1q in one switch [7:59512] Yes, it is possible... It is dependant upon the type of switch you are using... If it is a 3550, 2950, 4000, etc... You would do switchport mode trunk switchport trunk encapsulation (dot1q or isl) This is off the top of my head, so verify the exact syntax... Not all switches support both so you will need to check your hardware and software... Mark ---Original Message--- From: "[EMAIL PROTECTED]" Sent: 12/19/02 04:09 AM To: [EMAIL PROTECTED] Subject: ISL & 802.1q in one switch [7:59512] > > Hi folks, Does anybody have experience with using ISL en 802.1q within the same switch. I have ISL trunk between my access and distribution layer. Now I want to connect a firewall on my access switch with 802.1q trunking protocol. Is it possible? if the answer is YES, should I change anything in my configuration? My firewall talks 802.1q with the access switch and the vlan's should go from access to distribution switch which talk ISL. thanks, Mehrdad ** visit http://www.solution6.com UK Customers - http://www.solution6.co.uk ** The Solution 6 Head Office and Branch in Sydney is moving premises. >From Monday 25th November our Head Office and NSW Branch will be located at: Level 14, 383 Kent Street, Sydney NSW 2000. General Phone: 61 2 9278 0666 General Fax: 61 2 9278 0555 ** This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59731&t=59512 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISL & 802.1q in one switch [7:59512]
I've done exactly this on the 2900 and 4000 platforms but as discussed only certain cards for the 4000 support ISL. The reason i used it was ISL to the routers and dot1q to clients. This is because on a router sub-interface SNMP ID's are only created for ISL so in order to monitor individual subints on the router it had to be ISL. Otherwise everywhere else we use standards dot1q. Darren Ward (PGradCS, CCIE #8245, SCSA, CCDP, MCP) On Sun, 22 Dec 2002, Mark Johnson wrote: > Yes, it is possible... It is dependant upon the type of switch you are > using... If it is a 3550, 2950, 4000, etc... You would do > > switchport mode trunk > switchport trunk encapsulation (dot1q or isl) > > This is off the top of my head, so verify the exact syntax... > > Not all switches support both so you will need to check your hardware and > software... > > Mark > ---Original Message--- > From: "[EMAIL PROTECTED]" > Sent: 12/19/02 04:09 AM > To: [EMAIL PROTECTED] > Subject: ISL & 802.1q in one switch [7:59512] > > > > > Hi folks, > > Does anybody have experience with using ISL en 802.1q within the same > switch. I have ISL trunk between my access and distribution layer. Now I > want to connect a firewall on my access switch with 802.1q trunking > protocol. Is it possible? if the answer is YES, should I change anything > in > my configuration? My firewall talks 802.1q with the access switch and the > vlan's should go from access to distribution switch which talk ISL. > > thanks, > Mehrdad Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59732&t=59512 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: campus LAN Design w/DHCP Server [7:59724]
Thanks Scott! It does bode well, despite the weird Dest Unreachable (Port Unreachable) from the server. Thanks again. Priscilla s vermill wrote: > > Priscilla, > > Well, its been an interesting project. Unfortunately, the > DHCP server app that I wound up trying (Vicomsoft) was so buggy > that I couldnt keep it from crashing. Even when it was > running, it was highly, highly unstable. Granted, it was a > demo, but I would think a demo would have basic functionality. > > Furthermore, I couldnt get into the console port of the > 2900XL. Tried everything. The darned port is fried. > > So here is what I came up with: > > >2621 > | > | | > Foundry Networks switch > | | > | | | | > DHCP Serv DHCP Client > > > The 2621, with 64M of memory and 8M of flash, is running > 12.1-18 IP Plus. I dont know much about the Foundry switch. > It was straight out of the box just yesterday. I configured it > with a dot1q trunk to the router, an access port in vlan 100 > (192.168.1.0/24), and an access port in vlan 200 > (192.168.2.0/24). The server (192.168.1.100) was attached to > VLAN 100 and the client (192.168.2.?) to vlan 200. The router > subinterfaces were the .1 address. Subinterface F0/0.2 had an > IP helper address of 192.168.1.100. > > On a couple of occasions I moved the client to vlan 100. The > server did actually work two or three times with a local > client. It never once worked with a non-local client. The > good news is that the DHCP Discovery crossed the vlans via the > 2621 and looked to be in pretty good shape: > > Frame 44 (343 bytes on wire, 343 bytes captured) > Arrival Time: Dec 21, 2002 18:01:21.694951000 > Time delta from previous packet: 0.721309000 seconds > Time relative to first packet: 40.720429000 seconds > Frame Number: 44 > Packet Length: 343 bytes > Capture Length: 343 bytes > Ethernet II, Src: 00:02:fd:1d:c0:20, Dst: 00:08:74:03:77:b5 > Destination: 00:08:74:03:77:b5 (Dell_Com_03:77:b5) > Source: 00:02:fd:1d:c0:20 (Cisco_1d:c0:20) > Type: IP (0x0800) > Internet Protocol, Src Addr: 192.168.2.1 (192.168.2.1), Dst > Addr: 192.168.1.100 (192.168.1.100) > Version: 4 > Header length: 20 bytes > Differentiated Services Field: 0x00 (DSCP 0x00: Default; > ECN: 0x00) > 00.. = Differentiated Services Codepoint: Default > (0x00) > ..0. = ECN-Capable Transport (ECT): 0 > ...0 = ECN-CE: 0 > Total Length: 329 > Identification: 0x0061 > Flags: 0x00 > .0.. = Don't fragment: Not set > ..0. = More fragments: Not set > Fragment offset: 0 > Time to live: 255 > Protocol: UDP (0x11) > Header checksum: 0x358d (correct) > Source: 192.168.2.1 (192.168.2.1) > Destination: 192.168.1.100 (192.168.1.100) > User Datagram Protocol, Src Port: bootps (67), Dst Port: bootps > (67) > Source port: bootps (67) > Destination port: bootps (67) > Length: 309 > Checksum: 0xde84 (correct) > Bootstrap Protocol > Message type: Boot Request (1) > Hardware type: Ethernet > Hardware address length: 6 > Hops: 1 > Transaction ID: 0xcb4d080c > Seconds elapsed: 17250 > Bootp flags: 0x8000 (Broadcast) > 1... = Broadcast flag: Broadcast > .000 = Reserved flags: 0x > Client IP address: 0.0.0.0 (0.0.0.0) > Your (client) IP address: 0.0.0.0 (0.0.0.0) > Next server IP address: 0.0.0.0 (0.0.0.0) > Relay agent IP address: 192.168.2.1 (192.168.2.1) > Client hardware address: 00:06:5b:e4:d3:97 > Server host name not given > Boot file name not given > Magic cookie: (OK) > Option 53: DHCP Message Type = DHCP Discover > Unknown Option Code: 251 (1 bytes) > Option 61: Client identifier > Hardware type: Ethernet > Client hardware address: 00:06:5b:e4:d3:97 > Option 50: Requested IP Address = 192.168.1.2 > Option 12: Host Name = "laprmccarverGFE" > Option 60: Vendor class identifier = "MSFT 5.0" > Option 55: Parameter Request List > 1 = Subnet Mask > 15 = Domain Name > 3 = Router > > Notice the relay agent address of 192.168.2.1. That bodes > well. However, for some reason, this was the response: > > Frame 45 (70 bytes on wire, 70 bytes captured) > Arrival Time: Dec 21, 2002 18:01:21.69501 > Time delta from previous packet: 0.59000 seconds > Time relative to first packet: 40.720488000 seconds > Frame Number: 45 > Packet Length: 70 bytes > Capture Length: 70 bytes > Ethernet II, Src: 00:08:74:03:77:b5, Dst: 00:02:fd:1d:c0:20 > Destination: 00:02:fd:1d:c0:20 (Cisco_1d:c0:20) > Source: 00:08:74:03:77:b5 (
Re: Terminate a session [7:59656]
Steve Dispensa wrote: > > On Fri, 2002-12-20 at 16:01, John McCartney wrote: > > I'm looking for the deinitive answer on who can terminate a > session in > > IP/IPX/Appletalk networks. > > [my apologies for the long-winded reply] Great answer. I wrote a long one too, but Group Study swallowed it. I think it crashed right when I sent my message. ;-) And there's a lesson in that. One good reason that either side can terminate a session is that either side could crash! You covered the TCP/IP world, but I just wanted to add that in the AppleTalk world we have: AppleTalk Transaction Protocol (ATP) AppleTalk DataStream Protocol (ADSP) AppleTalk Session Protocol (ASP) Either side can terminate sessions with those protocols, although which side does depends on the application, which could be Apple Filing Protocol (AFP), Printer Access Protocol (PAP), Name Binding Protocol (NBP), or Zone Information Protocol (ZIP). I'm afriad I can't remember which side usually terminates for each of those, but theoretically either side could. In the Novell world, sessions happen in the NetWare Core Protocol (NCP) and NetBIOS over IPX (NWLink) protocols. I think either side can terminate a session in those cases too. Terminating sessions happens for many reasons, which is why most protocols let either side terminate. Some reasons that come to mind: The client has gotten all the data it wants. The server has come to the end of the data it wants to send. The user quits the application. The user goes out to lunch. The server goes out to lunch! ;-) An intrusion detection system notices something weird. Priscilla Priscilla > > Well... it depends. In the strictest sence, all of the > protocols you > mentioned are connectionless, so there's nothing to break. Any > state > added is added at the transport layer immediately above. In > the case of > IP, the connection-oriented general-purpose transport layer > protocol is > TCP. > > Narrowing it down to TCP/IP (because I have mostly forgotten > about > session-related stuff on top of appletalk and ipx and it's too > late to > look it up ;)... TCP is connection-oriented. Only one side can > initiate a connection (duh) but either side can break it. > There are > several ways. Each application protocol defines the way > connections are > broken if they spec a connection-orient transport. Also, TCP > can break > its own connections. > > In one common scenario, the client will connect, do its thing, > and > initiate the disconnect. This is the way protocols such as > SMTP, POP3, > TELNET, SSH, and most others work. The "I'm ready to close" > signal gets > sent from client to server. > > In one notable exception to this practice, HTTP is often handled > differently. The client connects to the server, and the > server, after > sending back the full response, initiates the disconnection. > Also, in a > slight warping of the terms client and server, FTP servers > close data > connections. > > Also, TCP can close its own connections by sending a RST packet > to the > peer. This is usually done when state gets screwed up, but it > can be > done for any reason, really. It is not the nice way to close a > connection, though, as it implies an error condition. Also, > this can't > (usually) be done by a program; rather, this is done by an OS. > > Also, I've been imprecise up to now on the meaning of "close". > TCP > connection termination involves a "four-way disconnect". Each > end sends > a FIN packet, ack'd by the opposite end. Only when all four > segments > have been sent/received will both ends consider the connection > to be > closed. There's an intermediate state that a connection can be > in > called "half-closed". This is where one end has sent its FIN > (and > possibly had that FIN ack'd by the other side), but the other > end is > still sending data. Programmatically, this is accomplished by > a call to > shutdown(). For example, a web browser might send its full > request > (something like "GET / HTTP/1.0\r\n\r\n") and then call > shutdown() and > wait for the response. The server would then send back its > data and the > client would just be able to ACK, until the server finally > closes its > half. > > In a more abstract sense, a connection is just an agreement > between two > end systems to communicate together with some operational > parameters. > Connections over connectionless protocols (such as IP) require > additional state to keep things straight - they have to manage > flow > control, data integrity, and so on. People do occasionally > re-impliment > the ideas behind TCP using other protocols. Several routing > protocols > implement their own network protocols. Real-time streams are > inappropriate for TCP due to its retransmission and segmentation > behaviors (among other things), but they still maintain the > concept of a > connection. > > You occasionally hear of ATM, Frame Relay, X.25, and kin > referred to as > connection-oriented
HSRP and BGP [7:59735]
Hi, I have 2 routers configured with HSRP and running BGP with single ISP. For outbound traffic, it will go through the Active HSRP router. How about Inbound traffic? Can the Inbound traffic be 'load shared'? (The ISP already make the same preference on our route advertised) Or the Inbound traffic can only route back to active router link? TIA. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59735&t=59735 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP and BGP [7:59735]
Usually if you want to distribute inbound traffic between two links with the SAME isp, you attach both of those links to the same router, create a loopback ip on that router, and have your provider peer with that loopback ip. Putting them on different routers will give you redundancy as opposed to load sharing. Brian - Original Message - From: "Ivan Yip" To: Sent: Sunday, December 22, 2002 6:18 PM Subject: HSRP and BGP [7:59735] > Hi, > > I have 2 routers configured with HSRP and running BGP with single ISP. For > outbound traffic, it will go through the Active HSRP router. > > How about Inbound traffic? Can the Inbound traffic be 'load shared'? (The > ISP already make the same preference on our route advertised) > > Or the Inbound traffic can only route back to active router link? > > TIA. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59736&t=59735 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP and BGP [7:59735]
Hi, inbound traffic has nothing to do with HSRP.It all depends how your isp is routing back traffic through bgp.so it means u can load balance on the two links. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59737&t=59735 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP and BGP [7:59735]
Hi, inbound traffic has nothing to do with HSRP.It all depends how your isp is routing back traffic through bgp.so it means u can load balance on the two links. Ivan Yip wrote: > > Hi, > > I have 2 routers configured with HSRP and running BGP with > single ISP. For outbound traffic, it will go through the Active > HSRP router. > > How about Inbound traffic? Can the Inbound traffic be 'load > shared'? (The ISP already make the same preference on our route > advertised) > > Or the Inbound traffic can only route back to active router > link? > > TIA. > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59738&t=59735 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP and BGP [7:59735]
> Hi, > > I have 2 routers configured with HSRP and running BGP with single ISP. For > outbound traffic, it will go through the Active HSRP router. > > How about Inbound traffic? Can the Inbound traffic be 'load shared'? (The > ISP already make the same preference on our route advertised) > > Or the Inbound traffic can only route back to active router link? > You get back what you advertise out. So if you want some traffic to take one link and other traffic to take the other link, then you need to advertise it that way. Let's say you have a /24 netblock. You can advertise the first half of addresses (/25) out router A and the back half (/25) out router B. Then, take it a step further by also advertising the whole /24 block out both. This way, should one link fail, the other will pick up the traffic initially destined for the failed link. This based off of the longest-match rule. Please note - my example uses a /24 split into 2 /25s. Most providers won't accept (more specifically, won't advertise to their peers) any block smaller than a /24. There are some exceptions (such as having leased your netblock from that provider). Ask your provider what their policy is. Either way, work with your provider to get the advertisements setup correctly. This is the beauty of BGP. It has all the knobs you need for such requirements. HTH, -chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59739&t=59735 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP and BGP [7:59735]
Hi All, Thanks all your response. Now two routers adverise same block /24 to the isp. I found that they are 'load shared' in this sense. Only 1 link is the active for Inbound. For example, if I download files from outside, inbound is using say link1 and link2 is idle and no packet coming in. Some time later, I ftp again and this time is using link2 and link1 is idle. Is it normal? TIA. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59740&t=59735 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP and BGP [7:59735]
""Ivan Yip"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi All, > > Thanks all your response. > > Now two routers adverise same block /24 to the isp. I found that they are > 'load shared' in this sense. Only 1 link is the active for Inbound. For > example, if I download files from outside, inbound is using say link1 and > link2 is idle and no packet coming in. Some time later, I ftp again and this > time is using link2 and link1 is idle. > > Is it normal? depends - per packet load sharing versus per conversation load sharing. with per packet load sharing set up correctly, each packet might take a different path. with per conversation load sharing, it is quite easy for this to happen. lets say that the router to microsoft.com is on your router's route cache for one link. any traffic to microsoft would take that one link, no matter how many other links to the internet you may have. later, you go to redhat.com. the route is not in the route cache, lookups are made, and the router chooses a different path. you really need to look at this in detail both on your side and with regards to what your ISP is doing. > > TIA. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59741&t=59735 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]