RE: BGP origin attribute type "e" - EGP? [7:61075]
A route with origin egp is not learned from an external BGP peer, but from a peer running the protocol EGP (External Gateway Protocol, the predecessor of BGP). It's also possible to change this origin code via a route-map. Peter > -Original Message- > From: cebuano [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 16, 2003 7:52 AM > To: [EMAIL PROTECTED] > Subject: RE: BGP origin attribute type "e" - EGP? [7:61075] > > > Amar, > Are you referring to an External BGP peer? I hope not as I > haven't seen > that happen in any BGP labs I've done. > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On > Behalf Of > Amar > Sent: Wednesday, January 15, 2003 3:00 PM > To: [EMAIL PROTECTED] > Subject: Re: BGP origin attribute type "e" - EGP? [7:61075] > > when the update is learned from an E-BGP neighbor. > rgds > > ""Wei Zhu"" a icrit dans le message de news: > [EMAIL PROTECTED] > > In what condition is the EGP origin type generated? > > > > Thanks > > Wei Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61187&t=61075 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Automated Script for backing up Cisco configs and Image [7:61188]
Hello People, Can anyone help me with were I can get an automated script / shareware application that I could use in backing up my cisco router & switches config Cheers ___ Kerry [GroupStudy.com removed an attachment of type image/jpeg which had a name of Clear Day Bkgrd.JPG] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61188&t=61188 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Automated Script for backing up Cisco configs and Image [7:61189]
Have a look at http://www.shrubbery.net/rancid/ I also believe that JFFNMS (http://jffnms.sourceforge.net/)does this (plus a whole lot more) -Original Message- From: Kerry Ogedegbe [ MTN - Portharcourt ] [mailto:[EMAIL PROTECTED]] Sent: 16 January 2003 11:12 AM To: [EMAIL PROTECTED] Subject: Automated Script for backing up Cisco configs and Image [7:61188] Hello People, Can anyone help me with were I can get an automated script / shareware application that I could use in backing up my cisco router & switches config Cheers ___ Kerry [GroupStudy.com removed an attachment of type image/jpeg which had a name of Clear Day Bkgrd.JPG] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61189&t=61189 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
output brake [7:61190]
Hi all, I have problem with terminal scrolling. I want to login and execute autocommand and I need output without any brake for key press. I tried to set length 0 on vty line configuration but it doesn't work. Maybe someone have any idea why this not work like Cisco say or maybe how to attach more that one command to single autocommand user Br Simon Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61190&t=61190 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Please confirm (conf#6497e3283ce91d54ff654914f7a4f43b) [7:61191]
[EMAIL PROTECTED] wrote on Thursday, January 16, 2003 11:01 AM: > Hi, > > You have tried to post to GroupStudy.com's Professional mailing list. > Because the server does not recognize you as a confirmed poster, you > will be required to authenticate that you are using a valid e-mail > address and are not a spammer. By confirming this e-mail you certify > that you are not sending Unsolicited Bulk Email (UBE). > > PLEASE DO NOT SEND YOUR ORIGINAL MESSAGE AGAIN! BY CONFIRMING THIS > EMAIL YOUR ORIGINAL MESSAGE (WHICH IS NOW QUEUED IN THE SERVER) WILL > BE POSTED. > > > By confirming this e-mail you also certify the following: > > 1. The message does NOT break Cisco's Non-Disclosure requirements. > > 2. The message is NOT designed to advertise a commercial product. > > 3. You understand all postings become property of GroupStudy.com > > 4. You have searched the archives prior to posting. > > 5. The message is NOT inflammatory. > > 6. The message is NOT a test message. > > To confirm, simply reply to this message. No editing is necessary. > Once confirmed, you will be able to post without additional > confirmations. > > > Welcome to GroupStudy.com! > > > --ORIGINAL MESSAGE- > > From [EMAIL PROTECTED] Thu Jan 16 10:01:03 2003 > Received: from mail2.astercity.net (smtp.acn.pl [212.76.33.36]) > by groupstudy.com (8.9.3/8.9.3) with ESMTP id KAA05840 > GroupStudy Mailer; Thu, 16 Jan 2003 10:01:02 GMT > Received: from adesj536 (ariel.astercity.net [212.76.32.5]) > by mail2.astercity.net (sendmail) with SMTP id 6C9E8240FE9 > for ; Thu, 16 Jan 2003 11:01:00 +0100 (CET) > Message-ID: > From: "Simon" > To: > Subject: output brake > Date: Thu, 16 Jan 2003 11:02:24 +0100 > MIME-Version: 1.0 > Content-Type: text/plain; > charset="iso-8859-2" > Content-Transfer-Encoding: 7bit > X-Priority: 3 > X-MSMail-Priority: Normal > X-Mailer: Microsoft Outlook Express 6.00.2600. > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600. > > Hi all, > I have problem with terminal scrolling. I want to login and execute > autocommand and I need output without any brake for key press. I tried > to set length 0 on vty line configuration but it doesn't work. Maybe > someone have any idea why this not work like Cisco say or maybe how to > attach more that one command to single autocommand user > > Br > Simon Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61191&t=61191 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF LSR's [7:61176]
At 4:47 AM + 1/16/03, Matthew Webster wrote: >Hi all, > >just a minor (I think) question. In the OSPF LSR message, why does the LS >type have 4 bytes to describe it, when there are only 5 different values? Am >I missing something? > >TIA. > >cheers, >Matthew. One of the design goals of OSPF, as opposed to ISIS, was machine processing efficiency, even at the cost of flexibility and memory. OSPF designers strived to put things on 32-bit, then 16-bit, then 8-bit alignments because this was really faster on processors of the time. ISIS, however, went with the more flexible TLV approach, which needs more processing to be parsed. If we were doing a brand-new IGP today, I suspect the data structuring would be more like the chained fixed-length fields of the IPv6 header. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61192&t=61176 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Automated Script for backing up Cisco configs and Image [7:61193]
In the past I have just scripted telnet in a batch file; that has my pw passed as a command line parameter and a device list / device type setting to account for differences between IOS and CatOS ... oh yeah, and to 'script' telnet I used "pushkeys" ... Thanks! -Original Message- From: Kerry Ogedegbe [ MTN - Portharcourt ] [mailto:[EMAIL PROTECTED]] Sent: 16 January 2003 11:12 AM To: [EMAIL PROTECTED] Subject: Automated Script for backing up Cisco configs and Image [7:61188] Hello People, Can anyone help me with were I can get an automated script / shareware application that I could use in backing up my cisco router & switches config Cheers ___ Kerry [GroupStudy.com removed an attachment of type image/jpeg which had a name of Clear Day Bkgrd.JPG] ** The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61193&t=61193 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Written Study Material [7:61026]
I believe that Brad was talking about two separate books, the one that you read by Halabi (Internet Routing Arch) and the one by Caslow (Cisco Certification: Bridges, Routers, and Switches for CCIE's 2nd Edition). The best resource would probably be the blueprint and CCO. I haven't heard of any books out there that really cover everything that may be tested on the CCIE Written (R&S). Shawn K. -Original Message- From: Clay Auch [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 15, 2003 3:55 PM To: [EMAIL PROTECTED] Subject: Re: CCIE Written Study Material [7:61026] Brad, I have read the Halabi book (Internet Routing Arch), what is the book with Halabi and Caslow together? Also, what would you say the best resource for studying for the CCIE written (R&S) is in your opinion? Thanx, clay Clay Auch - CCNP Sr. Network Engineer HPTi 4121 Wilson Blvd Arlington, VA 22203 703-682-5301 - Original Message - From: "Brad" To: Sent: Wednesday, January 15, 2003 10:06 AM Subject: Re: CCIE Written Study Material [7:61026] > Bob, > > If you are looking for an overview, it's a good book. If you are trying to > dive into details, you would also want the book by Caslow and Halabi. I > recommend those two books highly. The book by Solie is really good too. > > thanks, > -Brad Ellis > CCIE#5796 (R&S / Security) > Network Learning Inc > [EMAIL PROTECTED] > www.optsys.net (Cisco hardware) > > ""Bob Henry"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > All, > > > > What is a good Book to use as a basis for studying for > > the CCIE written exam 350-001. I see this one on > > Amazon. > > > > 1) NLI's Study Guide for The CCIE R&S Written Exam > > > > Please Advise, > > Bob > > > > __ > > Do you Yahoo!? > > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > > http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61146&t=61026 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco VPN Question [7:61148]
Basically it performs as per stated. We have VPN users that come into our concentrator from all over North American and abroad. They have used a variety of cable, dsl, dial-up providers and for the most part do not have any issues. Split tunnelling has been enabled up until now. As for private networks (home networks) we have some home users utilizing Nexlands and Ugates and probably other "Internet Sharing Boxes". Some cable companies have had compatibiity issues with this but I believe the most recent version of software on those boxes has corrected the problem. As a test while at Nanog I was able to log into my internal network from a wireless laptop. All and all it is a pretty solid client. Kim / Zukee Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61194&t=61148 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: EIGRP network 0.0.0.0 to redistribute static route [7:61169]
Wei, When redistributing routes from one protocol to other, you donot want these routes get feeded back and that may cause routing loops. These issues also come with route summarization. To prevent these, manually direct them (the routes) to interface Null 0 (a black hole) in case of OSPF. Eigrp does this automatically for you. Cheers, Tu Do. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61195&t=61169 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN issue [7:61159]
If you do not configure one number on rrouter 1 and another number on router 2 then both router will try to answer the call. Of course only one will succeed. What do you want to achieve? Jens --- Bruno Fernandes wrote: > OK, > > Assuming that I don't force the configuration with > > # isdn answer1 > > What variable will determine the Router that it is chosen > > Regards > BF > > ""Jens Neelsen"" wrote in message > news:... > > Hi, > > > > it is the number called. You have to configure: > > # int bri 0/0 > > # isdn answer1 > > > > Jens > > > > --- Bruno Fernandes wrote: > > > Hi, > > > > > > If I have 2 routers on the same NT wich parameter defines > what > > > router will answer the call ? > > > > > > Thanks in advance, > > > BF > > [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61196&t=61159 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Automated Script for backing up Cisco configs and Image [7:61197]
I have recently played with configuration backups. If you are using UNIX/Linux, you might following an useful tool. http://www.pangalactic.net/rbackup/ I'm open for comments, if you do find it useful :-) Marko. > -Original Message- > From: Evans, TJ (BearingPoint) [mailto:[EMAIL PROTECTED]] > Sent: fimmtudagur, 16. janzar 2003. 11:32 > To: [EMAIL PROTECTED] > Subject: Automated Script for backing up Cisco configs and Image > [7:61193] > > > In the past I have just scripted telnet in a batch file; that > has my pw > passed as a command line parameter and a device list / device > type setting > to account for differences between IOS and CatOS > > ... oh yeah, and to 'script' telnet I used "pushkeys" ... > > > Thanks! > -Original Message- > From: Kerry Ogedegbe [ MTN - Portharcourt ] > [mailto:[EMAIL PROTECTED]] > Sent: 16 January 2003 11:12 AM > To: [EMAIL PROTECTED] > Subject: Automated Script for backing up Cisco configs and > Image [7:61188] > > Hello People, > Can anyone help me with were I can get an automated script / shareware > application > that I could use in backing up my cisco router & switches config > > Cheers > > ___ > > Kerry > > [GroupStudy.com removed an attachment of type image/jpeg > which had a name of > Clear Day Bkgrd.JPG] > ** > > The information in this email is confidential and may be legally > privileged. Access to this email by anyone other than the > intended addressee is unauthorized. If you are not the intended > recipient of this message, any review, disclosure, copying, > distribution, retention, or any action taken or omitted to be taken > in reliance on it is prohibited and may be unlawful. If you are not > the intended recipient, please reply to or forward a copy of this > message to the sender and delete the message, any attachments, > and any copies thereof from your system. > ** > Tvlvupsstur ~essi er fra Margmiplun hf., Supurlandsbraut 4, Reykjavmk. Fyrirvara og leipbeiningar til viptakenda tvlvupssts fra Margmiplun hf. er ap finna a vefsmpunni http://www.mi.is/fyrirvari Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61197&t=61197 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP origin attribute type "e" - EGP? [7:61075]
sorry i confused you guys i meant to type EGP: i=internal (network command) e=External Gateway Protocol ?=incomplete, (redistributed via static) the origin will be I even if it cames from a EBGP peer unless he has learned through redistribution rgds ""Peter van der Voort"" a icrit dans le message de news: [EMAIL PROTECTED] > A route with origin egp is not learned from an external BGP peer, but from a > peer running the protocol EGP (External Gateway Protocol, the predecessor of > BGP). > It's also possible to change this origin code via a route-map. > > Peter > > > -Original Message- > > From: cebuano [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, January 16, 2003 7:52 AM > > To: [EMAIL PROTECTED] > > Subject: RE: BGP origin attribute type "e" - EGP? [7:61075] > > > > > > Amar, > > Are you referring to an External BGP peer? I hope not as I > > haven't seen > > that happen in any BGP labs I've done. > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On > > Behalf Of > > Amar > > Sent: Wednesday, January 15, 2003 3:00 PM > > To: [EMAIL PROTECTED] > > Subject: Re: BGP origin attribute type "e" - EGP? [7:61075] > > > > when the update is learned from an E-BGP neighbor. > > rgds > > > > ""Wei Zhu"" a icrit dans le message de news: > > [EMAIL PROTECTED] > > > In what condition is the EGP origin type generated? > > > > > > Thanks > > > Wei Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61198&t=61075 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
7606 with VPN and FlexWAN [7:61199]
Greetings all, Any on you guys running 7606 routers with VPN blade and Flexwan blade with both IP and IPX routing? I need to know which ios release is being used. Any suggestions would be great. Thanks...Nabil "I have never let my schooling interfere with my education." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61199&t=61199 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
DES license on PIX free? [7:61201]
I read in PIX book all PIX's come with the 56 bit DES license free. Can anyone verfiy this before I spend money? I'm looking at a 501 or 506E. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61201&t=61201 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DES license on PIX free? [7:61201]
Yes, it's free. If you order your PIX with 56Des installed, you're good to go, IIRC. -Mark -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 2003 8:41 AM To: [EMAIL PROTECTED] Subject: DES license on PIX free? [7:61201] I read in PIX book all PIX's come with the 56 bit DES license free. Can anyone verfiy this before I spend money? I'm looking at a 501 or 506E. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61203&t=61201 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco VPN Question [7:61148]
> Split tunneling has been enabled up until now. Does this mean you have recently DISabled split tunneling?? If not, does the newest client 3.6? have a function for keeping traffic sourced from the internet from using the Split-tunneling host from acting as a mirror to breach the corporate network?? >From what I understand, enabling the Split Tunnel feature is a BAD option, Cisco just created it for those clients that didn't want their remote users surfing the net via the corporate network. Can anybody clarify on any of these points?? -Mark -Original Message- From: Kim Graham [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 2003 5:57 AM To: [EMAIL PROTECTED] Subject: RE: Cisco VPN Question [7:61148] Basically it performs as per stated. We have VPN users that come into our concentrator from all over North American and abroad. They have used a variety of cable, dsl, dial-up providers and for the most part do not have any issues. Split tunnelling has been enabled up until now. As for private networks (home networks) we have some home users utilizing Nexlands and Ugates and probably other "Internet Sharing Boxes". Some cable companies have had compatibiity issues with this but I believe the most recent version of software on those boxes has corrected the problem. As a test while at Nanog I was able to log into my internal network from a wireless laptop. All and all it is a pretty solid client. Kim / Zukee Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61202&t=61148 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RSP7000/AIP gives SNMP-3-BADOID: [7:61175]
To run on an RSP card your AIP must be part number 73-1188-02 Rev D0 or later. How did you get 12.2(15) on an RP card? I thought they maxed out around 11.2. > -Original Message- > From: Nelson Herron [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 15, 2003 10:45 PM > To: [EMAIL PROTECTED] > Subject: RSP7000/AIP gives SNMP-3-BADOID: [7:61175] > > > I have a 7010/RSP7000 (no CI) that seems to run perfectly > well except for > the ATM card. When I plug in the MM cable from the Madge ATM > switch it > starts generating "SNMP-3-BADOID: ATTEMPT TO GENERATE AN > INVALID OBJECT > IDENTIFIER" messages. It is running 12.1(8) boot image and > 12.2(7) IOS with > 128 MB mem. I have two cards that exhibit the same behavior > on the 7010. > On this router the "sh cont cbus" message identifies the Hdwr > as v. 1.03. > Both of these cards work as expected in a 7000 w/ RP running > 12.2.15 from > ROM. On this platform the cards are also identified as Hdwr > 1.30, which is > what I expected. Any suggestions. I would greatly > appreciate the help. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61204&t=61175 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DES license on PIX free? [7:61201]
You can request one for free as long as you have Contract # and Key, I just got one last week for a Cisco Classic Firewall ""Mark W. Odette II"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Yes, it's free. If you order your PIX with 56Des installed, you're good > to go, IIRC. > > -Mark > > -Original Message- > From: Sam Sneed [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 16, 2003 8:41 AM > To: [EMAIL PROTECTED] > Subject: DES license on PIX free? [7:61201] > > I read in PIX book all PIX's come with the 56 bit DES license free. Can > anyone verfiy this before I spend money? I'm looking at a 501 or 506E. > Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61205&t=61201 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: The effect of NAT on an interface [7:61178]
Chuck- What about TFTPing your changes in a "new" startup-config file, then reloading the router. If you are pretty certain your changes won't be bad afterwards, I don't see where you could go wrong. If you do have a programming issue with a route-map or acl, then you definitely are getting to visit the client router in the morning. :) My mentor has taught me a command that will always save your butt. When making the changes in the fashion you mentioned: 1st command to issue is "Reload in X" ; x=number of minutes specified. If you do this, you won't have to worry about getting locked out over-night. Also, create your new ACLs on the Router BEFORE you doing anything else. This way, you can change the command that implements the new ACL last, and you should be able to re-connect shortly afterwards. I've had fun with this while working on a IOS VPN solution- it was a rude awakening, and I had to call the client office to have them bounce the router that night. -Mark -Original Message- From: The Long and Winding Road [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 15, 2003 11:22 PM To: [EMAIL PROTECTED] Subject: The effect of NAT on an interface [7:61178] it's happened twice now, and the policy routing was removed from the interface, so I'm thinking the problem has to be the NAT configuration The problem: remote configuration of a router. Circumstances: remove poorly constructed access-lists. replace them with better constructed access-lists that are also in conformance with a system wide standard numbering convention. Change the route maps to reflect these new access-lists. one access-list determines whether or not a host on the inside can obtain a NAT translation. the other control policy routing inbound on the WAN interface. The process: 1) remove policy routing from the distant end WAN interface 2) delete old access-lists 3) delete old route-maps 4) paste in new access-lists 5) paste in the new route-maps at this point I lose connection with the router. I presume that because policy routing was disabled ( no ip policy route-map etc ) and the router was reloaded before step 2 was taken, that the problem is not with policy routing denying my own access. That leaves NAT. The ip nat outside configured on the WAN link of the remote router was in place. Now I'm racking my brains about this, because I have 9 other sites identically configured, and I configured them remotely, and life was good. Well, I guess I'll be visiting a client site in the morning. sheesh!!! -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61206&t=61178 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DES license on PIX free? [7:61201]
This is correct. 56-bit DES out of the box. (free) -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 2003 9:41 AM To: [EMAIL PROTECTED] Subject: DES license on PIX free? [7:61201] I read in PIX book all PIX's come with the 56 bit DES license free. Can anyone verfiy this before I spend money? I'm looking at a 501 or 506E. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61207&t=61201 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Need CCIE [7:61155]
Hi Mr. A P Where is this position located? Direct or contract? How much do you want to pay? Benefits? Vacation? etc. We need more information than just say "hey, we need a CCIE" Xueyan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61209&t=61155 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: EIGRP network 0.0.0.0 to redistribute static route [7:61208]
I'll put in a plug for the Cisco Press book "EIGRP Network Design Solutions" by Ivan Pepelnjak ISBN 1578701651 It would seem that for network 172.22.0.0 to participate in the eigrp process it would have to listed under eigrp 100 as network 172.22.0.0. Users choice to make the S1 int passive for eigrp. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61208&t=61208 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DES license on PIX free? [7:61201]
it is true > > From: "Sam Sneed" > Date: 2003/01/16 Thu AM 09:41:25 EST > To: [EMAIL PROTECTED] > Subject: DES license on PIX free? [7:61201] > > I read in PIX book all PIX's come with the 56 bit DES license free. Can > anyone verfiy this before I spend money? I'm looking at a 501 or 506E. > Thanks Greg Owens 202-398-2552 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61210&t=61201 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RSP7000/AIP gives SNMP-3-BADOID: [7:61175]
Sorry all. That is 11.2(15) from ROM (an SR7A upgrade)> All those Christmas cookies made my fingers a little wide. I'll have to diet. Thx. Daniel. Nelson Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61211&t=61175 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco VPN Question [7:61148]
IMHO - it is all a question of usability/functionality vs. security ... Ideally (from a security perspective) - you would not split tunnel; as the hosts are then, in effect, multi-homed. In fact, ideally, you wouldn't VPN at all ;> However, in the real world, there are issues with not using split tunnels - Bandwidth utilization - every VPN user would be sending all traffic to you ... may hit limits on VPN Concentrator, may overload your circuits, would use more NAT/PAT resources, etc. Work requirements - users may require ability to access local servers as well as servers via the VPN ... in fact, users may have multiple VPN's running at once (using non-cisco client). You can also mitigate many of the security concerns with VPN's in general by following other current-best-practices ... POLP, Layered defense, auditing/accountability, default-deny policies/access-control, etc. etc. Thanks! TJ -Original Message- From: Mark W. Odette II [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 2003 10:13 AM To: [EMAIL PROTECTED] Subject: RE: Cisco VPN Question [7:61148] > Split tunneling has been enabled up until now. Does this mean you have recently DISabled split tunneling?? If not, does the newest client 3.6? have a function for keeping traffic sourced from the internet from using the Split-tunneling host from acting as a mirror to breach the corporate network?? >From what I understand, enabling the Split Tunnel feature is a BAD option, Cisco just created it for those clients that didn't want their remote users surfing the net via the corporate network. Can anybody clarify on any of these points?? -Mark -Original Message- From: Kim Graham [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 2003 5:57 AM To: [EMAIL PROTECTED] Subject: RE: Cisco VPN Question [7:61148] Basically it performs as per stated. We have VPN users that come into our concentrator from all over North American and abroad. They have used a variety of cable, dsl, dial-up providers and for the most part do not have any issues. Split tunnelling has been enabled up until now. As for private networks (home networks) we have some home users utilizing Nexlands and Ugates and probably other "Internet Sharing Boxes". Some cable companies have had compatibiity issues with this but I believe the most recent version of software on those boxes has corrected the problem. As a test while at Nanog I was able to log into my internal network from a wireless laptop. All and all it is a pretty solid client. Kim / Zukee ** The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61212&t=61148 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
interesting article..... [7:61213]
> http://www.eweek.com/article2/0,3959,813833,00.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61213&t=61213 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: callmanager gateway problem [7:61183]
Make sure there are no route plans that could be causing/blocking access. Ran into that in the lab last week. ""supernet"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I tried to configure an MGCP gateway (Cisco 2611 router, VIC-2FXO) using > TAC sample configuration. Under 2611 router, it says gateway registered > with ccm but under ccm, it says gateway status not registered. I got > busy signal when tried to use that gateway. What seems to be the > problem? Thanks. Yoshi Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61215&t=61183 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: The effect of NAT on an interface [7:61178]
The Long and Winding Road wrote: > > it's happened twice now, and the policy routing was removed > from the > interface, so I'm thinking the problem has to be the NAT > configuration It doesn't seem like NAT could do this to you, though. NAT just affects inside hosts and you were Telnetting to the "permieter router" presumably using a real address?? Are you using NAT overload? Could there be some weird timing issue such that while the router was rebooting someone else grabbed the IP address/port number that had been in use in your conversation with the router?? Grasping here. :-) I hope you didn't hit a lot of traffic going to the customer's site! :-) Please let us know if you figure out why it locked you out using the procedure below. Or maybe it will just be one of those glitches that has no explanation. Argh. Priscilla > > The problem: remote configuration of a router. > > Circumstances: remove poorly constructed access-lists. replace > them with > better constructed access-lists that are also in conformance > with a system > wide standard numbering convention. Change the route maps to > reflect these > new access-lists. one access-list determines whether or not a > host on the > inside can obtain a NAT translation. the other control policy > routing > inbound on the WAN interface. > > The process: > > 1) remove policy routing from the distant end WAN interface > > 2) delete old access-lists > > 3) delete old route-maps > > 4) paste in new access-lists > > 5) paste in the new route-maps > > at this point I lose connection with the router. > > I presume that because policy routing was disabled ( no ip > policy route-map > etc ) and the router was reloaded before step 2 was taken, that > the problem > is not with policy routing denying my own access. > > That leaves NAT. The ip nat outside configured on the WAN link > of the remote > router was in place. > > Now I'm racking my brains about this, because I have 9 other > sites > identically configured, and I configured them remotely, and > life was good. > > Well, I guess I'll be visiting a client site in the morning. > sheesh!!! > > > > > -- > TANSTAAFL > "there ain't no such thing as a free lunch" > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61216&t=61178 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Passed nr. TWO [7:61217]
I passed the Switching Exam of CCNP yesterday. Scored better than I thought 877 of 1000. But that was 4 months of study. It's hard to be motiviated when there is no job at the end of the tunnel. Many say the CCNP ain't enough to get a job. I wonder if the CCIE would do it? Actually, I would like to get the AVVID or VoIP certificate. I'd still be willing to work for expenses just to get the experience. Maybe I need to carry a sign: WILL WORK FOR FUN ! -edgar NC . . . for there is wrath gone out from the Lord; the plague is begun. - Num. 16:46 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61217&t=61217 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Passed nr. TWO [7:61217]
CCIE won't help. I've been out of work for over a year with a CCIE. ""Edgar A. Howard"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I passed the Switching Exam of CCNP yesterday. Scored > better than I thought 877 of 1000. But that was 4 months of > study. It's hard to be motiviated when there is no job at the > end of the tunnel. Many say the CCNP ain't enough to get a > job. I wonder if the CCIE would do it? Actually, I would > like to get the AVVID or VoIP certificate. I'd still be willing to > work for expenses just to get the experience. Maybe I need > to carry a sign: > > WILL WORK FOR FUN ! > > -edgar > NC > > . . . for there is wrath gone out from the Lord; > the plague is begun. - Num. 16:46 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61218&t=61217 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Diff. b/w ^701$ 701$ _701$ _701_ [7:61219]
Hello,I am trying to find the exact differences between ^701$ 701$ _701$ and _701_ to implement in a route-map deny statement.Here is what I understand:^701$ - Deny all routes originating from AS701701$ - Does this mean the same as above?? _701$ - Deny only AS 701 routes_701_ - Deny routes via AS 701 or have passed through AS 701 Please advise.Thank you.Sincerely,CN The new MSN 8: smart spam protection and 2 months FREE*. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61219&t=61219 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Serial Interface Down [7:61220]
We just noticed the Serial Interface of our CIsco 2600 router is down, here is its current status Serial0/0 is down, line protocol is down Hardware is PQUICC with Fractional T1 CSU/DSU Internet address is A.B.C.D MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, reliability 253/255, txload 1/255, rxload 1/255 Encapsulation HDLC, loopback not set Keepalive set (10 sec) Last input 00:27:48, output 00:27:43, output hang never Last clearing of "show interface" counters never Input queue: 0/75/1754 (size/max/drops); Total output drops: 1208 Queueing strategy: weighted fair Output queue: 0/1000/64/1191 (size/max total/threshold/drops) Conversations 0/53/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 83316984 packets input, 2394378579 bytes, 0 no buffer Received 507747 broadcasts, 0 runts, 2 giants, 0 throttles 294 input errors, 201 CRC, 88 frame, 0 overrun, 0 ignored, 4 abort 80768969 packets output, 3501265478 bytes, 0 underruns 0 output errors, 0 collisions, 60 interface resets 0 output buffer failures, 0 output buffers swapped out 2 carrier transitions DCD=down DSR=up DTR=up RTS=up CTS=down If some one shed any light on it. thanks, -- Curious MCSE, CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61220&t=61220 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Passed nr. TWO [7:61217]
Consider doing volunteer work for the experience... There are plenty of place that need the help... Edgar A. Howard wrote: > I passed the Switching Exam of CCNP yesterday. Scored > better than I thought 877 of 1000. But that was 4 months of > study. It's hard to be motiviated when there is no job at the > end of the tunnel. Many say the CCNP ain't enough to get a > job. I wonder if the CCIE would do it? Actually, I would > like to get the AVVID or VoIP certificate. I'd still be willing to > work for expenses just to get the experience. Maybe I need > to carry a sign: > > WILL WORK FOR FUN ! > > -edgar > NC > > . . . for there is wrath gone out from the Lord; > the plague is begun. - Num. 16:46 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61221&t=61217 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Serial Interface Down [7:61220]
My first thought would be your T1 is down. =) ""Curious"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > We just noticed the Serial Interface of our CIsco 2600 router is down, > here is its current status > > > Serial0/0 is down, line protocol is down > Hardware is PQUICC with Fractional T1 CSU/DSU > Internet address is A.B.C.D > MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, > reliability 253/255, txload 1/255, rxload 1/255 > Encapsulation HDLC, loopback not set > Keepalive set (10 sec) > Last input 00:27:48, output 00:27:43, output hang never > Last clearing of "show interface" counters never > Input queue: 0/75/1754 (size/max/drops); Total output drops: 1208 > Queueing strategy: weighted fair > Output queue: 0/1000/64/1191 (size/max total/threshold/drops) > Conversations 0/53/256 (active/max active/max total) > Reserved Conversations 0/0 (allocated/max allocated) > 5 minute input rate 0 bits/sec, 0 packets/sec > 5 minute output rate 0 bits/sec, 0 packets/sec > 83316984 packets input, 2394378579 bytes, 0 no buffer > Received 507747 broadcasts, 0 runts, 2 giants, 0 throttles > 294 input errors, 201 CRC, 88 frame, 0 overrun, 0 ignored, 4 abort > 80768969 packets output, 3501265478 bytes, 0 underruns > 0 output errors, 0 collisions, 60 interface resets > 0 output buffer failures, 0 output buffers swapped out > 2 carrier transitions > DCD=down DSR=up DTR=up RTS=up CTS=down > > If some one shed any light on it. > > thanks, > > -- > Curious > > MCSE, CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61222&t=61220 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DES license on PIX free? [7:61201]
Is there a VPN client that is free? "Greg Owens" @groupstudy.com em 16/01/2003 13:04:55 Favor responder a "Greg Owens" Enviado Por: [EMAIL PROTECTED] Para: [EMAIL PROTECTED] cc: Assunto:Re: DES license on PIX free? [7:61201] it is true > > From: "Sam Sneed" > Date: 2003/01/16 Thu AM 09:41:25 EST > To: [EMAIL PROTECTED] > Subject: DES license on PIX free? [7:61201] > > I read in PIX book all PIX's come with the 56 bit DES license free. Can > anyone verfiy this before I spend money? I'm looking at a 501 or 506E. > Thanks Greg Owens 202-398-2552 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61223&t=61201 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Serial Interface Down [7:61220]
You are not getting any Data Carrier Detect (DCD=Down) to the interface. If it uses an external csu/dsu try a loopback from the csu back toward your router- if everything goes up then it is a most likley problem with the carrier or cable from demarc to your equipment. I assume this was up and running before, but if not try using a T1 crossover from the demarc into your csu/dsu (got burned on that before)to see if that gets it going. Jeff >From: "Curious" >Reply-To: "Curious" >To: [EMAIL PROTECTED] >Subject: Serial Interface Down [7:61220] >Date: Thu, 16 Jan 2003 19:42:31 GMT > >We just noticed the Serial Interface of our CIsco 2600 router is down, >here is its current status > > >Serial0/0 is down, line protocol is down > Hardware is PQUICC with Fractional T1 CSU/DSU > Internet address is A.B.C.D > MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, > reliability 253/255, txload 1/255, rxload 1/255 > Encapsulation HDLC, loopback not set > Keepalive set (10 sec) > Last input 00:27:48, output 00:27:43, output hang never > Last clearing of "show interface" counters never > Input queue: 0/75/1754 (size/max/drops); Total output drops: 1208 > Queueing strategy: weighted fair > Output queue: 0/1000/64/1191 (size/max total/threshold/drops) > Conversations 0/53/256 (active/max active/max total) > Reserved Conversations 0/0 (allocated/max allocated) > 5 minute input rate 0 bits/sec, 0 packets/sec > 5 minute output rate 0 bits/sec, 0 packets/sec > 83316984 packets input, 2394378579 bytes, 0 no buffer > Received 507747 broadcasts, 0 runts, 2 giants, 0 throttles > 294 input errors, 201 CRC, 88 frame, 0 overrun, 0 ignored, 4 abort > 80768969 packets output, 3501265478 bytes, 0 underruns > 0 output errors, 0 collisions, 60 interface resets > 0 output buffer failures, 0 output buffers swapped out > 2 carrier transitions > DCD=down DSR=up DTR=up RTS=up CTS=down > >If some one shed any light on it. > >thanks, > >-- >Curious > >MCSE, CCNP _ Help STOP SPAM: Try the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61224&t=61220 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RSP7000/AIP gives SNMP-3-BADOID: [7:61175]
Went back and checked. The board is 73-1188-03 B0. Board version shouldn't be a problem. I forgot to say that I get the error in loopback mode, too. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61225&t=61175 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Diff. b/w ^701$ 701$ _701$ _701_ [7:61219]
Hi, The following cisco webpage explains different regular expressions. http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_command_reference_chapter09186a00800ca655.html >From what I worked in the isp world, ^701$ matches routes with AS number 701 only in the AS-PATH 701$ matches routes end with 701, such as 1234 701, 234 345 701, etc _701$ matches routes end with 701, I would say it's same as 701$ _701_ matches routes that have 701 anywhere in the AS-PATH Hope this helps. Xueyan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61226&t=61219 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Diff. b/w ^701$ 701$ _701$ _701_ [7:61219]
^701$ = Routes originated from AS 701 and received directly to your AS _701$ = Routes originated from AS 701 and passed by another AS before reaching yours _701_ = Routes that passed by AS 701 before reaching yours. They are neither originated by AS 701 nor your AS is the next AS after 701 >From: "Cisco Nuts" > >Hello,I am trying to find the exact differences between ^701$ 701$ >_701$ and _701_ to implement in a route-map deny statement.Here is what I >understand:^701$ - Deny all routes originating from AS701701$ - Does >this mean the same as above?? _701$ - Deny only AS 701 routes_701_ - >Deny routes via AS 701 or have passed through AS 701 Please advise.Thank >you.Sincerely,CN > > > >The new MSN 8: smart spam protection and 2 months FREE*. > > > > misconduct and Nondisclosure violations to [EMAIL PROTECTED] get 2 months FREE* Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61227&t=61219 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Switching EXAM (Hex Conversion Chart) [7:61108]
You should just learn how to convert decimal to hex...then you won't need a chart. -- Dain Deutschman CCNA, CSS-1, MCP, CNA Data Communications Manager New Star Sales and Service, Inc. 800.261.0475 ""Bond, Jeffrey T"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > On the Switching exam, are we provided a HEX conversion chart for reference? > > thanks in advance > > -Original Message- > From: Aaron Ajello [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 10, 2003 8:01 AM > To: [EMAIL PROTECTED] > Subject: RE: Switching Exam on Monday 13/1/03 [7:60785] > > > Spend a lot of time on MLS. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61228&t=61108 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CSS11152 VIP question [7:61229]
Lets say I have the following scenario. CSS11152 with ethernet e0 IP address 192.168.1.1 VLAN outside. I have 2 sets of servers addresses 10.10.10.0/24 on eth5 VLAN server1 and 10.20.20.20/24 on eth6 VLAN server2. I configure services as per below. On my content rules can a make a VIP on the 192.168.1.0 network and on another 192.168.100.0 network. Since VIP is NAT'ing I am thinking that you do not need a VIP address that has the same network as any VLAN's on the CSS. Is this true? content cnt-www.web1 balance aca url "/*" service svc-w1.web1 service svc-w2.web1 vip address 192.168.1.50 active content cnt-www.web1 balance aca url "/*" service svc-w1.web2 service svc-w2.web2 vip address 192.168.100.50 active service svc-w1.web1 ip address 10.10.10.10 port 80 keepalive type http keepalive uri "/test.html" active service svc-w2.web1 ip address 10.10.10.11 port 80 keepalive type http keepalive uri "/test.html" active and service svc-w1.web2 ip address 10.20.20.10 port 80 keepalive type http keepalive uri "/test.html" active service svc-w2.web2 ip address 10.10.20.11 port 80 keepalive type http keepalive uri "/test.html" active Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61229&t=61229 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CSS11152 VIP question [7:61229]
quick typo correction : ip on service svc-w2.web2 should be > ip address 10.20.20.11 > port 80 > keepalive type http > keepalive uri "/test.html" > active > ""Sam Sneed"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Lets say I have the following scenario. CSS11152 with ethernet e0 IP address > 192.168.1.1 VLAN outside. I have 2 sets of servers addresses 10.10.10.0/24 > on eth5 VLAN server1 and 10.20.20.20/24 on eth6 VLAN server2. I configure > services as per below. On my content rules can a make a VIP on the > 192.168.1.0 network and on another 192.168.100.0 network. Since VIP is > NAT'ing I am thinking that you do not need a VIP address that has the same > network as any VLAN's on the CSS. Is this true? > > content cnt-www.web1 > balance aca > url "/*" > service svc-w1.web1 > service svc-w2.web1 > vip address 192.168.1.50 > active > > content cnt-www.web1 > balance aca > url "/*" > service svc-w1.web2 > service svc-w2.web2 > vip address 192.168.100.50 > active > > service svc-w1.web1 > ip address 10.10.10.10 > port 80 > keepalive type http > keepalive uri "/test.html" > active > service svc-w2.web1 > ip address 10.10.10.11 > port 80 > keepalive type http > keepalive uri "/test.html" > active > > and > > service svc-w1.web2 > ip address 10.20.20.10 > port 80 > keepalive type http > keepalive uri "/test.html" > active > service svc-w2.web2 > ip address 10.10.20.11 > port 80 > keepalive type http > keepalive uri "/test.html" > active Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61230&t=61229 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Diff. b/w ^701$ 701$ _701$ _701_ [7:61219]
My understanding was that 701$ differs from _701$ in that 701$ will also match 5701 10701, etc whereas _701$ will *only* match AS 701. Please correct me if I'm mistaken. Thanks Jarett ""Xueyan Liu"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, > > The following cisco webpage explains different regular expressions. > http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_command_refe rence_chapter09186a00800ca655.html > > From what I worked in the isp world, > ^701$ matches routes with AS number 701 only in the AS-PATH > 701$ matches routes end with 701, such as 1234 701, 234 345 701, etc > _701$ matches routes end with 701, I would say it's same as 701$ > _701_ matches routes that have 701 anywhere in the AS-PATH > > Hope this helps. > > Xueyan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61231&t=61219 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Diff. b/w ^701$ 701$ _701$ _701_ [7:61219]
""Xueyan Liu"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > 701$ matches routes end with 701, such as 1234 701, 234 345 701, etc > _701$ matches routes end with 701, I would say it's same as 701$ There is a difference between 701$ and _701$. 701$ would match any AS path that ended with 701, so the AS path could end with 701, 2701, 11701, etc. In _701$, the _ would mandate a space (or a few other characters), so it would only match an AS path that ended with AS 701. Andrew Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61232&t=61219 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Diff. b/w ^701$ 701$ _701$ _701_ [7:61219]
You're right. Didn't think that you would have number(s) right before 7. Xueyan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61233&t=61219 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco VPN Question [7:61148]
Disabling split tunneling is being visited. As TJ has pointed out there are several different reasons why it is/can be implemented in different scenarios. This configuration was in place before I started. It is my job to upgrade the concentrator at which time the security policies associated with it are being revisited. Personally I would disable split tunneling, but there may be other reasons why it may not come to pass. Only time will tell. Kim / Zukee Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61234&t=61148 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: response time between PIX with VPN [7:60981]
What eric is refering to is a couple different items. One is the forward lookup of the name given on the command prompt, which I don't recall any traceroute implementations which cause high latency for that. Secondly is the reverse lookup many traceroute's will do if you give an IP address as the destination. Many of these send the first packet out, then make a call for reverse lookup.Sun Solaris is the notable OS who does this with ping and causes the first response(s) to be reported as extremely high latency due to the program waiting on the reverse lookup to finish. 3rd is the reverse lookup of individual hops as seen in traceroute output. I can't recall any implementation mangling RTT results due to this, but I wouldn't be surprised to see it. Mostly this just delays the next round packets from being sent. Finally kernel level ICMP rate limiting has been done in a number of OS's and makes agressive ping tests a poor tool. And makes using low rate ping against a busy host something to trust with skepitism. I doubt you are seeing any of these Mike, but just wanted to clarify why someone would see those kinds of results. I know I've had to have long conversations explaining these things to *nix admins who believed the network had extremely high latency. :-) There is obviously something going on, not sure what it is myself. I agree with the other posters that L2 could be causing performance problems. Have you broken down testing so it's not just end-to-end between these two windows hosts but also from one windows host to each of the endpoints along the way? Has IKE finished already when you send these packets? Are the lifetimes of your SA's long enough or are they aging out between individual test packets? Darrell ""Mike Sweeney"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > In answer to Eric, there is not any DNS involved as the traceroute is IP > only... no name resolution needed. > > In answer Ed's comments, I have both plugged into a switch and so it's not > *back to back* in the normal sense of the word. > > MikeS Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61235&t=60981 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DES license on PIX free? [7:61201]
Actually, you dont need the contract number. I bought a PIX 1 from Ebay, called cisco and they were happy to give me the code. You do need a valid serial number though. The automated webpage that hands out the DES keys works for most models so you dont even need to call them. The only time you need to call is if the S/N is so old that they didn't bother programming the website to handle it. Jarett wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > You can request one for free as long as you have Contract # and Key, I just > got one last week for a Cisco Classic Firewall > > > ""Mark W. Odette II"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Yes, it's free. If you order your PIX with 56Des installed, you're good > > to go, IIRC. > > > > -Mark > > > > -Original Message- > > From: Sam Sneed [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, January 16, 2003 8:41 AM > > To: [EMAIL PROTECTED] > > Subject: DES license on PIX free? [7:61201] > > > > I read in PIX book all PIX's come with the 56 bit DES license free. Can > > anyone verfiy this before I spend money? I'm looking at a 501 or 506E. > > Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61214&t=61201 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EIGRP network 0.0.0.0 to redistribute static route [7:61236]
Thank you everyone for your response, The reason I am confused is not becasuse the NULL0 in routing table, that's the way eigrp does. The reason is when I set the "network 0.0.0.0" in eigrp, it distribute the 172.22.0.0 network to S0 side(I have another router running eigrp at S0 side, its routing table shows up 172.22.0.0 or 172.22.2.0/24 when I enable no summary). Chuck, does network 0.0.0.0 mean to enable all interface to participate into route distribution? My idea is to put S0 in eigrp and S1 in BGP, while only set "network 192.168.1.0" won't put S1 into eigrp, thus won't distribute the 172.22.0.0 network info into S0 side. I am using IOS12.1.5(10T). Regards Wei - Original Message - From: "The Long and Winding Road" To: Sent: Thursday, January 16, 2003 2:37 AM Subject: Re: EIGRP network 0.0.0.0 to redistribute static route [7:61186] > ""The Long and Winding Road"" wrote in > message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > well, now that I've set it up, looked at it, and given it some thought, > the > > answer is really quite simple. > > being a simple person myself, I like it when answers are simple. think > > "classful nature of eigrp" > > > > see below > > > > > > ""Wei Zhu"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > ---EIGRP 100--(S0)---R1---(S1)--BGP AS 200--- > > > > > > R1 > > > S0 192.168.1.1 255.255.255.240 > > > S1 172.22.2.1 255.255.255.0 > > > S0 side run EIGRP, S1 side run BGP > > > > > > (1) > > > router eigrp 200 > > > network 192.168.1.0 > > > > > > router bgp > > > nei remote-as XXX > > > > > > R1 will send 192.168.1.0 route info through S0, but won't send the > > > 172.22.2.0 network info. > > > > > > (2) > > > ip route 0.0.0.0 0.0.0.0 S1 > > > > > > router eigrp 200 > > > network 192.168.1.0 > > > redistrib static > > > > > > Everything works fine > > > > > > (3) > > > If using network 0.0.0.0 to redistribute static info as: > > > ip route 0.0.0.0 0.0.0.0 S1 > > > > > > router eigrp 200 > > > network 192.168.1.0 > > > network 0.0.0.0 > > > > > > In addition of distribute the 0.0.0.0, R1 will also distribute > 172.22.0.0 > > > (summury) network info through S0 > > > > first of all, you are not seeing the whole picture because of the limited > > numbers of interfaces you have in your basic setup. > > > > second of all, let me ask you a question. what exactly is 0.0.0.0? > > > > thirdly, having answered and understood what exactly 0.0.0.0 really > > represents, let me ask you another question. what happens when you put the > > entry "network 0.0.0.0" into the eigrp process? will eigrp still work if > you > > were to now remove the "network 192.168.1.0" statement? why not? > > > > this is starting to feel like another homily. > > > > > > > It will also put 172.22.0.0/16 null0 route entry into its routing table. > > > > nature of the beast. I don't believe it is true of all protocols, but some > > of them will automatically place a summary to null 0 when a summary is > > advertised out. This is done as proof against black holes and helps > prevent > > routing loops > > > > BTW, I enjoy your posts. Keep up the good work. > > > > > > > > Can anyone explain why this happens? > > > oh, you know what, while composing a reply to cebuano, I realized - you > probably have automaticic summarization enabled under eigrp > > enter the command "no auto-summary" and watch the staic to null 0 disappear. > > > > > > > > > > > > > > > > > > > > > > Thanks > > > Wei Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61236&t=61236 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NETBIOS on WAN [7:61237]
Hellow, how i configure an 2600 router to permit acess for network neighborhood to computers on the lan, in other words, how i make to see all computers of my WAN in network neighborhood of windows explore ? Fred Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61237&t=61237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NETBIOS on WAN [7:61237]
ip helper address on the ethernet interface of the remote router. this will change the nbns broadcast to a unicast directed at the remote lan ""Frederico Madeira"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hellow, > > how i configure an 2600 router to permit acess for network neighborhood to > computers on the lan, in other words, how i make to see all computers of > my WAN in network neighborhood of windows explore ? > > Fred Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61238&t=61237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: User Privilege Level [7:60469]
I know the thread is about dead but until you get TACACS+ server there are some commands you could implement to help the situation. The port is being disabled for a reason. You can configure the port to renable after 30 secs. using the command set errdisable-timeout enable all set errdisable-timeout interval 30 'All' would cover all the possible reason. If you knew what was causing the port to disable you could implement certain commands to cease the err-disable all together. For example if collision was the culprit then the following command would stop the error disable. set option errport enable Here is a link the will go into more detail. http://www.cisco.com/warp/public/473/20.html -Original Message- From: Williams, Dave [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 11:33 PM To: [EMAIL PROTECTED] Subject: RE: User Privilege Level [7:60469] Thanks for everyone's help. What I mean by "reset ports" is to re-enable the switch ports after they were err-disabled. These are Cisco 6500 series switches w/layer 3 blades. The switch is running Cat/OS 7.2(2) and on the layer 3 blade, IOS 12.1(11b). Since our technicians are in remote locations, if I can give them the ability to re-enable the ports without getting into config mode, they don't have to wait on one of our engineers to do it for them (which may take hours). I'll try to re-assign some set commands and see what happens. Dave Williams, CCDA, CCNA, CCSA Senior Network Engineer (402) 661-2143 -Original Message- From: Erick B. [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 9:37 PM To: Williams, Dave; [EMAIL PROTECTED] Subject: Re: User Privilege Level [7:60469] Dave, Priv. level 1 gives you basic show commands, etc. level 15 is full access like you mentioned. levels 2-14 don't have any special commands , but you re-assign commands to these levels for different users for example. Theres also a priv level 0 which gives you close to no commands on router IOS and you need to reduce the level 1 (default level) to 0 if you make the priv level 0 for line vty for example. I'm not sure if you can go to 0 on the switches. When you say reset ports, do you mean clean counters or shut/no shut the port? the latter would be config access. What type of switch is this and version of code? Awhile back when I was doing this for a client there was a minor bug with the priv commands and config mode for setting speed and duplex where the commands weren't saved properly. haven't checked that in quite awhile though. Erick --- "Williams, Dave" wrote: > I've been searching CCO most of the afternoon and > can't seem to find the > correct URL. I'm looking for a way to allow a > technician to reset ports on > a switch and look at interface stats, but not allow > configuration access. > > For example, I know that user level 15 is the same > as having the enable > password and user level 1 is the same as a generic > user, but I don't know > what the other levels do for me. > > Thanks in advance for your help. > > Dave Williams > Senior Network Engineer > (402) 661-2143 [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61239&t=60469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: response time between PIX with VPN [7:60981]
Darrell- I like the tidbit about reverse lookup with traceroute.. I always wondered why the Sun boxes were so slow at times during pings . Now I need to fire up the sniffer and the x86 Solaris and see what I can see :) It would be my luck that the x86 Solaris is different .. Anyways.. this config was a Win2K laptop to a Win98 laptop. The back to back between PIXs is made via two ports on a 2900. I plan to run through it again this weekend and get some better notes. Priscilla.. I started with ping but went with traceroute to play with access lists allowing traceroute to pass. The telnet was just a quick and dirty test that I could in fact make the connection through the tunnel. It was an observation that the response time of the telnet was very *bursty slow*. It would almost *pause* and then send a sequence of keystrokes. Almost like the tunnel was flapping but the debug did not show this. That slowness tied into the 800ms times posted by traceroute since 100ms is preceptible by a user. Like I said, I'll run a more formal test and gather up some more data. I posted just to see if anyone had some ideas off the top of their heads. Thanks MikeS Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61240&t=60981 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EIGRP network 0.0.0.0 to redistribute static route [7:61241]
""Wei Zhu"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Thank you everyone for your response, > > The reason I am confused is not becasuse the NULL0 in routing table, that's > the way eigrp does. only if you have automatic summarization enabled. if you enter the command "no auto-summary" under the eigrp process, the route to null 0 will disappear. > The reason is when I set the "network 0.0.0.0" in eigrp, it distribute the > 172.22.0.0 network to S0 side(I have another router running eigrp at S0 > side, its routing table shows up 172.22.0.0 or 172.22.2.0/24 when I enable > no summary). > > Chuck, does network 0.0.0.0 mean to enable all interface to participate into > route distribution? starting with IOS 12.0, Cisco made it possible to enter interfaces ( not whole networks ) into the eigrp process similar to the way you enter ospf interfaces into the ospf process. recall that with ospf you can use the command "network 0.0.0.0 255.255.255.255 area x" to place all interfaces into the ospf process. apparently eigrp can be handled the same way. when you used the comand "network 0.0.0.0" you placed all interfaces into the eigrp process. my routers are asleep at the moment, but it occurs to me to look into whether or not ospf will accept just the 0.0.0.0 notation. > My idea is to put S0 in eigrp and S1 in BGP, while only set "network > 192.168.1.0" won't put S1 into eigrp, thus won't distribute the 172.22.0.0 > network info into S0 side. yep. > > I am using IOS12.1.5(10T). > > Regards > Wei > > - Original Message - > From: "The Long and Winding Road" > To: > Sent: Thursday, January 16, 2003 2:37 AM > Subject: Re: EIGRP network 0.0.0.0 to redistribute static route [7:61186] > > > > ""The Long and Winding Road"" wrote in > > message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > well, now that I've set it up, looked at it, and given it some thought, > > the > > > answer is really quite simple. > > > being a simple person myself, I like it when answers are simple. think > > > "classful nature of eigrp" > > > > > > see below > > > > > > > > > ""Wei Zhu"" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > ---EIGRP 100--(S0)---R1---(S1)--BGP AS 200--- > > > > > > > > R1 > > > > S0 192.168.1.1 255.255.255.240 > > > > S1 172.22.2.1 255.255.255.0 > > > > S0 side run EIGRP, S1 side run BGP > > > > > > > > (1) > > > > router eigrp 200 > > > > network 192.168.1.0 > > > > > > > > router bgp > > > > nei remote-as XXX > > > > > > > > R1 will send 192.168.1.0 route info through S0, but won't send the > > > > 172.22.2.0 network info. > > > > > > > > (2) > > > > ip route 0.0.0.0 0.0.0.0 S1 > > > > > > > > router eigrp 200 > > > > network 192.168.1.0 > > > > redistrib static > > > > > > > > Everything works fine > > > > > > > > (3) > > > > If using network 0.0.0.0 to redistribute static info as: > > > > ip route 0.0.0.0 0.0.0.0 S1 > > > > > > > > router eigrp 200 > > > > network 192.168.1.0 > > > > network 0.0.0.0 > > > > > > > > In addition of distribute the 0.0.0.0, R1 will also distribute > > 172.22.0.0 > > > > (summury) network info through S0 > > > > > > first of all, you are not seeing the whole picture because of the limited > > > numbers of interfaces you have in your basic setup. > > > > > > second of all, let me ask you a question. what exactly is 0.0.0.0? > > > > > > thirdly, having answered and understood what exactly 0.0.0.0 really > > > represents, let me ask you another question. what happens when you put > the > > > entry "network 0.0.0.0" into the eigrp process? will eigrp still work if > > you > > > were to now remove the "network 192.168.1.0" statement? why not? > > > > > > this is starting to feel like another homily. > > > > > > > > > > It will also put 172.22.0.0/16 null0 route entry into its routing > table. > > > > > > nature of the beast. I don't believe it is true of all protocols, but > some > > > of them will automatically place a summary to null 0 when a summary is > > > advertised out. This is done as proof against black holes and helps > > prevent > > > routing loops > > > > > > BTW, I enjoy your posts. Keep up the good work. > > > > > > > > > > > Can anyone explain why this happens? > > > > > > oh, you know what, while composing a reply to cebuano, I realized - you > > probably have automaticic summarization enabled under eigrp > > > > enter the command "no auto-summary" and watch the staic to null 0 > disappear. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Thanks > > > > Wei Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61241&t=61241 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CSS11152 VIP question [7:61229]
That is correct, your vip does not have to be a part of one of the VLAN's. Make sure you have ip opportunistic enabled, and that you are routing that VIP towards the CSS. Clayton ""Sam Sneed"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > quick typo correction : ip on service svc-w2.web2 should be > > > ip address 10.20.20.11 > > port 80 > > keepalive type http > > keepalive uri "/test.html" > > active > > > ""Sam Sneed"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Lets say I have the following scenario. CSS11152 with ethernet e0 IP > address > > 192.168.1.1 VLAN outside. I have 2 sets of servers addresses 10.10.10.0/24 > > on eth5 VLAN server1 and 10.20.20.20/24 on eth6 VLAN server2. I configure > > services as per below. On my content rules can a make a VIP on the > > 192.168.1.0 network and on another 192.168.100.0 network. Since VIP is > > NAT'ing I am thinking that you do not need a VIP address that has the same > > network as any VLAN's on the CSS. Is this true? > > > > content cnt-www.web1 > > balance aca > > url "/*" > > service svc-w1.web1 > > service svc-w2.web1 > > vip address 192.168.1.50 > > active > > > > content cnt-www.web1 > > balance aca > > url "/*" > > service svc-w1.web2 > > service svc-w2.web2 > > vip address 192.168.100.50 > > active > > > > service svc-w1.web1 > > ip address 10.10.10.10 > > port 80 > > keepalive type http > > keepalive uri "/test.html" > > active > > service svc-w2.web1 > > ip address 10.10.10.11 > > port 80 > > keepalive type http > > keepalive uri "/test.html" > > active > > > > and > > > > service svc-w1.web2 > > ip address 10.20.20.10 > > port 80 > > keepalive type http > > keepalive uri "/test.html" > > active > > service svc-w2.web2 > > ip address 10.10.20.11 > > port 80 > > keepalive type http > > keepalive uri "/test.html" > > active Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61242&t=61229 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EIGRP network 0.0.0.0 to redistribute static route [7:61243]
I read some document suggesting to use ip route 0.0.0.0 and network 0.0.0.0 to redistribute static route in eigrp, in this case, it seems not a good solution, instead using redistribute static can do the same job. Thanks Wei - Original Message - From: "The Long and Winding Road" To: Sent: Thursday, January 16, 2003 10:00 PM Subject: Re: EIGRP network 0.0.0.0 to redistribute static route [7:61241] > ""Wei Zhu"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Thank you everyone for your response, > > > > The reason I am confused is not becasuse the NULL0 in routing table, > that's > > the way eigrp does. > > only if you have automatic summarization enabled. if you enter the command > "no auto-summary" under the eigrp process, the route to null 0 will > disappear. > > > > The reason is when I set the "network 0.0.0.0" in eigrp, it distribute the > > 172.22.0.0 network to S0 side(I have another router running eigrp at S0 > > side, its routing table shows up 172.22.0.0 or 172.22.2.0/24 when I enable > > no summary). > > > > > Chuck, does network 0.0.0.0 mean to enable all interface to participate > into > > route distribution? > > > starting with IOS 12.0, Cisco made it possible to enter interfaces ( not > whole networks ) into the eigrp process similar to the way you enter ospf > interfaces into the ospf process. > > recall that with ospf you can use the command "network 0.0.0.0 > 255.255.255.255 area x" to place all interfaces into the ospf process. > > apparently eigrp can be handled the same way. when you used the comand > "network 0.0.0.0" you placed all interfaces into the eigrp process. > > my routers are asleep at the moment, but it occurs to me to look into > whether or not ospf will accept just the 0.0.0.0 notation. > > > > My idea is to put S0 in eigrp and S1 in BGP, while only set "network > > 192.168.1.0" won't put S1 into eigrp, thus won't distribute the 172.22.0.0 > > network info into S0 side. > > yep. > > > > > I am using IOS12.1.5(10T). > > > > Regards > > Wei > > > > - Original Message - > > From: "The Long and Winding Road" > > To: > > Sent: Thursday, January 16, 2003 2:37 AM > > Subject: Re: EIGRP network 0.0.0.0 to redistribute static route [7:61186] > > > > > > > ""The Long and Winding Road"" wrote in > > > message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > well, now that I've set it up, looked at it, and given it some > thought, > > > the > > > > answer is really quite simple. > > > > being a simple person myself, I like it when answers are simple. think > > > > "classful nature of eigrp" > > > > > > > > see below > > > > > > > > > > > > ""Wei Zhu"" wrote in message > > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > ---EIGRP 100--(S0)---R1---(S1)--BGP AS 200--- > > > > > > > > > > R1 > > > > > S0 192.168.1.1 255.255.255.240 > > > > > S1 172.22.2.1 255.255.255.0 > > > > > S0 side run EIGRP, S1 side run BGP > > > > > > > > > > (1) > > > > > router eigrp 200 > > > > > network 192.168.1.0 > > > > > > > > > > router bgp > > > > > nei remote-as XXX > > > > > > > > > > R1 will send 192.168.1.0 route info through S0, but won't send the > > > > > 172.22.2.0 network info. > > > > > > > > > > (2) > > > > > ip route 0.0.0.0 0.0.0.0 S1 > > > > > > > > > > router eigrp 200 > > > > > network 192.168.1.0 > > > > > redistrib static > > > > > > > > > > Everything works fine > > > > > > > > > > (3) > > > > > If using network 0.0.0.0 to redistribute static info as: > > > > > ip route 0.0.0.0 0.0.0.0 S1 > > > > > > > > > > router eigrp 200 > > > > > network 192.168.1.0 > > > > > network 0.0.0.0 > > > > > > > > > > In addition of distribute the 0.0.0.0, R1 will also distribute > > > 172.22.0.0 > > > > > (summury) network info through S0 > > > > > > > > first of all, you are not seeing the whole picture because of the > limited > > > > numbers of interfaces you have in your basic setup. > > > > > > > > second of all, let me ask you a question. what exactly is 0.0.0.0? > > > > > > > > thirdly, having answered and understood what exactly 0.0.0.0 really > > > > represents, let me ask you another question. what happens when you put > > the > > > > entry "network 0.0.0.0" into the eigrp process? will eigrp still work > if > > > you > > > > were to now remove the "network 192.168.1.0" statement? why not? > > > > > > > > this is starting to feel like another homily. > > > > > > > > > > > > > It will also put 172.22.0.0/16 null0 route entry into its routing > > table. > > > > > > > > nature of the beast. I don't believe it is true of all protocols, but > > some > > > > of them will automatically place a summary to null 0 when a summary is > > > > advertised out. This is done as proof against black holes and helps > > > prevent > > > > routing loops > > > > > > > > BTW, I enjoy your posts. Keep up the good work. > > > > > > > > > > > > > > Can anyone explain why this happens? > > > > > > > > > oh, you know what, while composing a repl
More odd router occurances [7:61244]
It's getting to where I actually wish troubleshooting would come back to the lab ;-> had two routers go into endless reload tonight when I turned a few on to get some more practice. after going through the password recovery procedure for both, it appears that the two routers in question did not like the command "ip pim sparse-dense-mode" on the token ring interfaces. Which is interesting, because two other routers have that same configuration, and came up just fine. also - does anyone know what the command "ip kerberos source-interface any" does? I am unable to locate it in either the 12.1 or the 12.2 documentation. every time I reload any of my routers I get the error message % Invalid input detected at '^' marker. pointing to the kerberos line. I have issued "no" commands, but upon reload the damn thing is back in there. The IOS versions I am running are 56des just venting. -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61244&t=61244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Backup interface [7:61245]
Hi, I have to configure backup link for my primary Frame relay link with 2 subinterfaces. Please confirm I have to configure backup interface command on physical interface or subinterfaces. Regards __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61245&t=61245 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NETBIOS on WAN [7:61237]
IP helper will send NETBIOS broadcast and change the packet to a unicast to the address given. But I not really sure it will solve your problem. I have a few questions before I try to answer your question. 1. Is there a DHCP server involved? 2. Do have Domain Controllers? 3. Do you want the browse list to contain both networks? Last question is for everybody. Can the helper address be a directed broadcast vs a single IP address? -Original Message- From: Amazing [mailto:[EMAIL PROTECTED]] Sent: Friday, January 17, 2003 10:19 AM To: [EMAIL PROTECTED] Subject: Re: NETBIOS on WAN [7:61237] ip helper address on the ethernet interface of the remote router. this will change the nbns broadcast to a unicast directed at the remote lan ""Frederico Madeira"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hellow, > > how i configure an 2600 router to permit acess for network neighborhood to > computers on the lan, in other words, how i make to see all computers of > my WAN in network neighborhood of windows explore ? > > Fred Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61246&t=61237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Traceroute troubles [7:61247]
Solved my own problem - see CSCdu43762 on the CCO. Shows up with the 7200 and an NSE-1 and (evidently though they are not listed) the 1760, 2621, 2621XM, 2611 and 1720. Solution is to turn off PXF (rate limiting of ICMP unreachables) using: no ip icmp rate unreach Lesson learned? Read everything... :) Bill -Original Message- From: William Pearch Sent: Thu 1/16/2003 8:12 PM To: William Pearch; [EMAIL PROTECTED] Cc: Subject: Traceroute troubles Why does traceroute seem to have problems with the second check of a final hop? RouterA-RouterB When trace from routerA loopback to routerB loopback, first one comes back fine, second is a * and third is fine. Seems wierd - 500 pings all go swell. Then to top it off... RouterA trace to RouterA loopback0, first one comes back fine, second is a * and third is fine. 500 pings all go swell. I've tried over ethernet, fast ethernet, serial (HDSL and frame relay). Same behavior on my 2600's and 1700's. All running 12.2.13T. I wasn't able to find anything on the CCO this evening. Thoughts? Bill Pearch, Anchorage Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61247&t=61247 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RX port buffers on cat4000's [7:61248]
Hi All, Just wondering if anyone has figures for the size of rx buffers for cat 4000 ports? Had a issue today where a port was connected to a pix 535 manually set at half/100 (yep you read right), the switch port was at auto/auto. The rate of In-Lost (rx buffer filling up) errors was on average 5 per minute (among all the other errors of course). I have seen In-Lost and delay-exceeds rise up for mis-settings to servers, but the pix connection was showing some pretty fast counter stats Hard to find these small details sometimes in doco.. maybe anyone here from cisco can advise? the mod on the 4006 is a ws-x4424-gb-rj45 (hw 1.5) with a supII (hw 3.2, gsp 7.1(2.0), nmp 7.1(2)) Cheers, M Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61248&t=61248 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Netbios on Wan [7:61249]
hi, wondering if it is possible to configure more than 1 ip for IP helper address Author: Amazing () Date: 01-17-03 01:18 ip helper address on the ethernet interface of the remote router. this will change the nbns broadcast to a unicast directed at the remote lan ""Frederico Madeira"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hellow, > > how i configure an 2600 router to permit acess for network neighborhood to > computers on the lan, in other words, how i make to see all computers of > my WAN in network neighborhood of windows explore ? > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61249&t=61249 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Serial Interface Down [7:61220]
Report the link to your Telco. -Original Message- From: Curious [mailto:[EMAIL PROTECTED]] Sent: 16 January 2003 21:43 To: [EMAIL PROTECTED] Subject: Serial Interface Down [7:61220] We just noticed the Serial Interface of our CIsco 2600 router is down, here is its current status Serial0/0 is down, line protocol is down Hardware is PQUICC with Fractional T1 CSU/DSU Internet address is A.B.C.D MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, reliability 253/255, txload 1/255, rxload 1/255 Encapsulation HDLC, loopback not set Keepalive set (10 sec) Last input 00:27:48, output 00:27:43, output hang never Last clearing of "show interface" counters never Input queue: 0/75/1754 (size/max/drops); Total output drops: 1208 Queueing strategy: weighted fair Output queue: 0/1000/64/1191 (size/max total/threshold/drops) Conversations 0/53/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 83316984 packets input, 2394378579 bytes, 0 no buffer Received 507747 broadcasts, 0 runts, 2 giants, 0 throttles 294 input errors, 201 CRC, 88 frame, 0 overrun, 0 ignored, 4 abort 80768969 packets output, 3501265478 bytes, 0 underruns 0 output errors, 0 collisions, 60 interface resets 0 output buffer failures, 0 output buffers swapped out 2 carrier transitions DCD=down DSR=up DTR=up RTS=up CTS=down If some one shed any light on it. thanks, -- Curious MCSE, CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61250&t=61220 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RX port buffers on cat4000's [7:61248]
* In-Lost - Packets which could not be received since the input buffers are full. Reason: Excessive input rate of traffic. * Delay Exceed - This is an indication of the number of frames discarded because of excessive delay in the switching process. Reason/Cause: Severe problem with the switch. Open a case with the Cisco TAC I'm guessing the PIX connection has lots of traffic (probably constant). maybe some sort of attack was going on at this time. Might be a combination of devices attached to that blade. There is no buffer adjustments I know of. Also the sup2 on 4006 does 18 Mpps , whereas a sup3/sup4 can do 48 Mpps. --- "Vicuna, Mark" wrote: > Hi All, > > Just wondering if anyone has figures for the size of > rx buffers for cat 4000 > ports? Had a issue today where a port was connected > to a pix 535 manually > set at half/100 (yep you read right), the switch > port was at auto/auto. The > rate of In-Lost (rx buffer filling up) errors was on > average 5 per minute > (among all the other errors of course). > > I have seen In-Lost and delay-exceeds rise up for > mis-settings to servers, > but the pix connection was showing some pretty fast > counter stats > > Hard to find these small details sometimes in doco.. > maybe anyone here from > cisco can advise? > > the mod on the 4006 is a ws-x4424-gb-rj45 (hw 1.5) > with a supII (hw 3.2, > gsp 7.1(2.0), nmp 7.1(2)) > > > Cheers, > M [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61251&t=61248 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Traffic monitoring [7:61252]
Greetins all, We are currently using nat in our network. I want to monitor the bandwidth usage per ip. And also the traffic type they generate. Using Cisco 7206 router that runs IOS 12.2(13) release. I will appreciate any comment. Best Regards Semih \st|n Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61252&t=61252 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
