Re: why I can't assign an ip address to virtual-To [7:62014]
yes,I can assign an ip address on cisco2500,but I can't do it on Cisco2611XM. I think,Perhaps the SRB use Loopback interface's ip to communication with other Router,so can't assign an ip address on the router Un Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62083t=62014 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
csim voice testing [7:62084]
I can only get csim working if the telephones are connected via an IP Peer. Testing locally, i.e. two phones connected to different ports on the same FXS module doesn't give me any successful values. Here is a local call that was successfully answered, but yet csim says it wasn't. Anyone seen this before ? Is this normal ? R8R3# R8R3#csim start 1311 csim: called number = 1311, loop count = 1 ping count = 0 csim err csimDisconnected recvd DISC cid(13) csim: loop = 1, failed = 1 csim: call attempted = 1, setup failed = 1, tone failed = 0 R8R3# -- +++ GMX - Mail, Messaging more http://www.gmx.net +++ NEU: Mit GMX ins Internet. Rund um die Uhr f|r 1 ct/ Min. surfen! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62084t=62084 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MPLS Traffic Engineering - 2500 router reset [7:61947]
I have the ip rsvp bandwidth 500 500 on the related interfaces. Is that what you mean? Charles @groupstudy.com em 27/01/2003 21:05:18 Favor responder a Charles Enviado Por: [EMAIL PROTECTED] Para: [EMAIL PROTECTED] cc: Assunto:Re: MPLS Traffic Engineering - 2500 router reset [7:61947] one of the things you have to do is use enable rsvp on all interfaces that will take part in the tunnel ... rsvp is used to 'reserve bandwidth for the tunnel' - the tunnel won't come up unless you do this I think the command is either 'rsvp bandwidth' or 'rsvp-bandwidth' wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... After the command tunnel mpls traffic-eng path-option 1 dynamic, the router reloads. The same happen with explicit path. The following message appear after reload: RSVP: must configure RSVP Bandwidth first. Any idea? R3 ip cef mpls traffic-eng tunnels ! interface Loopback0 ip address 3.3.3.3 255.255.255.255 ip router isis ! interface Serial0 no ip address encapsulation frame-relay fair-queue 64 64 64 ip rsvp signalling dscp 0 ! interface Serial0.32 point-to-point bandwidth 1000 ip address 192.168.23.2 255.255.255.0 ip router isis mpls traffic-eng tunnels frame-relay interface-dlci 132 ip rsvp bandwidth 500 500 ! interface Tunnel0 ip unnumbered Loopback0 tunnel destination 2.2.2.2 tunnel mode mpls traffic-eng tunnel mpls traffic-eng autoroute announce tunnel mpls traffic-eng priority 7 7 tunnel mpls traffic-eng bandwidth 100 ! router isis net 47....0003.00 is-type level-1 metric-style wide mpls traffic-eng router-id Loopback0 mpls traffic-eng level-1 ! end R2 ip cef mpls traffic-eng tunnels ! interface Loopback0 ip address 2.2.2.2 255.255.255.255 ip router isis ! interface Serial0 no ip address encapsulation frame-relay fair-queue 64 64 64 ip rsvp signalling dscp 0 ! interface Serial0.23 point-to-point bandwidth 1000 ip address 192.168.23.1 255.255.255.0 ip router isis mpls traffic-eng tunnels frame-relay interface-dlci 123 ip rsvp bandwidth 500 500 ! interface Tunnel0 ip unnumbered Loopback0 tunnel destination 3.3.3.3 tunnel mode mpls traffic-eng tunnel mpls traffic-eng autoroute announce tunnel mpls traffic-eng priority 7 7 tunnel mpls traffic-eng bandwidth 100 ! router isis net 47....0002.00 is-type level-1 metric-style wide mpls traffic-eng router-id Loopback0 mpls traffic-eng level-1 ! end R3(config-if)#tunnel mpls traffic-eng path-option 1 dynamic R3(config-if)# Buffered messages: 00:00:06: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up 00:00:06: %LINK-3-UPDOWN: Interface Ethernet1, changed state to up 00:00:06: %LINK-3-UPDOWN: Interface Serial0, changed state to up 00:00:06: %LINK-3-UPDOWN: Interface Serial1, changed state to down 00:00:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed sta te to up 00:00:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed s tate to up 00:00:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet1, changed s tate to down 00:00:19: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed sta te to down 00:00:21: %LINK-5-CHANGED: Interface Ethernet0, changed state to administrativ ely down 00:00:22: %LINK-5-CHANGED: Interface Ethernet1, changed state to administrativ ely down 00:00:22: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed sta te to up 00:00:22: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed s tate to down 00:00:25: %LINK-5-CHANGED: Interface Serial1, changed state to administrativel y down 00:00:26: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed sta te to down 00:00:27: %SYS-5-CONFIG_I: Configured from memory by console 00:01:12: %SYS-5-RESTART: System restarted -- Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-P-L), Experimental Version 12.0(20011017:155337) [rraszuk-New_reorg_oct17 109] Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Sat 20-Oct-01 04:12 by rraszuk 00:03:41: %SYS-5-CONFIG_I: Configured from console by console Queued messages: System Bootstrap, Version 11.0(10c)XB2, PLATFORM SPECIFIC RELEASE SOFTWARE (fc
Help the newbie... [7:62087]
Everyone, I have a site that is currently connected with a 512k frame relay link. We are adding an additional T1 link to the same location. Is it possible to aggregate these links in such a way that traffic will be carried across both? If they are configured this way, will the other link still be a valid route if one goes down? I tried searching, but I'm not exactly sure what to search for. TIA Kris. ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by email, delete and destroy this message and its attachments. ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62087t=62087 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NAT and TCP Load Distribution [7:62088]
Can anyone give me a real world example of why you would need to consider using TCP Load Distribution. I am summarising slightly but TCP Load Distribution seems to be a method of using a single IP address (the Global Inside Address)inbound; which is handed off to different devices on the inside. OK. If this is a fair description I can see that this would be useful for load sharing amongst internal servers. IE maybe if an increasing number of Internet customers were accessing your resources - on line shopping whatever - that you might want to spread (balance) the load among several identical servers? So is 'loosely' like HSRP (not to do with redundancy so much) but conceptually in that there is a VIRTUAL entity that supports multiple physical entities (servers) to enable the load distribution amongst these 'real' devices. Therefore is the case that the real devices dont need to be network devices - they would most likely be UNIX (typically Internet facing) boxes of some sort? Any response to clarify my muddle thinking much appreciated! Apologies for dumb question. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62088t=62088 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCSI [7:62089]
hi friends i want to know abt the CCSI certification,want to know how to achive itno informaion in cisco site abt this CCSI certification,,so if anybody knows abt this kindly send me few words thanking u VijayAnand - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62089t=62089 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Help the newbie... [7:62087]
One thing you can look at is EIGRP and unequal cost load balancing. Here is a link that explains what it is: http://www.cisco.com/en/US/tech/tk648/tk365/technologies_tech_note09186a008009437d.shtml Waters, Kristina wrote: Everyone, I have a site that is currently connected with a 512k frame relay link. We are adding an additional T1 link to the same location. Is it possible to aggregate these links in such a way that traffic will be carried across both? If they are configured this way, will the other link still be a valid route if one goes down? I tried searching, but I'm not exactly sure what to search for. TIA Kris. ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by email, delete and destroy this message and its attachments. ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62090t=62087 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: why I can't assign an ip address to virtual-TokenR [7:62091]
Team, For those of your trying to assign an Ip address to a virtual-tokenR, the issue is more related to the IOS version, I just did a test in a few routers and it works on version 12.0(9) on a 2500and in version 12.0(21) on a 2500 as well Well, I least I could have it available in one of my routers. Juan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Juntao Sent: Tuesday, January 28, 2003 6:00 AM To: [EMAIL PROTECTED] Subject: Re: why I can't assign an ip address to virtual-TokenR [7:62014] Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-D-L), Version 12.0(21), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Mon 31-Dec-01 18:25 by nmasa Image text-base: 0x03038AE4, data-base: 0x1000 ROM: System Bootstrap, Version 4.14(9.1), SOFTWARE RouterA uptime is 7 hours, 43 minutes System restarted by reload System image file is flash:c2500-d-l.120-21.bin cisco 2509 (68030) processor (revision B) with 16384K/2048K bytes of memory. Processor board ID 46526614, with hardware revision Bridging software. X.25 software, Version 3.0.0. 1 Ethernet/IEEE 802.3 interface(s) 2 Serial network interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read ONLY) Configuration register is 0x2102 RouterA#sh ru Building configuration... ! interface Virtual-TokenRing22 ip address 1.1.1.1 255.255.255.0 no ip directed-broadcast ring-speed 16 ! . soft map a icrit dans le message de news: [EMAIL PROTECTED] Hi. Now I take a test,The test Router is Cisco2611XM,I was upgraded the IOS.But why I can't assign an ip address to virtual-TokenRing 0 test(config)#inter virtual-TokenRing 0 test(config-if)#ip add test(config-if)#ip address 17 17:46:26: %LINK-3-UPDOWN: Interface Virtual-TokenRing0, changed state to up 17:46:27: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-TokenRing0, ch anged state to up test(config-if)#ip address 192.168.1.1 255.255.255.0 % IP addresses may not be configured on a Virtual-TokenRing interface. test(config-if)# BTW,The show version as below. test#sh ver Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-DO3S-M), Version 12.1(14), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Mon 25-Mar-02 23:18 by kellythw Image text-base: 0x80008088, data-base: 0x80E4DE34 ROM: System Bootstrap, Version 12.2(7r) [cmong 7r], RELEASE SOFTWARE (fc1) test uptime is 17 hours, 49 minutes System returned to ROM by power-on System image file is flash:c2600-do3s-mz.121-14.bin cisco 2611XM (MPC860) processor (revision 0x100) with 29696K/3072K bytes of memo ry. Processor board ID xxx M860 processor: part number 5, mask 2 Bridging software. X.25 software, Version 3.0.0. 2 FastEthernet/IEEE 802.3 interface(s) 1 Serial network interface(s) 32K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read/Write) Configuration register is 0x2102 thx. softmap Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62091t=62091 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Help the newbie... [7:62087]
Make it easy. Call your Frame Relay Provider Poss alternatives? Multi-link Frame Relay Allows for multiple T-1 pipes to be bonded. Look at multi link PPP or otherwise setting new sub interface and dlci from provider. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62092t=62087 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCDA Beta test -Looking for beta testers [7:62093]
I need a few good CCDA's that are willing to review our new CCDA practice test. Those CCDA's that are interested in testing this new CCDA test will receive a free CCNP or CCNA practice test. If interested please send me you contact information via email. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62093t=62093 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT and TCP Load Distribution [7:62088]
hi it is nothing like HSRP, even if looked @ from the virtual IP point of view, for the simple reason that HSRP elects one active router and only router is active @ any time, (as opossed to TCP load Balacing, that uses all the ip's of the servers to forward data to) and the real ip of the active HSRP router is transparent to the user's of course but to the packets them selfs as well. TCP load balancing NOT sharing, (because the router will distribute the flows amongst the TCP server's, one flow for each server in a round robin fashion, therefore balancing, because traffic is equally balanced based on flows (unless if u look at it in terms of bandwith, in which case, sharing would the term to classifie this, i think) . also the real IP's of these TCP servers, are not transparent to the packets, they are, only to the user and the router must rebuild the packet fields and frame fields, then load balances to the servers. the obvious limitation, is that the above can only be done to TCP traffic. hope the above helps regards Peter P a icrit dans le message de news: [EMAIL PROTECTED] Can anyone give me a real world example of why you would need to consider using TCP Load Distribution. I am summarising slightly but TCP Load Distribution seems to be a method of using a single IP address (the Global Inside Address)inbound; which is handed off to different devices on the inside. OK. If this is a fair description I can see that this would be useful for load sharing amongst internal servers. IE maybe if an increasing number of Internet customers were accessing your resources - on line shopping whatever - that you might want to spread (balance) the load among several identical servers? So is 'loosely' like HSRP (not to do with redundancy so much) but conceptually in that there is a VIRTUAL entity that supports multiple physical entities (servers) to enable the load distribution amongst these 'real' devices. Therefore is the case that the real devices don't need to be network devices - they would most likely be UNIX (typically Internet facing) boxes of some sort? Any response to clarify my muddle thinking much appreciated! Apologies for dumb question. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62094t=62088 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Help the newbie... [7:62087]
Jason, this sounds like exactly what I'm looking for. Thanks! Kris. -Original Message- From: Jason Owens [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 9:07 AM To: [EMAIL PROTECTED] Subject: RE: Help the newbie... [7:62087] One thing you can look at is EIGRP and unequal cost load balancing. Here is a link that explains what it is: http://www.cisco.com/en/US/tech/tk648/tk365/technologies_tech_note09186a0080 09437d.shtml Waters, Kristina wrote: Everyone, I have a site that is currently connected with a 512k frame relay link. We are adding an additional T1 link to the same location. Is it possible to aggregate these links in such a way that traffic will be carried across both? If they are configured this way, will the other link still be a valid route if one goes down? I tried searching, but I'm not exactly sure what to search for. TIA Kris. ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by email, delete and destroy this message and its attachments. ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62095t=62087 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT and TCP Load Distribution [7:62088]
Thanks for that. Is my 'real world' example right in broad conception ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62096t=62088 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Richard A. Deal Books [7:62027]
GM, It depends :-). First, you typically get an advance. This varies, but can be between $5,000 and $15,000, depending on the subject (how hot it is) and the previous track record of the author. This money counts against any royalties that you make...which is why they call it an advance. You then get royalties. Royalties are based on net profit of the book. As an example, if a book says it costs $50 on the cover, this is considered gross profit. Net profit is what the publisher gets for the book. The publisher typically marks the book up by about 50%. This can vary depending on whether the book is hard or soft-bound, includes CDs, and its page length, as well as other things. So net profit on a $50 book is about $25. You get a percentage of the $25. Royalties can range anywhere from a very low 5% up to about %18 percent. Sometimes this is on a sliding scale. For instance, it might be that you get 8% for selling 5,000 copies and between 5,000 and 10,000 you get 10% and for anything above 10,000 copies, you get %12. As an example, if your percentage is 10% on a net profit of $25 a book, you only get $2.50 a book. Most technical writers don't get rich selling technical books. Most publishers are looking for average sales of 500 copies a month. So given $2.50 a book, you just make $1,250 for that month. Of course, if you had an advance of $10,000, this money goes to paying off the advance. So you might not see any real money until about 9 months later. A really hot topic typically sells more than 1,000 or 2,000 copies a month, but this doesn't happen too often. Of course, you might get really lucky, like Todd Lammle did when he came out with his first CCNA book. Rumor is that he sold over 250,000 copies in 18 months...talk about nice royalty checks :-). I got into the writing business by accident. In my first marriage, I was paying a lot of alimony and didn't have any spending money :-(. This is when Cisco's certifications were taking off. Since I taught these classes, and had a minor in English, I thought, hey, what the heck. It will at least give me some money to travel a bit. So my first contract was with the Coriolis Group to write a Cisco Switching book for Cisco's switching exam. Writing isn't for everyone. Constantly I get asked how easy is it, or how can even begin to write a book? Typically, I can get a first proof of the book done in 3-4 months, which is about 600-700 pages. It takes persistence. There are many a day when I don't feel like working at it. When I was writing my first book, I was under a lot of stress--working during the day and then writing 3-4 hours every night. And then writing every weekend. Today, my schedule is much more flexible Cheers! -- Richard A. Deal Visit my home page at http://home.cfl.rr.com/dealgroup/ Author of Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP Remote Access Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco LAN Switch Configuration Exam Cram Cisco Test Prep author for QuizWare, providing the most comprehensive Cisco exams on the market. Mossburg, Geoff (MAN-Corporate) wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I know a lot of people on this group have been published, some multiple times, and I hope I'm not offending anyone by asking this question: How well does a book publisher pay for the books you write? I'm not expecting any specific figures, but a ballpark figure would be interesting. Thanks! GM -Original Message- From: Richard Deal [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 28, 2003 7:24 PM To: [EMAIL PROTECTED] Subject: Re: Richard A. Deal Books [7:62027] Mark, Thanks for the kudos. I worked really hard on the book and I know, after having written 6 books, that you can't please everyone. However, of all of the books that I've written, I'm proudest of this book. Yes, there are some errors that slipped in during my last review of the book and when it went to production, which does, unfortunately, happen. But as I discover these, I put them on my web site. As to my MCNS book, which is what the first poster asked, I had finished it, but before it went to print, the publisher (The Coriolis Group) went out of business. Since the MCNS has changed, I've decided not to create a new book. I'm getting a contract this week to write a CCNA book for McGraw-Hill and have been desparately trying to convince them to write a Cisco VPN book--one that covers ALL aspects of VPNS with Cisco products--PIX, router, concentrator, and their software clients. If you have any questions about my PIX book, please don't hesitate in shooting me an email. Thanks for your support! Cheers! Mark Smith wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I think his PIX book is very good. I've not found many errors in it but then maybe I've not looked at it in as much depth as you have. If I have a gripe about it it's for one thing. I use it as a desktop reference. Sometimes I'm
RE: Help the newbie... [7:62087]
Are the links going to be connected to the same routers on both sides? If so, then you can use static routes and CEF per-packet load sharing, you would have to place 2 static routes in each router for the IP blocks that the other router serves, give the command ip cef in global configuration mode, and then the command ip load-sharing per-packet under interface configuration mode for each interface connecting the 2 routers. If both links are the same bandwidth, then CEF would work fine, if both are not the same bandwidth you would have to play some games to get the load sharing to reflect the bandwidth differences (probably not the best solution), or you would have to use EIGRPs unequal cost load balancing. All of this assumes you have Cisco routers on both sides of the link, if not it is still possible to load share across the links, but how it would be done is dependent on the vendor. -Original Message- From: Waters, Kristina [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 8:41 AM To: [EMAIL PROTECTED] Subject: Help the newbie... [7:62087] Everyone, I have a site that is currently connected with a 512k frame relay link. We are adding an additional T1 link to the same location. Is it possible to aggregate these links in such a way that traffic will be carried across both? If they are configured this way, will the other link still be a valid route if one goes down? I tried searching, but I'm not exactly sure what to search for. TIA Kris. ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by email, delete and destroy this message and its attachments. ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62098t=62087 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help the newbie... [7:62087]
actually FRF.16.1, will not suport ISDN interfaces or any virtual interface for that matter, also because of the latency introduced when having different bundle links of differing speeds, it's recommended to use links of the same speed. of course the router must be a 2600 and up, with 12.2.(8)T if my memory is good. oh yeas FRF12 and FRF9 are not supported either nor is rfc 3020 hope this helps Peter P a icrit dans le message de news: [EMAIL PROTECTED] Make it easy. Call your Frame Relay Provider Poss alternatives? Multi-link Frame Relay Allows for multiple T-1 pipes to be bonded. Look at multi link PPP or otherwise setting new sub interface and dlci from provider. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62099t=62087 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX and asymmetry [7:62100]
I have a situation that I hope some of you might shed some light on. We have 2 points of ingress to our campus. One OC3 (Nycernet) for internet 2 and one (Time Warner) Our commodity edge consists of a 7200 router then the PIX. The I2 edge is just a 7200 series router. Our problem is that with certain sites, traffic going out on the I2 OC3 is returning via our commodity OC3 and the pix drops it as it didn't see it originating on the inside (syn-ack without syn) I recognize that the bigger problem may be with the way these sites are being routed back to us, but I have little control over that for now. Both edge routers use BGP for updates. I'm looking for a solution. Can I install another PIX on the OC3 side and somehow have the 2 PIX boxes talk to each other and update each others Xlate tables? Any suggestions would be appreciated Thanks Jamie Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62100t=62100 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help the newbie... [7:62087]
another option is to use ospf and cef to load balance the links then configure BGP with loopback interfaces to use the two ospf routes (make them equal cost). same concept as using two static routes but a little more flexibility. Xueyan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62101t=62087 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT and TCP Load Distribution [7:62088]
Web server farm for ur ebiz site, u assign private address to the servers, and use only one public ip to access them all. Peter P a icrit dans le message de news: [EMAIL PROTECTED] Thanks for that. Is my 'real world' example right in broad conception ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62102t=62088 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Help the newbie... [7:62087]
Guy, Yes, the links will be on the same routers (both cisco) on both sides and will not be of equal bandwidth. It's kind of a weird set up. We have multiple sites in puerto rico that connect to a hub site, the hub then connects back to corporate. However, the sites in pr are all interconnected with a wireless type of service (airlink wireless frame relay unit) that is not as stable as we would like. The connections have a tendency to flap from time to time for no apparent reason. For this one large site we wanted more bandwidth and better stability, which we hope to achieve by adding the completely separate link. Hopefully both links will not go down at the same time, but we shall see. Since we are already running eigrp, the unequal cost load balancing sounds like the perfect solution. I'm curious to see how well it will operate in this 'wireless frame relay' environment. Thanks for everyone's suggestions Kris. -Original Message- From: Lupi, Guy [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 10:12 AM To: [EMAIL PROTECTED] Subject: RE: Help the newbie... [7:62087] Are the links going to be connected to the same routers on both sides? If so, then you can use static routes and CEF per-packet load sharing, you would have to place 2 static routes in each router for the IP blocks that the other router serves, give the command ip cef in global configuration mode, and then the command ip load-sharing per-packet under interface configuration mode for each interface connecting the 2 routers. If both links are the same bandwidth, then CEF would work fine, if both are not the same bandwidth you would have to play some games to get the load sharing to reflect the bandwidth differences (probably not the best solution), or you would have to use EIGRPs unequal cost load balancing. All of this assumes you have Cisco routers on both sides of the link, if not it is still possible to load share across the links, but how it would be done is dependent on the vendor. -Original Message- From: Waters, Kristina [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 8:41 AM To: [EMAIL PROTECTED] Subject: Help the newbie... [7:62087] Everyone, I have a site that is currently connected with a 512k frame relay link. We are adding an additional T1 link to the same location. Is it possible to aggregate these links in such a way that traffic will be carried across both? If they are configured this way, will the other link still be a valid route if one goes down? I tried searching, but I'm not exactly sure what to search for. TIA Kris. ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by email, delete and destroy this message and its attachments. ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62103t=62087 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
wireless [7:62104]
I'm navigating the Cisco site as well as whatever google comes up with, but I'm having a very difficult time finding any decent reference material for 802.11. I work for an ISP and unfortunately, we've been left in a position of not having anyone left who's well versed in wireless access. We have several towers and many wireless customers and as things fell, I'm the one in charge of taking care of these customers. I am looking for a good, full understanding of wireless. We use breezecom and cisco equipment. Any URL or book references would be greatly appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62104t=62104 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ARe: PIX and asymmetry [7:62100]
Jamie, Not quite...what you can do, however, is have all traffic go through one PIX and have another PIX as a failover. In this scenario, if one PIX would fail, the other could kick in--in this scenario, only one PIX is active. Of course, this still presents a problem of an exit path--by default, the active PIX would choose its defalt route and thus you would lose load balancing out your two exit points. The PIX does support passive RIP, so this might help. Or you could configure static routes...but you would, unfortuantely, not have any ability to route based on the source of the address--only your Cisco routers have this ability. And perhaps in the upcoming 6.3 release, OSPF might be introducted (--might--), but don't hold your breath. Hope this helps! Cheers! -- Richard A. Deal Visit my home page at http://home.cfl.rr.com/dealgroup/ Author of Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP Remote Access Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco LAN Switch Configuration Exam Cram Cisco Test Prep author for QuizWare, providing the most comprehensive Cisco exams on the market. Arnold, Jamie wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a situation that I hope some of you might shed some light on. We have 2 points of ingress to our campus. One OC3 (Nycernet) for internet 2 and one (Time Warner) Our commodity edge consists of a 7200 router then the PIX. The I2 edge is just a 7200 series router. Our problem is that with certain sites, traffic going out on the I2 OC3 is returning via our commodity OC3 and the pix drops it as it didn't see it originating on the inside (syn-ack without syn) I recognize that the bigger problem may be with the way these sites are being routed back to us, but I have little control over that for now. Both edge routers use BGP for updates. I'm looking for a solution. Can I install another PIX on the OC3 side and somehow have the 2 PIX boxes talk to each other and update each others Xlate tables? Any suggestions would be appreciated Thanks Jamie Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62105t=62100 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT and TCP Load Distribution [7:62088]
sorry i didn't enphasis on a point that from i've written could be misleading, (the router must rebuild the packet fields and frame fields, then load balances to the servers.) the router will actually, nat the ip, forward the packet in which case a rewrite happens to the frame's mac. regards, Juntao a icrit dans le message de news: [EMAIL PROTECTED] Web server farm for ur ebiz site, u assign private address to the servers, and use only one public ip to access them all. Peter P a icrit dans le message de news: [EMAIL PROTECTED] Thanks for that. Is my 'real world' example right in broad conception ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62106t=62088 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IOS version question [7:62108]
on the 1700 routers, Which is the latest version of these two: 12.2.13 OR 12.2(4)YA2 thank you Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62108t=62108 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
debug commands [7:62107]
If I want to see all IP traffic from host 10.10.10.1 on a cisco router, what would the debug command look like? I looked at the help menu and I think its debug ip packet but then the options are: Access list Access list (expanded range) Do I have to create an access-list for the hosts I want to monitor? I'm used to using tcpdump and snoop so the debug commands are awkward for me. Its a production router so I know I can crash it if I'm not careful with this. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62107t=62107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: show cdp neighbors command [7:61782]
That's why I'm thinking along Pricilla's line of thought; that the GigaStacks may change something that allows switches more than one hop away to be seen using the show cdp neighbors command. I haven't researched it further, but plan to contact Cisco regarding this. Shawn K. -Original Message- From: Michael Williams [mailto:[EMAIL PROTECTED]] Sent: Sunday, January 26, 2003 3:16 PM To: [EMAIL PROTECTED] Subject: RE: show cdp neighbors command [7:61782] I know that we don't change the default distance that a switch should see, and we can only see directly connected devices with cdp neig. I've never seen an instance where CDP neighbor showed anything more than 1 hop (L2 hop) away. Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62109t=61782 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: debug commands [7:62107]
Just make a permit ACL for that host and the debug will only report on that one host. -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 11:49 AM To: [EMAIL PROTECTED] Subject: debug commands [7:62107] If I want to see all IP traffic from host 10.10.10.1 on a cisco router, what would the debug command look like? I looked at the help menu and I think its debug ip packet but then the options are: Access list Access list (expanded range) Do I have to create an access-list for the hosts I want to monitor? I'm used to using tcpdump and snoop so the debug commands are awkward for me. Its a production router so I know I can crash it if I'm not careful with this. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62110t=62107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: debug commands [7:62107]
I see, so if I want to debug for certain tcp protocols can I use extended access-lists? Maccubbin, Duncan wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Just make a permit ACL for that host and the debug will only report on that one host. -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 11:49 AM To: [EMAIL PROTECTED] Subject: debug commands [7:62107] If I want to see all IP traffic from host 10.10.10.1 on a cisco router, what would the debug command look like? I looked at the help menu and I think its debug ip packet but then the options are: Access list Access list (expanded range) Do I have to create an access-list for the hosts I want to monitor? I'm used to using tcpdump and snoop so the debug commands are awkward for me. Its a production router so I know I can crash it if I'm not careful with this. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62111t=62107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: debug commands [7:62107]
Right. using debug IP packet is nice because you can use an ACL to narrow down the protocol and/or host(s) that you want to debug. Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62112t=62107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: URGENT HSRP PROBLEM [7:62064]
I have seen times where if you connect the two routers through a switch, that spanning-tree can disrupt the HSPR Hellos, and cause problems. If you are connecting these two routers through a switch (or a swicthed environment), make sure to use spanning-tree portfast on those ports so that spanning-tree won't interfere. Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62113t=62064 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: debug commands [7:62107]
You are correct. Very nice feature eh? -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 12:14 PM To: [EMAIL PROTECTED] Subject: Re: debug commands [7:62107] I see, so if I want to debug for certain tcp protocols can I use extended access-lists? Maccubbin, Duncan wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Just make a permit ACL for that host and the debug will only report on that one host. -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 11:49 AM To: [EMAIL PROTECTED] Subject: debug commands [7:62107] If I want to see all IP traffic from host 10.10.10.1 on a cisco router, what would the debug command look like? I looked at the help menu and I think its debug ip packet but then the options are: Access list Access list (expanded range) Do I have to create an access-list for the hosts I want to monitor? I'm used to using tcpdump and snoop so the debug commands are awkward for me. Its a production router so I know I can crash it if I'm not careful with this. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62114t=62107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: debug commands [7:62107]
nice, not as nice as tcpdump, but nice ;-) Maccubbin, Duncan wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You are correct. Very nice feature eh? -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 12:14 PM To: [EMAIL PROTECTED] Subject: Re: debug commands [7:62107] I see, so if I want to debug for certain tcp protocols can I use extended access-lists? Maccubbin, Duncan wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Just make a permit ACL for that host and the debug will only report on that one host. -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 11:49 AM To: [EMAIL PROTECTED] Subject: debug commands [7:62107] If I want to see all IP traffic from host 10.10.10.1 on a cisco router, what would the debug command look like? I looked at the help menu and I think its debug ip packet but then the options are: Access list Access list (expanded range) Do I have to create an access-list for the hosts I want to monitor? I'm used to using tcpdump and snoop so the debug commands are awkward for me. Its a production router so I know I can crash it if I'm not careful with this. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62115t=62107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Rip classful route not being seen --- Why?? [7:62116]
Hello,I have R1 connected to R4 running Rip ver. 2R4 connected to R3 running Rip ver 1R4 to R2 and R2 to R3 running Ospf 1 R1R4R2 120.20.14.0/26 ^ ^ | | | | | | R3| Using a 120.20.x.x networks.I cannot see the network 120.20.14.0/26 b/w R4 and R1 on R3.I was expecting to see a 120.0.0.0/8 classful route on R3 via RIP but that's not the caseHow can I see this route on R3?Config:R4#rbrrouter rip version 2 passive-interface default no passive-interface Loopback0 no passive-interface TokenRing0 network 4.0.0.0 network 120.0.0.0 neighbor 120.20.14.1 no auto-summaryend R4-H#ri to0 interface TokenRing0 ip address 120.20.34.4 255.255.255.192 ip rip send version 1 ip rip receive version 1 ip summary-address rip 120.20.14.0 255.255.255.0 ring-speed 16 end Routing table on R3#3.0.0.0/24 is subnetted, 1 subnets C 3.3.3.0 is directly connected, Loopback0 R4.0.0.0/8 [120/1] via 120.20.34.4, 00:00:00, TokenRing0 120.0.0.0/8 is variably subnetted, 13 subnets, 6 masks C 120.20.36.0/24 is directly connected, Serial1 C 120.20.34.0/26 is directly connected, TokenRing0 C 120.20.23.0/24 is directly connected, Ethernet0 O 120.20.234.4/32 [110/128] via 120.20.234.2, 02:05:21, Serial0.234 O 120.20.234.2/32 [110/64] via 120.20.234.2, 02:05:21, Serial0.234 C 120.20.234.0/27 is directly connected, Serial0.234 Is OSPF 'suppressing' this route as it's AD=110 over Rip, AD=120? Please advise.Thank you.Sincerely.CN Tired of spam? Get advanced junk mail protection with MSN 8. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62116t=62116 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
TTCP support for 2500 platforms [7:62117]
Hello, Does anyone know a ios for 2500 that contain support for ttcp.I've already tried the 12.0 ip plus but is not there. Regards Stefan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62117t=62117 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: debug commands [7:62107]
logging on logging buffered informational Access-list 101 permit ip 10.10.10.1 0.0.0.0 any log access-list 101 permit ip any any Apply that ACL to an interface in the direction traffic will be flowing and when that host traverses the Router you can do a show log and it should have created an entry. -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 11:49 AM To: [EMAIL PROTECTED] Subject: debug commands [7:62107] If I want to see all IP traffic from host 10.10.10.1 on a cisco router, what would the debug command look like? I looked at the help menu and I think its debug ip packet but then the options are: Access list Access list (expanded range) Do I have to create an access-list for the hosts I want to monitor? I'm used to using tcpdump and snoop so the debug commands are awkward for me. Its a production router so I know I can crash it if I'm not careful with this. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62118t=62107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IOS version question [7:62108]
Look here. http://www.cisco.com/warp/public/620/roadmap.shtml -Original Message- From: Raj [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 11:49 AM To: [EMAIL PROTECTED] Subject: IOS version question [7:62108] on the 1700 routers, Which is the latest version of these two: 12.2.13 OR 12.2(4)YA2 thank you Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62119t=62108 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: debug commands [7:62107]
You really don't get an idea of how fantastic Cisco until you work with other products. We have several Enterasys routers here and they are very limited in what they can do as compared to IOS. I have used the debug packet acl command and it really makes life easier. -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 12:36 PM To: [EMAIL PROTECTED] Subject: Re: debug commands [7:62107] nice, not as nice as tcpdump, but nice ;-) Maccubbin, Duncan wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You are correct. Very nice feature eh? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62120t=62107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Solarwinds Professional [7:62121]
I have installed solarwinds prof. However, i was looking out for a graphical map of my network which seems to be missing. It has done a network discovery but is displaying the devices in a list form. Does anybody know if I could open another program included in solar. prof. to see a map or it lacks this functionality? If it does, i would like suggestions for any other programs(for eval) which display good network maps/discovery. thank you raj Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62121t=62121 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX and asymmetry [7:62100]
Thanks, Richard. I think for us the best solution is to route both edge routers through the pix and use RIP to keep everyone happy. Static routes are a consideration, but I2 tends to be pretty dynamic and there are a lot of sloppy routes out there (obviously) so I think that would be a losing battle. As I'm not up to speed with OSPF, how would that help me here? I had also heard that OSPF was being introduced in 6.3 J Imagination is more important than knowledge Albert Einstein -Original Message- From: Richard Deal [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 11:27 AM To: [EMAIL PROTECTED] Subject: ARe: PIX and asymmetry [7:62100] Jamie, Not quite...what you can do, however, is have all traffic go through one PIX and have another PIX as a failover. In this scenario, if one PIX would fail, the other could kick in--in this scenario, only one PIX is active. Of course, this still presents a problem of an exit path--by default, the active PIX would choose its defalt route and thus you would lose load balancing out your two exit points. The PIX does support passive RIP, so this might help. Or you could configure static routes...but you would, unfortuantely, not have any ability to route based on the source of the address--only your Cisco routers have this ability. And perhaps in the upcoming 6.3 release, OSPF might be introducted (--might--), but don't hold your breath. Hope this helps! Cheers! -- Richard A. Deal Visit my home page at http://home.cfl.rr.com/dealgroup/ Author of Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP Remote Access Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco LAN Switch Configuration Exam Cram Cisco Test Prep author for QuizWare, providing the most comprehensive Cisco exams on the market. Arnold, Jamie wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a situation that I hope some of you might shed some light on. We have 2 points of ingress to our campus. One OC3 (Nycernet) for internet 2 and one (Time Warner) Our commodity edge consists of a 7200 router then the PIX. The I2 edge is just a 7200 series router. Our problem is that with certain sites, traffic going out on the I2 OC3 is returning via our commodity OC3 and the pix drops it as it didn't see it originating on the inside (syn-ack without syn) I recognize that the bigger problem may be with the way these sites are being routed back to us, but I have little control over that for now. Both edge routers use BGP for updates. I'm looking for a solution. Can I install another PIX on the OC3 side and somehow have the 2 PIX boxes talk to each other and update each others Xlate tables? Any suggestions would be appreciated Thanks Jamie Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62123t=62100 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help the newbie... [7:62087]
Since the links are not equal costs I would recommend using EIGRP. Waters, Kristina wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Guy, Yes, the links will be on the same routers (both cisco) on both sides and will not be of equal bandwidth. It's kind of a weird set up. We have multiple sites in puerto rico that connect to a hub site, the hub then connects back to corporate. However, the sites in pr are all interconnected with a wireless type of service (airlink wireless frame relay unit) that is not as stable as we would like. The connections have a tendency to flap from time to time for no apparent reason. For this one large site we wanted more bandwidth and better stability, which we hope to achieve by adding the completely separate link. Hopefully both links will not go down at the same time, but we shall see. Since we are already running eigrp, the unequal cost load balancing sounds like the perfect solution. I'm curious to see how well it will operate in this 'wireless frame relay' environment. Thanks for everyone's suggestions Kris. -Original Message- From: Lupi, Guy [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 10:12 AM To: [EMAIL PROTECTED] Subject: RE: Help the newbie... [7:62087] Are the links going to be connected to the same routers on both sides? If so, then you can use static routes and CEF per-packet load sharing, you would have to place 2 static routes in each router for the IP blocks that the other router serves, give the command ip cef in global configuration mode, and then the command ip load-sharing per-packet under interface configuration mode for each interface connecting the 2 routers. If both links are the same bandwidth, then CEF would work fine, if both are not the same bandwidth you would have to play some games to get the load sharing to reflect the bandwidth differences (probably not the best solution), or you would have to use EIGRPs unequal cost load balancing. All of this assumes you have Cisco routers on both sides of the link, if not it is still possible to load share across the links, but how it would be done is dependent on the vendor. -Original Message- From: Waters, Kristina [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 8:41 AM To: [EMAIL PROTECTED] Subject: Help the newbie... [7:62087] Everyone, I have a site that is currently connected with a 512k frame relay link. We are adding an additional T1 link to the same location. Is it possible to aggregate these links in such a way that traffic will be carried across both? If they are configured this way, will the other link still be a valid route if one goes down? I tried searching, but I'm not exactly sure what to search for. TIA Kris. ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by email, delete and destroy this message and its attachments. ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62122t=62087 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IPSec over Tunnel - not working !! [7:62124]
Hello,I have 2 routers, R2R6 connected via serial netw. 120.20.26.0/24Ospf Area 0 is on R2, netw. 120.20.234.0/27Isis on lo0 on R2 (2.2.2.2/24) and on the serials between the 2 routersOspf Area 3 on R6, netws. 120.20.60.0/24 and lo0, 6.6.6.6/24 Created a tunnel on R2 and R6 to connect area 3 to area 0. Works fine!! Like a champ!! Then I configured ipsec and applied it to the tunnel intfs. on both routers.The neighbors go down and routes disappear from the routing table!! 2d06h: %OSPF-5-ADJCHG: Process 1, Nbr 6.6.6.6 on Tunnel1 from FULL to DOWN, Neighbor Down: Dead timer expired Any ideas? Here is the config. R2#! crypto isakmp policy 1 authentication pre-share group 2 crypto isakmp key shared address 6.6.6.6 ! ! crypto ipsec transform-set myset esp-des esp-md5-hmac ! crypto map mymap local-address Loopback0 crypto map mymap 10 ipsec-isakmp set peer 6.6.6.6 set transform-set myset match address 199 ! interface Tunnel1 ip address 120.20.59.2 255.255.255.0 ip access-group 102 in tunnel source 120.20.26.2 tunnel destination 120.20.26.6 crypto map mymap ! access-list 102 permit ospf any any log access-list 102 permit gre any any log access-list 102 permit icmp any any echo access-list 102 permit icmp any any echo-reply access-list 102 permit tcp any any eq 50 access-list 102 permit tcp any any eq 51 access-list 102 permit udp any any eq isakmp! access-list 199 permit ip 120.20.0.0 0.0.255.255 120.20.0.0 0.0.255.255 access-list 199 permit ip 2.2.2.0 0.0.0.255 any log!What am I doing wrong?Please help.Thank you.Sincerely,CN Add photos to your e-mail with MSN 8. Get 2 months FREE*. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62124t=62124 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IPSec tunnel [7:62125]
Hi, we are planning to use Cisco routers between our main site and two remote sites with an IPSec tunnel using 3DES encryption and certificates for authentication. Can someone tell me what Cisco hw platform and IOS sw I need with 2 IPSec tunnels ending in one router? router B router A router C We will use 2 E1 lines. My guess was a 2611 for remote and 3640 for the main site. thanks in advance! With regards, Marcel Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62125t=62125 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: show cdp neighbors command [7:61782]
On Jun 21, 11:38am, Kaminski, Shawn G wrote: } } That's why I'm thinking along Pricilla's line of thought; that the } GigaStacks may change something that allows switches more than one hop away } to be seen using the show cdp neighbors command. I haven't researched it I'm going to guess that GigaStacks use a bus topology (ala 10Base2 aka thinnet, or 10BaseT using hubs). In that case, all the switches in the GigaStack are only one hop from each other, therefore there is no need to change anything in regards to CDP. }-- End of excerpt from Kaminski, Shawn G Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62126t=61782 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPSec tunnel [7:62125]
The 2600 and the 3600 are fine. But you would need the Enterprise Feature Set From: Marcel Janssen Reply-To: Marcel Janssen To: [EMAIL PROTECTED] Subject: IPSec tunnel [7:62125] Date: Wed, 29 Jan 2003 19:23:45 GMT Hi, we are planning to use Cisco routers between our main site and two remote sites with an IPSec tunnel using 3DES encryption and certificates for authentication. Can someone tell me what Cisco hw platform and IOS sw I need with 2 IPSec tunnels ending in one router? router B router A router C We will use 2 E1 lines. My guess was a 2611 for remote and 3640 for the main site. thanks in advance! With regards, Marcel Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62125t=62125 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Help STOP SPAM with the new MSN 8 and get 2 months FREE* Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62127t=62125 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: debug commands [7:62107]
Watch the CPU utilization on the Cisco router, though. Turning a router into a sniffer seems like a really bad idea to me. Plus the output isn't very detailed and isn't in English. I recommend a real analyzer. Ethereal is free. Priscilla Maccubbin, Duncan wrote: You really don't get an idea of how fantastic Cisco until you work with other products. We have several Enterasys routers here and they are very limited in what they can do as compared to IOS. I have used the debug packet acl command and it really makes life easier. -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 12:36 PM To: [EMAIL PROTECTED] Subject: Re: debug commands [7:62107] nice, not as nice as tcpdump, but nice ;-) Maccubbin, Duncan wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You are correct. Very nice feature eh? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62128t=62107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Dialer interface and callback [7:62129]
I have configured ISDN dialer interfaces to perform call back and everything seems to work properly when the client initiates the call, including multilink callback on the second channel. However, when I initiate contact from the callback server with packet sweep ping, the client will successfully initiate the second channel. Is there a way to force the multilink second channel on the server to originate the second channel when both ends have the same dialer load-threshold setting - in this case it is set to 10? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62129t=62129 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Richard A. Deal Books [7:62027]
Mossburg, Geoff (MAN-Corporate) wrote: I know a lot of people on this group have been published, some multiple times, and I hope I'm not offending anyone by asking this question: How well does a book publisher pay for the books you write? I'm not expecting any specific figures, but a ballpark figure would be interesting. Thanks! They don't pay you to write the book, but they do pay you royalties on the sales. So, how much you make depends on how well the book sells. Regardless, though, it's only a few dollars per book. We don't do it for the money. We do it because we have a lot to say! :-) The publisher gets most of the money made on sales. They incur costs printing the book, of course. They also incur many other costs. Personally, I think that they incur a lot of costs that they shouldn't. They redraw our figures, with the end result looking exactly the same except with numerous errors; they edit the material, with the end result being incomprehensible sentences in some cases; they layout the book pages, wrecking the flow in many cases, and so on. Some publishers, rumor has it, are trying to streamline this and are letting authors work with a WYSIWYG template that requires less messing with by non-technical people. People often complain about the quality of books. Someone said it was because it's easy to get a book deal these days. That's not true. (Maybe it was true during the boom?) The quality problem is due to the processes currently in use for producing books. I think Web-based training materials are much better in many ways. Now, I have done some work for CertificationZone, so I'm a bit biased, but I loved what they said in a recent e-mail about the advantages they have over books (more up-to-date, more accurate because they can more easily fix any errors, more interactive with color graphics, etc.) Priscilla GM -Original Message- From: Richard Deal [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 28, 2003 7:24 PM To: [EMAIL PROTECTED] Subject: Re: Richard A. Deal Books [7:62027] Mark, Thanks for the kudos. I worked really hard on the book and I know, after having written 6 books, that you can't please everyone. However, of all of the books that I've written, I'm proudest of this book. Yes, there are some errors that slipped in during my last review of the book and when it went to production, which does, unfortunately, happen. But as I discover these, I put them on my web site. As to my MCNS book, which is what the first poster asked, I had finished it, but before it went to print, the publisher (The Coriolis Group) went out of business. Since the MCNS has changed, I've decided not to create a new book. I'm getting a contract this week to write a CCNA book for McGraw-Hill and have been desparately trying to convince them to write a Cisco VPN book--one that covers ALL aspects of VPNS with Cisco products--PIX, router, concentrator, and their software clients. If you have any questions about my PIX book, please don't hesitate in shooting me an email. Thanks for your support! Cheers! Mark Smith wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I think his PIX book is very good. I've not found many errors in it but then maybe I've not looked at it in as much depth as you have. If I have a gripe about it it's for one thing. I use it as a desktop reference. Sometimes I'm looking up how to accomplish X and find out that before I can do that I need to accomplish A, B and/or C. The instructions will simply say That process was covered earlier and won't be repeated here. Now to accomplish X. Earlier? WhereEXACTLY? I've spent more time looking for earlier sometimes than I do accomplishing the task at hand. Earlier in this chapter under the blah heading or this was covered in the chapter on blah blah would be helpful. As far as the info in the book goes I've found stuff in there that I can't find at CCO (it may be there but I can't find it) or anywhere other than maybe from tech in a TAC call. Either that or I've had to look for it in a dozen different places and now it's all together in one book. It's the best book I've found on using a PIX. Beats the Cisco Press book on the PIX by a long shot. Don't know about any others he's written. IMHO. Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sam Sneed Sent: Tuesday, January 28, 2003 9:57 AM To: [EMAIL PROTECTED] Subject: Re: Richard A. Deal Books [7:62027] His PIX firewall book is OK. It does have a lot of errors in it though. Hope his other books have proofreaders. Joseph R. Taylor wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Everyone, I'm interested in knowing how good Richard A. Deal's books are. Especially in reference to MCNS. Thank you in advance. Joseph R. Taylor MCSE,
Re: Richard A. Deal Books [7:62027]
I think one could say that Richard's books are really a great Deal! Guess you've heard that one before. :-) Anyway, we're glad you're writing them. Thanks. Priscilla Richard Deal wrote: GM, It depends :-). First, you typically get an advance. This varies, but can be between $5,000 and $15,000, depending on the subject (how hot it is) and the previous track record of the author. This money counts against any royalties that you make...which is why they call it an advance. You then get royalties. Royalties are based on net profit of the book. As an example, if a book says it costs $50 on the cover, this is considered gross profit. Net profit is what the publisher gets for the book. The publisher typically marks the book up by about 50%. This can vary depending on whether the book is hard or soft-bound, includes CDs, and its page length, as well as other things. So net profit on a $50 book is about $25. You get a percentage of the $25. Royalties can range anywhere from a very low 5% up to about %18 percent. Sometimes this is on a sliding scale. For instance, it might be that you get 8% for selling 5,000 copies and between 5,000 and 10,000 you get 10% and for anything above 10,000 copies, you get %12. As an example, if your percentage is 10% on a net profit of $25 a book, you only get $2.50 a book. Most technical writers don't get rich selling technical books. Most publishers are looking for average sales of 500 copies a month. So given $2.50 a book, you just make $1,250 for that month. Of course, if you had an advance of $10,000, this money goes to paying off the advance. So you might not see any real money until about 9 months later. A really hot topic typically sells more than 1,000 or 2,000 copies a month, but this doesn't happen too often. Of course, you might get really lucky, like Todd Lammle did when he came out with his first CCNA book. Rumor is that he sold over 250,000 copies in 18 months...talk about nice royalty checks :-). I got into the writing business by accident. In my first marriage, I was paying a lot of alimony and didn't have any spending money :-(. This is when Cisco's certifications were taking off. Since I taught these classes, and had a minor in English, I thought, hey, what the heck. It will at least give me some money to travel a bit. So my first contract was with the Coriolis Group to write a Cisco Switching book for Cisco's switching exam. Writing isn't for everyone. Constantly I get asked how easy is it, or how can even begin to write a book? Typically, I can get a first proof of the book done in 3-4 months, which is about 600-700 pages. It takes persistence. There are many a day when I don't feel like working at it. When I was writing my first book, I was under a lot of stress--working during the day and then writing 3-4 hours every night. And then writing every weekend. Today, my schedule is much more flexible Cheers! -- Richard A. Deal Visit my home page at http://home.cfl.rr.com/dealgroup/ Author of Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP Remote Access Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco LAN Switch Configuration Exam Cram Cisco Test Prep author for QuizWare, providing the most comprehensive Cisco exams on the market. Mossburg, Geoff (MAN-Corporate) wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I know a lot of people on this group have been published, some multiple times, and I hope I'm not offending anyone by asking this question: How well does a book publisher pay for the books you write? I'm not expecting any specific figures, but a ballpark figure would be interesting. Thanks! GM -Original Message- From: Richard Deal [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 28, 2003 7:24 PM To: [EMAIL PROTECTED] Subject: Re: Richard A. Deal Books [7:62027] Mark, Thanks for the kudos. I worked really hard on the book and I know, after having written 6 books, that you can't please everyone. However, of all of the books that I've written, I'm proudest of this book. Yes, there are some errors that slipped in during my last review of the book and when it went to production, which does, unfortunately, happen. But as I discover these, I put them on my web site. As to my MCNS book, which is what the first poster asked, I had finished it, but before it went to print, the publisher (The Coriolis Group) went out of business. Since the MCNS has changed, I've decided not to create a new book. I'm getting a contract this week to write a CCNA book for McGraw-Hill and have been desparately trying to convince them to write a Cisco VPN book--one that covers ALL aspects of VPNS with Cisco products--PIX, router, concentrator, and their software clients. If you have any questions about my PIX book, please don't hesitate in shooting me an email.
RE: IPSec over Tunnel - not working !! [7:62124]
Hello You should not encrypt the tunnel network itself. First line of access-list 199 should be: access-list 199 deny ip 120.20.59.0 0.0.0.255 120.20.59.0 0.0.0.255 The router can not build an OSPF adjacency on encrypted traffic. see you Claudio Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62132t=62124 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: debug commands [7:62107]
Hi Yes you have to configure an access-list that allows only this particular host. Then - debug ip packets (access-list X) Make sure you have configured no logging console on your router in advance. This way you don't risk to crash the router so easily. If you only want to see what traffic that this host generates you can also configure ip accounting on the outbound interface. see you Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62133t=62107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IP unnumbered for HDLC connection [7:62134]
HI All I have simple configuration of HDLC connected back to back. If i give ip unnumbered at one end and the static ip address at the other end, I cant ping the either end. But when i give show ip int brief, it shows the line and protocol are up. If i give ip unnumbered at both ends, now i am able to ping either end. could anybody help me out in this. Regards Deepak Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62134t=62134 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP unnumbered for HDLC connection [7:62134]
Hi Deepak When you configure ip unnnumbered on an interfaces it looks like an interface with a /0 mask. On the other side with a configured ip address on the interface you have a different mask. So the two connected interfaces don't belong to the same network. What you could do is to configure on the router with the static ip address a route outwards the connecting interface for the other router's network. But I have never tried this before. The interface an line protocol will come undependently of the configured ip address. see you Claudio Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62135t=62134 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: URGENT HSRP PROBLEM [7:62064]
hi this is a strange thing. If the routers are connected via a switch make sure that port security is disabled because the actice router has 2 MAC Adresses for the HSRP interface. see you Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62136t=62064 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP unnumbered for HDLC connection [7:62134]
Hi Claudio Thanks for quick response. But i have tried that options. i defined a static ip route to the network on the other end through the connecting interface.it did work. But when i am using the routing protocol, i am not able to ping either end. But if i make the other end also unnumbered, n run the routing protocol, then i am able to ping either end. Regards Deepak Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62137t=62134 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP prefix list question [7:62138]
Hello, I've a question about BGP prefix-lists. In BGP prefix commands the operators le and ge can be used. For instance: ip prefix-list abc permit 0.0.0.0/0 ge 8 le 24 I suppose that the e in le and ge means equal to, doesn't it? I ask this because Cisco's prefix-list documentation is sometimes ambiguous with respect to ranges and equations (at least for me as a non-native English speaker): - from 8 to 24. This includes (both 8 and) 24, doesn't it? - up to 24. This includes 24, doesn't it? - greater than 25. In my opinion this does not include 25, but in some prefix-list examples Cisco suggests it is included. - less than 16. In my opinion this does not include 16, but in some prefix-list examples Cisco suggests it is included. Thanks for any comments. Eric Brouwers Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62138t=62138 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Richard A. Deal Books [7:62027]
You know, Richard might want to think about writing a book on how to write and sell books! Thank you very much to everyone for your answers; I've always wondered what goes into this, behind the scenes! Geoff Mossburg -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 3:48 PM To: [EMAIL PROTECTED] Subject: Re: Richard A. Deal Books [7:62027] I think one could say that Richard's books are really a great Deal! Guess you've heard that one before. :-) Anyway, we're glad you're writing them. Thanks. Priscilla Richard Deal wrote: GM, It depends :-). First, you typically get an advance. This varies, but can be between $5,000 and $15,000, depending on the subject (how hot it is) and the previous track record of the author. This money counts against any royalties that you make...which is why they call it an advance. You then get royalties. Royalties are based on net profit of the book. As an example, if a book says it costs $50 on the cover, this is considered gross profit. Net profit is what the publisher gets for the book. The publisher typically marks the book up by about 50%. This can vary depending on whether the book is hard or soft-bound, includes CDs, and its page length, as well as other things. So net profit on a $50 book is about $25. You get a percentage of the $25. Royalties can range anywhere from a very low 5% up to about %18 percent. Sometimes this is on a sliding scale. For instance, it might be that you get 8% for selling 5,000 copies and between 5,000 and 10,000 you get 10% and for anything above 10,000 copies, you get %12. As an example, if your percentage is 10% on a net profit of $25 a book, you only get $2.50 a book. Most technical writers don't get rich selling technical books. Most publishers are looking for average sales of 500 copies a month. So given $2.50 a book, you just make $1,250 for that month. Of course, if you had an advance of $10,000, this money goes to paying off the advance. So you might not see any real money until about 9 months later. A really hot topic typically sells more than 1,000 or 2,000 copies a month, but this doesn't happen too often. Of course, you might get really lucky, like Todd Lammle did when he came out with his first CCNA book. Rumor is that he sold over 250,000 copies in 18 months...talk about nice royalty checks :-). I got into the writing business by accident. In my first marriage, I was paying a lot of alimony and didn't have any spending money :-(. This is when Cisco's certifications were taking off. Since I taught these classes, and had a minor in English, I thought, hey, what the heck. It will at least give me some money to travel a bit. So my first contract was with the Coriolis Group to write a Cisco Switching book for Cisco's switching exam. Writing isn't for everyone. Constantly I get asked how easy is it, or how can even begin to write a book? Typically, I can get a first proof of the book done in 3-4 months, which is about 600-700 pages. It takes persistence. There are many a day when I don't feel like working at it. When I was writing my first book, I was under a lot of stress--working during the day and then writing 3-4 hours every night. And then writing every weekend. Today, my schedule is much more flexible Cheers! -- Richard A. Deal Visit my home page at http://home.cfl.rr.com/dealgroup/ Author of Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP Remote Access Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco LAN Switch Configuration Exam Cram Cisco Test Prep author for QuizWare, providing the most comprehensive Cisco exams on the market. Mossburg, Geoff (MAN-Corporate) wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I know a lot of people on this group have been published, some multiple times, and I hope I'm not offending anyone by asking this question: How well does a book publisher pay for the books you write? I'm not expecting any specific figures, but a ballpark figure would be interesting. Thanks! GM -Original Message- From: Richard Deal [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 28, 2003 7:24 PM To: [EMAIL PROTECTED] Subject: Re: Richard A. Deal Books [7:62027] Mark, Thanks for the kudos. I worked really hard on the book and I know, after having written 6 books, that you can't please everyone. However, of all of the books that I've written, I'm proudest of this book. Yes, there are some errors that slipped in during my last review of the book and when it went to production, which does, unfortunately, happen. But as I discover these, I put them on my web site. As to my MCNS book, which is what the first poster asked, I had finished it, but before it went to print, the publisher (The Coriolis Group) went out of business. Since the MCNS has changed,
Re: BGP prefix list question [7:62138]
This is a minor detail that a lot of documentation assumes you know already, which is a bad assumption. le = less than or equal to, ge = greater than or equal to. Read the prefix lists in that manner and they suddenly make a lot more sense! HTH, John ericbrouwers 1/29/03 2:44:47 PM Hello, I've a question about BGP prefix-lists. In BGP prefix commands the operators le and ge can be used. For instance: ip prefix-list abc permit 0.0.0.0/0 ge 8 le 24 I suppose that the e in le and ge means equal to, doesn't it? I ask this because Cisco's prefix-list documentation is sometimes ambiguous with respect to ranges and equations (at least for me as a non-native English speaker): - from 8 to 24. This includes (both 8 and) 24, doesn't it? - up to 24. This includes 24, doesn't it? - greater than 25. In my opinion this does not include 25, but in some prefix-list examples Cisco suggests it is included. - less than 16. In my opinion this does not include 16, but in some prefix-list examples Cisco suggests it is included. Thanks for any comments. Eric Brouwers Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62140t=62138 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPSec over Tunnel - not working !! [7:62124]
Hi, First, you should apply the crypto to the physical an the logical interfaces. Second, define only gre traffic for the access-list Third, try to change the IP MTU size because the fragmentation (1440 or lower ) or configure the interface command ip ospf mtu-ignore Last of all, multicast traffic cannot be normally be encrypted, that is the reason to use a GRE tunnel and then encrypt GRE traffic Cheers, Jose Claudio Spescha wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello You should not encrypt the tunnel network itself. First line of access-list 199 should be: access-list 199 deny ip 120.20.59.0 0.0.0.255 120.20.59.0 0.0.0.255 The router can not build an OSPF adjacency on encrypted traffic. see you Claudio Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62141t=62124 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP unnumbered for HDLC connection [7:62134]
Which is failing to get to the other side? The ping (echo) or the ping reply (echo reply). Pinging could fail for either reason. Debug icmp and you might get more info. Also, send us your configs. Help us help you. Priscilla Deepak N wrote: Hi Claudio Thanks for quick response. But i have tried that options. i defined a static ip route to the network on the other end through the connecting interface.it did work. But when i am using the routing protocol, i am not able to ping either end. But if i make the other end also unnumbered, n run the routing protocol, then i am able to ping either end. Regards Deepak Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62142t=62134 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP unnumbered for HDLC connection [7:62134]
Hi What kind of routing protocol are you using? Ospf can not build an adjacency this way. With other routing protocols you should be able to exchange routing tables. But you won't be able to send traffic, because the router does not know where the next-hop address is. So you still need this static route to tell the router where the next-hop address is reachable. see you Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62143t=62134 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
what the h... - strange problem - Cisco doesn't like Windows? [7:62144]
I ran across a strange problem with one of our POPs the other day, and am in the process of researching/troubleshooting it. We have a configuration something like this: Internet---2500---AS5300---D/U Users Not shown is a LAN connected to the 2nd Ethernet on the 2500. All connections to the shared Ethernet are via a Kmart bluelight special hub. The connection to the Internet is a T-1 FR. Neither the 2500 nor the T-1 is anywhere close to being overloaded. We are not doing any content filtering, nor have any access lists been applied, nor are any sites blocked. The connection works great...email, web browsing, etc. all work just fine. The only problem is that users can only download UNIX and Mac flavored files, but not anything that smacks of Windows. For example, they can down the .gz/tar and .sft files for a SSH client for example, but can not download its .exe or .zip counterpart for Windows! Take the same .exe and .zip file, and rename it with a UNIX or Mac filename extension, and you can download it. Surprisingly enough, the problem does not lie with the users. I took a clean laptop to the site, and encountered the same results. Has anyone ever experienced a problem like this? Could this be a bug in the IOS on the 2500? Any suggestions would be welcome. TIA, Charles Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62144t=62144 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: wireless [7:62104]
John, It's a little dated, but alot of folks like 802.11 Wireless Networks: The Definitive Guide (O'Reilly Networking) (Matthew S. Gast). I have that book and it provides some very good detail on A and B, but little on G which just emerging as the book went to press. The below is an excellent starting URL for info: http://www.drizzle.com/~aboba/IEEE/ HTH, Charles John Hutchison wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm navigating the Cisco site as well as whatever google comes up with, but I'm having a very difficult time finding any decent reference material for 802.11. I work for an ISP and unfortunately, we've been left in a position of not having anyone left who's well versed in wireless access. We have several towers and many wireless customers and as things fell, I'm the one in charge of taking care of these customers. I am looking for a good, full understanding of wireless. We use breezecom and cisco equipment. Any URL or book references would be greatly appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62145t=62104 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP unnumbered for HDLC connection [7:62134]
Hi all The following are the configurations of the routers and the ping outputs. I have given 3 cases. 1) When ip unnumbered at one end and static routes are defined sdmheadend#sh run Building configuration... Current configuration : 1115 bytes ! version 12.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname sdmheadend ! ! ! ! ip subnet-zero ! ! ! ip audit notify log ip audit po max-events 100 ! ! ! voice call carrier capacity active ! ! ! ! ! ! ! ! ! mta receive maximum-recipients 0 ! ! ! ! interface FastEthernet0/0 ip address 172.20.110.10 255.255.255.192 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface ATM1/0 no ip address shutdown no atm ilmi-keepalive dsl operating-mode auto no fair-queue ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface Serial1/0 ip address 12.12.12.1 255.255.255.0 no fair-queue clockrate 200 ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface Serial1/1 no ip address shutdown clockrate 200 ! ip classless ip route 200.200.200.0 255.255.255.0 Serial1/0 ip http server ! ! ! ! call rsvp-sync ! ! mgcp profile default ! dial-peer cor custom ! ! ! ! ! line con 0 line aux 0 line vty 0 4 ! ! end sdmheadend# ping 200.200.200.11 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 200.200.200.11, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms sdmheadend# switchrouter#sh run Building configuration... Current configuration : 746 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname switchrouter ! ! memory-size iomem 5 ip subnet-zero ! ! ! ip audit notify log ip audit po max-events 100 ip ssh time-out 120 ip ssh authentication-retries 3 ! ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 200.200.200.11 255.255.255.0 ! interface FastEthernet0/0 no ip address shutdown speed auto ! interface Serial0/0 ip unnumbered Loopback0 no fair-queue ! interface Serial0/1 no ip address shutdown ! ip classless ip route 12.12.12.0 255.255.255.0 Serial0/0 no ip http server ip pim bidir-enable ! ! ! call rsvp-sync ! dial-peer cor custom ! ! ! ! line con 0 line aux 0 line vty 0 4 ! no scheduler allocate end switchrouter#ping 12.12.12.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.12.12.1, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms switchrouter# 2) When routing protocol RIP is running sdmheadend#sh run Building configuration... Current configuration : 1099 bytes ! version 12.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname sdmheadend ! ! ! ! ip subnet-zero ! ! ! ip audit notify log ip audit po max-events 100 ! ! ! voice call carrier capacity active ! ! ! ! ! ! ! ! ! mta receive maximum-recipients 0 ! ! ! ! interface FastEthernet0/0 ip address 172.20.110.10 255.255.255.192 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface ATM1/0 no ip address shutdown no atm ilmi-keepalive dsl operating-mode auto no fair-queue ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface Serial1/0 ip address 12.12.12.1 255.255.255.0 no fair-queue clockrate 200 ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface Serial1/1 no ip address shutdown clockrate 200 ! router rip network 12.0.0.0 ! ip classless ip http server ! ! ! ! call rsvp-sync ! ! mgcp profile default ! dial-peer cor custom ! ! ! ! ! line con 0 line aux 0 line vty 0 4 ! ! end sdmheadend# ping 200.200.200.11 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 200.200.200.11, timeout is 2 seconds: . Success rate is 0 percent (0/5) sdmheadend# switchrouter#sh run Building configuration... Current configuration : 738 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname switchrouter ! ! memory-size iomem 5 ip subnet-zero ! ! ! ip audit notify log ip audit po max-events 100 ip ssh time-out 120 ip ssh authentication-retries 3 ! ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 200.200.200.11 255.255.255.0 ! interface FastEthernet0/0 no ip address shutdown speed auto ! interface Serial0/0 ip unnumbered Loopback0 no fair-queue ! interface Serial0/1 no ip address shutdown ! router rip network 200.200.200.0 ! ip classless no ip http server ip pim bidir-enable ! ! ! call rsvp-sync ! dial-peer cor custom ! ! ! ! line con 0 line aux 0 line vty 0 4 ! no scheduler allocate end switchrouter#ping 12.12.12.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.12.12.1, timeout is
Re: what the h... - strange problem - Cisco doesn't like [7:62147]
load a packet sniffer on the laptop and see what really happens. If you don't have one I know of a good free one . You install libpcap first, reboot and then install analyzer. http://winpcap.polito.it/install/default.htm http://analyzer.polito.it/install/default.htm Then you can see if the packets are coming back to you and if windows is dropping them for some reason. Charles Riley wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I ran across a strange problem with one of our POPs the other day, and am in the process of researching/troubleshooting it. We have a configuration something like this: Internet---2500---AS5300---D/U Users Not shown is a LAN connected to the 2nd Ethernet on the 2500. All connections to the shared Ethernet are via a Kmart bluelight special hub. The connection to the Internet is a T-1 FR. Neither the 2500 nor the T-1 is anywhere close to being overloaded. We are not doing any content filtering, nor have any access lists been applied, nor are any sites blocked. The connection works great...email, web browsing, etc. all work just fine. The only problem is that users can only download UNIX and Mac flavored files, but not anything that smacks of Windows. For example, they can down the .gz/tar and .sft files for a SSH client for example, but can not download its .exe or .zip counterpart for Windows! Take the same .exe and .zip file, and rename it with a UNIX or Mac filename extension, and you can download it. Surprisingly enough, the problem does not lie with the users. I took a clean laptop to the site, and encountered the same results. Has anyone ever experienced a problem like this? Could this be a bug in the IOS on the 2500? Any suggestions would be welcome. TIA, Charles Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62147t=62147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: what the h... - strange problem - Cisco doesn't like [7:62148]
Sorry, should have mentioned. I get the same result whether the user system is UNIX, Mac, or Windows...it plays havoc with .exe and .zip. That is a good suggestion, though, about the sniffer...that is about the only thing I haven't tried yet. The Kmart bluelight special hub is making me a little suspicious... Thanks, Charles Sam Sneed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... load a packet sniffer on the laptop and see what really happens. If you don't have one I know of a good free one . You install libpcap first, reboot and then install analyzer. http://winpcap.polito.it/install/default.htm http://analyzer.polito.it/install/default.htm Then you can see if the packets are coming back to you and if windows is dropping them for some reason. Charles Riley wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I ran across a strange problem with one of our POPs the other day, and am in the process of researching/troubleshooting it. We have a configuration something like this: Internet---2500---AS5300---D/U Users Not shown is a LAN connected to the 2nd Ethernet on the 2500. All connections to the shared Ethernet are via a Kmart bluelight special hub. The connection to the Internet is a T-1 FR. Neither the 2500 nor the T-1 is anywhere close to being overloaded. We are not doing any content filtering, nor have any access lists been applied, nor are any sites blocked. The connection works great...email, web browsing, etc. all work just fine. The only problem is that users can only download UNIX and Mac flavored files, but not anything that smacks of Windows. For example, they can down the .gz/tar and .sft files for a SSH client for example, but can not download its .exe or .zip counterpart for Windows! Take the same .exe and .zip file, and rename it with a UNIX or Mac filename extension, and you can download it. Surprisingly enough, the problem does not lie with the users. I took a clean laptop to the site, and encountered the same results. Has anyone ever experienced a problem like this? Could this be a bug in the IOS on the 2500? Any suggestions would be welcome. TIA, Charles Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62148t=62148 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: what the h... - strange problem - Cisco doesn't like [7:62149]
That HUB doesn't know the difference between the various file name extensions and neither does the router. UNIX comes with tcpdump so there's no need to load the sniffer. Also run the debug command on the router to see if the packets are going through it if you don't see them getting to the UNIX box in tcpdump outputs. sounds like someone's content filtering upstream. Most admins will block .zip and exe but aren't concerned with the UNIX .tar and .gz variants. You'll know this for sure when you run the debug command on the router, Charles Riley wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Sorry, should have mentioned. I get the same result whether the user system is UNIX, Mac, or Windows...it plays havoc with .exe and .zip. That is a good suggestion, though, about the sniffer...that is about the only thing I haven't tried yet. The Kmart bluelight special hub is making me a little suspicious... Thanks, Charles Sam Sneed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... load a packet sniffer on the laptop and see what really happens. If you don't have one I know of a good free one . You install libpcap first, reboot and then install analyzer. http://winpcap.polito.it/install/default.htm http://analyzer.polito.it/install/default.htm Then you can see if the packets are coming back to you and if windows is dropping them for some reason. Charles Riley wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I ran across a strange problem with one of our POPs the other day, and am in the process of researching/troubleshooting it. We have a configuration something like this: Internet---2500---AS5300---D/U Users Not shown is a LAN connected to the 2nd Ethernet on the 2500. All connections to the shared Ethernet are via a Kmart bluelight special hub. The connection to the Internet is a T-1 FR. Neither the 2500 nor the T-1 is anywhere close to being overloaded. We are not doing any content filtering, nor have any access lists been applied, nor are any sites blocked. The connection works great...email, web browsing, etc. all work just fine. The only problem is that users can only download UNIX and Mac flavored files, but not anything that smacks of Windows. For example, they can down the .gz/tar and .sft files for a SSH client for example, but can not download its .exe or .zip counterpart for Windows! Take the same .exe and .zip file, and rename it with a UNIX or Mac filename extension, and you can download it. Surprisingly enough, the problem does not lie with the users. I took a clean laptop to the site, and encountered the same results. Has anyone ever experienced a problem like this? Could this be a bug in the IOS on the 2500? Any suggestions would be welcome. TIA, Charles Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62149t=62149 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: what the h... - strange problem - Cisco doesn't like [7:62150]
Charles; Give us more detail. I'm taking you to say that dial-up users connect to a server somewhere on the Internet to download files. Any particular servers or any server out on the Internet? They are using FTP? Any difference between active or passive mode? You did not mention any servers at the POP location. Any strange MTU configured anywhere? -Original Message- From: Charles Riley [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 4:17 PM To: [EMAIL PROTECTED] Subject: what the h... - strange problem - Cisco doesn't like Windows? [7:62144] I ran across a strange problem with one of our POPs the other day, and am in the process of researching/troubleshooting it. We have a configuration something like this: Internet---2500---AS5300---D/U Users Not shown is a LAN connected to the 2nd Ethernet on the 2500. All connections to the shared Ethernet are via a Kmart bluelight special hub. The connection to the Internet is a T-1 FR. Neither the 2500 nor the T-1 is anywhere close to being overloaded. We are not doing any content filtering, nor have any access lists been applied, nor are any sites blocked. The connection works great...email, web browsing, etc. all work just fine. The only problem is that users can only download UNIX and Mac flavored files, but not anything that smacks of Windows. For example, they can down the .gz/tar and .sft files for a SSH client for example, but can not download its .exe or .zip counterpart for Windows! Take the same .exe and .zip file, and rename it with a UNIX or Mac filename extension, and you can download it. Surprisingly enough, the problem does not lie with the users. I took a clean laptop to the site, and encountered the same results. Has anyone ever experienced a problem like this? Could this be a bug in the IOS on the 2500? Any suggestions would be welcome. TIA, Charles Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62150t=62150 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP unnumbered for HDLC connection [7:62134]
Hi Give us a look at the routing table from both routers. The router with the configured ip address on the Serial interface does not know how to get to the next hop address. Do you see in the routing table the next-hop address or the outbound interface? see you Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62151t=62134 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Defautl VLAN woes [7:62152]
All, This will probably sound like a horrendous situation but unfortunately networks are not always master-planned communities! However, I have a Cisco router connected to a 2924 switch connected to a Riverstone 8600 There are 2 100FX connections coming from the GSR to the 2924 and 2 10/100 (Cu) connection from the 2924 to the 8600 (yes, a loop) The first connection is a routed connection with the GSR and the 8600 both having L3 addresses on their respective ports ( .1 and .2 /30) The second connection is a L2 tagged connection trunking VLANs 25 and 26. When I set the 2924 for switchport mode multi it will move the VLANS but raises hell since the MTU is off and there is packet loss. To fix that scenario I use siwtchport mode trunk to get the right MTU. But my problem is this..in trunk mode the defualt VLAN, VLAN 1 is automatically included. I have tried to remove it (switchport mode trunk allowed-vlans remove 1) but it does not remove. I can exclude the default VLAN on the riverstone, but wiht the Cisco transporting it the RS freaks out since it hears it's own MAC on two different ports. The RS had no problem when the Cisco was in multi mode since the default VLAN was not transported x.x.64.1/30 x.x.64.2/30 GSR 7/0 2924 -- et.2.2 RS8600 7/1 -- 25-- ---25- et.2.4 My question/problems: Does anyone know if it is possible to have a trunk on a 2924 and not include VLAN1 ? Is my only other alternate to make the routed connection connect to access ports on the 2924 and exclude that VLAN from the trunk on the tagged connection? Any ideas? Thanks for you time and in advance for any help, Jim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62152t=62152 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP unnumbered for HDLC connection [7:62134]
So it fails when you have numbered on one side and unnumbered on the other side and you are running RIP? What did show ip route tell you when the problem occured? Were the relevant routes in both routers' tables? What address does sdmheadend use to send the echo? If it's using 172.20.110.10, then it won't work because switchrouter doesn't have a route back to that. It only has a route back to 12.0.0.0? With extended ping you can set the ip address that the router should use. Also, enable debug ip icmp (on a non-operational router anyway) and see what's really happening. Also, see the last message from Claudio. It may have something to do with sdmheadend not having a valid next hop address since its next hop is unnumbered, but then we would expect when they are both unnumbered and the loopbacks are in different subnets, there would be a problem too, and there isn't. Anyway, show ip route should tell you a lot. Priscilla Deepak N wrote: Hi all The following are the configurations of the routers and the ping outputs. I have given 3 cases. 1) When ip unnumbered at one end and static routes are defined sdmheadend#sh run Building configuration... Current configuration : 1115 bytes ! version 12.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname sdmheadend ! ! ! ! ip subnet-zero ! ! ! ip audit notify log ip audit po max-events 100 ! ! ! voice call carrier capacity active ! ! ! ! ! ! ! ! ! mta receive maximum-recipients 0 ! ! ! ! interface FastEthernet0/0 ip address 172.20.110.10 255.255.255.192 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface ATM1/0 no ip address shutdown no atm ilmi-keepalive dsl operating-mode auto no fair-queue ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface Serial1/0 ip address 12.12.12.1 255.255.255.0 no fair-queue clockrate 200 ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface Serial1/1 no ip address shutdown clockrate 200 ! ip classless ip route 200.200.200.0 255.255.255.0 Serial1/0 ip http server ! ! ! ! call rsvp-sync ! ! mgcp profile default ! dial-peer cor custom ! ! ! ! ! line con 0 line aux 0 line vty 0 4 ! ! end sdmheadend# ping 200.200.200.11 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 200.200.200.11, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms sdmheadend# switchrouter#sh run Building configuration... Current configuration : 746 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname switchrouter ! ! memory-size iomem 5 ip subnet-zero ! ! ! ip audit notify log ip audit po max-events 100 ip ssh time-out 120 ip ssh authentication-retries 3 ! ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 200.200.200.11 255.255.255.0 ! interface FastEthernet0/0 no ip address shutdown speed auto ! interface Serial0/0 ip unnumbered Loopback0 no fair-queue ! interface Serial0/1 no ip address shutdown ! ip classless ip route 12.12.12.0 255.255.255.0 Serial0/0 no ip http server ip pim bidir-enable ! ! ! call rsvp-sync ! dial-peer cor custom ! ! ! ! line con 0 line aux 0 line vty 0 4 ! no scheduler allocate end switchrouter#ping 12.12.12.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.12.12.1, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms switchrouter# 2) When routing protocol RIP is running sdmheadend#sh run Building configuration... Current configuration : 1099 bytes ! version 12.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname sdmheadend ! ! ! ! ip subnet-zero ! ! ! ip audit notify log ip audit po max-events 100 ! ! ! voice call carrier capacity active ! ! ! ! ! ! ! ! ! mta receive maximum-recipients 0 ! ! ! ! interface FastEthernet0/0 ip address 172.20.110.10 255.255.255.192 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface ATM1/0 no ip address shutdown no atm ilmi-keepalive dsl operating-mode auto no fair-queue ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface Serial1/0 ip address 12.12.12.1 255.255.255.0 no fair-queue clockrate 200 ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface Serial1/1 no ip address shutdown clockrate 200 ! router rip network 12.0.0.0 ! ip classless ip
Re: what the h... - strange problem - Cisco doesn' [7:62148]
Consider your OSI layers. :-) A hub problem is very unlikely to cause such an issue. A generic router wouldn't either. This definitely seems like a Layer 7 problem. Someone is filtering on .exe and .zip. They just weren't smart enough to think about the UNIX and Mac equivalents. This could be an Intrustion Detection System or some sort of smart firewall. How are they downloading these? E-mail attachments maybe? Not letting users download .exe files via e-mail attachments might make a lot of sense as an e-mail server configuration. Anyway, start looking at Layer 7 and above (politics, policies). Question your Internet provider! Priscilla Charles Riley wrote: Sorry, should have mentioned. I get the same result whether the user system is UNIX, Mac, or Windows...it plays havoc with .exe and .zip. That is a good suggestion, though, about the sniffer...that is about the only thing I haven't tried yet. The Kmart bluelight special hub is making me a little suspicious... Thanks, Charles Sam Sneed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... load a packet sniffer on the laptop and see what really happens. If you don't have one I know of a good free one . You install libpcap first, reboot and then install analyzer. http://winpcap.polito.it/install/default.htm http://analyzer.polito.it/install/default.htm Then you can see if the packets are coming back to you and if windows is dropping them for some reason. Charles Riley wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I ran across a strange problem with one of our POPs the other day, and am in the process of researching/troubleshooting it. We have a configuration something like this: Internet---2500---AS5300---D/U Users Not shown is a LAN connected to the 2nd Ethernet on the 2500. All connections to the shared Ethernet are via a Kmart bluelight special hub. The connection to the Internet is a T-1 FR. Neither the 2500 nor the T-1 is anywhere close to being overloaded. We are not doing any content filtering, nor have any access lists been applied, nor are any sites blocked. The connection works great...email, web browsing, etc. all work just fine. The only problem is that users can only download UNIX and Mac flavored files, but not anything that smacks of Windows. For example, they can down the .gz/tar and .sft files for a SSH client for example, but can not download its .exe or .zip counterpart for Windows! Take the same .exe and .zip file, and rename it with a UNIX or Mac filename extension, and you can download it. Surprisingly enough, the problem does not lie with the users. I took a clean laptop to the site, and encountered the same results. Has anyone ever experienced a problem like this? Could this be a bug in the IOS on the 2500? Any suggestions would be welcome. TIA, Charles Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62154t=62148 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: what the h... - strange problem - Cisco doesn't like [7:62155]
When you say, sounds like someone's content filtering upstream, are you talking about the frame provider? Geoff Mossburg -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 5:50 PM To: [EMAIL PROTECTED] Subject: Re: what the h... - strange problem - Cisco doesn't like [7:62149] That HUB doesn't know the difference between the various file name extensions and neither does the router. UNIX comes with tcpdump so there's no need to load the sniffer. Also run the debug command on the router to see if the packets are going through it if you don't see them getting to the UNIX box in tcpdump outputs. sounds like someone's content filtering upstream. Most admins will block .zip and exe but aren't concerned with the UNIX .tar and .gz variants. You'll know this for sure when you run the debug command on the router, Charles Riley wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Sorry, should have mentioned. I get the same result whether the user system is UNIX, Mac, or Windows...it plays havoc with .exe and .zip. That is a good suggestion, though, about the sniffer...that is about the only thing I haven't tried yet. The Kmart bluelight special hub is making me a little suspicious... Thanks, Charles Sam Sneed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... load a packet sniffer on the laptop and see what really happens. If you don't have one I know of a good free one . You install libpcap first, reboot and then install analyzer. http://winpcap.polito.it/install/default.htm http://analyzer.polito.it/install/default.htm Then you can see if the packets are coming back to you and if windows is dropping them for some reason. Charles Riley wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I ran across a strange problem with one of our POPs the other day, and am in the process of researching/troubleshooting it. We have a configuration something like this: Internet---2500---AS5300---D/U Users Not shown is a LAN connected to the 2nd Ethernet on the 2500. All connections to the shared Ethernet are via a Kmart bluelight special hub. The connection to the Internet is a T-1 FR. Neither the 2500 nor the T-1 is anywhere close to being overloaded. We are not doing any content filtering, nor have any access lists been applied, nor are any sites blocked. The connection works great...email, web browsing, etc. all work just fine. The only problem is that users can only download UNIX and Mac flavored files, but not anything that smacks of Windows. For example, they can down the .gz/tar and .sft files for a SSH client for example, but can not download its .exe or .zip counterpart for Windows! Take the same .exe and .zip file, and rename it with a UNIX or Mac filename extension, and you can download it. Surprisingly enough, the problem does not lie with the users. I took a clean laptop to the site, and encountered the same results. Has anyone ever experienced a problem like this? Could this be a bug in the IOS on the 2500? Any suggestions would be welcome. TIA, Charles Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62155t=62155 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Defautl VLAN woes [7:62152]
To my knowledge, the IOS based switches I have in my network, the vlan 1 can't be removed from the trunks, in the case of 2924/2950/3524... Larry Letterman Network Engineer Cisco Systems - Original Message - From: Jim Devane To: Sent: Wednesday, January 29, 2003 3:53 PM Subject: Defautl VLAN woes [7:62152] All, This will probably sound like a horrendous situation but unfortunately networks are not always master-planned communities! However, I have a Cisco router connected to a 2924 switch connected to a Riverstone 8600 There are 2 100FX connections coming from the GSR to the 2924 and 2 10/100 (Cu) connection from the 2924 to the 8600 (yes, a loop) The first connection is a routed connection with the GSR and the 8600 both having L3 addresses on their respective ports ( .1 and .2 /30) The second connection is a L2 tagged connection trunking VLANs 25 and 26. When I set the 2924 for switchport mode multi it will move the VLANS but raises hell since the MTU is off and there is packet loss. To fix that scenario I use siwtchport mode trunk to get the right MTU. But my problem is this..in trunk mode the defualt VLAN, VLAN 1 is automatically included. I have tried to remove it (switchport mode trunk allowed-vlans remove 1) but it does not remove. I can exclude the default VLAN on the riverstone, but wiht the Cisco transporting it the RS freaks out since it hears it's own MAC on two different ports. The RS had no problem when the Cisco was in multi mode since the default VLAN was not transported x.x.64.1/30 x.x.64.2/30 GSR 7/0 2924 -- et.2.2 RS8600 7/1 -- 25-- ---25- et.2.4 My question/problems: Does anyone know if it is possible to have a trunk on a 2924 and not include VLAN1 ? Is my only other alternate to make the routed connection connect to access ports on the 2924 and exclude that VLAN from the trunk on the tagged connection? Any ideas? Thanks for you time and in advance for any help, Jim [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62156t=62152 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP unnumbered for HDLC connection [7:62134]
HI Claudio Please find the following for the different cases i mentioned. Regards Deepak 1)When ip unnumbered at one end and static routes are defined sdmheadend#sh ip rou Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set S200.200.200.0/24 is directly connected, Serial1/0 172.20.0.0/26 is subnetted, 1 subnets C 172.20.110.0 is directly connected, FastEthernet0/0 12.0.0.0/24 is subnetted, 1 subnets C 12.12.12.0 is directly connected, Serial1/0 sdmheadend# switchrouter#sh ip rou Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C200.200.200.0/24 is directly connected, Loopback0 12.0.0.0/24 is subnetted, 1 subnets S 12.12.12.0 is directly connected, Serial0/0 switchrouter# 2)When routing protocol RIP is running sdmheadend#sh ip rout Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 172.20.0.0/26 is subnetted, 1 subnets C 172.20.110.0 is directly connected, FastEthernet0/0 12.0.0.0/24 is subnetted, 1 subnets C 12.12.12.0 is directly connected, Serial1/0 sdmheadend# switchrouter#sh ip rou Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C200.200.200.0/24 is directly connected, Loopback0 switchrouter# 3)When both sides are unnumbered and running routing protocol sdmheadend#sh ip rou Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set R200.200.200.0/24 [120/1] via 200.200.200.11, 00:00:03, Serial1/0 20.0.0.0/24 is subnetted, 1 subnets C 20.20.20.0 is directly connected, Loopback0 172.20.0.0/26 is subnetted, 1 subnets C 172.20.110.0 is directly connected, FastEthernet0/0 sdmheadend# switchrouter#sh ip rou Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C200.200.200.0/24 is directly connected, Loopback0 20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks R 20.20.20.0/32 [120/1] via 20.20.20.1, 00:00:01, Serial0/0 R 20.0.0.0/8 [120/1] via 20.20.20.1, 00:00:01, Serial0/0 switchrouter# Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62157t=62134 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MPLS Traffic Engineering - 2500 router reset [7:61947]
with regards to the rsvp command, if there are any mpls routers between 'r2' 'r3' the interfaces that take part in the tunnel should be config'd for rsvp - also, make sure you don't 'over book' the interface another thing that appears to be missing from you config is the tunnel's path - the way I understand it is; you've got to set up an explicit path you can either specify another explicit path to be used if the 1st one is unavailable or you can specify that the dynamic path be used if the 1st explicit path is unavailable (you can set up multiple 'alternate paths') I hope that helps wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have the ip rsvp bandwidth 500 500 on the related interfaces. Is that what you mean? Charles @groupstudy.com em 27/01/2003 21:05:18 Favor responder a Charles Enviado Por: [EMAIL PROTECTED] Para: [EMAIL PROTECTED] cc: Assunto:Re: MPLS Traffic Engineering - 2500 router reset [7:61947] one of the things you have to do is use enable rsvp on all interfaces that will take part in the tunnel ... rsvp is used to 'reserve bandwidth for the tunnel' - the tunnel won't come up unless you do this I think the command is either 'rsvp bandwidth' or 'rsvp-bandwidth' wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... After the command tunnel mpls traffic-eng path-option 1 dynamic, the router reloads. The same happen with explicit path. The following message appear after reload: RSVP: must configure RSVP Bandwidth first. Any idea? R3 ip cef mpls traffic-eng tunnels ! interface Loopback0 ip address 3.3.3.3 255.255.255.255 ip router isis ! interface Serial0 no ip address encapsulation frame-relay fair-queue 64 64 64 ip rsvp signalling dscp 0 ! interface Serial0.32 point-to-point bandwidth 1000 ip address 192.168.23.2 255.255.255.0 ip router isis mpls traffic-eng tunnels frame-relay interface-dlci 132 ip rsvp bandwidth 500 500 ! interface Tunnel0 ip unnumbered Loopback0 tunnel destination 2.2.2.2 tunnel mode mpls traffic-eng tunnel mpls traffic-eng autoroute announce tunnel mpls traffic-eng priority 7 7 tunnel mpls traffic-eng bandwidth 100 ! router isis net 47....0003.00 is-type level-1 metric-style wide mpls traffic-eng router-id Loopback0 mpls traffic-eng level-1 ! end R2 ip cef mpls traffic-eng tunnels ! interface Loopback0 ip address 2.2.2.2 255.255.255.255 ip router isis ! interface Serial0 no ip address encapsulation frame-relay fair-queue 64 64 64 ip rsvp signalling dscp 0 ! interface Serial0.23 point-to-point bandwidth 1000 ip address 192.168.23.1 255.255.255.0 ip router isis mpls traffic-eng tunnels frame-relay interface-dlci 123 ip rsvp bandwidth 500 500 ! interface Tunnel0 ip unnumbered Loopback0 tunnel destination 3.3.3.3 tunnel mode mpls traffic-eng tunnel mpls traffic-eng autoroute announce tunnel mpls traffic-eng priority 7 7 tunnel mpls traffic-eng bandwidth 100 ! router isis net 47....0002.00 is-type level-1 metric-style wide mpls traffic-eng router-id Loopback0 mpls traffic-eng level-1 ! end R3(config-if)#tunnel mpls traffic-eng path-option 1 dynamic R3(config-if)# Buffered messages: 00:00:06: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up 00:00:06: %LINK-3-UPDOWN: Interface Ethernet1, changed state to up 00:00:06: %LINK-3-UPDOWN: Interface Serial0, changed state to up 00:00:06: %LINK-3-UPDOWN: Interface Serial1, changed state to down 00:00:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed sta te to up 00:00:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed s tate to up 00:00:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet1, changed s tate to down 00:00:19: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed sta te to down 00:00:21: %LINK-5-CHANGED: Interface Ethernet0, changed state to administrativ ely down 00:00:22: %LINK-5-CHANGED: Interface Ethernet1, changed state to administrativ ely down 00:00:22: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed sta te to up 00:00:22: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed s tate to down
RE: IP unnumbered for HDLC connection [7:62134]
Hi when i did debug ip icmp, i got the message that its unroutable when one end is numbered and the other end is unnumbered. This is expected because it doesnt have the next hop ip address to reach. But i expect the same behaviour when both are unnumbered. But it is able to send the rip updates and receive also therby reaching both ends. This is somewhat strange Regards Deepak Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62159t=62134 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP unnumbered for HDLC connection [7:62134]
Do these labs for better understanding... http://www.cisco.com/en/US/tech/tk648/tk365/technologies_tech_note09186a 0080094e8d.shtml WATCH THE WORD WRAP! Deepak N wrote: Hi all The following are the configurations of the routers and the ping outputs. I have given 3 cases. 1) When ip unnumbered at one end and static routes are defined sdmheadend#sh run Building configuration... Current configuration : 1115 bytes ! version 12.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname sdmheadend ! ! ! ! ip subnet-zero ! ! ! ip audit notify log ip audit po max-events 100 ! ! ! voice call carrier capacity active ! ! ! ! ! ! ! ! ! mta receive maximum-recipients 0 ! ! ! ! interface FastEthernet0/0 ip address 172.20.110.10 255.255.255.192 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface ATM1/0 no ip address shutdown no atm ilmi-keepalive dsl operating-mode auto no fair-queue ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface Serial1/0 ip address 12.12.12.1 255.255.255.0 no fair-queue clockrate 200 ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface Serial1/1 no ip address shutdown clockrate 200 ! ip classless ip route 200.200.200.0 255.255.255.0 Serial1/0 ip http server ! ! ! ! call rsvp-sync ! ! mgcp profile default ! dial-peer cor custom ! ! ! ! ! line con 0 line aux 0 line vty 0 4 ! ! end sdmheadend# ping 200.200.200.11 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 200.200.200.11, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms sdmheadend# switchrouter#sh run Building configuration... Current configuration : 746 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname switchrouter ! ! memory-size iomem 5 ip subnet-zero ! ! ! ip audit notify log ip audit po max-events 100 ip ssh time-out 120 ip ssh authentication-retries 3 ! ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 200.200.200.11 255.255.255.0 ! interface FastEthernet0/0 no ip address shutdown speed auto ! interface Serial0/0 ip unnumbered Loopback0 no fair-queue ! interface Serial0/1 no ip address shutdown ! ip classless ip route 12.12.12.0 255.255.255.0 Serial0/0 no ip http server ip pim bidir-enable ! ! ! call rsvp-sync ! dial-peer cor custom ! ! ! ! line con 0 line aux 0 line vty 0 4 ! no scheduler allocate end switchrouter#ping 12.12.12.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.12.12.1, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms switchrouter# 2) When routing protocol RIP is running sdmheadend#sh run Building configuration... Current configuration : 1099 bytes ! version 12.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname sdmheadend ! ! ! ! ip subnet-zero ! ! ! ip audit notify log ip audit po max-events 100 ! ! ! voice call carrier capacity active ! ! ! ! ! ! ! ! ! mta receive maximum-recipients 0 ! ! ! ! interface FastEthernet0/0 ip address 172.20.110.10 255.255.255.192 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface ATM1/0 no ip address shutdown no atm ilmi-keepalive dsl operating-mode auto no fair-queue ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface Serial1/0 ip address 12.12.12.1 255.255.255.0 no fair-queue clockrate 200 ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface Serial1/1 no ip address shutdown clockrate 200 ! router rip network 12.0.0.0 ! ip classless ip http server ! ! ! ! call rsvp-sync ! ! mgcp profile default ! dial-peer cor custom ! ! ! ! ! line con 0 line aux 0 line vty 0 4 ! ! end sdmheadend# ping 200.200.200.11 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 200.200.200.11, timeout is 2 seconds: . Success rate is 0 percent (0/5) sdmheadend# switchrouter#sh run Building configuration... Current configuration : 738 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname switchrouter ! ! memory-size iomem 5 ip subnet-zero ! ! ! ip audit notify log ip audit po max-events 100 ip ssh time-out 120 ip ssh authentication-retries 3 ! ! ! ! ! ! ! ! ! ! ! interface
MTU size for IPSec+GRE tunnel [7:62161]
Hi All, I am trying to avoid fragmentation of packets across the IPSec+GRE tunnel with transform-set using ah-sha-hmac AND esp-3des for header authentication and payload encryption. What size of MTU or TCP addjust-MSS should I use for maximum performance? I tried out couple values and found TCP adjust-mss of 1076 worked out OK most, but still don't understand why. According Cisco whitepaper, reducing MTU to about 1400 should void the fragmentation but it didn't work in my case. Please help. Thanks! Thomas Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62161t=62161 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Richard A. Deal Books [7:62027]
Having written one book and a bunch of web content, I can tell you that (IMHO) it's great to be able to keep updating and tinkering around with what you've done. Once something is printed on the page, it can haunt you forever - electronic documents, on the otherhand, can evolve over time to become better and better... I don't know if this is univerally true, but the best thing about writting a book for me was to be able to say I wrote a book... Getting a pat on the back from your mom, being able to send copies to a few old friends, monitoring the comments on Amazon, and getting e-mail from people who said it was useful; those were are the highlights for me. The actual process of writting is always painful, and that big a project can seem to take forever. That said, I'd do it again if I found a topic that interested me enough to spend four or five months buried in it... Just my $0.02 --- Dennis - Original Message - From: Priscilla Oppenheimer To: Sent: Wednesday, January 29, 2003 12:31 PM Subject: RE: Richard A. Deal Books [7:62027] Mossburg, Geoff (MAN-Corporate) wrote: I know a lot of people on this group have been published, some multiple times, and I hope I'm not offending anyone by asking this question: How well does a book publisher pay for the books you write? I'm not expecting any specific figures, but a ballpark figure would be interesting. Thanks! They don't pay you to write the book, but they do pay you royalties on the sales. So, how much you make depends on how well the book sells. Regardless, though, it's only a few dollars per book. We don't do it for the money. We do it because we have a lot to say! :-) The publisher gets most of the money made on sales. They incur costs printing the book, of course. They also incur many other costs. Personally, I think that they incur a lot of costs that they shouldn't. They redraw our figures, with the end result looking exactly the same except with numerous errors; they edit the material, with the end result being incomprehensible sentences in some cases; they layout the book pages, wrecking the flow in many cases, and so on. Some publishers, rumor has it, are trying to streamline this and are letting authors work with a WYSIWYG template that requires less messing with by non-technical people. People often complain about the quality of books. Someone said it was because it's easy to get a book deal these days. That's not true. (Maybe it was true during the boom?) The quality problem is due to the processes currently in use for producing books. I think Web-based training materials are much better in many ways. Now, I have done some work for CertificationZone, so I'm a bit biased, but I loved what they said in a recent e-mail about the advantages they have over books (more up-to-date, more accurate because they can more easily fix any errors, more interactive with color graphics, etc.) Priscilla GM -Original Message- From: Richard Deal [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 28, 2003 7:24 PM To: [EMAIL PROTECTED] Subject: Re: Richard A. Deal Books [7:62027] Mark, Thanks for the kudos. I worked really hard on the book and I know, after having written 6 books, that you can't please everyone. However, of all of the books that I've written, I'm proudest of this book. Yes, there are some errors that slipped in during my last review of the book and when it went to production, which does, unfortunately, happen. But as I discover these, I put them on my web site. As to my MCNS book, which is what the first poster asked, I had finished it, but before it went to print, the publisher (The Coriolis Group) went out of business. Since the MCNS has changed, I've decided not to create a new book. I'm getting a contract this week to write a CCNA book for McGraw-Hill and have been desparately trying to convince them to write a Cisco VPN book--one that covers ALL aspects of VPNS with Cisco products--PIX, router, concentrator, and their software clients. If you have any questions about my PIX book, please don't hesitate in shooting me an email. Thanks for your support! Cheers! Mark Smith wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I think his PIX book is very good. I've not found many errors in it but then maybe I've not looked at it in as much depth as you have. If I have a gripe about it it's for one thing. I use it as a desktop reference. Sometimes I'm looking up how to accomplish X and find out that before I can do that I need to accomplish A, B and/or C. The instructions will simply say That process was covered earlier and won't be repeated here. Now to accomplish X. Earlier? WhereEXACTLY? I've spent more time looking for earlier sometimes than I do accomplishing the task at hand. Earlier in this chapter under the blah
Re: what the h... - strange problem - Cisco doesn't like [7:62163]
my money's on content filtering by your upstream. did this ever work? I wonder if this is a spillover from last weekend's port 1434 (saphire) attacks. could be that some upstream engineer started filtering everything Microsoft to stop network overload. Charles Riley wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I ran across a strange problem with one of our POPs the other day, and am in the process of researching/troubleshooting it. We have a configuration something like this: Internet---2500---AS5300---D/U Users Not shown is a LAN connected to the 2nd Ethernet on the 2500. All connections to the shared Ethernet are via a Kmart bluelight special hub. The connection to the Internet is a T-1 FR. Neither the 2500 nor the T-1 is anywhere close to being overloaded. We are not doing any content filtering, nor have any access lists been applied, nor are any sites blocked. The connection works great...email, web browsing, etc. all work just fine. The only problem is that users can only download UNIX and Mac flavored files, but not anything that smacks of Windows. For example, they can down the .gz/tar and .sft files for a SSH client for example, but can not download its .exe or .zip counterpart for Windows! Take the same .exe and .zip file, and rename it with a UNIX or Mac filename extension, and you can download it. Surprisingly enough, the problem does not lie with the users. I took a clean laptop to the site, and encountered the same results. Has anyone ever experienced a problem like this? Could this be a bug in the IOS on the 2500? Any suggestions would be welcome. TIA, Charles Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62163t=62163 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF to Internet Q [7:61823]
I think I have reached my 'rule' actually. In a normal situation, I would want the Internet ASBRs injecting default routes on area 0, as that is where everything is passing through anyway. This assumes a 'clean' environment where the only things being routed in the OSPF AS are private addresses. If I had a 'messier' situation where public addresses were being used in the OSPF AS, and generally existed on the edges of the network, I may want to place the Internet ASBRs against these areas rather than area 0. Howard C. Berkowitz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Yes, it is an Internet ASBR, there are others, and its only purpose is to advertise a default route + local DMZ into OSPF. The ASBR would get a default route from BGP. In turn the ISP is advertising a default route via BGP into the outside router. The plan is that if the ISP stops advertising at this point, then the default route advertisement from one of the other ISP connection points will take over. I see it that it really depends on how much equipment is between the real backbone and the ISP connection. Can I assume, then, that you only want one active access point at a given time, OR that you want any given area to take the closest default based on OSPF internal cost? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62164t=61823 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
L3 Switching Swtich/Router Comparsion [7:62166]
Dear All, Need your advice on the following scenario: I am using VLANs to provide the partitons for the traffic (voice and data) from various departments. In order to provide routing between various VLANs, I would need a router to do so. Please advice if there are any difference in the functionalities etc. if I use 1) a L3 switch for routing between VLANs, 2) a L2 switch followed by a router for routing between VLANs. Thanks in advance! Maurice Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62166t=62166 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: L3 Switching Swtich/Router Comparsion [7:62166]
wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear All, Need your advice on the following scenario: I am using VLANs to provide the partitons for the traffic (voice and data) from various departments. In order to provide routing between various VLANs, I would need a router to do so. Please advice if there are any difference in the functionalities etc. if I use 1) a L3 switch for routing between VLANs, 2) a L2 switch followed by a router for routing between VLANs. 1) define functionality 2) define difference in either case, the net result is the same. for inter-vlan forwarding on the same box, the integrated L3 switch will be faster because a) electrons don't have to travel as far and b) the stripping and rewriting of L2 headers can be more efficiently done ( if it is necessary at all ) on the integrated L3 switch. once in a while this group has entertained the discussion of the relative merits of L3 switches versus routers. it occurs to me that at the electron level integrated L3 switching is indeed superior to routing, or at least inter-vlan routing versus router on a stick. Howard - care to offer your insight here? I'm talking about things as they happen at the EE level. Router on a stick has to be slower and less efficient than integrated L3 for inter-vlan routing. OTOH, I don't see any advantage for an integrated L3 switch acting solely as a router, forwarding traffic from itself to another router down the wire, all other things being equal. Thanks in advance! Maurice Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62167t=62166 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Wireless support exam (9E0-581 WLANFE) question [7:62085]
How close is Boson prep exam closed to the real thing? -E - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62085t=62085 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Do NOT by Cisco uBR924 on ebay.com [7:62081]
They stink. You can't use it at all. That's WHY those bad sellers put uBRs on sale... you can't use it at all! I knew it from the very beginning a device like that for only $60 bucks? Its retail price is something about $900,00. Why should someone sell this for 60 dollars?. My findings: - Most of the providers do NOT support it; - If they do support it, you will NOT be able to configure it at all. As soon as your modem downloads the DOCSIS file (the config file), it will wipe out your router's configuration and deny your access to the console port - You will probably have a plain vanilla modem, instead of a good router - You will probably waste your money - totally. If you want to set up a home internet connection with this device, I am 99% sure that it won't work. I'm very disappointed. I'll have to buy a like 831 ou at least a 806. Why did I buy this uBR924??!?!?!??!?!?!?!??!?!?!? Gr Leonardo Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62081t=62081 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]