CNAP Sem. 5 - San Diego, CA [7:61897]
For those of you in San Diego who have completed your CCNA and are pursuing your CCNP, Southwestern college has begun Cisco Networking Academy Semester 5 (Advanced Routing) classes just last week. The instructor (Brian Sterck) is awesome and is more focused in teaching you the material than giving you pointers on passing the test. Labs are a big part of the class and always tie in to the lecture material. Currently semester 5 is the only CCNP class that has survived for this semester. The other classes have been cancelled or consolidated due to minimal enrollment. It's not too late to sign up! Southwestern College: http://www.swc.cc.ca.us/ --Fred D. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61897t=61897 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router boot up time [7:61848]
no service config --- Chris Penrose wrote: I have a router that takes about 10 minutes to start up, I can see that it is sending out a broadcast http://255.255.255.255/adsl-config.txt trying to find a tftp server and load a configuration file which I don't need, how do I switch this off :-/ Chris [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61898t=61848 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Multipoint/point-to-point(FR )which mostly used [7:61899]
Hi all, Generally what are mostly used in customer scenarios point to point or multipoint subinterfaces while confguring frame-relay.As U know all point -to point sub interface consumes lot no.of addreses all different subnets,although ip unnumbered is way to avoid this(ip unnumbered has the limitation of managing wan links which isp dont like) but still what isps prefer to suggest thier customers point to point or multipoint as of now.what is the general trend followed. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61899t=61899 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
route reflector question [7:61900]
Question about route reflector operation. It appears that a RR, when provided with multiple routes to the same destination, will pick the best path and then reflect this best path to the appropriate set of clients and non-clients. I had expected that the RR would simply just reflect routes and not perform route selection on behalf of clients. While this does have benefits to lower-end RR clients, I'm curious as to how step 8 of the BGP decision process is made. Step 8 is where an iBGP router, for a set of equal routes, will compute the IGP cost to the route's next-hop, and select the path whose next-hop is IGP closest. How is this step performed by the RR? Does the RR compute the IGP cost from itself to the next-hop, or does it attempt to compute the IGP cost from each client to the next-hop? I get the impression that it is the former (RR to nexthop). If this is correct, then might one expect sub-optimal BGP routes selection at times as the cost is from the RR to the next-hop and not the real cost from an iBGP client to the next-hop? Much like aggregation, some sub-optimalities might be the price paid to scale. Just trying to verify how path selection is handled when RR's are present. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61900t=61900 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP config query with Loopback [7:61756]
I am confused why you are using dafault routes and BGP at the same time in this setup and why you are using IGP with just 2 routers? Coming back to your question: When you advertise an IGP route in the BGP process with network statement, the ORIGIN attribute in the update messages is set to IGP (highest preference). This can affect the selection of best path. Second, looks like that Cisco wieght is affecting the selection of best path. By default, all Router originated prefixes have a weight of 32768 as in your case, so we can ignore them. Now for the peer advertised routes, looks like your AS number is considered as weight. Since 4799 is higher than default, it also comes as best path, 111 is lower so it does not. It is my guess as I have not configured and tried it. Try changing 111 to some number higher than 32768 and see. Let me know cause I'll be interested to know the outcome. Nadeem == NKP wrote: Hi , I have a simple BGP Query , I have got 2 routers : r2 and r5 , which are connected to each other via serial link and are on different AS , there routing configs are as follows : for r2 : interface Loopback0 ip address 202.202.1.1 255.255.255.255 router ospf 100 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! router bgp 111 no synchronization bgp router-id 202.202.1.1 bgp log-neighbor-changes network 202.202.1.1 mask 255.255.255.255 neighbor 101.101.101.77 remote-as 4799 neighbor 101.101.101.77 ebgp-multihop 5 neighbor 101.101.101.77 update-source Loopback0 ! and for R5 : interface Loopback0 ip address 101.101.101.77 255.255.255.255 ! router ospf 100 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! router bgp 4799 no synchronization bgp router-id 101.101.101.77 bgp log-neighbor-changes network 101.101.101.77 mask 255.255.255.255 neighbor 202.202.1.1 remote-as 111 neighbor 202.202.1.1 ebgp-multihop 5 neighbor 202.202.1.1 update-source Loopback0 ! when i see there routing tables , this output is as follows : on R2 Network Next HopMetric LocPrf Weight Path * 101.101.101.77/32 101.101.101.77 0 0 4799 i * 202.202.1.1/32 0.0.0.0 0 32768 i r2# r2# On r5 it is : Network Next HopMetric LocPrf Weight Path * 101.101.101.77/32 0.0.0.0 0 32768 i * 202.202.1.1/32 202.202.1.1 0 0 111 i r5# why is the route of : * 101.101.101.77/32 not coming as the best path with on R2 as in the table of r5 it is displaying the path of * 202.202.1.1/32 as best path , I dont want to do redistribution of BGP in OSPF and plus I dont want to give any static routes to the peers , as they are getting the path of destination loopback is known via OSPF , and the routes are there in the routing table FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Help with pix firewall logging [7:61902]
All, I have a pix running 6.2 it is logging to a freebsd server on the local network. It was logging at one time to syslog no problem but all of a sudden it stopped and I can't get it working. Here is the logging config I turned up logging to see if it would help and nothing. Yes I am sure syslog is running on the box if I do a tcpdump on the freebsd server I see nothing coming from the pix. logging on logging timestamp logging trap warnings logging history debugging logging facility 23 logging host inside 192.168.11.254 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61902t=61902 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Help with pix firewall logging [7:61902]
As a last resort I did reboot the pix also but still no logging, what am I missing? -Original Message- From: Elijah Savage III Sent: Sunday, January 26, 2003 1:11 PM To: [EMAIL PROTECTED] Subject: Help with pix firewall logging [7:61902] All, I have a pix running 6.2 it is logging to a freebsd server on the local network. It was logging at one time to syslog no problem but all of a sudden it stopped and I can't get it working. Here is the logging config I turned up logging to see if it would help and nothing. Yes I am sure syslog is running on the box if I do a tcpdump on the freebsd server I see nothing coming from the pix. logging on logging timestamp logging trap warnings logging history debugging logging facility 23 logging host inside 192.168.11.254 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61903t=61902 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF to Internet Q [7:61823]
I understand that there are many ways to, umm, do you-know-what to the cat, but what I am looking for is a higher guiding philosophy or rule to use as a foundation to guide the rest of the process. My understanding of the high-level OSPF process is that OSPF wants to route traffic from area a to area b via area 0. This in turn in part is why having destinations like the server farm in area 0 is bad in my mind. Given that process, should OSPF have an area between area 0 and the ASBR point, or does it internally treat the ASBR as another area thus meaning the ASBR can be directly with area 0. Howard C. Berkowitz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... At 8:56 PM + 1/25/03, Priscilla Oppenheimer wrote: Steve Ringley wrote: That is why I am asking the question - it is unclear! Let me try it this way: If we take the textbook Internet setup, we would have an outside router - BGP firewall inside router - OSPF ASBR to BGP core router - OSPF backbone On the inside router, would I create an ASBR with area 0 defined on the inside to core connection or Would I create an new OSPF area to define the connection between the inside router and the core router? Steve, this is rapidly becoming a question not of how the protocol works, but what you are trying to accomplish -- and a number of aspects of how you connect to the Internet, get address space, etc. I agree with Priscilla that there are various ways to do this -- just taking the textbook (well, not MY textbooks *g*) model isn't enough when you have multiple connections. I think you could do either one. Your core router connects (downwards in your picture) to Area 0 (the OSPF backbone), right? So, does your question boil down to whether the link between the inside router and the core router should be in Area 0 or a new Area? I think you could do it either way. There are several of these types of connections in the larger network, and there is an expectation that if one of these goes down the OSPF and BGP will figure it out and shift traffic to the working connections. OSPF should figure out which routes to the ASBRs are up. Your inside routers should inject an ASBR Summary LSA into Area 0 to make sure other routers know about the routes to the ASBRs. I don't think BGP is involved at this point. It sounds like you just run that to the outside world. You'll need to consider how traffic gets back in to. So, this is large-scale design, I'm realizing. You need more help than I can give! :-) Maybe Peter, Howard, Chuck, etc. could pipe in, or maybe do some paid consulting work for you!? Some of the questions that would need to be answered even to begin a coherent design include: -- To how many providers do you connect? -- Do you connect to any provider at more than one point? -- Does your registered address space come from provider(s), or is it provider-independent? -- How good is your address plan with respect to area summarization? -- What is your monetary cost for access to providers as opposed to internal bandwidth inside your network? For example, do you have enough bandwidth that it makes sense to backhaul to a distant provider access point, or should you always take the closest exit? -- Is the closest exit always the best exit? -- What are the bandwidths and monetary costs of your provider connections? -- What are your availability requirements? Cost of downtime, including a breakout of cost for mission-critical applications? Priscilla Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm afraid your question isn't clear. By definition, an ASBR connects two unlike networks, one that is running OSPF and one that isn't. So, the ASBR will connect to the Internet in your example. Steve Ringley wrote: I have an OSPF network, and I have my Internet connections. Do I: ASBR where traffic goes from area 0 to the Internet Is that where your Internet connection is? In area 0? Often, it is, and that's where your ASBR will be. or ASBR where traffic goes to an area x then to the Internet? Goes from where to an Area x and then to the Internet?? This is where your question gets unclear. But if you are considering putting an ASBR between Area x and Area 0, then that doesn't make sense. It's not an ASBR because it's connecting two OSPF networks. If your Internet connection is in Area X, you will have an ASBR that connects the OSPF world to the Internet, sitting on the edge of Area X. Are you asking if the ASBR should be in Area 0? I think the answer is yes, if it can, but sometimes that's simply not possible on large internetworks with multiple egress points. If I completely missed what you're getting at, sorry! Priscilla Message Posted at:
Re: Simple Question [7:61830]
Ah, thank you Pat! That is exactly what I was trying to bring out! Pat Do wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm enrolled in Cisco's CCNP Network Academy program and just completed their Multi-Layer Switching curriculum last semester. In their online curriculum, they refer to two flavors of switches: Set Based and IOS Based In Cisco's Network Academy online curriculum universe, Set Based switches are switches which use set commands, e.g. 4000 6000 series switches. IOS Based switches don't use set commands, e.g. the 2900XL switches. However, if you look at Cisco's CCNP Switching book by Hucaby, et al., they make the following distinction: IOS-based commands (found on CAT 1900/2820, 2900XL, and 3500XL) are similar to many IOS commands used on Cisco routers. Set-based, command-line interface (CLI) commands (found in 2926G, 4000, 5000 and 6000) use set and clear commands to make changes to the configuration. Pat Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61905t=61830 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help with pix firewall logging [7:61902]
Is syslogd still accepting connections from network devices? Did you change the firewall on the FreeBSD machine? The problem may not be the PIX. Ken Elijah Savage III 01/26/03 10:11AM All, I have a pix running 6.2 it is logging to a freebsd server on the local network. It was logging at one time to syslog no problem but all of a sudden it stopped and I can't get it working. Here is the logging config I turned up logging to see if it would help and nothing. Yes I am sure syslog is running on the box if I do a tcpdump on the freebsd server I see nothing coming from the pix. logging on logging timestamp logging trap warnings logging history debugging logging facility 23 logging host inside 192.168.11.254 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61906t=61902 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Router idle timeout [7:61907]
My router logs me out in a few minutes and gives the message R5 con0 is now available Press RETURN to get started. I dont want this to happen by making the timers to about an hour.. What command is it? its a simple command but i just cant recollect. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61907t=61907 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Router idle timeout [7:61907]
Bill wrote: My router logs me out in a few minutes and gives the message R5 con0 is now available Press RETURN to get started. I dont want this to happen by making the timers to about an hour.. What command is it? its a simple command but i just cant recollect. Go to cons0 (or VTY) and issue 'exec-timeout 60' I think. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61908t=61907 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
dot1x port-control auto?? [7:61909]
Hello,Playing a little more with this 3550 baby, I am running into more questions for which I am unable to find much help in the cmd. and config. guide: Question: To set the switch to prompt for client authentication on a port. say f0/10, would it be set to auto or force-authorized? 3550(config-if)#dot1x port-control ? autoAuthenticate automatically force-authorizedForce port to authorized state force-unauthorized Force port to unauthorized state Any help is gratefully appreciated.Thank you.Sincerely,CN STOP MORE SPAM with the new MSN 8 and get 2 months FREE* Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61909t=61909 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
UDP port 1434 [7:61891]
d tran wrote: You wouldn't have to fight the udp 1434 problem had you decided to scrap the shitty MS SQL server, running on crappy Windows machine and replace it MySQL (freeware) or real commercial database products like Oracle, running on Linux platform. Enjoy fighting udp1434. LOL DT I don't think that's true. He could have been a victim of other people running Windows SQL Server 2000. From what I understand about the worm, it not only repicated itself to other unpatched systems, but it send gazillions of packets to random IP addresses to port 1434. Many ISPs and companies were affected by it, not just the dumb butts who don't patch their systems. Here, we didn't seem to be affected by it, though. Maybe because I didn't check until Saturday afternoon? But no complaints came in. Are others willing to share their experiences? It could be a good learning opportunity. Anyone have a link to a good technical document about the worm? Thanks, Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61910t=61891 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Router idle timeout [7:61907]
You're correct. See: (watch for wrap) http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122tcr/122tfr/fft104.htm#1017909 Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61911t=61907 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Router boot up time [7:61848]
Even without 'no service config', it shouldn't take 10 minutes to get a router up. If you are consoled in, you will see the router attempted to get a config automatically, but again, even with that, you should get a command prompt you can control in less than 10 minutes. My 2 cents. Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61912t=61848 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: show cdp neighbors command [7:61782]
I know that we don't change the default distance that a switch should see, and we can only see directly connected devices with cdp neig. I've never seen an instance where CDP neighbor showed anything more than 1 hop (L2 hop) away. Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61913t=61782 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Broadcast keyword in subinterface [7:61829]
I checked on my routers. They let me enter the broadcast keyword on a subinterface using the frame-relay interface-dlci dlci command. But they are running 11.0. So maybe it was supported at one time, but then Cisco realized it wasn't necessary and removed it. Historical IOS research isn't fun, so I won't bother to do more. :-) Priscilla Simmi Singla wrote: Hi Priscilla, I myself also didnot check on the router just saw that in documentation .yeah true there is no keyword broadcast on the subinterface as per now i checked on my router . http://www.cisco.com/en/US/products/sw/iosswrel/ps1824/products_command_summary_chapter09186a0080081010.html#xtocid1342715. see this link above here its mentioned broadcast keyword ,i think U are correct it might be for main interface or what ,either the documentation is wrong. In the link u specified it was not. Priscilla Oppenheimer wrote: You better show us actual router output and tell us your IOS version. Per Chuck and Cisco's latest WAN Command Reference, there isn't a broadcast argument to the frame-relay interface-dlci command. Here's the syntax per Cisco: frame-relay interface-dlci dlci [ietf | cisco] [voice-cir cir] [ppp virtual-template-name] See the Command Reference here: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fwan_r/frcmds/wrffr2.htm So, something is definitely squirelly if you are able to type in the broadcast keyword. I'll try on my routers too if I get a chance. Priscilla Simmi Singla wrote: Hi , Thanx both of u for answering But my design is like that I am using point to point subinterfaces for connecting to remote sites.right now only static routing we have but it might be tommorow we may switch for dynamic routing protocols so in that case as both of us sain no need of broadcast keyword on point to point subinterfaces. if its not needed then why in the command there is option for broadcast keyword. Example: Int serial 0/0 no ip address int serial 0/0.1 ip address 1.1.1.1 ?255.255.255.0 frame-relay interface-dlci 16 broadcast should i give broadcast or not ,Correct this is point to point link and adjancies will be established automatically. why this broadcast option is there ,still a confusion although this keyword is optional.This maeans this keyword will never be used on point to point interfaces. am i right if not please correct me Priscilla Oppenheimer wrote: Priscilla Oppenheimer wrote: Simmi Singla wrote: Hi all, Can anybody explain me when i use the broadcast keyword in sub interface(fram-relay interface-dlci 16 broadcast) then if i have only static routing will it affect that.I read that it is used only for OSPF to pass broadcasts , if multicasting disabled.But In a scenario if I have no dynamic routing and give this command what will happen. will it pass unknown broadcasts on frame-relay. Remember a router doesn't pass broadcasts, i.e. forward broadcasts. So think about when you would need to let a router send broadcasts on its own, from its own interface. The usual case is to support dynamic routing. If you are using static routing, then you don't have to worry about it. Frame Relay is used on routers to create virtual circuits to remote sites. A point-to-point virtual circuit can send broadcasts without any problem. Frame Relay is often designed in a hub-and-spoke topology, however, with the hub router connecting many remote sites. A typical design is to place all the WAN serial interfaces in this design in the same subnet, thus creating a multiaccess WAN cloud. The cloud resembles a LAN subnet, but does not support broadcasting like a LAN would. The cloud is a nonbroadcast multiaccess (NBMA) network. When a router sends a broadcast into the cloud, only a directly connected router on the same virtual circuit hears it. Many protocols were designed with the assumption that two hosts on the same subnet have Layer 2 connectivity and can easily hear each other's broadcasts. This isn't the case in a Frame Relay hub-and-spoke topology. So to fix the problem, if this is your design, you better add the broadcast keyword if you are using dynamic addressing. I meant to say dynamic routing there. That is, use the broadcast keyword if you need the router to send routing protocol route updates or hellos as broadcasts (or multicasts). He had asked about static routing, so I wanted to add that thought but then the darn phone rang while I was typing and I wrote dynamic addressing instead of dynamic routing. :-) Priscilla
Re: OSPF to Internet Q [7:61823]
At 6:56 PM + 1/26/03, Steve Ringley wrote: I understand that there are many ways to, umm, do you-know-what to the cat, but what I am looking for is a higher guiding philosophy or rule to use as a foundation to guide the rest of the process. My understanding of the high-level OSPF process is that OSPF wants to route traffic from area a to area b via area 0. This in turn in part is why having destinations like the server farm in area 0 is bad in my mind. Completely true. Given that process, should OSPF have an area between area 0 and the ASBR point, or does it internally treat the ASBR as another area thus meaning the ASBR can be directly with area 0. Again, it depends on several factors. Is the ASBR going to the Internet? Is there more than one point of connection to the Internet? How much external information are you going to leak into your IGP? Just closest-exit default? Preferential default depending on provider? If you have multiple connection points, what's the cost of internal bandwidth? IN GENERAL, I put Internet ASBRs in Area 0.0.0.0, but I've also put them elsewhere for policy- and requirement-specific reasons. There really is no general rule for the real world. Howard C. Berkowitz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... At 8:56 PM + 1/25/03, Priscilla Oppenheimer wrote: Steve Ringley wrote: That is why I am asking the question - it is unclear! Let me try it this way: If we take the textbook Internet setup, we would have an outside router - BGP firewall inside router - OSPF ASBR to BGP core router - OSPF backbone On the inside router, would I create an ASBR with area 0 defined on the inside to core connection or Would I create an new OSPF area to define the connection between the inside router and the core router? Steve, this is rapidly becoming a question not of how the protocol works, but what you are trying to accomplish -- and a number of aspects of how you connect to the Internet, get address space, etc. I agree with Priscilla that there are various ways to do this -- just taking the textbook (well, not MY textbooks *g*) model isn't enough when you have multiple connections. I think you could do either one. Your core router connects (downwards in your picture) to Area 0 (the OSPF backbone), right? So, does your question boil down to whether the link between the inside router and the core router should be in Area 0 or a new Area? I think you could do it either way. There are several of these types of connections in the larger network, and there is an expectation that if one of these goes down the OSPF and BGP will figure it out and shift traffic to the working connections. OSPF should figure out which routes to the ASBRs are up. Your inside routers should inject an ASBR Summary LSA into Area 0 to make sure other routers know about the routes to the ASBRs. I don't think BGP is involved at this point. It sounds like you just run that to the outside world. You'll need to consider how traffic gets back in to. So, this is large-scale design, I'm realizing. You need more help than I can give! :-) Maybe Peter, Howard, Chuck, etc. could pipe in, or maybe do some paid consulting work for you!? Some of the questions that would need to be answered even to begin a coherent design include: -- To how many providers do you connect? -- Do you connect to any provider at more than one point? -- Does your registered address space come from provider(s), or is it provider-independent? -- How good is your address plan with respect to area summarization? -- What is your monetary cost for access to providers as opposed to internal bandwidth inside your network? For example, do you have enough bandwidth that it makes sense to backhaul to a distant provider access point, or should you always take the closest exit? -- Is the closest exit always the best exit? -- What are the bandwidths and monetary costs of your provider connections? -- What are your availability requirements? Cost of downtime, including a breakout of cost for mission-critical applications? Priscilla Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm afraid your question isn't clear. By definition, an ASBR connects two unlike networks, one that is running OSPF and one that isn't. So, the ASBR will connect to the Internet in your example. Steve Ringley wrote: I have an OSPF network, and I have my Internet connections. Do I: ASBR where traffic goes from area 0 to the Internet Is that where your Internet connection is? In area 0? Often, it is, and that's where your ASBR will be. or ASBR where traffic goes to an area x then to the Internet? Goes from where to an Area x and then to the Internet?? This is where your
Bandwidth Restriction [7:61916]
Hey all... Are there any ISP's out there with co-location clients located in their NOC??? If so, how do you effectively rate-limit their bandwidth. We currently use CAR on our switches/routers to accomplish this task but wondered if there is a better, more manageable way to accomplish this task. Maybe with some other form of hardware? Regards, Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61916t=61916 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Broadcast keyword in subinterface [7:61829]
Thanx for replying back. Confusion is cleared Currently going through your book Top Down Design:) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61917t=61829 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: UDP port 1434 [7:61891]
Cheers, Symon -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: 26 January 2003 20:02 To: [EMAIL PROTECTED] Subject: UDP port 1434 [7:61891] d tran wrote: You wouldn't have to fight the udp 1434 problem had you decided to scrap the shitty MS SQL server, running on crappy Windows machine and replace it MySQL (freeware) or real commercial database products like Oracle, running on Linux platform. Enjoy fighting udp1434. LOL DT I don't think that's true. He could have been a victim of other people running Windows SQL Server 2000. From what I understand about the worm, it not only repicated itself to other unpatched systems, but it send gazillions of packets to random IP addresses to port 1434. Many ISPs and companies were affected by it, not just the dumb butts who don't patch their systems. Here, we didn't seem to be affected by it, though. Maybe because I didn't check until Saturday afternoon? But no complaints came in. Are others willing to share their experiences? It could be a good learning opportunity. Anyone have a link to a good technical document about the worm? Thanks, Priscilla = This email has been content filtered and subject to spam filtering. If you consider this email is unsolicited please forward the email to [EMAIL PROTECTED] and request that the sender's domain be blocked from sending any further emails. = Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61918t=61891 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Help with pix firewall logging [7:61902]
The problem is definitely the pix. Even if syslogd was not running or a firewall running on the box was blocking it I would still see the packets arriving to the box when running tcpdump on the server. But yes other machines are still logging to this box. -Original Message- From: Ken Diliberto [mailto:[EMAIL PROTECTED]] Sent: Sunday, January 26, 2003 2:28 PM To: [EMAIL PROTECTED] Subject: Re: Help with pix firewall logging [7:61902] Is syslogd still accepting connections from network devices? Did you change the firewall on the FreeBSD machine? The problem may not be the PIX. Ken Elijah Savage III 01/26/03 10:11AM All, I have a pix running 6.2 it is logging to a freebsd server on the local network. It was logging at one time to syslog no problem but all of a sudden it stopped and I can't get it working. Here is the logging config I turned up logging to see if it would help and nothing. Yes I am sure syslog is running on the box if I do a tcpdump on the freebsd server I see nothing coming from the pix. logging on logging timestamp logging trap warnings logging history debugging logging facility 23 logging host inside 192.168.11.254 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61919t=61902 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Bandwidth Restriction [7:61916]
Packeteer makes a great product, the Packetshaper. It works very well, check it out: www.packeteer.com -Original Message- From: Chris Headings [mailto:[EMAIL PROTECTED]] Sent: Sunday, January 26, 2003 3:33 PM To: [EMAIL PROTECTED] Subject: Bandwidth Restriction [7:61916] Hey all... Are there any ISP's out there with co-location clients located in their NOC??? If so, how do you effectively rate-limit their bandwidth. We currently use CAR on our switches/routers to accomplish this task but wondered if there is a better, more manageable way to accomplish this task. Maybe with some other form of hardware? Regards, Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61920t=61916 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
llc2 MS-DOS tutorial [7:61921]
Hi Group, I have once used a ms-dos tutorial that wounderfully explains how llc2 works. It was an animation of frames transmission between two hosts. Does any body knows where is the location of this program now? I need to download it again. Thanks John Tafasi Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61921t=61921 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: UDP port 1434 [7:61891]
Amen! We are not running any Windows SQL and are only running MySQL on Linux. Here is what we turned away at the front door in the past 12 hours on one 20MB connection: deny udp any any eq 1434 (205647 matches) Here is Cisco's link: http://www.cisco.com/warp/public/707/cisco-sn-20030125-worm.shtml CERT and SANS also have info. Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... d tran wrote: You wouldn't have to fight the udp 1434 problem had you decided to scrap the shitty MS SQL server, running on crappy Windows machine and replace it MySQL (freeware) or real commercial database products like Oracle, running on Linux platform. Enjoy fighting udp1434. LOL DT I don't think that's true. He could have been a victim of other people running Windows SQL Server 2000. From what I understand about the worm, it not only repicated itself to other unpatched systems, but it send gazillions of packets to random IP addresses to port 1434. Many ISPs and companies were affected by it, not just the dumb butts who don't patch their systems. Here, we didn't seem to be affected by it, though. Maybe because I didn't check until Saturday afternoon? But no complaints came in. Are others willing to share their experiences? It could be a good learning opportunity. Anyone have a link to a good technical document about the worm? Thanks, Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61922t=61891 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help with pix firewall logging [7:61902]
It may that no alerts at the warnings level have occured. Trying setting it at a high level such as 6 or 7 (which pretty much logs everthing). Once you have ascertained that logging between the PIX and syslog server are working, then restore it back to the warnings level. HTH, Charles Elijah Savage III wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... All, I have a pix running 6.2 it is logging to a freebsd server on the local network. It was logging at one time to syslog no problem but all of a sudden it stopped and I can't get it working. Here is the logging config I turned up logging to see if it would help and nothing. Yes I am sure syslog is running on the box if I do a tcpdump on the freebsd server I see nothing coming from the pix. logging on logging timestamp logging trap warnings logging history debugging logging facility 23 logging host inside 192.168.11.254 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61923t=61902 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: UDP port 1434 [7:61891]
comments inline... Anyone have a link to a good technical document about the worm? Thanks, Priscilla Below is from bugtraq: SQL Sapphire Worm Analysis Release Date: 1/25/03 Severity: High Systems Affected: Microsoft SQL Server 2000 pre SP 2 Description: Late Friday, January 24, 2003 we became aware of a new SQL worm spreading quickly across various networks around the world. The worm is spreading using a buffer overflow to exploit a flaw in Microsoft SQL Server 2000. The SQL 2000 server flaw was discovered in July, 2002 by Next Generation Security Software Ltd. The buffer overflow exists because of the way SQL improperly handles data sent to its Microsoft SQL Monitor port. Attackers leveraging this vulnerability will be executing their code as SYSTEM, since Microsoft SQL Server 2000 runs with SYSTEM privileges. The worm works by generating pseudo-random IP addresses to try to infect with its payload. The worm payload does not contain any additional malicious content (in the form of backdoors etc.); however, because of the nature of the worm and the speed at which it attempts to re-infect systems, it can potentially create a denial-of-service attack against infected networks. We have been able to verify that multiple points of connectivity on the Internet have been bogged down since 9pm Pacific Standard Time. It should be noted that this worm is not the same as an earlier SQL worm that used the SA/nopassword SQL vulnerability as its spread vector. This is a new worm is more devastating as it is taking advantage of a software-specific flaw rather than a configuration error. We have already had many reports of smaller networks brought down due to the flood of data from the Sapphire Worm trying to re- infect new systems. Corrective Action We recommend that people immediately firewall SQL service ports at all of their gateways. The worm uses only UDP port 1434 (SQL Monitor Port) to spread itself to a new system; however, it is safe practice to filter all SQL traffic at all gateways. The following is a list of SQL server ports: ms-sql-s 1433/tcp #Microsoft-SQL-Server ms-sql-s 1433/udp #Microsoft-SQL-Server ms-sql-m 1434/tcp #Microsoft-SQL-Monitor ms-sql-m 1434/udp #Microsoft-SQL-Monitor Once again this worm is taking advantage of a known vulnerability that has had a patch available for many months. Microsoft has also released a recent service pack for SQL (Service Pack 3) that includes a fix for this vulnerability. Standalone patch: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-039.asp SQL 2000 Service Pack 3: http://www.microsoft.com/sql/downloads/2000/sp3.asp Previous SQL Service Pack versions are vulnerable. Technical Description The following is a quick run-down of what the worm's payload is doing after infection: 1. Retrieves the address of GetProcAddress and Loadlibrary from the IAT in sqlsort.dll. It snags the necessary library base addresses and function entry points as needed. 2. Calls gettickcount, and uses returned count as a pseudo-random seed 3. Creates a UDP socket 4. Performs a simple pseudo random number generation formula using the returned gettickcount value to generate an IP Address that will later be used as the target. 5. Send worm payload in a SQL Server Resolution Service request to the pseudo random target address, on port 1434 (UDP). 6. Return back to formula and continue generating new pseudo random addresses. push42B0C9DCh ; [RET] sqlsort.dll - jmp esp mov eax, 1010101h ; Reconstruct session, after the overflow the payload buffer ; get's corrupted during program execution but before the ; payload is executed. . xor ecx, ecx mov cl, 18h FIXUP: pusheax loopFIXUP xor eax, 5010101h pusheax mov ebp, esp pushecx push6C6C642Eh push32336C65h push6E72656Bh ; kernel32 pushecx push746E756Fh ; GetTickCount push436B6369h push54746547h mov cx, 6C6Ch pushecx push642E3233h ; ws2_32.dll push5F327377h mov cx, 7465h pushecx push6B636F73h ; socket mov cx, 6F74h pushecx push646E6573h ; sendto mov esi, 42AE1018h ; IAT from sqlsort lea eax, [ebp-2Ch] ; (ws2_32.dll) pusheax calldword ptr [esi] ; call loadlibrary pusheax
RE: UDP port 1434 [7:61891]
It deleted my post Here is the link again: http://www.eeye.com/html/Research/Flash/AL20030125.html Symon -Original Message- From: Symon Thurlow Sent: 26 January 2003 21:04 To: [EMAIL PROTECTED] Subject: RE: UDP port 1434 [7:61891] Cheers, Symon -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: 26 January 2003 20:02 To: [EMAIL PROTECTED] Subject: UDP port 1434 [7:61891] d tran wrote: You wouldn't have to fight the udp 1434 problem had you decided to scrap the shitty MS SQL server, running on crappy Windows machine and replace it MySQL (freeware) or real commercial database products like Oracle, running on Linux platform. Enjoy fighting udp1434. LOL DT I don't think that's true. He could have been a victim of other people running Windows SQL Server 2000. From what I understand about the worm, it not only repicated itself to other unpatched systems, but it send gazillions of packets to random IP addresses to port 1434. Many ISPs and companies were affected by it, not just the dumb butts who don't patch their systems. Here, we didn't seem to be affected by it, though. Maybe because I didn't check until Saturday afternoon? But no complaints came in. Are others willing to share their experiences? It could be a good learning opportunity. Anyone have a link to a good technical document about the worm? Thanks, Priscilla = This email has been content filtered and subject to spam filtering. If you consider this email is unsolicited please forward the email to [EMAIL PROTECTED] and request that the sender's domain be blocked from sending any further emails. = = This email has been content filtered and subject to spam filtering. If you consider this email is unsolicited please forward the email to [EMAIL PROTECTED] and request that the sender's domain be blocked from sending any further emails. = Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61925t=61891 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP Recertification [7:60972]
Can someone please direct me to the website that says thatyou can take all those tests again, instead of just doing the recertification exam please? Thanks Helena On Sat, 25 Jan 2003, Peter Marsh wrote: saj, I just took it, it was really hard. I screwed up on the scenario, but didn't miss by too much. I will study some more and get it the next time. I would rather one big test at once, and get it over with, rather than taking them all over again. Good luck! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61926t=60972 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP Recertification [7:60972]
actually, if you move to a higher level cert that will also renew your CCNx/CCDx Helena wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Can someone please direct me to the website that says thatyou can take all those tests again, instead of just doing the recertification exam please? Thanks Helena On Sat, 25 Jan 2003, Peter Marsh wrote: saj, I just took it, it was really hard. I screwed up on the scenario, but didn't miss by too much. I will study some more and get it the next time. I would rather one big test at once, and get it over with, rather than taking them all over again. Good luck! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61927t=60972 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: UDP port 1434 [7:61891]
the dumb butts are allowing access to SQL from public networks. how difficult is it to filter stuff out? SQL boxes should be on private networks, no routes to public, second or third tier, etc. Y2K all over... This time in security business. Bunch of con artists claiming to be security experts. Cheers... P.S. There was a news clip that BofA networks were effected. this is scary. l0stbyte Symon Thurlow wrote: Cheers, Symon -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: 26 January 2003 20:02 To: [EMAIL PROTECTED] Subject: UDP port 1434 [7:61891] d tran wrote: You wouldn't have to fight the udp 1434 problem had you decided to scrap the shitty MS SQL server, running on crappy Windows machine and replace it MySQL (freeware) or real commercial database products like Oracle, running on Linux platform. Enjoy fighting udp1434. LOL DT I don't think that's true. He could have been a victim of other people running Windows SQL Server 2000. From what I understand about the worm, it not only repicated itself to other unpatched systems, but it send gazillions of packets to random IP addresses to port 1434. Many ISPs and companies were affected by it, not just the dumb butts who don't patch their systems. Here, we didn't seem to be affected by it, though. Maybe because I didn't check until Saturday afternoon? But no complaints came in. Are others willing to share their experiences? It could be a good learning opportunity. Anyone have a link to a good technical document about the worm? Thanks, Priscilla = This email has been content filtered and subject to spam filtering. If you consider this email is unsolicited please forward the email to [EMAIL PROTECTED] and request that the sender's domain be blocked from sending any further emails. = Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61928t=61891 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP Recertification [7:60972]
s/640-851.html and http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_exam s/640-529.html Watch the wrap... I hope that helps... --- Dennis - Original Message - From: Helena To: Sent: Sunday, January 26, 2003 3:13 PM Subject: RE: CCNP Recertification [7:60972] Can someone please direct me to the website that says thatyou can take all those tests again, instead of just doing the recertification exam please? Thanks Helena On Sat, 25 Jan 2003, Peter Marsh wrote: saj, I just took it, it was really hard. I screwed up on the scenario, but didn't miss by too much. I will study some more and get it the next time. I would rather one big test at once, and get it over with, rather than taking them all over again. Good luck! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61929t=60972 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: UDP port 1434 [7:61891]
We do have machines running flavors of MS-SQL on our network both in production and in classrooms/labs. These are the stats from about 8 A.M. on Saturday to 3:08 P.M. on Sunday for several of our access-lists. Keep in mind this is only from the two RSMs in one core 5500 and it's only internal traffic: deny udp any any eq 1434 (590511831 matches) deny udp any any eq 1434 (124971 matches) deny udp any any eq 1434 (43 matches) deny udp any any eq 1434 (18025943 matches) deny udp any any eq 1434 (642748443 matches) 1 RSM: Mercury-RSM4sh proc cpu CPU utilization for five seconds: 87%/64%; one minute: 84%; five minutes: 84% I put up a web page with graphs for those interested: http://www.csupomona.edu/~ken/website/sqlworm.html Almost all our backbone links are 100FX and most workstations connected at 10Mb/Half duplex. I wonder how bad it would be if they were GigE backbone links and 100TX workstation links. Amazing 01/26/03 01:20PM Amen! We are not running any Windows SQL and are only running MySQL on Linux. Here is what we turned away at the front door in the past 12 hours on one 20MB connection: deny udp any any eq 1434 (205647 matches) Here is Cisco's link: http://www.cisco.com/warp/public/707/cisco-sn-20030125-worm.shtml CERT and SANS also have info. Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... d tran wrote: You wouldn't have to fight the udp 1434 problem had you decided to scrap the shitty MS SQL server, running on crappy Windows machine and replace it MySQL (freeware) or real commercial database products like Oracle, running on Linux platform. Enjoy fighting udp1434. LOL DT I don't think that's true. He could have been a victim of other people running Windows SQL Server 2000. From what I understand about the worm, it not only repicated itself to other unpatched systems, but it send gazillions of packets to random IP addresses to port 1434. Many ISPs and companies were affected by it, not just the dumb butts who don't patch their systems. Here, we didn't seem to be affected by it, though. Maybe because I didn't check until Saturday afternoon? But no complaints came in. Are others willing to share their experiences? It could be a good learning opportunity. Anyone have a link to a good technical document about the worm? Thanks, Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61930t=61891 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP Recertification [7:60972]
For some reason my message seemed to get the first line chopped off. Helena - you'll find the entire links listed below (watch the wrap)... --- Dennis - Original Message - From: Dennis Laganiere To: Helena ; Sent: Sunday, January 26, 2003 4:25 PM Subject: Re: CCNP Recertification [7:60972] http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_exam s/640-851.html and http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_exam s/640-529.html Watch the wrap... I hope that helps... --- Dennis - Original Message - From: Helena To: Sent: Sunday, January 26, 2003 3:13 PM Subject: RE: CCNP Recertification [7:60972] Can someone please direct me to the website that says thatyou can take all those tests again, instead of just doing the recertification exam please? Thanks Helena On Sat, 25 Jan 2003, Peter Marsh wrote: saj, I just took it, it was really hard. I screwed up on the scenario, but didn't miss by too much. I will study some more and get it the next time. I would rather one big test at once, and get it over with, rather than taking them all over again. Good luck! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61931t=60972 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: UDP port 1434 [7:61891]
l0stbyte wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... the dumb butts are allowing access to SQL from public networks. how difficult is it to filter stuff out? SQL boxes should be on private networks, no routes to public, second or third tier, etc. Y2K all over... This time in security business. Bunch of con artists claiming to be security experts. some more detailed information may be found at http://www.techie.hopto.org/sqlworm.html Ken D's post is an interesting read as well. One means of stopping this kind of stuff is to filter at the edges everything except for those specific ports and services which are required and in use. unfortunately, due to the nature of TCP/UDP, and the lack of any hard requirements for vendors to register their port numbers, it can be difficult to identify what exactly is required in any business situation. Cheers... P.S. There was a news clip that BofA networks were effected. this is scary. there is a thread about this very topic on NANOG as well. http://www.merit.edu/mail.archives/nanog/msg06789.html titled Banc of America worth applying some logical though here. BOA's ATM network is effected by internet outages? Bright idea? or disinformation on the part of BOA? l0stbyte Symon Thurlow wrote: Cheers, Symon -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: 26 January 2003 20:02 To: [EMAIL PROTECTED] Subject: UDP port 1434 [7:61891] d tran wrote: You wouldn't have to fight the udp 1434 problem had you decided to scrap the shitty MS SQL server, running on crappy Windows machine and replace it MySQL (freeware) or real commercial database products like Oracle, running on Linux platform. Enjoy fighting udp1434. LOL DT I don't think that's true. He could have been a victim of other people running Windows SQL Server 2000. From what I understand about the worm, it not only repicated itself to other unpatched systems, but it send gazillions of packets to random IP addresses to port 1434. Many ISPs and companies were affected by it, not just the dumb butts who don't patch their systems. Here, we didn't seem to be affected by it, though. Maybe because I didn't check until Saturday afternoon? But no complaints came in. Are others willing to share their experiences? It could be a good learning opportunity. Anyone have a link to a good technical document about the worm? Thanks, Priscilla = This email has been content filtered and subject to spam filtering. If you consider this email is unsolicited please forward the email to [EMAIL PROTECTED] and request that the sender's domain be blocked from sending any further emails. = Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61932t=61891 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
can't fix 100 speed on 3550 gigabite switch [7:61933]
Hi.. I found that I can't set my gigabit switch port speed to 100? Why?? How to do it??? cat35-L8-1#conf t Enter configuration commands, one per line. End with CNTL/Z. cat35-L8-1(config)#int gi0/12 cat35-L8-1(config-if)#speed 100 ^ % Invalid input detected at '^' marker. cat35-L8-1(config-if)#speed ? nonegotiate Do not negotiate speed cat35-L8-1(config-if)#speed cat35-L8-1#sh ver Cisco Internetwork Operating System Software IOS (tm) C3550 Software (C3550-I5Q3L2-M), Version 12.1(6)EA1, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Tue 09-Oct-01 21:46 by devgoyal Image text-base: 0x3000, data-base: 0x00617E14 ROM: Bootstrap program is C3550 boot loader cat35-L8-1 uptime is 3 weeks, 5 days, 16 hours, 46 minutes System returned to ROM by power-on System image file is flash:c3550-i5q3l2-mz.121-6.EA1/c3550-i5q3l2-mz.121-6.EA1.bin cisco WS-C3550-12T (PowerPC) processor (revision A0) with 65526K/8192K bytes of memory. Processor board ID FAA0611V022 _ Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61933t=61933 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: UDP port 1434 [7:61891]
what's amazing are the assumptions that people are making--who says tht BoA servers or any BoA database were comprimised? who says they are even running MS-SQL? Read how the worm is spreading and you will understand that you dont have to be running anything that can be affected by the worm. my guess is that a company with LARGE blocks of routable addresses and probably very high speed connections to the Internet might have bigger problems with this worm which in effect becomes a denial of service attack on their edge devices even if they are filtering out udp 1494 at the edge. take a look at the post by Ken and observe what is happening to the CPU of one of his router blades. i definitely agree with your comment about the security con artist comparison the y2k consultants l0stbyte wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... the dumb butts are allowing access to SQL from public networks. how difficult is it to filter stuff out? SQL boxes should be on private networks, no routes to public, second or third tier, etc. Y2K all over... This time in security business. Bunch of con artists claiming to be security experts. Cheers... P.S. There was a news clip that BofA networks were effected. this is scary. l0stbyte Symon Thurlow wrote: Cheers, Symon -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: 26 January 2003 20:02 To: [EMAIL PROTECTED] Subject: UDP port 1434 [7:61891] d tran wrote: You wouldn't have to fight the udp 1434 problem had you decided to scrap the shitty MS SQL server, running on crappy Windows machine and replace it MySQL (freeware) or real commercial database products like Oracle, running on Linux platform. Enjoy fighting udp1434. LOL DT I don't think that's true. He could have been a victim of other people running Windows SQL Server 2000. From what I understand about the worm, it not only repicated itself to other unpatched systems, but it send gazillions of packets to random IP addresses to port 1434. Many ISPs and companies were affected by it, not just the dumb butts who don't patch their systems. Here, we didn't seem to be affected by it, though. Maybe because I didn't check until Saturday afternoon? But no complaints came in. Are others willing to share their experiences? It could be a good learning opportunity. Anyone have a link to a good technical document about the worm? Thanks, Priscilla = This email has been content filtered and subject to spam filtering. If you consider this email is unsolicited please forward the email to [EMAIL PROTECTED] and request that the sender's domain be blocked from sending any further emails. = Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61934t=61891 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: can't fix 100 speed on 3550 gigabite switch [7:61933]
you have a 3550-12T, so I am assuming that ports 0/11 and 0/12 are the gbic ports. if you check the documentation, you will find that speed cannot be set in a gbic port. http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12112cea/3550cr/cl i2.htm#xtocid101 You can configure Fast Ethernet port speed to either 10 or 100 Mbps. You can configure Gigabit Ethernet port speed to 10, 100, or 1000 Mbps. You cannot configure speed on Gigabit Interface Converter (GBIC) interfaces, but for 1000BASE-SX, -LX, or -ZX GBICs, you can configure speed to not negotiate (nonegotiate) if connected to a device that does not support autonegotiation. HTH -- TANSTAAFL there ain't no such thing as a free lunch Richard Campbell wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi.. I found that I can't set my gigabit switch port speed to 100? Why?? How to do it??? cat35-L8-1#conf t Enter configuration commands, one per line. End with CNTL/Z. cat35-L8-1(config)#int gi0/12 cat35-L8-1(config-if)#speed 100 ^ % Invalid input detected at '^' marker. cat35-L8-1(config-if)#speed ? nonegotiate Do not negotiate speed cat35-L8-1(config-if)#speed cat35-L8-1#sh ver Cisco Internetwork Operating System Software IOS (tm) C3550 Software (C3550-I5Q3L2-M), Version 12.1(6)EA1, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Tue 09-Oct-01 21:46 by devgoyal Image text-base: 0x3000, data-base: 0x00617E14 ROM: Bootstrap program is C3550 boot loader cat35-L8-1 uptime is 3 weeks, 5 days, 16 hours, 46 minutes System returned to ROM by power-on System image file is flash:c3550-i5q3l2-mz.121-6.EA1/c3550-i5q3l2-mz.121-6.EA1.bin cisco WS-C3550-12T (PowerPC) processor (revision A0) with 65526K/8192K bytes of memory. Processor board ID FAA0611V022 _ Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61935t=61933 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP Recertification [7:60972]
Amazing wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... actually, if you move to a higher level cert that will also renew your CCNx/CCDx want to clarify this? Obtaining the CCIE does NOT automatically confer CCXP status. What other cert is higher than an NP or DP? Helena wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Can someone please direct me to the website that says thatyou can take all those tests again, instead of just doing the recertification exam please? Thanks Helena On Sat, 25 Jan 2003, Peter Marsh wrote: saj, I just took it, it was really hard. I screwed up on the scenario, but didn't miss by too much. I will study some more and get it the next time. I would rather one big test at once, and get it over with, rather than taking them all over again. Good luck! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61936t=60972 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Why multicast protocol packet in th VLAN changed [7:61937]
I have this situation: I connect four ethernet port to a hub . - --- | port1 |---| | | | | | | port2 |---| | | | | hub | | port3 |---| | | | | | | port4 |---| | | | --- - I also assign the port1 - port4 to a single vlan v1 the vlan v1 has ip 1.1.2.1/24 I enable protocol vrrp on the vlan v1 Vrrp protocol packet was send from port1-4 However , because the four ports send multicast packet, the packet length changed ,increase and then decrease. I do not know why ? Anyone can tell me the reason. I appreciate it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61937t=61937 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: UDP port 1434 [7:61891]
While trying to modify the ACL's, I had to disable two trunks into that switch. I could telnet into the supervisor no problem. When I tried sess 4 or sess 7 I would get a timeout. I read reports of routers hanging under the load. This what I think happened to BofA. The routers probably couldn't handle the load of all that traffic. Maybe some hung and required manual intervention. IMHO, SQL wasn't their problem. High traffic levels was. I know I couldn't connect to my VPN and it took several tries with SSH to get into one of my Unix machines. How would I handle this type of problem in the future? Good question to which I'm not sure I have a good answer. We are replacing our core 5500's with 6500's. Our backbones from 100FX to GigE. Our Internet connection from OC-3 to GigE. Maybe the additional horsepower will help. Maybe it will hammer the servers so hard they crash and I can't do anything. In a way, I was taking a small risk with putting in firewall rules and ACLs to block this traffic. I'm working with people on campus to add firewall rules, but I may not do it without their permission. That and people are free to put anything they want on the network. If this were a corporate network and not an education network, I would convince the CIO/CTO/CEO that we need to tighten security. Here, I have to convince the technicians in each college and division that security is good. What would happen if this worm was a TCP port 80, TCP port 53 or UDP port 53 worm? Ken Amazing 01/26/03 06:15PM what's amazing are the assumptions that people are making--who says tht BoA servers or any BoA database were comprimised? who says they are even running MS-SQL? Read how the worm is spreading and you will understand that you dont have to be running anything that can be affected by the worm. my guess is that a company with LARGE blocks of routable addresses and probably very high speed connections to the Internet might have bigger problems with this worm which in effect becomes a denial of service attack on their edge devices even if they are filtering out udp 1494 at the edge. take a look at the post by Ken and observe what is happening to the CPU of one of his router blades. i definitely agree with your comment about the security con artist comparison the y2k consultants [snip] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61938t=61891 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
How Much This User Router [7:61939]
Can any one tell me how much below used router and a brand new unit? Thanks Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS40-L), Version 11.3(11b), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Fri 02-Mar-01 18:47 by cmong Image text-base: 0x030383FC, data-base: 0x1000 ROM: System Bootstrap, Version 11.0(10c), SOFTWARE BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFTWARE (fc1) LOCUG uptime is 2 minutes System restarted by power-on System image file is flash:c2500-is40-l.113-11b.bin, booted via flash cisco 2511 (68030) processor (revision M) with 2048K/2048K bytes of memory. Processor board ID 10297453, with hardware revision Bridging software. X.25 software, Version 3.0.0. 1 Ethernet/IEEE 802.3 interface(s) 2 Serial network interface(s) 16 terminal line(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read ONLY) Configuration register is 0x2102 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61939t=61939 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: UDP port 1434 [7:61891]
Ken Diliberto wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... While trying to modify the ACL's, I had to disable two trunks into that switch. I could telnet into the supervisor no problem. When I tried sess 4 or sess 7 I would get a timeout. I read reports of routers hanging under the load. This what I think happened to BofA. The routers probably couldn't handle the load of all that traffic. Maybe some hung and required manual intervention. IMHO, SQL wasn't their problem. High traffic levels was. I know I couldn't connect to my VPN and it took several tries with SSH to get into one of my Unix machines. How would I handle this type of problem in the future? Good question to which I'm not sure I have a good answer. We are replacing our core 5500's with 6500's. Our backbones from 100FX to GigE. Our Internet connection from OC-3 to GigE. Maybe the additional horsepower will help. Maybe it will hammer the servers so hard they crash and I can't do anything. In a way, I was taking a small risk with putting in firewall rules and ACLs to block this traffic. I'm working with people on campus to add firewall rules, but I may not do it without their permission. That and people are free to put anything they want on the network. If this were a corporate network and not an education network, I would convince the CIO/CTO/CEO that we need to tighten security. Here, I have to convince the technicians in each college and division that security is good. good points all. how quickly we forget - a year or so ago, it was code red / nimda, and the response of a lot of places was to just start shutting down servers and routers until they could get a handle on things. BOA might even have been one of those organizations that did so, but that could be my prejudice speaking. What would happen if this worm was a TCP port 80, TCP port 53 or UDP port 53 worm? no problem. just close those ports on your firewalls ;- Ken Amazing 01/26/03 06:15PM what's amazing are the assumptions that people are making--who says tht BoA servers or any BoA database were comprimised? who says they are even running MS-SQL? Read how the worm is spreading and you will understand that you dont have to be running anything that can be affected by the worm. my guess is that a company with LARGE blocks of routable addresses and probably very high speed connections to the Internet might have bigger problems with this worm which in effect becomes a denial of service attack on their edge devices even if they are filtering out udp 1494 at the edge. take a look at the post by Ken and observe what is happening to the CPU of one of his router blades. i definitely agree with your comment about the security con artist comparison the y2k consultants [snip] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61940t=61891 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Passed CSIDS 855/1000 [7:61655]
I wrote 9E0-572 - that exam is not on the retired exams list so I had the book and thought what the hell! -Original Message- From: Kim Graham [mailto:[EMAIL PROTECTED]] Sent: 24 January 2003 19:22 To: [EMAIL PROTECTED] Subject: RE: Passed CSIDS 855/1000 [7:61655] Congrats as well. I hope to be writing this one mid February. By CSIDS i am understanding you wrote the 9E0-100 correct? and not the earlier version of this exam. Kim / Zukee Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61941t=61655 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]