RE: RX port buffers on cat4000's [7:61248]
yes, alot of traffic is flowing through :-) and no wasn't related to any kind of attack. The 18mpps or 48mpps is more to do with the switch fabric, not related to the tx rx buffer(s) that are allocated per port. the issue was immediately resolved when i hard coded port settings. just wanted to have an idea of the size of buffering allocated on these ports (hardware specific of course). cheers, mark. -Original Message- From: Erick B. [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 2003 11:17 PM To: Vicuna, Mark; [EMAIL PROTECTED] Subject: Re: RX port buffers on cat4000's [7:61248] http://www.cisco.com/warp/public/473/46.html * In-Lost - Packets which could not be received since the input buffers are full. Reason: Excessive input rate of traffic. * Delay Exceed - This is an indication of the number of frames discarded because of excessive delay in the switching process. Reason/Cause: Severe problem with the switch. Open a case with the Cisco TAC I'm guessing the PIX connection has lots of traffic (probably constant). maybe some sort of attack was going on at this time. Might be a combination of devices attached to that blade. There is no buffer adjustments I know of. Also the sup2 on 4006 does 18 Mpps , whereas a sup3/sup4 can do 48 Mpps. --- Vicuna, Mark wrote: Hi All, Just wondering if anyone has figures for the size of rx buffers for cat 4000 ports? Had a issue today where a port was connected to a pix 535 manually set at half/100 (yep you read right), the switch port was at auto/auto. The rate of In-Lost (rx buffer filling up) errors was on average 5 per minute (among all the other errors of course). I have seen In-Lost and delay-exceeds rise up for mis-settings to servers, but the pix connection was showing some pretty fast counter stats Hard to find these small details sometimes in doco.. maybe anyone here from cisco can advise? the mod on the 4006 is a ws-x4424-gb-rj45 (hw 1.5) with a supII (hw 3.2, gsp 7.1(2.0), nmp 7.1(2)) Cheers, M [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61253t=61248 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Netbios on Wan [7:61249]
yes, you will have to use a separate entry for each. -Original Message- From: Han Chuan Alex Ang [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 2003 10:28 PM To: [EMAIL PROTECTED] Subject: Netbios on Wan [7:61249] hi, wondering if it is possible to configure more than 1 ip for IP helper address Author: Amazing () Date: 01-17-03 01:18 ip helper address on the ethernet interface of the remote router. this will change the nbns broadcast to a unicast directed at the remote lan Frederico Madeira wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hellow, how i configure an 2600 router to permit acess for network neighborhood to computers on the lan, in other words, how i make to see all computers of my WAN in network neighborhood of windows explore ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61254t=61249 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: More odd router occurances [7:61244]
Maybe that message is coming from the Boot, which is older it two of the routers. I see it ocassionally, but it doesn't harm, since as soon as correct IOS loads, later on the boot process, the sentence will be understood. What I don't understand is the reason of the reloading... What can you see in Show ver regarding last boot? The Long and Winding Road Enviado por: [EMAIL PROTECTED] 17/01/2003 05:45 Por favor, responda a The Long and Winding Road Para: [EMAIL PROTECTED] cc: Asunto: More odd router occurances [7:61244] It's getting to where I actually wish troubleshooting would come back to the lab ;- had two routers go into endless reload tonight when I turned a few on to get some more practice. after going through the password recovery procedure for both, it appears that the two routers in question did not like the command ip pim sparse-dense-mode on the token ring interfaces. Which is interesting, because two other routers have that same configuration, and came up just fine. also - does anyone know what the command ip kerberos source-interface any does? I am unable to locate it in either the 12.1 or the 12.2 documentation. every time I reload any of my routers I get the error message % Invalid input detected at '^' marker. pointing to the kerberos line. I have issued no commands, but upon reload the damn thing is back in there. The IOS versions I am running are 56des just venting. -- TANSTAAFL there ain't no such thing as a free lunch Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61255t=61244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
cisco IOS and VPN Client 3.X [7:61256]
I was testing the sample config on the cisco web site at this page : http://www.cisco.com/warp/public/471/ipsecrouter_vpn.html I do not know what IOS for 2611 can take the following commands: cisco is saying 12.2(8) and later. crypto isakmp client configuration group 3000client key cisco123 dns 10.10.10.10 wins 10.10.10.20 domain cisco.com pool ippool I could not get it into my 2611 IOS router. Has anybody gone through this already. My objectives is to have vpnclients and some remote cisco routers create VPN tunnels to my 2611 at my main site. _ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61256t=61256 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Splitting an ethernet segment [7:61257]
Here is my current scenario- I have a 3640 RAS router at my HQ and 1x1700 routers at a remote site.I want to add another router to another remote site but use the same ethernet segment on DHCP.I have a Win2000 server doing DHCP for the 1 remote router. On the DHCP server I want to split the segment with a 255.255.255.128 and let both the router share that segment. I use static routes for the dialer interfaces. The current remote router has a e0 ip gateway address of 172.16.16.1 I want to make the other one 172.16.16.129 255.255.255.128 Will this work ?. Thanks _ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61257t=61257 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NETBIOS on WAN [7:61237]
Hi all, I also need the same help. Can I have sample configuration any one did it. can someone tell me any source where i can find the details. Thanks/Regards, K.Srinivas - Original Message - From: Newell Ryan D SrA 18 CS/SCBT To: Sent: Friday, January 17, 2003 10:31 AM Subject: RE: NETBIOS on WAN [7:61237] IP helper will send NETBIOS broadcast and change the packet to a unicast to the address given. But I not really sure it will solve your problem. I have a few questions before I try to answer your question. 1. Is there a DHCP server involved? 2. Do have Domain Controllers? 3. Do you want the browse list to contain both networks? Last question is for everybody. Can the helper address be a directed broadcast vs a single IP address? -Original Message- From: Amazing [mailto:[EMAIL PROTECTED]] Sent: Friday, January 17, 2003 10:19 AM To: [EMAIL PROTECTED] Subject: Re: NETBIOS on WAN [7:61237] ip helper address on the ethernet interface of the remote router. this will change the nbns broadcast to a unicast directed at the remote lan Frederico Madeira wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hellow, how i configure an 2600 router to permit acess for network neighborhood to computers on the lan, in other words, how i make to see all computers of my WAN in network neighborhood of windows explore ? Fred Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61258t=61237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Traffic monitoring [7:61252]
I believe that NetFlow can be used to provide this information. Semih \st|n wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Greetins all, We are currently using nat in our network. I want to monitor the bandwidth usage per ip. And also the traffic type they generate. Using Cisco 7206 router that runs IOS 12.2(13) release. I will appreciate any comment. Best Regards Semih \st|n Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61259t=61252 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: cisco IOS and VPN Client 3.X [7:61256]
try IOS Version 12.2(11)T3 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61260t=61256 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: response time between PIX with VPN [7:60981]
Well..well..well.. in a way I feel like idiot.. but in another it was a very much a learning experience. After checking over everything and recreating the 800mS to 2 second delays, I found the problem. When I first set up the lab, I spent some time working with the debugs for ipsec, isakmp and icmp. I was bouncing between PIXs looking at the results and working out the configs. Apparently, on the 520 PIX, I left a debug process running or it hung there on it's own from one of the times the ssh window timed out. I would have thought it would have died on its own but..then again maybe not. I had to reboot the 520 but that clear the problem and pings went to an expected 2mS response time. I had not rebooted the 520 since I was trying to replicate using a production PIX. I'm starting to think that when working with VPNs and the like, a reboot is a useful thing to do. Yes? no? Thanks again for the comments.. as it turns out I learned things from the comments and my own struggles. Sometimes it's best this way :) MikeS Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61261t=60981 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: User Privilege Level [7:60469]
Great!! This looks like it will fill the bill. I'll set the configuration as noted. This will give me some time before I can configure a TACACS+ server. Thanks to everyone for their responses. Dave Williams, CCDA, CCNA, CCSA Director of Network Engineering (402) 661-2143 -Original Message- From: Newell Ryan D SrA 18 CS/SCBT [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 2003 8:07 PM To: [EMAIL PROTECTED] Subject: RE: User Privilege Level [7:60469] I know the thread is about dead but until you get TACACS+ server there are some commands you could implement to help the situation. The port is being disabled for a reason. You can configure the port to renable after 30 secs. using the command set errdisable-timeout enable all set errdisable-timeout interval 30 'All' would cover all the possible reason. If you knew what was causing the port to disable you could implement certain commands to cease the err-disable all together. For example if collision was the culprit then the following command would stop the error disable. set option errport enable Here is a link the will go into more detail. http://www.cisco.com/warp/public/473/20.html -Original Message- From: Williams, Dave [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 11:33 PM To: [EMAIL PROTECTED] Subject: RE: User Privilege Level [7:60469] Thanks for everyone's help. What I mean by reset ports is to re-enable the switch ports after they were err-disabled. These are Cisco 6500 series switches w/layer 3 blades. The switch is running Cat/OS 7.2(2) and on the layer 3 blade, IOS 12.1(11b). Since our technicians are in remote locations, if I can give them the ability to re-enable the ports without getting into config mode, they don't have to wait on one of our engineers to do it for them (which may take hours). I'll try to re-assign some set commands and see what happens. Dave Williams, CCDA, CCNA, CCSA Senior Network Engineer (402) 661-2143 -Original Message- From: Erick B. [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 9:37 PM To: Williams, Dave; [EMAIL PROTECTED] Subject: Re: User Privilege Level [7:60469] Dave, Priv. level 1 gives you basic show commands, etc. level 15 is full access like you mentioned. levels 2-14 don't have any special commands , but you re-assign commands to these levels for different users for example. Theres also a priv level 0 which gives you close to no commands on router IOS and you need to reduce the level 1 (default level) to 0 if you make the priv level 0 for line vty for example. I'm not sure if you can go to 0 on the switches. When you say reset ports, do you mean clean counters or shut/no shut the port? the latter would be config access. What type of switch is this and version of code? Awhile back when I was doing this for a client there was a minor bug with the priv commands and config mode for setting speed and duplex where the commands weren't saved properly. haven't checked that in quite awhile though. Erick --- Williams, Dave wrote: I've been searching CCO most of the afternoon and can't seem to find the correct URL. I'm looking for a way to allow a technician to reset ports on a switch and look at interface stats, but not allow configuration access. For example, I know that user level 15 is the same as having the enable password and user level 1 is the same as a generic user, but I don't know what the other levels do for me. Thanks in advance for your help. Dave Williams Senior Network Engineer (402) 661-2143 [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61262t=60469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CSS11152 VIP question [7:61229]
what does the IP opportunistic do? Clayton Price wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... That is correct, your vip does not have to be a part of one of the VLAN's. Make sure you have ip opportunistic enabled, and that you are routing that VIP towards the CSS. Clayton Sam Sneed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... quick typo correction : ip on service svc-w2.web2 should be ip address 10.20.20.11 port 80 keepalive type http keepalive uri /test.html active Sam Sneed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Lets say I have the following scenario. CSS11152 with ethernet e0 IP address 192.168.1.1 VLAN outside. I have 2 sets of servers addresses 10.10.10.0/24 on eth5 VLAN server1 and 10.20.20.20/24 on eth6 VLAN server2. I configure services as per below. On my content rules can a make a VIP on the 192.168.1.0 network and on another 192.168.100.0 network. Since VIP is NAT'ing I am thinking that you do not need a VIP address that has the same network as any VLAN's on the CSS. Is this true? content cnt-www.web1 balance aca url /* service svc-w1.web1 service svc-w2.web1 vip address 192.168.1.50 active content cnt-www.web1 balance aca url /* service svc-w1.web2 service svc-w2.web2 vip address 192.168.100.50 active service svc-w1.web1 ip address 10.10.10.10 port 80 keepalive type http keepalive uri /test.html active service svc-w2.web1 ip address 10.10.10.11 port 80 keepalive type http keepalive uri /test.html active and service svc-w1.web2 ip address 10.20.20.10 port 80 keepalive type http keepalive uri /test.html active service svc-w2.web2 ip address 10.10.20.11 port 80 keepalive type http keepalive uri /test.html active Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61263t=61229 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Can't ping an HSRP address from a 3550-12G [7:61264]
Hi guys, I have a 3550-12G that is connected to 5 switches. There are also a 3640 and a 2600, that share an HSRP address, and both of these routers are connected to one of the switches hanging off the 3550-12G.. From the 3550-12G I can't ping the HSRP address, but can ping the physical address of each participating interface. I though it was quite odd, as the other 5 switches connected to the 3550-12G can ping the HSRP address (2 x 3548's, 1 x 3524 and 2 x 3550-48's). I haven't done any in depth analysis yet (packet captures etc) but wondered if anyone else had come across it. Symon Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61264t=61264 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Switching EXAM (Hex Conversion Chart) [7:61108]
I do know how to convert Hex and Decimal frontward and backwards. I only asked the question just to speed up the process, since time is of essence on any Cisco test!! -Original Message- From: Dain Deutschman [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 2003 3:54 PM To: [EMAIL PROTECTED] Subject: Re: Switching EXAM (Hex Conversion Chart) [7:61108] You should just learn how to convert decimal to hex...then you won't need a chart. -- Dain Deutschman CCNA, CSS-1, MCP, CNA Data Communications Manager New Star Sales and Service, Inc. 800.261.0475 Bond, Jeffrey T wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... On the Switching exam, are we provided a HEX conversion chart for reference? thanks in advance -Original Message- From: Aaron Ajello [mailto:[EMAIL PROTECTED]] Sent: Friday, January 10, 2003 8:01 AM To: [EMAIL PROTECTED] Subject: RE: Switching Exam on Monday 13/1/03 [7:60785] Spend a lot of time on MLS. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61265t=61108 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: More odd router occurances [7:61244]
Francisco Sedano/Inf-Pronet wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Maybe that message is coming from the Boot, which is older it two of the routers. I see it ocassionally, but it doesn't harm, since as soon as correct IOS loads, later on the boot process, the sentence will be understood. What I don't understand is the reason of the reloading... What can you see in Show ver regarding last boot? the last boot occured after the password recovery process, during which I simply removed the command ip pim sparse-dense-mode from the token ring interface. it may be that the two token ring interfaces were in shutdown state, whereas the two routers that came up fine were operational. Once in a while I run into odd occurences with the 25xx series and the more recent IOS images. even with 16/16 once in a while something strange happens, something that a simple reload cures. I suspect that when the images start creeping into the 16 meg range, that the router runs out of places to put things. The Long and Winding Road Enviado por: [EMAIL PROTECTED] 17/01/2003 05:45 Por favor, responda a The Long and Winding Road Para: [EMAIL PROTECTED] cc: Asunto: More odd router occurances [7:61244] It's getting to where I actually wish troubleshooting would come back to the lab ;- had two routers go into endless reload tonight when I turned a few on to get some more practice. after going through the password recovery procedure for both, it appears that the two routers in question did not like the command ip pim sparse-dense-mode on the token ring interfaces. Which is interesting, because two other routers have that same configuration, and came up just fine. also - does anyone know what the command ip kerberos source-interface any does? I am unable to locate it in either the 12.1 or the 12.2 documentation. every time I reload any of my routers I get the error message % Invalid input detected at '^' marker. pointing to the kerberos line. I have issued no commands, but upon reload the damn thing is back in there. The IOS versions I am running are 56des just venting. -- TANSTAAFL there ain't no such thing as a free lunch Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61266t=61244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: applying PIX access-lists [7:61033]
You can use pdm ( Web based gui of Cisco PIX). It looks like checkpoint gui. You can insert lines between other statements, change nat definitions, monitor system resources etc. It is very useful. Ozan Akdemir -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 14, 2003 6:59 PM To: [EMAIL PROTECTED] Subject: applying PIX access-lists [7:61033] I am new to PIX and have a simple question. What methods do you (PIX Admins) use to change and apply access-lists. Unlike IOS access-lists it seems you can remove statements from the middle of the list. When you do this does the change occur immediately or do you have to reapply the access-group? Do you need to do clear xlate after changing access-lists? how about the following scenatio: I have PIX that has interface outside with the follwoing access-list: access-list from-internet permit ip any host 10.10.10.1 access-list from-internet permit ip any host 10.10.10.4 access-list from-internet permit ip any host 10.10.10.5 access-list from-internet deny ip any any and access-group from-internet in interface outside now I want to add access-list from-internet permit ip any host 10.10.10.2 before access-list from-internet permit ip any host 10.10.10.4. What is the best way to do this? I thought maybe I would create a new list : access-list from-internet2 permit ip any host 10.10.10.1 access-list from-internet permit ip any host 10.10.10.2 access-list from-internet2 permit ip any host 10.10.10.4 access-list from-internet2 permit ip any host 10.10.10.5 access-list from-internet2 deny ip any any than remove the old and apply the new one in successive commands. Is this the standard way of amking changes or do you more experienced admins have a better way. I'm migrating from a checkpoint environment so this wasn't an issue when administering them. How about this for a good question Why aren't the access-lists on the PIX numbered like prefix-lists in BGP. Wouldn't that be very intuitive and easy to work with? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61267t=61033 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ACL for testing [7:61268]
Greetings all, I'm looking to test a large ACL impact on a router and wondering if any of you have or know of an already made list some where that I can use. Thanks...Nabil I have never let my schooling interfere with my education. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61268t=61268 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
QOS on IOS 12.1.10 2610 Router [7:61269]
I can only apply service-policy out name to the main interface but not to sub interfaces. Can some one tell me if it automatically applyes to sub interfaces. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61269t=61269 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Netbios on Wan [7:61249]
Hi Frederico, Yes, You you need to use : Interface e0 (for eaxample on remote router) ip helper-address 172.16.2.255 (to reach all servers on subnet 172.16.2.0 from the remote routers) Hope this helps Sarkis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61270t=61249 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Online rack rental for PIX / CSS1-recommendation [7:61271]
Hi all -- Does anyone have a recommendation for online lab rental for the PIX and VPN courses for the CSS1. Today is the last day to register for the old exams and I'm considering making the effort to take the exams. Thanks in advance. Greg Macaulay Oldest Human Being preparing for the CCIE Lab Lifetime AARP member Retired Attorney/Law Professor Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61271t=61271 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Online rack rental for PIX / CSS1-recommendation [7:61271]
There is a PIX available on my rack free of charge at http://www.mymucus.com It is an older PIX 1 Running 5.1(5) But you can you use it for most of the course. I'm working on adding a 501 to the rack. Hope this helps Jarett Greg Macaulay wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all -- Does anyone have a recommendation for online lab rental for the PIX and VPN courses for the CSS1. Today is the last day to register for the old exams and I'm considering making the effort to take the exams. Thanks in advance. Greg Macaulay Oldest Human Being preparing for the CCIE Lab Lifetime AARP member Retired Attorney/Law Professor Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61272t=61271 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Splitting an ethernet segment [7:61257]
Shane Stockman wrote: Here is my current scenario- I have a 3640 RAS router at my HQ and 1x1700 routers at a remote site.I want to add another router to another remote site but use the same ethernet segment on DHCP.I have a Win2000 server doing DHCP for the 1 remote router. On the DHCP server I want to split the segment with a 255.255.255.128 and let both the router share that segment. I use static routes for the dialer interfaces. The current remote router has a e0 ip gateway address of 172.16.16.1 I want to make the other one 172.16.16.129 255.255.255.128 Will this work ?. Yep. If you split the scope on the server, there shouldn't be any problems. Post back if there are. Thanks _ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61273t=61257 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: More odd router occurances [7:61244]
The Long and Winding Road wrote: It's getting to where I actually wish troubleshooting would come back to the lab ;- had two routers go into endless reload tonight when I turned a few on to get some more practice. after going through the password recovery procedure for both, it appears that the two routers in question did not like the command ip pim sparse-dense-mode on the token ring interfaces. Chuck, I've never tried enabling mcast on a TR interface. According to Cisco training material, it is strongly advised against. This is rooted in the fact that there is no difference between mcast and broadcast on a TR interface. I think you mentioned having sat the mcast/qos exam, so I reckon you know why. It has to do with the functional address format that TR uses. So I wouldn't be surprised to see a 2500 go into meltdown. Which is interesting, because two other routers have that same configuration, and came up just fine. I think you nailed it with your followup comments. The others were probably disabled. also - does anyone know what the command ip kerberos source-interface any does? I am unable to locate it in either the 12.1 or the 12.2 documentation. every time I reload any of my routers I get the error message % Invalid input detected at '^' marker. pointing to the kerberos line. I have issued no commands, but upon reload the damn thing is back in there. The IOS versions I am running are 56des just venting. -- TANSTAAFL there ain't no such thing as a free lunch Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61274t=61244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
GroupStudy DB Crash [7:61288]
I would like to apologize as the GroupStudy database crashed thus preventing any postings for the past 20 hours or so. Tonight I performed an upgrade to the database in the hopes it will increase reliability. Please resend any messages that do not appear on the site. Sorry! Paul Borghese Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61288t=61288 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Netbios on Wan [7:61249]
Yes, According to Cisco BSCN Book (Building Scalable Cisco Networks) pages 88-91. and Exam Cram book ACRC (Advanced Cisco Router Congirn) pages 46-47. mentions using ip helper-address to forward to a directed broadcast address (ie. for this specific subnet 172.16.2.0 where the servers reside) Remember, on the Interface you also need to enable the command: ip directed-broadcast (which is disabled by default on rel 12.0 and later) So here are the commands you need to add on the Remote Router interface: Interface e0 ip helper-address 172.16.2.255 ip helper-address 172.16.3.2 ip directed broadcast So Braodcasts arriving on e0 will be forwarded to all servers on the 172.16.2.0 subnet and to the designated server 172.16.3.2. Hope this helps. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61289t=61249 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: frame relay stumper [7:60567]
Hi Geoff, Just a small possibility Double check on what circuit is termining on the physical interfaces. What I mean to say is, if the two ends are not connected to the same circuit physically too, it might show you up/up (due to some other ends connectivity) but it won't be the result what you are looking for. Show cdp neighbor command can help you in this i.e. if some other Cisco router is getting connected ypu can see that in place of desired router. It had happened with me, so maybe it's the cause. Regards, Vikram Mossburg, Geoff (MAN-Corporate) wrote: How's this for nutty: We have a frame-relay point-to-point circuit going between our Cisco 7500 core router and a 2500 remote router, and the subinterfaces have IP addys of .1 and .2, respectively. Both sides' subinterfaces are up/up, but I am not able to ping either IP address, even when I am on the host router for each address! Both sides have other working subinterfaces which I have tested similarly, and these use the same physical circuit, so I know the circuit is good. OH... and this connection WAS working at some point, but I can't tell when it stopped working, due to the fact that neither router recognizes that there is a problem. I tried bouncing both subinterfaces and reloading the 2500, but the problem remains. Any advice about what I may be overlooking would be a Godsend. Thanks! GM Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com Buy the best in Movies at http://www.videos.indiatimes.com Now bid just 7 Days in Advance and get Huge Discounts on Indian Airlines Flights. So log on to http://indianairlines.indiatimes.com and Bid Now ! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61290t=60567 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Setup Win2K prof. as NETBEUI client [7:61291]
How to configure a PC (win2K prof.) for testing DLSW in lab? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61291t=61291 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
URGENT: Modem Authentication Failure [7:61292]
Hi everybody, Today I have encountered a strabge problem. I have a 3660 router with NM-16AM modules. Nothing has been changed. Suddenly we got complains from users tht they cannot connect. I have checked the AAA server. But there is nothing wrong. Here is my debug log: --- Call Handle failed for Modem 5/2 %LINK-3-UPDOWN: Interface Async163, changed state to up TPLUS: Queuing AAA Authentication request 634 for processing TPLUS: processing authentication start request id 634 TPLUS: Authentication start packet created for 634(testuser) TPLUS: Using server XY.XY.XY.250 TPLUS(027A): connected to server XY.XY.XY.250 TPLUS: response received for AAA request 634 TPLUS: Received authen response status FAIL (3) %LINK-5-CHANGED: Interface Async163, changed state to reset %LINK-3-UPDOWN: Interface Async163, changed state to down Call Handle failed for Modem 5/2 %LINK-3-UPDOWN: Interface Async163, changed state to up TPLUS: Queuing AAA Authentication request 637 for processing TPLUS: processing authentication start request id 637 TPLUS: Authentication start packet created for 637(testuser) TPLUS: Using server XY.XY.XY.250 TPLUS(027D): connected to server XY.XY.XY.250 TPLUS: response received for AAA request 637 TPLUS: Received authen response status FAIL (3) %LINK-5-CHANGED: Interface Async163, changed state to reset --- Any comments? I couldn't find what the FAIL(13) error code means. And also I don't know what causes Call Handle failed for Modem 5/2. I get this for a lot of my modems on my console.Thanks in advance, Hamid Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61292t=61292 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
