Re: Routers multicast address 224.0.0.2 ?! [7:59609]

2002-12-23 Thread [EMAIL PROTECTED] 
You could disable IGMP snooping or CGMP on the switch to check if it is the
cause of the problem.

There are notes about CGMP and HSRP on:
http://www.cisco.com/en/US/tech/tk648/tk363/technologies_tech_note09186a00800b0871.shtml




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59742&t=59609
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: problem with initiating PPTP connection behind a P [7:59654]

2002-12-23 Thread alaerte Vidali 
Let me see if I got that right; You want to establish a PPTP tunnel to
access an internal server from a PC on the Internet. On the PIX, you have
just on valid address on the outside interface, so you use PAT for the
internal host access the Internet

If I got that right, it is what I have implemented. I will wait for your
confirmation.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59743&t=59654
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

XSS Vulnerability found on Cisco Website [7:59744]

2002-12-23 Thread Paul Borghese 
According to http://www.securiteam.com/securitynews/6T00D206AC.html
there is a Cross Site Scripting vulnerability on the Cisco website.
Make sure you log off of your CCO account (which last time I checked
Cisco does not give us that option!) before surfing the web.  The only
way I have been able to log off is turn off the browser which expires
the cookie.  

Paul Borghese




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59744&t=59744
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Very Strange Problem....Any Ideas? [7:59682]

2002-12-23 Thread Craig Columbus 
Since you worked in a brokerage situation, you probably understand better 
than most...
It's straight IP, but there is equipment from Bloomberg, Metavante, 
Reuters, Pershing, etc.
Most of the equipment, I have to take the vendor's word that it's not 
misbehaving since I don't have access.
Supposedly, each vendor checked their equipment and ruled out all the 
things we asked them to check.


At 07:30 AM 12/22/2002 +, you wrote:
>Craig, I looked through the other responses, but I wanted to offer
>something. I worked in brokerage for a number of years, most of which time I
>was in the beginner's level regarding networking. But I do recall some
>"strange" things happening, and I never did trust the answers particular
>venders were giving me.
>
>First question - when you say "vendor" Unix boxes, are you talking ILX
>systems? IP only box? no port to IPX, I assume.
>
>Second question - is there a firewall someplace in the mix?
>
>Third question - any other vendor equipment - say a Bloomberg router or a
>Bridge Networks server, or maybe a Telerate or two?
>
>Any other Thomson equipment in the mix?
>
>I had a problem once with what ILX told me was a routing loop. I'd have to
>sit back and think a long time about the topology I had in place. The
>problem only occurred with a particular branch that I was moving from a
>bridged to a routed WAN link.
>
>Another time, when I was testing using centralized ILX services ( servers at
>HQ, workstations in remote offices ), ILX used to blame the failure to
>operate properly on IP helpering which I had in place for DHCP purposes.
>They also used to claim that my RIP passive on my PIX firewall was
>interfering with their servers. I can buy the routing loop, but I never did
>buy their IP helpering and PIX finger pointing. Again, I'd have to sit back
>and think a while. It's been over three years now.
>
>I asked about other vendors, because you never can tell when a misconfigured
>redistribution or some static route from 3rd party equipment might creep
>into the mix.
>
>Let us all know. Especially me. I still have a soft spot in my heart for
>brokerage.
>
>Chuck
>
>--
>TANSTAAFL
>"there ain't no such thing as a free lunch"
>
>
>
>
>""Craig Columbus""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I worked on a network move for a brokerage company last week and
> > encountered a VERY strange problem.
> >
> > We moved a bunch of equipment to a new office building.  During the
> > process, we changed the internal network from 192.168.100.0/24 to
> > 172.31.4.0/22.
> > There company has 4 Cisco 3500XL 48 port switches, with no VLANs and
plain
> > vanilla configurations.  The fanciest thing is portfast on the client
> > machine ports.
> > Switches are linked via GBICs in a cascade.  There is one client
>maintained
> > router that sits before the firewall with only static routes and no
>routing
> > protocols.
> > There are multiple outside vendor routers for specific applications
> > (real-time quotes, clearinghouse mainframe, etc.), but these too also
have
> > only static routes and no routing protocols.
> >
> > After installing all of the network equipment and servers, we started to
> > turn on clients and get new DHCP addresses.  Since the new network was
> > 172.31.4.0/22, 172.31.4.1 - 172.31.4.255 was reserved for servers,
> > printers, switches, and routers.  The remaining 172.31.5.0 - 172.31.7.254
> > was reserved for clients...though there are only about 100 clients at the
> > moment and thus they only took 5.0 - 5.100 or so in DHCP.
> >
> > After installing maybe 20 clients or so, we started to see mass slowdowns
> > on the network.  Pings between clients and servers were very irregular
and
> > intermittent.  There was no discernable pattern to when pings would
>succeed
> > and when they'd fail.  We exhaustively went through all devices and made
> > sure that they'd been correctly set to the new mask and that all server
> > functions (DNS, WINS, AD, etc.) had been correctly setup for the new
> > subnet.  Everything looked fine.  In an effort to troubleshoot, we
>unhooked
> > the switch stack and put core servers and a few clients on a single
> > switch.  Again, communication was irregular and unpredictable, whether
>with
> > static or DHCP addresses on the clients.  Sometimes things would be fine,
> > other times clients could ping the server, but not the switch to which
>they
> > were attached.  Sometimes clients could ping the switch, but not the
> > server.  Sometimes the clients could ping neither.  Again, there seemed
to
> > be no pattern.  Thinking there might have been some IOS bug, we erased
> > nvram, upgraded the switches to current IOS code, and put in a completely
> > plain configuration.  This had no effect on the problem.
> >
> > After 4 of us (with probably 50 years of industry experience between us)
> > spent 15 hours or so trying to resolve the issue, I finally suggested we
> > try moving the clients from the 172.31.5.x/22 block to th

RE: problem with initiating PPTP connection behind a P [7:59746]

2002-12-23 Thread eric nguyen 
I already get the answer and it doesnt' work.  FYI.
The PPTP server is on the Internet.  The machine that initiated the PPTP
connection
sit behind a Pix firewall and access the Internet via PAT.
 alaerte Vidali  wrote:Let me see if I got that right; You want to establish
a PPTP tunnel to
access an internal server from a PC on the Internet. On the PIX, you have
just on valid address on the outside interface, so you use PAT for the
internal host access the Internet

If I got that right, it is what I have implemented. I will wait for your
confirmation.
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59746&t=59746
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 7200 Router Questions... [7:59645]

2002-12-23 Thread MADMAN 
You gotta have one or the other, It's the brains of the box!

   Dave

Edward Sohn wrote:
> thanks.
> 
> it seems that the NSE-1 is made for service providers (according to the
> link you sent me).  is there a way to determine if i need one?  or even
> an NPE, for that matter?
> 
> thanks,
> 
> ed

David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

"You don't make the poor richer by making the rich poorer." --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59747&t=59645
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

strange behavior in ip negotiated [7:59748]

2002-12-23 Thread Deepak N 
HI All
   I have the test setup for E1 connection. I am using NM-2CE1B in 3660
routers. I have connected two routers back to back for this E1 connection.
  The problem is when i configure the static ip address, i can ping the
opposite end. But when i give ip address negotiated, it can not ping to the
other end. The ip address is negotiated and assigned. It can ping to its own
ip address, but not to the opposite end. When i give trace route to its own
ip address, it traces to the opposite end and ends in the own ip address.
 when i give debug ip packets it gives unroutable. but in traceroute it can
reach the opposite end.
 please can anyone guide me where i am going wrong.

 I am attaching the configuration of the two routers.

R1E1 back to backR2

R1#sh run
Building configuration...

Current configuration : 1082 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R1
!
enable password lab
!
ip subnet-zero
!
!
ip name-server 192.122.173.131
!
frame-relay switching
!
controller E1 1/0
 shutdown
!
controller E1 1/1
 shutdown
!
controller E1 3/0
 channel-group 0 timeslots 1-31
!
!
!
interface FastEthernet0/0
 ip address 10.77.152.220 255.255.255.0
 ip nat outside
 duplex auto
 speed auto
 no cdp enable
!
interface FastEthernet1/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet3/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial3/0:0
 ip address 100.100.100.1 255.255.255.0
 ip nat inside
 encapsulation ppp
 peer default ip address pool deepak
!
ip local pool deepak 100.100.100.11 100.100.100.20
ip nat inside source list 101 interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 10.77.152.129
ip http server
ip pim bidir-enable
!
access-list 101 permit ip 100.100.100.0 0.0.0.255 any
!
line con 0
line aux 0
line vty 0 4
 password lab
 login
!
end

R1#ping 100.100.100.11

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.11, timeout is 2 seconds:
.
Success rate is 0 percent (0/5)




R2#sh run
Building configuration...

Current configuration : 1024 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R2
!
enable password lab
!
ip subnet-zero
!
!
ip name-server 192.122.173.131
!
!
controller E1 3/0
 channel-group 0 timeslots 1-31
!
controller E1 3/1
!
!
!
interface FastEthernet0/0
 ip address 10.77.152.221 255.255.255.0
 shutdown
 duplex auto
 speed auto
 no cdp enable
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
 no cdp enable
!
interface FastEthernet1/0
 no ip address
 shutdown
 duplex auto
 speed auto
 no cdp enable
!
interface Serial1/0
 no ip address
 shutdown
 no fair-queue
 no cdp enable
!
interface FastEthernet3/0
 no ip address
 shutdown
 duplex auto
 speed auto
 no cdp enable
!
interface Serial3/0:0
 ip address negotiated
 encapsulation ppp
 no peer neighbor-route
 no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 100.100.100.1
ip http server
ip pim bidir-enable
!
no cdp run
!
line con 0
line aux 0
line vty 0 4
 password lab
 login
!
end

R1#ping 100.100.100.11

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.11, timeout is 2 seconds:
!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms

R1#traceroute 100.100.100.11

Type escape sequence to abort.
Tracing the route to 100.100.100.11

  1 100.100.100.1 0 msec 0 msec 0 msec
  2 100.100.100.11 4 msec 0 msec *

R1#ping 100.100.100.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.1, timeout is 2 seconds:
.
Success rate is 0 percent (0/5)


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59748&t=59748
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ISIS [7:59749]

2002-12-23 Thread Cliff Cliff 
Hi all,

our company will implement IS-IS very shortly. Does anyone have sample
config / any web site it can have clearly teaching me? Thx!


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59749&t=59749
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Is there anyone just passed new CCNA exam ? [7:59636]

2002-12-23 Thread James Gosnold 
IPX is still there

Passing score is still 849


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59750&t=59636
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISIS [7:59749]

2002-12-23 Thread The Long and Winding Road 
""Cliff Cliff""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi all,
>
> our company will implement IS-IS very shortly. Does anyone have sample
> config / any web site it can have clearly teaching me? Thx!


idle curousity - your company has made a decision to implement IS-IS and
there is no one on staff who knows anything about the protocol?

I have to ask. Why? Why IS-IS. Why the decision? Greenfield or replacing
something else?

As for sources, Pete Van Oene's white papers on Cert Zone are pretty good. I
thought that Jeff Doyle's treatment of IS-IS was lacking, but it's been a
while, and that may have been my own ignorance.

There is always CCO

http://us.imdb.com/Title?0055719

and

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_r
/iprprt2/1rdisis.htm
watch the wrap


if you have a couple of spare routers, you can follow some of the examples
to get started.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59751&t=59749
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISIS [7:59749]

2002-12-23 Thread Daniel Cotts 
The Cisco Press web site has a downloadable chapter on ISIS - well over 100
pages.

Here's a good start on CCO: Watch the wrap on these.
www.cisco.com/en/US/tech/tk472/tk474/tk381/tech_protocol_home.html
A short overview on CCO reachable from the above URL.
www.cisco.com/en/US/tech/tk472/tk474/technologies_white_paper09186a00800a3e6
f.shtml

> -Original Message-
> From: Cliff Cliff [mailto:[EMAIL PROTECTED]]
> Sent: Monday, December 23, 2002 9:44 AM
> To: [EMAIL PROTECTED]
> Subject: ISIS [7:59749]
> 
> 
> Hi all,
> 
> our company will implement IS-IS very shortly. Does anyone have sample
> config / any web site it can have clearly teaching me? Thx!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59752&t=59749
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: HSRP and BGP [7:59735]

2002-12-23 Thread YASSER ALY 
In your scenario advertising same block over both links to your provider
will not help in load sharing. Redundancy is acheived but not sharing
because your ISP will receive two advertisments to the same block and BGP
only chooses the best route.

 You can overcome this in many ways, for example you if you have a /22
block. Devide it into 8 /24 blocks. Start advertising 4 /24s through the
1st router, advertise the remaining /24s through the 2nd router. Like
this you acheived load-balance as your ISP will receive 1/2 of the routes
via one link and the rest through the other.

 You are not done yet as this will provide load-sharing but not
redundancy. For example if Link1 fails this means that 1/2 of your blocks
will not be advertised and will stop receiving traffic for them. To avoid
this, advertise through both routers an aggregate route for the whole
/22. Like this your ISP will always use the more specific route and in a
way balance the traffic over both links. When one of the links/routers
fail, your ISP will use the aggregate route advertised from your other
router to route all the traffic back to you.

 Another way, is to ask your provider to accept not just 1 route for the
/24 but accept both by setting the maximum accepted routes to 2 instead
to 1. 1 is the default and ISPs normally don't accept changing this
default value.

HTH,

Yasser

>From: "Ivan Yip" >Hi All, > >Thanks all your response. > >Now two
routers adverise same block /24 to the isp. I found that they are >'load
shared' in this sense. Only 1 link is the active for Inbound. For
>example, if I download files from outside, inbound is using say link1
and >link2 is idle and no packet coming in. Some time later, I ftp again
and this >time is using link2 and link1 is idle. > >Is it normal? > >TIA.
misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Protect your PC - Click here for McAfee.com VirusScan Online




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59753&t=59735
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: New to vlans...HELP [7:59655]

2002-12-23 Thread s vermill 
Cisco Newbie wrote:
> 
> Thanks for your reply.  Can you or someone please give me an
> example of what the following would look like configured on the
> switch?
> 1.  The server port be a member of 2 vlans 
> 2.  The same server port configured for tagging 
> 3.  The 2 DSLAM ethernet ports (UPLINK and MNGT) be configured
> as an untagged member of the vlan
> Thanks. 
> Dave
> 

Dave,

What type of switch?  Have you searched on CCO?  They almost always have an
example config to meet your needs.  The answer to 1 & 2 above is the same.

The general form for a non-tagged access port is:

set vlan 1 1/1
set vlan 2 1/2

This assigns port 1/1 to vlan 1 and port 1/2 to vlan 2

The general form for a tagged trunk would be:

set trunk 2/1 on dot1q 1-2
clear trunk 2/1 3-1005

This sets port 2/1 as a dot1q trunk carrying vlans 1 & 2.  All others are
cleared.

But depending on the switch, this may not be any good. 

Scott




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59754&t=59655
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE Vs. BS or MS dergree [7:59481]

2002-12-23 Thread Pcasey 
Interesting question, but I think the question of "which is tougher" and
"which is more valuable" get confused.

As someone who has an MBA from a top school, I know that it took several
thousand of hours of work and an estimated 12,000 - 15,000 pages of reading.
I am in process on my CCIE, but so far it looks like it will only be a
fraction of that.

However, how hard it is really doesn't matter.  The question is what you
want to do with your life and what you find interesting.  Would being an
successful investment banker pay more than being a solid CCIE?  Of course.
Would I hate my life?  Of course.  But, that is just my personal view.

As someone who has had a wide range of technical, managerial, and financial
experiences I strongly encourage people to follow their passion and not get
hung-up in the money question.  And don't worry about how hard it is or
isn't.  If you love it you will work through it.  If you hate it but are
trying to just make a bunch of money, it may be harder for you that becoming
a brain surgeon.

Just my $1.25 worth . . . inflation you know!

""Mic shoeps""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello
>
> I've been arguing with a collegue of mine which one would be tougher to
> achieve. I told him that it would be much more harder to have a computer
> science or a networking degree (you have to take the GRE and complete 2 or
3
> years of school works) than a CCIE, but my collegue think other wise. He
> literally believes that having a CCIE is equivalent of having a Ph.d in
> Networking. I'd like to hear your thought.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59755&t=59481
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 7200 Router Questions... [7:59645]

2002-12-23 Thread Edward Sohn 
dave,

that's the thing...i actually heard (from a cisco SE) that i am not
required to have one.  they just offload the processing.

can someone verify for me, please?

thanks,

eddie

-Original Message-
From: MADMAN [mailto:[EMAIL PROTECTED]] 
Sent: Monday, December 23, 2002 7:07 AM
To: Edward Sohn
Cc: [EMAIL PROTECTED]
Subject: Re: 7200 Router Questions... [7:59645]



   You gotta have one or the other, It's the brains of the box!

   Dave

Edward Sohn wrote:
> thanks.
> 
> it seems that the NSE-1 is made for service providers (according to 
> the link you sent me).  is there a way to determine if i need one?  or

> even an NPE, for that matter?
> 
> thanks,
> 
> ed

David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

"You don't make the poor richer by making the rich poorer." --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59757&t=59645
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 7200 Router Questions... [7:59645]

2002-12-23 Thread MADMAN 
That is capital BS!!!  Offload the processing from what!?!?!

   Trust me you need one.

   With the new NPE-1G you no longer need and I/O card if that's what 
the person is thinking of...

   Now who do you believe :)

   Dave

Edward Sohn wrote:
> dave,
> 
> that's the thing...i actually heard (from a cisco SE) that i am not
> required to have one.  they just offload the processing.
> 
> can someone verify for me, please?
> 
> thanks,
> 
> eddie
> 
> -Original Message-
> From: MADMAN [mailto:[EMAIL PROTECTED]] 
> Sent: Monday, December 23, 2002 7:07 AM
> To: Edward Sohn
> Cc: [EMAIL PROTECTED]
> Subject: Re: 7200 Router Questions... [7:59645]
> 
> 
> 
>You gotta have one or the other, It's the brains of the box!
> 
>Dave
> 
> Edward Sohn wrote:
> 
>>thanks.
>>
>>it seems that the NSE-1 is made for service providers (according to 
>>the link you sent me).  is there a way to determine if i need one?  or
> 
> 
>>even an NPE, for that matter?
>>
>>thanks,
>>
>>ed
> 
> 
> David Madland
> CCIE# 2016
> Sr. Network Engineer
> Qwest Communications
> 612-664-3367
> 
> "You don't make the poor richer by making the rich poorer." --Winston
> Churchill
> 
> 
> 
> 
> 


-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

"You don't make the poor richer by making the rich poorer." --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59758&t=59645
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: HSRP and BGP [7:59735]

2002-12-23 Thread chris kane 
While several of us have mentioned splitting up the netblocks that you
advertise to your ISP would help spread the usage across the T1's there is
something to keep in mind. If there is only 1 or so hosts that are most
often the destination for traffic inbound to your site, you are still going
to get more utilization across the link that advertises the network that
contains that particular host/s.

I mention this because I've had clients in the past split netblock
assignments in an effort to get better utilization of their multiple T1
setups. But we've often found that they have 1 host providing more service
than the others, that particular network will see more traffic, hence, that
particular link seeing more utilization.

There can be a need to be very granular about how you advertise networks and
about how you have your network set up. You may have to play with moving
hosts around on different netblocks if you are truly looking to get
something near even traffic on each T1. You can use your interface stats to
routinely check load, or better, use something like MRTG that will poll your
interfaces and graph utilization over longer periods of time.

Sorry if this is long winded, but you need to keep in mind what your trying
to do. How to best use the resources you have and perhaps most importantly,
to know how to measure it accurately to see if you've achieved the results
you were looking for.

-chris

- Original Message -
From: "YASSER ALY" 
To: 
Sent: Monday, December 23, 2002 11:43 AM
Subject: Re: HSRP and BGP [7:59735]


> In your scenario advertising same block over both links to your provider
> will not help in load sharing. Redundancy is acheived but not sharing
> because your ISP will receive two advertisments to the same block and BGP
> only chooses the best route.
>
>  You can overcome this in many ways, for example you if you have a /22
> block. Devide it into 8 /24 blocks. Start advertising 4 /24s through the
> 1st router, advertise the remaining /24s through the 2nd router. Like
> this you acheived load-balance as your ISP will receive 1/2 of the routes
> via one link and the rest through the other.
>
>  You are not done yet as this will provide load-sharing but not
> redundancy. For example if Link1 fails this means that 1/2 of your blocks
> will not be advertised and will stop receiving traffic for them. To avoid
> this, advertise through both routers an aggregate route for the whole
> /22. Like this your ISP will always use the more specific route and in a
> way balance the traffic over both links. When one of the links/routers
> fail, your ISP will use the aggregate route advertised from your other
> router to route all the traffic back to you.
>
>  Another way, is to ask your provider to accept not just 1 route for the
> /24 but accept both by setting the maximum accepted routes to 2 instead
> to 1. 1 is the default and ISPs normally don't accept changing this
> default value.
>
> HTH,
>
> Yasser
>
> >From: "Ivan Yip" >Hi All, > >Thanks all your response. > >Now two
> routers adverise same block /24 to the isp. I found that they are >'load
> shared' in this sense. Only 1 link is the active for Inbound. For
> >example, if I download files from outside, inbound is using say link1
> and >link2 is idle and no packet coming in. Some time later, I ftp again
> and this >time is using link2 and link1 is idle. > >Is it normal? > >TIA.
> misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> 
>
> Protect your PC - Click here for McAfee.com VirusScan Online




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59759&t=59735
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 7200 Router Questions... [7:59645]

2002-12-23 Thread Edward Sohn 
so maybe that's what he was referring to...can i just use a I/O card for
a basis, if i needed to (not that i would, but just wondering if i
could)...

-Original Message-
From: MADMAN [mailto:[EMAIL PROTECTED]] 
Sent: Monday, December 23, 2002 9:31 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: 7200 Router Questions... [7:59645]



   That is capital BS!!!  Offload the processing from what!?!?!

   Trust me you need one.

   With the new NPE-1G you no longer need and I/O card if that's what 
the person is thinking of...

   Now who do you believe :)

   Dave

Edward Sohn wrote:
> dave,
> 
> that's the thing...i actually heard (from a cisco SE) that i am not 
> required to have one.  they just offload the processing.
> 
> can someone verify for me, please?
> 
> thanks,
> 
> eddie
> 
> -Original Message-
> From: MADMAN [mailto:[EMAIL PROTECTED]]
> Sent: Monday, December 23, 2002 7:07 AM
> To: Edward Sohn
> Cc: [EMAIL PROTECTED]
> Subject: Re: 7200 Router Questions... [7:59645]
> 
> 
> 
>You gotta have one or the other, It's the brains of the box!
> 
>Dave
> 
> Edward Sohn wrote:
> 
>>thanks.
>>
>>it seems that the NSE-1 is made for service providers (according to
>>the link you sent me).  is there a way to determine if i need one?  or
> 
> 
>>even an NPE, for that matter?
>>
>>thanks,
>>
>>ed
> 
> 
> David Madland
> CCIE# 2016
> Sr. Network Engineer
> Qwest Communications
> 612-664-3367
> 
> "You don't make the poor richer by making the rich poorer." --Winston 
> Churchill
> 
> 
> 
> 
> 


-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

"You don't make the poor richer by making the rich poorer." --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59760&t=59645
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISIS [7:59749]

2002-12-23 Thread Priscilla Oppenheimer 
Cisco Press is providing some free chapters on IS-IS. This is a terrific
Christmas present from one of the best publishers out there. I'm partially
just adding filler here, because URLs at the top of GroupStudy lists go into
a black hole, although I truly do admire Cisco Press. ;-)

And, finally, here's the URL:

http://www.ciscopress.com/catalog/ccnp.asp?session_id={205F4396-722B-4CBE-8F36-EE4462BFAE91}#BSCN

Priscilla

Cliff Cliff wrote:
> 
> Hi all,
> 
> our company will implement IS-IS very shortly. Does anyone have
> sample config / any web site it can have clearly teaching me?
> Thx!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59761&t=59749
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

5300 IVR with loopback [7:59762]

2002-12-23 Thread Min Wang 
Hi, folks:
I new to 5300, and have question regarding the IVR
for 5300.
someone suggest me such configuration:

t1 (phone company, incoming call)  multpiple 5300
( without IVR, say 5300a )loopback5300 ( with
IVR, say 6300b)

when a phone call come into 5300a, the 5300a has
not ivr so loopback to 5300b to get the irv
announcement to the caller. 5300b can keep 711 code
ivr, and this ivr is only used for authetication, the
5300a can use 729 code for real time vocie. 

 Is this possible? how to config the loopback?
 thanks.


min







=
Min Wang
Mailto: [EMAIL PROTECTED]

__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59762&t=59762
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Very Strange Problem....Any Ideas? [7:59682]

2002-12-23 Thread Priscilla Oppenheimer 
You should probably look into the behavior of those UNIX servers that insist
on using a /24 mask. Is it possible that they also advertise such a mask
with ICMP? See RFC 1256 for more info about ICMP router solicitations and
advertisements.

I think I have seen Windows and Macintosh machines broadcast ICMP router
solicitation messages. Usually they are ignored, but perhaps not in your
case. The UNIX machines may have responded with the wrong mask.

Routers (and hosts that do routing) also periodically broadcast or multicast
router advertisements, which can wreak havoc even if the other hosts don't
ask for the info.

You said you checked the mask on all your devices, though... But perhaps the
problem was intermittent, due to the intermitten nature of ICMP router
advertisements.

Another thought is that there could have been a rogue DHCP server somewhere.
These days DHCP server capability is showing up in all sorts of devices,
particularly wireless access points, but also other Internet toasters,
refigerators, etc. ;-)

Anyway, I guess you already know that you'll want to put a sniffer on this
network and figure out what is really going on before you go back to the
addressing that should, of course, work.

Priscilla

Craig Columbus wrote:
> 
> I worked on a network move for a brokerage company last week
> and
> encountered a VERY strange problem.
> 
> We moved a bunch of equipment to a new office building.  During
> the
> process, we changed the internal network from 192.168.100.0/24
> to
> 172.31.4.0/22.
> There company has 4 Cisco 3500XL 48 port switches, with no
> VLANs and plain
> vanilla configurations.  The fanciest thing is portfast on the
> client
> machine ports.
> Switches are linked via GBICs in a cascade.  There is one
> client maintained
> router that sits before the firewall with only static routes
> and no routing
> protocols.
> There are multiple outside vendor routers for specific
> applications
> (real-time quotes, clearinghouse mainframe, etc.), but these
> too also have
> only static routes and no routing protocols.
> 
> After installing all of the network equipment and servers, we
> started to
> turn on clients and get new DHCP addresses.  Since the new
> network was
> 172.31.4.0/22, 172.31.4.1 - 172.31.4.255 was reserved for
> servers,
> printers, switches, and routers.  The remaining 172.31.5.0 -
> 172.31.7.254
> was reserved for clients...though there are only about 100
> clients at the
> moment and thus they only took 5.0 - 5.100 or so in DHCP.
> 
> After installing maybe 20 clients or so, we started to see mass
> slowdowns
> on the network.  Pings between clients and servers were very
> irregular and
> intermittent.  There was no discernable pattern to when pings
> would succeed
> and when they'd fail.  We exhaustively went through all devices
> and made
> sure that they'd been correctly set to the new mask and that
> all server
> functions (DNS, WINS, AD, etc.) had been correctly setup for
> the new
> subnet.  Everything looked fine.  In an effort to troubleshoot,
> we unhooked
> the switch stack and put core servers and a few clients on a
> single
> switch.  Again, communication was irregular and unpredictable,
> whether with
> static or DHCP addresses on the clients.  Sometimes things
> would be fine,
> other times clients could ping the server, but not the switch
> to which they
> were attached.  Sometimes clients could ping the switch, but
> not the
> server.  Sometimes the clients could ping neither.  Again,
> there seemed to
> be no pattern.  Thinking there might have been some IOS bug, we
> erased
> nvram, upgraded the switches to current IOS code, and put in a
> completely
> plain configuration.  This had no effect on the problem.
> 
> After 4 of us (with probably 50 years of industry experience
> between us)
> spent 15 hours or so trying to resolve the issue, I finally
> suggested we
> try moving the clients from the 172.31.5.x/22 block to the
> 172.31.4.x/22
> block.  This solved all problems, and all clients were able to
> ping both
> switches and servers 100% of the time.  Again, we didn't change
> the mask on
> anything, only the third octet of the client ip range.  We then
> went back
> and triple checked every device attached to the
> networkservers,
> routers, switches, printers, clients, etc.  Every single device
> had the
> correct mask (/22) except for two vendor maintained UNIX
> boxes...they had
> 172.31.4.x/24.  We suspected as much earlier since clients
> couldn't
> communicate with the UNIX boxes from the beginning, but the
> other servers
> could communicate with the UNIX boxes without issue.  These
> UNIX servers
> weren't running RIP(or any other RP)...and besides, there
> aren't any other
> network devices listening for RIPso we weren't really
> concerned about
> them causing the network connectivity issues.  At the time, I
> couldn't see
> how a bad mask on these boxes could effectively make the whole
> network
> unusable, so I didn't bother corr

Re: 7200 Router Questions... [7:59645]

2002-12-23 Thread MADMAN 
No. With the NPE-1G being the exception you need an I/O card which is 
on the same side of the router as the PA's, and a NPE or NSE card which 
is on the otherside.  The I/O cards contains you NVRAM, flash, console 
connection and various LAN interfaces.  The NPE or NSE contains the CPU 
and DRAM.

   Dave

Edward Sohn wrote:
> so maybe that's what he was referring to...can i just use a I/O card for
> a basis, if i needed to (not that i would, but just wondering if i
> could)...
> 
> -Original Message-
> From: MADMAN [mailto:[EMAIL PROTECTED]] 
> Sent: Monday, December 23, 2002 9:31 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: 7200 Router Questions... [7:59645]
> 
> 
> 
>That is capital BS!!!  Offload the processing from what!?!?!
> 
>Trust me you need one.
> 
>With the new NPE-1G you no longer need and I/O card if that's what 
> the person is thinking of...
> 
>Now who do you believe :)
> 
>Dave
> 
> Edward Sohn wrote:
> 
>>dave,
>>
>>that's the thing...i actually heard (from a cisco SE) that i am not 
>>required to have one.  they just offload the processing.
>>
>>can someone verify for me, please?
>>
>>thanks,
>>
>>eddie
>>
>>-Original Message-
>>From: MADMAN [mailto:[EMAIL PROTECTED]]
>>Sent: Monday, December 23, 2002 7:07 AM
>>To: Edward Sohn
>>Cc: [EMAIL PROTECTED]
>>Subject: Re: 7200 Router Questions... [7:59645]
>>
>>
>>
>>   You gotta have one or the other, It's the brains of the box!
>>
>>   Dave
>>
>>Edward Sohn wrote:
>>
>>
>>>thanks.
>>>
>>>it seems that the NSE-1 is made for service providers (according to
>>>the link you sent me).  is there a way to determine if i need one?  or
>>
>>
>>>even an NPE, for that matter?
>>>
>>>thanks,
>>>
>>>ed
>>
>>
>>David Madland
>>CCIE# 2016
>>Sr. Network Engineer
>>Qwest Communications
>>612-664-3367
>>
>>"You don't make the poor richer by making the rich poorer." --Winston 
>>Churchill
>>
>>
>>
>>
>>
> 
> 
> 


-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

"You don't make the poor richer by making the rich poorer." --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59764&t=59645
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

wireless firmware 10.10T - wassup? [7:59765]

2002-12-23 Thread JJ Angleton 
Is there something special about versions of firmware later then 10.10T for
Cisco Wireless Access Points? They emphasis it, but I can't seem to figure
out why... Any thoughts?


-
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59765&t=59765
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Question regarding performance and Route-Maps [7:59766]

2002-12-23 Thread Daren Presbitero 
Fellow Ciscoers,

Anyone have any idea on the performance hit for a cisco 3660 using
route-maps instead of routing using static routes?  I have 200+ routes that
I would like to compile into one route-map with 3 match statements instead.
Is there an equation that would tell me how much slower (pps) my data will
route when using a route-map instead of static routes.  Does such an
equation exist?

Mahalo,
Daren




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59766&t=59766
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 7200 Router Questions... [7:59645]

2002-12-23 Thread Edward Sohn 
dave,

you seem one of the more knowledgeable people on this list regarding the
7200 series...lemme ask you a question...

do you know how i can quantifiably justify going with one NPE/NSE over
another?  like specific performance requirements for each?

thanks,

ed

-Original Message-
From: MADMAN [mailto:[EMAIL PROTECTED]] 
Sent: Monday, December 23, 2002 10:45 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: 7200 Router Questions... [7:59645]




   No. With the NPE-1G being the exception you need an I/O card which is

on the same side of the router as the PA's, and a NPE or NSE card which 
is on the otherside.  The I/O cards contains you NVRAM, flash, console 
connection and various LAN interfaces.  The NPE or NSE contains the CPU 
and DRAM.

   Dave

Edward Sohn wrote:
> so maybe that's what he was referring to...can i just use a I/O card 
> for a basis, if i needed to (not that i would, but just wondering if i

> could)...
> 
> -Original Message-
> From: MADMAN [mailto:[EMAIL PROTECTED]]
> Sent: Monday, December 23, 2002 9:31 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: 7200 Router Questions... [7:59645]
> 
> 
> 
>That is capital BS!!!  Offload the processing from what!?!?!
> 
>Trust me you need one.
> 
>With the new NPE-1G you no longer need and I/O card if that's what
> the person is thinking of...
> 
>Now who do you believe :)
> 
>Dave
> 
> Edward Sohn wrote:
> 
>>dave,
>>
>>that's the thing...i actually heard (from a cisco SE) that i am not
>>required to have one.  they just offload the processing.
>>
>>can someone verify for me, please?
>>
>>thanks,
>>
>>eddie
>>
>>-Original Message-
>>From: MADMAN [mailto:[EMAIL PROTECTED]]
>>Sent: Monday, December 23, 2002 7:07 AM
>>To: Edward Sohn
>>Cc: [EMAIL PROTECTED]
>>Subject: Re: 7200 Router Questions... [7:59645]
>>
>>
>>
>>   You gotta have one or the other, It's the brains of the box!
>>
>>   Dave
>>
>>Edward Sohn wrote:
>>
>>
>>>thanks.
>>>
>>>it seems that the NSE-1 is made for service providers (according to 
>>>the link you sent me).  is there a way to determine if i need one?  
>>>or
>>
>>
>>>even an NPE, for that matter?
>>>
>>>thanks,
>>>
>>>ed
>>
>>
>>David Madland
>>CCIE# 2016
>>Sr. Network Engineer
>>Qwest Communications
>>612-664-3367
>>
>>"You don't make the poor richer by making the rich poorer." --Winston
>>Churchill
>>
>>
>>
>>
>>
> 
> 
> 


-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

"You don't make the poor richer by making the rich poorer." --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59767&t=59645
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Looking for cheap gear... [7:59768]

2002-12-23 Thread jeff sicuranza 
I am looking for gear. I know you guys have many links etc. to sites
mentioned here in the past. I was wondering if any of you folks can reply
with such links. I am looking for sites with surplus Cisco gear, clearing
houses or auctions sites with equipment from failed companies really cheap.
I am looking for deals on larger stuff like 7500, ONS, DWD gear etc… Any
links would be helpful…

Thanks and have a great and safe holiday season… 

Happy Holidays and lets hope 2003 is a better year all around for us...

/JS



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59768&t=59768
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Looking for cheap gear... [7:59768]

2002-12-23 Thread Brian 
the isp-equipment list is great,
http://isp-lists.isp-planet.com/isp-equipment/

Bri


On Mon, 23 Dec 2002, jeff sicuranza wrote:

> I am looking for gear. I know you guys have many links etc. to sites
> mentioned here in the past. I was wondering if any of you folks can reply
> with such links. I am looking for sites with surplus Cisco gear, clearing
> houses or auctions sites with equipment from failed companies really cheap.
> I am looking for deals on larger stuff like 7500, ONS, DWD gear etc Any
> links would be helpful
>
> Thanks and have a great and safe holiday season
>
> Happy Holidays and lets hope 2003 is a better year all around for us...
>
> /JS




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59769&t=59768
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Looking for cheap gear... [7:59768]

2002-12-23 Thread The Long and Winding Road 
""jeff sicuranza""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I am looking for gear. I know you guys have many links etc. to sites
> mentioned here in the past. I was wondering if any of you folks can reply
> with such links. I am looking for sites with surplus Cisco gear, clearing
> houses or auctions sites with equipment from failed companies really
cheap.
> I am looking for deals on larger stuff like 7500, ONS, DWD gear etc. Any
> links would be helpful.


http://www.eio.com/onauctns.htm
( lists a number of auction houses, including what used to be Dove )

and there is always e..b...a..y

be warned though - things tend not to go for as cheap as you might think.
there are a lot of people out there trying to buy used equipment, and there
is a particular dynamic with regards to the economics of this.

HTH



>
> Thanks and have a great and safe holiday season.
>
> Happy Holidays and lets hope 2003 is a better year all around for us...
>
> /JS




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59770&t=59768
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Looking for cheap gear... [7:59768]

2002-12-23 Thread jsicuran 
Thanks Brian, I will look into.. Happy Holidays...

/JS

-Original Message-
From: Brian [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 23, 2002 4:02 PM
To: jeff sicuranza
Cc: [EMAIL PROTECTED]
Subject: Re: Looking for cheap gear... [7:59768]


the isp-equipment list is great,
http://isp-lists.isp-planet.com/isp-equipment/

Bri


On Mon, 23 Dec 2002, jeff sicuranza wrote:

> I am looking for gear. I know you guys have many links etc. to sites
> mentioned here in the past. I was wondering if any of you folks can reply
> with such links. I am looking for sites with surplus Cisco gear, clearing
> houses or auctions sites with equipment from failed companies really
cheap.
> I am looking for deals on larger stuff like 7500, ONS, DWD gear etc Any
> links would be helpful
>
> Thanks and have a great and safe holiday season
>
> Happy Holidays and lets hope 2003 is a better year all around for us...
>
> /JS




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59771&t=59768
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Question regarding performance and Route-Maps [7:59766]

2002-12-23 Thread MADMAN 
I don't think you'll find such a table but policy routing is fast 
switched and unless your talking OC3 speeds you probably have nothing to 
worry about.

   Dave

Daren Presbitero wrote:
> Fellow Ciscoers,
> 
>   Anyone have any idea on the performance hit for a cisco 3660 using
> route-maps instead of routing using static routes?  I have 200+ routes that
> I would like to compile into one route-map with 3 match statements instead.
> Is there an equation that would tell me how much slower (pps) my data will
> route when using a route-map instead of static routes.  Does such an
> equation exist?
> 
> Mahalo,
> Daren
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

"You don't make the poor richer by making the rich poorer." --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59772&t=59766
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 7200 Router Questions... [7:59645]

2002-12-23 Thread MADMAN 
If your buying a VXR which you most likely are since I think the 
non-VXR platform is EOL, you will want a NPE300 at a minimum to get the 
VXR 900M backplane as opposed to 600M.  The bottom line is what need are 
you trying to fulfill??  A 7200 may well be more than you need, how bout 
the 3745?...

   Dave

Edward Sohn wrote:
> dave,
> 
> you seem one of the more knowledgeable people on this list regarding the
> 7200 series...lemme ask you a question...
> 
> do you know how i can quantifiably justify going with one NPE/NSE over
> another?  like specific performance requirements for each?
> 
> thanks,
> 
> ed
> 
> -Original Message-
> From: MADMAN [mailto:[EMAIL PROTECTED]] 
> Sent: Monday, December 23, 2002 10:45 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: 7200 Router Questions... [7:59645]
> 
> 
> 
> 
>No. With the NPE-1G being the exception you need an I/O card which is
> 
> on the same side of the router as the PA's, and a NPE or NSE card which 
> is on the otherside.  The I/O cards contains you NVRAM, flash, console 
> connection and various LAN interfaces.  The NPE or NSE contains the CPU 
> and DRAM.
> 
>Dave
> 
> Edward Sohn wrote:
> 
>>so maybe that's what he was referring to...can i just use a I/O card 
>>for a basis, if i needed to (not that i would, but just wondering if i
> 
> 
>>could)...
>>
>>-Original Message-
>>From: MADMAN [mailto:[EMAIL PROTECTED]]
>>Sent: Monday, December 23, 2002 9:31 AM
>>To: [EMAIL PROTECTED]
>>Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
>>Subject: Re: 7200 Router Questions... [7:59645]
>>
>>
>>
>>   That is capital BS!!!  Offload the processing from what!?!?!
>>
>>   Trust me you need one.
>>
>>   With the new NPE-1G you no longer need and I/O card if that's what
>>the person is thinking of...
>>
>>   Now who do you believe :)
>>
>>   Dave
>>
>>Edward Sohn wrote:
>>
>>
>>>dave,
>>>
>>>that's the thing...i actually heard (from a cisco SE) that i am not
>>>required to have one.  they just offload the processing.
>>>
>>>can someone verify for me, please?
>>>
>>>thanks,
>>>
>>>eddie
>>>
>>>-Original Message-
>>>From: MADMAN [mailto:[EMAIL PROTECTED]]
>>>Sent: Monday, December 23, 2002 7:07 AM
>>>To: Edward Sohn
>>>Cc: [EMAIL PROTECTED]
>>>Subject: Re: 7200 Router Questions... [7:59645]
>>>
>>>
>>>
>>>  You gotta have one or the other, It's the brains of the box!
>>>
>>>  Dave
>>>
>>>Edward Sohn wrote:
>>>
>>>
>>>
thanks.

it seems that the NSE-1 is made for service providers (according to 
the link you sent me).  is there a way to determine if i need one?  
or
>>>
>>>
even an NPE, for that matter?

thanks,

ed
>>>
>>>
>>>David Madland
>>>CCIE# 2016
>>>Sr. Network Engineer
>>>Qwest Communications
>>>612-664-3367
>>>
>>>"You don't make the poor richer by making the rich poorer." --Winston
>>>Churchill
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
> 
> 


-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

"You don't make the poor richer by making the rich poorer." --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59773&t=59645
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Len Lee/CHI/NTRS is out of the office. [7:59774]

2002-12-23 Thread Len Lee 
I will be out of the office starting  December 23, 2002 and will not return
until December 31, 2002.

I will respond to your message when I return. If this is an emergency,
Please contact Bill Jarrett at extention. 312-557-0390




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59774&t=59774
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Very Strange Problem....Any Ideas? [7:59682]

2002-12-23 Thread Sam Sneed 
Another thing you may want to do is have MRTG poll the switch and/or
routers. This way you may be able to notice if one of the one of the servers
or netowrk devices is sending out unexpected large amounts of data.

""Craig Columbus""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I worked on a network move for a brokerage company last week and
> encountered a VERY strange problem.
>
> We moved a bunch of equipment to a new office building.  During the
> process, we changed the internal network from 192.168.100.0/24 to
> 172.31.4.0/22.
> There company has 4 Cisco 3500XL 48 port switches, with no VLANs and plain
> vanilla configurations.  The fanciest thing is portfast on the client
> machine ports.
> Switches are linked via GBICs in a cascade.  There is one client
maintained
> router that sits before the firewall with only static routes and no
routing
> protocols.
> There are multiple outside vendor routers for specific applications
> (real-time quotes, clearinghouse mainframe, etc.), but these too also have
> only static routes and no routing protocols.
>
> After installing all of the network equipment and servers, we started to
> turn on clients and get new DHCP addresses.  Since the new network was
> 172.31.4.0/22, 172.31.4.1 - 172.31.4.255 was reserved for servers,
> printers, switches, and routers.  The remaining 172.31.5.0 - 172.31.7.254
> was reserved for clients...though there are only about 100 clients at the
> moment and thus they only took 5.0 - 5.100 or so in DHCP.
>
> After installing maybe 20 clients or so, we started to see mass slowdowns
> on the network.  Pings between clients and servers were very irregular and
> intermittent.  There was no discernable pattern to when pings would
succeed
> and when they'd fail.  We exhaustively went through all devices and made
> sure that they'd been correctly set to the new mask and that all server
> functions (DNS, WINS, AD, etc.) had been correctly setup for the new
> subnet.  Everything looked fine.  In an effort to troubleshoot, we
unhooked
> the switch stack and put core servers and a few clients on a single
> switch.  Again, communication was irregular and unpredictable, whether
with
> static or DHCP addresses on the clients.  Sometimes things would be fine,
> other times clients could ping the server, but not the switch to which
they
> were attached.  Sometimes clients could ping the switch, but not the
> server.  Sometimes the clients could ping neither.  Again, there seemed to
> be no pattern.  Thinking there might have been some IOS bug, we erased
> nvram, upgraded the switches to current IOS code, and put in a completely
> plain configuration.  This had no effect on the problem.
>
> After 4 of us (with probably 50 years of industry experience between us)
> spent 15 hours or so trying to resolve the issue, I finally suggested we
> try moving the clients from the 172.31.5.x/22 block to the 172.31.4.x/22
> block.  This solved all problems, and all clients were able to ping both
> switches and servers 100% of the time.  Again, we didn't change the mask
on
> anything, only the third octet of the client ip range.  We then went back
> and triple checked every device attached to the networkservers,
> routers, switches, printers, clients, etc.  Every single device had the
> correct mask (/22) except for two vendor maintained UNIX boxes...they had
> 172.31.4.x/24.  We suspected as much earlier since clients couldn't
> communicate with the UNIX boxes from the beginning, but the other servers
> could communicate with the UNIX boxes without issue.  These UNIX servers
> weren't running RIP(or any other RP)...and besides, there aren't any other
> network devices listening for RIPso we weren't really concerned about
> them causing the network connectivity issues.  At the time, I couldn't see
> how a bad mask on these boxes could effectively make the whole network
> unusable, so I didn't bother correcting it early in the day.
>
> At this point, I've had a week to think about the issue and I still don't
> have a logical reason for why this problem might have occurred.  Anyone
out
> there have any thoughts?
> I'm going back to put in a 3550EMI as the core in a couple of weeks.  At
> that point, we're going to investigate more and try to move the clients
> back to the 172.31.5.x range.  I'd like to test theories at that time if
> anyone can put one forward that we didn't already testas I said, we
> spent a lot of time on this and I didn't put every test we did in this
> email.  All I can offer is that it wasn't IOS code (we tried more than one
> version), it wasn't the switches (we tried several, including non-Cisco),
> it wasn't DNS, WINS, DHCP, or any other server side issue (we thoroughly
> examined and ruled those out...beside, this was even happening at the IP
> level between switches).  Everything had worked correctly at the old
> building...the only two things that changed significantly during the move
> were the IP range and

ADSL problem [7:59776]

2002-12-23 Thread Metla Venu Gopal 
I have got three sites. 
Scenario Explanation :

SIte A has a 1721 router with a ADSL connection. It has a ATM module 
and a ethernet 10/100 port. Ethernet port is connected to the LAN. 

SIte B and SIte c has 801 routers with a ISDN module and LAN module. 
Onthe ISDN DSL is configured. VPN connection is used to transfer 
data across.


Problem:  
>From site B there is excellent ping of less than 112ms to the site A.
Now when a computer in site B tries to establish VPN connectivity to 
a server in Site A it takes more than 5 minutes to come up.  the 
config is checked and its fine in both the routers. can someody tell 
me the problem.
thnz
nerdv


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59776&t=59776
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: HSRP and BGP [7:59735]

2002-12-23 Thread Ivan Yip 
Dear All,

Thanks all useful information.
Merry Christmas and Happy New Year!!!

rgds,
ivan


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59777&t=59735
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 7200 Router Questions... [7:59645]

2002-12-23 Thread Brian 
I like looking at
http://www.cisco.com/univercd/cc/td/doc/product/core/7206/port_adp/config/3471in.htm#xtocid14
for bw used and point assignment for various port adapters.  Another
important thing to note is different selections give different pps limits,
for example, for the npe models, the model represents how many kpps theyll
transfer.

Bri


On Mon, 23 Dec 2002, Edward Sohn wrote:

> dave,
>
> you seem one of the more knowledgeable people on this list regarding the
> 7200 series...lemme ask you a question...
>
> do you know how i can quantifiably justify going with one NPE/NSE over
> another?  like specific performance requirements for each?
>
> thanks,
>
> ed
>
> -Original Message-
> From: MADMAN [mailto:[EMAIL PROTECTED]]
> Sent: Monday, December 23, 2002 10:45 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: 7200 Router Questions... [7:59645]
>
>
>
>
>No. With the NPE-1G being the exception you need an I/O card which is
>
> on the same side of the router as the PA's, and a NPE or NSE card which
> is on the otherside.  The I/O cards contains you NVRAM, flash, console
> connection and various LAN interfaces.  The NPE or NSE contains the CPU
> and DRAM.
>
>Dave
>
> Edward Sohn wrote:
> > so maybe that's what he was referring to...can i just use a I/O card
> > for a basis, if i needed to (not that i would, but just wondering if i
>
> > could)...
> >
> > -Original Message-
> > From: MADMAN [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, December 23, 2002 9:31 AM
> > To: [EMAIL PROTECTED]
> > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> > Subject: Re: 7200 Router Questions... [7:59645]
> >
> >
> >
> >That is capital BS!!!  Offload the processing from what!?!?!
> >
> >Trust me you need one.
> >
> >With the new NPE-1G you no longer need and I/O card if that's what
> > the person is thinking of...
> >
> >Now who do you believe :)
> >
> >Dave
> >
> > Edward Sohn wrote:
> >
> >>dave,
> >>
> >>that's the thing...i actually heard (from a cisco SE) that i am not
> >>required to have one.  they just offload the processing.
> >>
> >>can someone verify for me, please?
> >>
> >>thanks,
> >>
> >>eddie
> >>
> >>-Original Message-
> >>From: MADMAN [mailto:[EMAIL PROTECTED]]
> >>Sent: Monday, December 23, 2002 7:07 AM
> >>To: Edward Sohn
> >>Cc: [EMAIL PROTECTED]
> >>Subject: Re: 7200 Router Questions... [7:59645]
> >>
> >>
> >>
> >>   You gotta have one or the other, It's the brains of the box!
> >>
> >>   Dave
> >>
> >>Edward Sohn wrote:
> >>
> >>
> >>>thanks.
> >>>
> >>>it seems that the NSE-1 is made for service providers (according to
> >>>the link you sent me).  is there a way to determine if i need one?
> >>>or
> >>
> >>
> >>>even an NPE, for that matter?
> >>>
> >>>thanks,
> >>>
> >>>ed
> >>
> >>
> >>David Madland
> >>CCIE# 2016
> >>Sr. Network Engineer
> >>Qwest Communications
> >>612-664-3367
> >>
> >>"You don't make the poor richer by making the rich poorer." --Winston
> >>Churchill
> >>
> >>
> >>
> >>
> >>
> >
> >
> >
>
>
> --
> David Madland
> CCIE# 2016
> Sr. Network Engineer
> Qwest Communications
> 612-664-3367
>
> "You don't make the poor richer by making the rich poorer." --Winston
> Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59778&t=59645
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE Vs. BS or MS dergree [7:59481]

2002-12-23 Thread nrf 
""Pcasey""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Interesting question, but I think the question of "which is tougher" and
> "which is more valuable" get confused.
>
> As someone who has an MBA from a top school, I know that it took several
> thousand of hours of work and an estimated 12,000 - 15,000 pages of
reading.
> I am in process on my CCIE, but so far it looks like it will only be a
> fraction of that.

I would add that people who are looking at only the work involved in getting
a top-flight MBA don't see the whole picture.  Not only do you need to
figure in the work needed to obtain the MBA, you also have to figure in the
work involved in getting admitted to a top program in the first place.

For example, let's say you want to get an MBA from
Harvard/Stanford/Penn/N'Western/whatever.  Well, you can't just show up to
class one day and demand that they start teaching you. You first have to be
admitted - and let's face it, getting admitted to places of that caliber
requires you to have done a whole lot of stuff beforehand.  They ain't gonna
admit just anybody.

Therefore when you add in the work involved in simply getting admitted in
the first place, in addition to the work involved in getting the degree, I
think it's plain to see that the degree from a top school is many times more
difficult than the CCIE could ever be.





>
> However, how hard it is really doesn't matter.  The question is what you
> want to do with your life and what you find interesting.  Would being an
> successful investment banker pay more than being a solid CCIE?  Of course.
> Would I hate my life?  Of course.  But, that is just my personal view.

This is absolutely true, but I would also add the following.  What makes you
happy now may not make you happy in the future.  Sure, you might like to be
the network guy configuring boxes now, but there's no guarantee that this
will still be true 20 years later.  Maybe you'll still like it, but on the
other hand, maybe you want to be the one in the nice office telling other
people to configure boxes.  Degrees are valuable because of their
flexibility.   If you want to make a change in your career path in the
future, it is far easier to do so with a degree than with a cert.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59779&t=59481
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 7200 Router Questions... [7:59645]

2002-12-23 Thread William Pearch 
In order to hit performance marks that are excellent with IPSec you will
need not only a spiffy NPE but the PA-VAM or PA-ISA.  Be aware that the
PA-VAM may not work with the latest and greatest IPSec image.  I picked
up a 7206VXR VPN bundle from Cisco last month and the only IOS supported
was 12.1(9)E.  This may have changed with 12.2(13)T - do your homework
and test it.
With the VAM and the NPE-400 Cisco claims ~150Mbps throughput.  Be sure
to top it off with memory - if you are running lots of tunnels you will
need the space.  I haven't tested the performance myself and do not know
how the split bus of the 7200's will affect performance of one PA or
another depending on where it's plugged in.  Not all my questions have
been answered...
The VPN bundle lists for $23,500 - apply your discount.  That gives you
fastethernet interfaces(2), the PA-VAM, and the NPE-400.  You'll have to
pay for more  If you can use a newer IOS version (come ON Cisco...)
you can run the easy VPN server on the box and make life so much easier.
The 12.1 code does a good job of working with x.509 certs, but there is
a lot of command change between 12.1(9) and 12.2(13)T, so watch your
configurations carefully and be prepared to rewrite things between
versions.
The PA-ISA does run with a piece of 12.2 code (I have a client using it)
and does just fine.  In the case of both accellerators there is no AES
support that I am aware of.  If you are looking for AES, the software
crypto engine is supposed to support it in 12.2(13)T on some(all?)
platforms and I've heard that there's a new crypto hardware piece in the
works to support it also.

Just a thought:  Depending on your application, you may consider buying
two smaller VPN enabled routers (3600 or 2600) and using multiple
tunnels frome each site to the hub for layer 3 based load balancing and
fault tolerance.  They are routers, make 'em route!  (Or heck, just buy
2 7206 bundles... :)  You may get performance every bit as good, with
availability numbers that make you look like an uber-star to the boss.  

TTFN,
Bill Pearch, Anchorage


-Original Message-
From: Edward Sohn [mailto:[EMAIL PROTECTED]] 
Sent: Saturday, December 21, 2002 10:11 AM
To: [EMAIL PROTECTED]
Subject: RE: 7200 Router Questions... [7:59645]


thanks for the info.

have you or anyone else any idea what configuration it takes for a 7200
router to be comparable in performance to a PIX 515 when it comes to a
site-to-site VPN?  for example, would a 7204VXR by itself be enough
(over more than enough, for that matter) to meet the packet throughput
performance of a PIX 515 on a 3DES ipsec tunnel set up site-to-site?  i
can't seem to find pps performance specs for the 7200 series...

thanks,

ed

-Original Message-
From: MADMAN [mailto:[EMAIL PROTECTED]] 
Sent: Friday, December 20, 2002 1:46 PM
To: Edward Sohn
Cc: [EMAIL PROTECTED]
Subject: Re: 7200 Router Questions... [7:59645]




Edward Sohn wrote:
> Can anyone help me answer a few questions regarding this series
> router?
> 
> 1.  The spec sheet says it performs multiprotocol routing over ipsec.
> My question is: how?  Is there some inherent technology that performs 
> this feature, or is it the IOS's ability to create a GRE over an IPSEC

> tunnel? 2.  What are the main differences between the NPE's and NSE's?

> I can't decide which processor I need.

 The primary differance is the NSE is it is only supported in the 
7200VXR and incorporates the PXF processor for accelerated packet
switching.

> 3.  What's the difference between the VXR models and the "normal"
> models?

   To get VXR performance you must use at least a NPE300 and you get a 
MIX backplane, good for voice stuff.  Also the VXR gives you increased 
backplane bandwidth capabilities.

   With the new NPE-1G you no longer have any bandwidth point
limitations!

   Dave

> 
> That's it, for starters...any help would be greatly appreciated.
> 
> Ed
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

"You don't make the poor richer by making the rich poorer." --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59780&t=59645
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]