RE: Modem Config [7:62479]

[Azhar Teza]

Thanks Scott !  I got modem to work, and can get to router prompt, but it's
doing the funny thing. It types twice eventhough I type it once.  For
example, if i type telnet command, it will type "ttlleenneett"", it's really
frustrating, it's a new 33.6 modem, but don't know why it is doing that.
Regards, Teza--- On Tue 02/04, Scott Terminiello <
[EMAIL PROTECTED] > wrote:From: Scott Terminiello [mailto:
[EMAIL PROTECTED]]To: [EMAIL PROTECTED],
[EMAIL PROTECTED]: Tue, 4 Feb 2003 22:08:30 -0500Subject: RE: Modem
Config [7:62479]Make sure the dip switch settings are as follows:1 UP Data
terminal ready normal2 UP Verbal result codes3 Down Display result codes4 UP
Echo offline commands5 UP Auto Answer first ring6 UP Carrier detect normal7
UP Load NVRAM defaults8 Down Smart ModeYou need to reverse telnet into the
modem to configure. When you reversetelnet enter the command string. Here is
a good link.http://www.cisco.com/warp/customer/471/mod-aux-exec.htmlGood
luck,Scott TerminielloPresidentScott Enterprises5 Whitney DriveMarlboro, NJ
07746-1241Office: (732)972-2698Email:
[EMAIL PROTECTED] Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf OfAzhar
TezaSent: Tuesday, February 04, 2003 9:08 PMTo: [EMAIL PROTECTED]:
Modem Config [7:62479]I am trying to setup a modem dialup for Cisco AUX or
Console port. Themodem connects fine, but then hangsand never goes to to the
router prompt. Is there any special configs for setting up 33.6 usroobotics
modem. Here iswhat I am doing: GLOBAL MODE:modemcap
entryusrobotics:MSC=&F1&D3S0=1 LINE MODE:line aux 0 modem
InOut modemautoconfigure type usrobotics transport input all speed 38400
flowcontrolhardware line con 0 modem InOut modem autoconfigure type
usroboticstransport input all speed 38400 flowcontrol hardware PIN 1, 3 AND
8 DOWN ANDTHE REST OF THEM UP. Any idea? Thanks,
Teza___Join Excite! -
http://www.excite.comThe most personalized portal on the Web!Message Posted
at:http://www.groupstudy.com/form/read.php?f=7&i=62479&t=62479--FAQ,
 list archives, and subscription info:http://www.groupstudy.com/list/cisco.htmlReport 
misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
Join Excite! - http://www.excite.com
The most personalized portal on the Web!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62566&t=62479
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: QOS Question [7:62351]

[Ivan Yip]

Hi,

CBWFQ will meet your requirement. If no VPN traffic, the rest will fill the
line.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62565&t=62351
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OT-Netscreen 5xp VPN very slow [7:62461]

[Ivan Yip]

Do you think it is the LAN negotiation problem? As 5XP only have 10M
interface.



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62564&t=62461
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OT-Netscreen 5xp VPN very slow [7:62461]

[William]

My mistake, I thought that you were implying that there was a performance
issue with that architecture.

Will Gragido CISSP CCNP CIPTSS CCDA MCP
9450 W. Bryn Mawr Ave.
Suite 325
Rosemont, Il 60018
www.ins.com
[EMAIL PROTECTED]


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, February 05, 2003 10:49 PM
To: [EMAIL PROTECTED]
Subject: RE: OT-Netscreen 5xp VPN very slow [7:62461]

William,

I just pointed out the one of the possible architecture.

VPN gateway I mentioned may be other vendors that can work with netscreen
like checkpoint... Any problems on my thought?

Ivan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62561&t=62461
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OT-Netscreen 5xp VPN very slow [7:62461]

[Ivan Yip]

William,

I just pointed out the one of the possible architecture.

VPN gateway I mentioned may be other vendors that can work with netscreen
like checkpoint... Any problems on my thought?

Ivan


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62559&t=62461
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IP SoftPhone- Problem [7:62558]

[Anil Kumar V]

Hi All,

I have a problem facing with IP SoftPhone. Let me explain
about the IP Telephone Network setup 
This is for one of the customer who has got an IP Telephone
Setup. The network is having a CCM 3.1(4) Version. Around 4
numbers of IP Phones (7960 & 7910) has been installed on
this network and all the phones are working perfectly. 
The customer has got one Cisco SoftPhone (v1.3). This
SoftPhone is installed on the one of the client Machine
which is having Windows XP as OS.

Below is the problem which I am facing. 
After installing & opening the Soft Phone, I am not able to
see any lines (extension) for the particular soft phone and
its coming as blank. I have configured the CTI Port, and i
have associated the device to the particular user. Inspite
of the same i am not able get any lines for the SoftPhone.
I have gone through the Cisco Documentation Cisco IP
SoftPhone Administration v 1.3. As per the documentation I
did the troubleshooting to find out what is the problem,
but not able to get a breakthrough. 
On the call manager I checked the event viewer and provides
follwoing error message.

2/4/20031:15:03 PM  Cisco CTIManagerError   None3   N/A
CALLMGR Error: kCtiIncompatibleProtocolVersion -
Incompatible protocol version.
  UNKNOWN_PARAMTYPE:Message Version: 196608
  UNKNOWN_PARAMTYPE:Minimum Version: 131072
  UNKNOWN_PARAMTYPE:Current Version: 131072
  App ID: Cisco CTIManager
  Cluster ID: CALLMGR-Cluster
  Node ID: CALLMGR
  Application ID: Cisco Telephony Call Dispatcher
  Process ID: 0
  Process Name: CtiHandler
  Provider Name: CTI Framework
Explanation: The JTAPI/TAPI application version is not
compatible with this version of CTIManager, so received
message has been rejected.
Recommended Action: Verify correct version of application
is being used; otherwise, contact TAC.. 


I installed the same software on another machine, tested it
and its working without any problem and I am able to place
the calls from the softphone to other IP Phones. 

Has anyone faced this porblem before? 

Can any one give idea / solution for this?

Regards...Anil 

__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62558&t=62558
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Specifying networks in OSPF - How? [7:62463]

[John Brandis]

I use OSPF quite a lot, and I have followed John/Chuck/Pricilla/Larry L
. and a few others and re-done my configs and moved the actual
interfaces into the ospf statements. I had problems the other way (maybe
because sometimes I rush through my configs and wonder why they don't work
the next day)

Jb
 

-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, 5 February 2003 8:13 AM
To: [EMAIL PROTECTED]
Subject: Re: Specifying networks in OSPF - How? [7:62463]

In OSPF, the network statement specifies which interfaces will
participate in OSPF routing.  Use whichever syntax you prefer.  Your
first example would cause all interfaces in the 10.10.10.0/24 range to
participate.  Your second example activates only the interface with the
IP address 10.10.10.1.  It really depends on what you're trying to
accomplish.

As a guideline, though, many including myself would suggest that you
always be as specific as possible, using one network statement with a
mask of 0.0.0.0 for each interface.  This is a little more work but it
reduces errors and aids in troubleshooting.

Regards,
John

>>> "Cisco Nuts"  2/4/03 1:52:53 PM >>>
Hello,

Is there a rule of thumb on specifying the network commands in an Ospf
FR 
topology?
Ex. for netw. 10.10.10.1/24,  would one specify under ospf:

#router ospf 1
#netw 10.10.10.0 0.0.0.255 area 0

OR

#router ospf 1
#netw 10.10.10.1 0.0.0.0 area 0

Which one??

Is the network specified or the host address itself. Does it depend if
it's 
a frame-relay full-mesh (ip ospf network broadcast/non-broadcast) or 
partial-mesh (ip ospf network point-to-multipoint) ?

Thank you.
Sincerely,
CN






_
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail
**

visit http://www.solution6.com

UK Customers - http://www.solution6.co.uk

**

The Solution 6 Head Office and NSW Branch has moved premises.
Please make sure you have updated your records with our new details.

Level 14, 383 Kent Street, Sydney NSW 2000.

General Phone: 61 2 9278 0666

General Fax: 61 2 9278 0555

**

This email message (and attachments) may contain information that is
confidential to Solution 6. If you are not the intended recipient you cannot
use, distribute or copy the message or attachments.  In such a case, please
notify the sender by return email immediately and erase all copies of the
message and attachments.  Opinions, conclusions and other information in
this message and attachments that do not relate to the official business of
Solution 6 are neither given nor endorsed by it.

*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62557&t=62463
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: SQLNET/TNS Firewall Rule [7:62472]

[d tran]

First of all, what version of Pix OS are you running?
I have a similar setup like yours with a "franken" pix firewall between 
an Oracle9i Server running on Linux and an Oracle9i Client running on 
a windows 2k machine.
I am running version 6.3(0) build 131 on my "franken" pix firewall and 
it works great connecting to port sqlnet 1521 on the Oracle server behind 
firewall.  Just make sure you have this in your pix configuration:
fixup protocol sqlnet 1521
Make sure that you're running version 6.2(2) or 6.3(0) build 131 beta and you
will be fine.
Have fun.
D.
 Paulo Roque  wrote:I have a PIX firewall between a oracle server and a
client.

The client always start a connection on port 1521 on the server.

The server always send a port redirect to the client informing the client to
start a new connection on second port.

This second port is always random, what makes me create a rule that permits
the client to connect to any port on the server. This situation is bad.

Is it possible to create a rule that restrict the client access to the
server and still permit the oracle connection to occur?











--
Eng. Paulo Roque
Network Engineer
Cisco Certified Network Associate
[EMAIL PROTECTED]
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62556&t=62472
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

WLAN Bridge [7:62555]

[Steiven Poh-\(Jaring MailBox\)]

Hi All,

I have two building linked up with WLAN Bridge 350, the question is how to
block the
DHCP of plant 2 reach Plant 1. Currently P1 DHCP goto P2 and P2 DHCP
goto P1.

Please HELP.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62555&t=62555
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: List of ip protocols [7:62460]

[Priscilla Oppenheimer]

Me wrote:
> 
> search for rfc1700

RFC 1700 has been superceded by the IANA Protocol Numbers and Assignment
Services. RFC 1700 hasn't been updated or re-released in RFC form in years.
See here:

http://www.iana.org/numbers.html

Priscilla


> 
> ""Symon Thurlow""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi all,
> >
> > Does anyone know of a reference list of ip protocols and
> their numbers
> >
> > For example gre = 47, tcp = 6? Etc
> >
> > Cheers,
> >
> > Symon
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62554&t=62460
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: T1 Csu dsu issue(commands) [7:62445]

[Simmi Singh]

Hi Dave
Thanx replying
is this in version 2 of  WIC-1DSU-T1 these commands work fine or what I
could not get u.
May be somebody else who has worked on WIC-1DSU-T1,please do send your
valuable comments if u have any.



MADMAN wrote:
> 
> The documentation is not very accurate on this as you have 
> discovered.Thanks for pointing this out, I am beta testing
> a version
> 2 of the WIC-1DSU-T1 and it is not optional, I will pass this
> on.
> 
>Aside from testing though I have never needed to change the
> default
> in the real world.  The defaults let you loop the CSU with a
> standard
> issue T-BERD.
> 
>Dave
> 
> Simmi Singh wrote:
> > I have 1 Port T1 CSU/DSU WAN Interface Card, 
> > some more problems I am facing are 
> > 1) when I am trying to give 
> > service-module t1 remote-loopback payload command with out
> any optional
> > parameter it does not work and gives that incomplete command
> error.where as
> > the V54 is optional parameter
> > 
> > 2) this combination of command also does not work and gives
> format error.
> > service-module t1 remote-loopback full alternate 
> > 
> > this both v54 and alternate are optional parameters as
> mentioned in the
> > documentation.
> > 
> >
>
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_command_reference_chapter09186a00800874e6.html#1019309
> > 
> > Please refer this link that these are optional parameters(v54
> and
> > alternate).
> > In my knowledge there could be 4 possible combinations but
> only two work
> > 
> > full 
> > full with alternate(doesnot work) 
> > payload(doesnot work) 
> > payload with v54 
> > 
> > Can anybody explain these also in additional to the previous
> doubts
> > mentioned below
> > --- 
> > 
> > 
> > Simmi Singh wrote: 
> > 
> >>Hi all, 
> >>while configuring the T1 CSU DSU card we use service-module 
> >>commands. 
> >>Here when I have the following command 
> >>service-module t1 remote-loopback {full | payload} [alternate
> |
> >>v54] 
> >>The default option is Full and payload loopbacks with 
> >>standard-loopup codes. and its mentioned in documentation
> also
> >>that by entering the service-module t1 remote-loopback
> command
> >>without specifying any keywords, you enable the
> standard-loopup
> >>codes, which use a 1-in-5 pattern for loopup and a 1-in-3 
> >>pattern for loopdown. 
> >>
> >>
> >>The calrifications needed are that 
> >>1) What is thedefault option for loopback.If I select the
> full option from
> > 
> > the cli then want to switch
> > 
> >>back to the default option, do the above command without 
> >>parameters will do that function 
> >>example 
> >>service-module t1 remote-loopback full alternate 
> >>
> >>
> >>then if i want to switch to default option will this work 
> >>
> >>service-module t1 remote-loopback 
> >>
> >>But I tried this command doesnot work(incomplete command) 
> >>so how to enable both payload and alternate with standard 
> >>loopup codes. 
> >>Just by negating the earlier command 
> >>is their some command for this 
> >>
> >>2) For what this default option used for 
> >>
> >>any help will be appreciated 
> -- 
> David Madland
> CCIE# 2016
> Sr. Network Engineer
> Qwest Communications
> 612-664-3367
> 
> "You don't make the poor richer by making the rich poorer."
> --Winston
> Churchill
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62553&t=62445
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: frame-relay theoretical topic / question [7:62517]

[Priscilla Oppenheimer]

Stull, Cory wrote:
> 
> 3 locations.   Milwaukee,  Madison, Greenbay. Milwaukee and
> Madison both
> have a 128k port 64k CIR. Greenbay has full T1 with 64k CIR.
>  
> From Milwaukee why is Greenbay's ping response times almost 3
> times faster
> than Madisons?   Wouldn't Milwaukee being the bottle neck of
> 128k port rate
> make both ping response times closer to the same? 

The Milwaukee router would be a bottleneck if you were sending more traffic
than the 128 Kbps interface can send. Once you start sending more than 128
Kbps, then the Milwaukee router has to start queuing packets, which would
introduce some delay. For the delay to be noticeable, you would have to be
doing quite a bit more than 128 Kbps. For it to be definitely noticable, you
would need to exceed the queue depth, resulting in dropped and retransmitted
packets. Does the router show that it is dropping any packets? What does the
router say the load on the serial interface is?

Where are the pings originating? What ping tool are you using? How much
bandwidth can it use? Are delays being introduced between your ping station
and the serial interface? For example, are they going across swithces or a
shared Ethernet segment?

My guess is that you aren't using 128 Kbps. 

Let's say that you are, though. Because Frame Relay is a packet-switched
network, packets could be queuing up more in the path to Madison compared to
the path to Greenbay. Also, of course, the egress FR relay switch in
Greenbay can whip out the packets much faster than the egress switch in
Madison which has just a 128 Kbps link, compared to the T1 link in Greenbay.

So, it might seem odd that packets can pick up speed, but due to the queuing
at routers and switches in the path, they can. They might get jumbled up at
some point, but then whipped out at 1.544 Mbps at another point.

I hope that explanation isn't too confusing and I hope you're not freezing
there in Wisconsin! :-)

Priscilla

>  Or is this
> like the
> highway theory of Greenbay has a Full T1 most of the way so you
> can go
> faster on that portion of the drive therefore the ping response
> times are
> much faster??
>  
> Thanks for any input.
>  
>  
>  
>  
> Cory
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62552&t=62517
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: SAFE exam (9e0-131) [7:62494]

[Dwayne Saunders]

Hi Keith,
I have just sat the safe exam and failed I went in after reading the safe
documents as well I have my CSS1
this exam seems fairly easy but I still failed After the exam I went home
and re read the safe documents and I personally can't see from the questions
asked how I failed but I did.

The questions  are mainly based on the safe whitepapers as well there are a
few simulators in the exam.

Hope this helps

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Hanna, Keith
Sent: Wednesday, 5 February 2003 21:10
To: [EMAIL PROTECTED]
Subject: SAFE exam (9e0-131) [7:62494]


Has anyone taken this exam yet?

I am about to register for it, and having read the blueprints, I'm not sure
I
understand what will be asked for.

Do I need to know actual recommend configs? Or is it more of a 'general'
overview? I have gone throught the blueprint several time, and if you don't
need to know actual config info, there doesn't appear to be that much to
need
to know?

Anyone care to comment?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62551&t=62494
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN Dialer Watch on 4500 [7:62423]

[Nelson Herron]

Of course I had to copy the wrong log file up yesterday (02/04/03 - recorded
as 02-05-03 4:01).  That one had a serious flaw that was corrected. This is
the one that should have been posted.  My apologies to everyone.


Following is the client/dial-up router  **

r4500b#sh run
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname r4500b
!
no logging buffered
enable secret 5 $1$dmkQ$LhX8ezIO8y81ypOR34wvt.
!
username r4000m password 0 wienerdog
ip subnet-zero
isdn switch-type basic-ni
!
!
!
interface Loopback0
 ip address 172.255.255.240 255.255.255.255
 no ip directed-broadcast
!
interface Loopback1
 ip address 172.18.200.9 255.255.255.248
 no ip directed-broadcast
!
interface Loopback2
 ip address 172.18.200.17 255.255.255.240
 no ip directed-broadcast
!
interface Loopback3
 ip address 172.18.200.33 255.255.255.224
 no ip directed-broadcast
!
interface Ethernet0
 no ip address
 no ip directed-broadcast
 media-type 10BaseT
!
interface Ethernet1
 ip address 172.18.15.254 255.255.255.0
 no ip directed-broadcast
 media-type 10BaseT
!
interface Serial0
 ip address 172.18.196.2 255.255.255.252
 no ip directed-broadcast
 shutdown
!
interface Serial1
 bandwidth 250
 ip address 172.18.200.2 255.255.255.252
 no ip directed-broadcast
!
interface BRI0
 ip address 192.254.254.1 255.255.255.252
 no ip directed-broadcast
 encapsulation ppp
 dialer idle-timeout 30
 dialer watch-disable 15
 dialer map ip 172.255.255.245 name r4000m broadcast 8358662
 dialer map ip 192.254.254.2 name r4000m broadcast 8358662
 dialer load-threshold 5 outbound
 dialer watch-group 10
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 0835866101
 isdn spid2 0835866301
 ppp authentication chap
 ppp multilink
!
interface BRI1
 no ip address
 no ip directed-broadcast
 shutdown
 isdn switch-type basic-ni
!
interface BRI2
 no ip address
 no ip directed-broadcast
 shutdown
 isdn switch-type basic-ni
!
interface BRI3
 no ip address
 no ip directed-broadcast
 shutdown
 isdn switch-type basic-ni
!
router eigrp 666
 network 172.18.0.0
 network 172.255.0.0
 network 192.254.254.0
 no auto-summary
!
ip classless
!
access-list 101 deny   eigrp any any
access-list 101 permit ip any any
dialer watch-list 10 ip 172.255.255.245 255.255.255.255
dialer-list 1 protocol ip list 101
!
line con 0
 session-timeout 2880 
 exec-timeout 2880 0
 logging synchronous
 transport input none
line aux 0
line vty 0 4
 session-timeout 2880 
 exec-timeout 2880 0
 password wiener
 login
!
end

r4500b#

Following is the dial-in router **

r4000m#sh run
Building configuration...

Current configuration : 2238 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname r4000m
!
no logging buffered
enable secret 5 $1$51sJ$.h3NUdXcZI/hNuQefakc60
!
username r4500b password 0 wienerdog
!
!
!
!
ip subnet-zero
no ip finger
!
!
!
!
source-bridge ring-group 100
source-bridge remote-peer 100 tcp 172.19.21.1
source-bridge remote-peer 100 tcp 172.19.21.5
source-bridge remote-peer 100 tcp 172.19.21.9
!
!
interface Loopback0
 ip address 172.255.255.245 255.255.255.255
!
interface Loopback1
 ip address 172.19.21.1 255.255.255.252
!
interface Loopback2
 ip address 172.18.196.9 255.255.255.248
!
interface Loopback3
 ip address 172.18.196.17 255.255.255.240
!
interface Loopback4
 ip address 172.18.196.33 255.255.255.224
!
interface Loopback5
 ip address 172.18.196.65 255.255.255.192
!
interface Loopback6
 ip address 172.18.196.129 255.255.255.128
!
interface Serial0
 bandwidth 250
 ip address 172.18.200.1 255.255.255.252
!
interface Serial1
 bandwidth 250
 ip address 172.18.196.2 255.255.255.252
!
interface TokenRing0
 no ip address
 shutdown
 ring-speed 16
 multiring all 
 source-bridge 10 1 100
 source-bridge spanning
!
interface BRI0
 ip address 192.254.254.2 255.255.255.252
 encapsulation ppp
 dialer idle-timeout 
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 0835866201
 isdn spid2 0835866401
 ppp authentication chap
!
interface BRI1
 no ip address
 shutdown
 isdn switch-type basic-ni
!
interface BRI2
 no ip address
 shutdown
 isdn switch-type basic-ni
!
interface BRI3
 no ip address
 isdn switch-type basic-ni
!
router eigrp 666
 network 172.18.196.0 0.0.0.3
 network 172.18.196.8 0.0.0.7
 network 172.18.196.16 0.0.0.15
 network 172.18.196.32 0.0.0.31
 network 172.18.196.64 0.0.0.63
 network 172.18.196.128 0.0.0.127
 network 172.18.200.0 0.0.0.3
 network 172.19.21.0 0.0.0.3
 network 172.255.255.245 0.0.0.0
 network 192.254.254.0 0.0.0.3
 no auto-summary
 no eigrp log-neighbor-changes
!
ip classless
no ip http server
!
dialer-list 1 protocol ip permit
!
!
line con 0
 session-timeout 2880 
 exec-timeout 2880 0
 logging synchronous
 transport input none
line aux 0
line vty 0 4
 session-timeout 2880 
 exec-timeout 2880 0
 password wiener
 login
!
e

Re: RE: question(routing) [7:62490]

[Keyur Lavingia]

I know what WCCP is for. I just want to find out why it is there in the
config. It may have some relation to the problem.

"Andrew Larkins" wrote:



WCCP is for web caching - it is used in conjunction with a Cisco content
engine to pass all HTTP requests (an others) to a cache engine without the
users physically having a proxy configured

-Original Message-
From: Keyur Lavingia [mailto:[EMAIL PROTECTED]]
Sent: 05 February 2003 16:15
To: [EMAIL PROTECTED]
Subject: Re: question(routing) [7:62490]


Hi,





I notice some wccp commands in your config. Can you please tell me where u
are using it and for what ?





Thanks,





Keyur.







"kaushalender" wrote:



Hello group,

Kindly resolve my confussion.I have cisco 2610 router.We r running 
static routing with our service provider .Now what is happening that 
suddely my http request stoped going out means there was no browsing on 
lan and customer I was able to telnet every website on port 80 that 
means i able to reach website till apllication layer from my pc .Now how 
can i find out what is killing my http request in my network . and my 
service provider is saying that from my side huge amount of routing 
loops is coming but i have put whole announced network on ethernet. This 
is the conf .PLz help me

sh run
>Building configuration...
>
>Current configuration : 4962 bytes
>!
>version 12.2
>service timestamps debug datetime msec localtime show-timezone
>service timestamps log datetime msec localtime show-timezone
>service password-encryption
>!
>hostname Rainbow
>!
>logging buffered 1 debugging
>no logging console
>aaa new-model
>aaa authentication login default local group radius
>aaa authorization exec default local group radius
>enable secret 5 $1$WyvH$D/U2xWxcDfbROyR7PtGXS1
>enable password 7 000D0016457B525F56
>!
>username rainbow password 7 095E4F0017071805
>
>clock timezone GMT 5
>clock summer-time GMT recurring
>ip subnet-zero
>no ip source-route
>ip wccp version 1
>ip flow-cache timeout inactive 300
>ip flow-cache timeout active 1
>ip cef
>!
>!
>ip name-server 202.78.168.6
>ip name-server 202.78.168.14
>
>p name-server 202.54.15.1
>!
>!
>class-map match-any http-hacks
> match protocol http url "*.ida*"
> match protocol http url "*cmd.exe*"
> match protocol http url "*root.exe*"
> match protocol http url "*readme.eml*"
>!
>!
>policy-map mark-inbound-http-hacks
> class http-hacks
> set ip dscp 1
>!
>
>!
>interface Ethernet0/0
> ip address 202.78.164.3 255.255.252.0 secondary
> ip address 202.54.194.65 255.255.255.224 secondary
> ip address 202.78.168.26 255.255.248.0
> ip access-group 115 in
> ip access-group 115 out
> no ip proxy-arp
> rate-limit input access-group 121 48000 52000 52000 conform-action
>transmit exceed-action drop
> rate-limit input access-group 122 32000 32000 32000 conform-action
>transmit exceed-action drop
> rate-limit output access-group 110 64000 64000 64000 conform-action
>transmit exceed-action drop
> rate-limit output access-group 121 296000 30 30 conform-action
>transmit exceed-action drop
> rate-limit output access-group 122 32000 32000 32000 conform-action
>transmit exceed-action drop
> no ip mroute-cache
> full-duplex
> service-policy input mark-inbound-http-hacks
>service-policy output mark-inbound-http-hacks
> no cdp enable
>interface Serial0/0
> bandwidth 512
> no ip address
> no ip mroute-cache
> shutdown
> no fair-queue
>!
>interface Serial0/1
> bandwidth 512
> no ip address
> no ip route-cache
> no ip mroute-cache
> shutdown
>!
>interface Serial0/2
> no ip address
> shutdown
>!
>interface Serial0/3
> description "OASIS LINK"
>ip address 216.252.243.5 255.255.255.252
> ip access-group 107 in
> ip access-group 107 out
> rate-limit input 64000 128000 128000 conform-action transmit
>exceed-action drop
> rate-limit output 64000 128000 128000 conform-action transmit
>exceed-action drop
> encapsulation ppp
>!
>interface Serial1/0
> description Shapura Link
> ip address 216.252.243.1 255.255.255.252
> ip access-group 107 in
> ip access-group 107 out
> rate-limit input 32000 32768 32768 conform-action transmit
>exceed-action drop
>
>interface Serial1/1
> description DOIT LINK
> bandwidth 128
> ip address 216.252.243.17 255.255.255.252
>rate-limit input 32000 65536 65536 conform-action transmit exceed-action
>drop
> rate-limit output 32000 65536 65536 conform-action transmit
>exceed-action drop
> encapsulation ppp
> service-policy input mark-inbound-http-hacks
> service-policy output mark-inbound-http-hacks
>!
>nterface Serial1/2
> no ip address
> shutdown
>!
>interface Serial1/3
> description vsnl link
> ip address 202.54.192.66 255.255.255.252
> ip access-group 115 in
> ip access-group 115 out
> encapsulation ppp
> service-policy input mark-inbound-http-hacks
> service-policy output mark-inbound-http-hacks
>!p flow-export source Ethernet0/0
>ip flow-export version 5 peer-as
>ip flow-export destination 202.78.168.2 2055
>ip classless
>ip route 0.0.0.0 0.0.0.0 202.54.192.65
>ip route 202.78.160.0 

Re: List of ip protocols [7:62460]

[Me]

search for rfc1700

""Symon Thurlow""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi all,
>
> Does anyone know of a reference list of ip protocols and their numbers
>
> For example gre = 47, tcp = 6? Etc
>
> Cheers,
>
> Symon




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62548&t=62460
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: T1 Csu dsu issue(commands) [7:62445]

[MADMAN]

The documentation is not very accurate on this as you have 
discovered.Thanks for pointing this out, I am beta testing a version 
2 of the WIC-1DSU-T1 and it is not optional, I will pass this on.

   Aside from testing though I have never needed to change the default 
in the real world.  The defaults let you loop the CSU with a standard 
issue T-BERD.

   Dave

Simmi Singh wrote:
> I have 1 Port T1 CSU/DSU WAN Interface Card, 
> some more problems I am facing are 
> 1) when I am trying to give 
> service-module t1 remote-loopback payload command with out any optional
> parameter it does not work and gives that incomplete command error.where as
> the V54 is optional parameter
> 
> 2) this combination of command also does not work and gives format error. 
> service-module t1 remote-loopback full alternate 
> 
> this both v54 and alternate are optional parameters as mentioned in the
> documentation.
> 
>
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_command_reference_chapter09186a00800874e6.html#1019309
> 
> Please refer this link that these are optional parameters(v54 and
> alternate).
> In my knowledge there could be 4 possible combinations but only two work 
> 
> full 
> full with alternate(doesnot work) 
> payload(doesnot work) 
> payload with v54 
> 
> Can anybody explain these also in additional to the previous doubts
> mentioned below
> --- 
> 
> 
> Simmi Singh wrote: 
> 
>>Hi all, 
>>while configuring the T1 CSU DSU card we use service-module 
>>commands. 
>>Here when I have the following command 
>>service-module t1 remote-loopback {full | payload} [alternate | 
>>v54] 
>>The default option is Full and payload loopbacks with 
>>standard-loopup codes. and its mentioned in documentation also 
>>that by entering the service-module t1 remote-loopback command 
>>without specifying any keywords, you enable the standard-loopup 
>>codes, which use a 1-in-5 pattern for loopup and a 1-in-3 
>>pattern for loopdown. 
>>
>>
>>The calrifications needed are that 
>>1) What is thedefault option for loopback.If I select the full option from
> 
> the cli then want to switch
> 
>>back to the default option, do the above command without 
>>parameters will do that function 
>>example 
>>service-module t1 remote-loopback full alternate 
>>
>>
>>then if i want to switch to default option will this work 
>>
>>service-module t1 remote-loopback 
>>
>>But I tried this command doesnot work(incomplete command) 
>>so how to enable both payload and alternate with standard 
>>loopup codes. 
>>Just by negating the earlier command 
>>is their some command for this 
>>
>>2) For what this default option used for 
>>
>>any help will be appreciated 
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

"You don't make the poor richer by making the rich poorer." --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62546&t=62445
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 7500 Router CPU rocketing to 90% [7:62530]

[Mohsin Hussain]

Yes I'm running dlsw. There are 400 to 500 dlsw circuits open, and there are
no performance issues strange enough. CIP has its own CPU I had run trend
report on that and it's running at 30 to 40%.

The Cisco site does not explain how the cpu utilization is added up.

Mohsin


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62545&t=62530
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX Licensing [7:62233]

[J.D. Chaiken]

Thanks!

Jarett

""Sam Sneed""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> A failover PIX will reload every 24 hours until primary is back up.
> ""J.D. Chaiken""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi,
> >
> > Maybe this is a naive question, but if the primary PIX goes down and
fails
> > over to the failover PIX  doesn't that make it a standalone unit?
> > What makes the Failover a failover?  did Cisco completly diable the
> console
> > port so the only way to configure it is with write standby?
> >
> > Jarett
> >
> >
> > ""Claudio Spescha""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Hi
> > >
> > > In a Pix 515 with restricted license you can have a max of 3
interfaces,
> > > with a PIX 515 unrestricted license up to 6 interfaces
> > >
> > > For failover you always need an unrestricted license.
> > > You can not run a PIX with failover license as standalone box. A PIX
> with
> > > failover license is only a quarter of the price of a standalone PIX.
> > >
> > > With "show version" you can see what type of license you have.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62544&t=62233
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX Licensing [7:62233]

[Sam Sneed]

A failover PIX will reload every 24 hours until primary is back up.
""J.D. Chaiken""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
>
> Maybe this is a naive question, but if the primary PIX goes down and fails
> over to the failover PIX  doesn't that make it a standalone unit?
> What makes the Failover a failover?  did Cisco completly diable the
console
> port so the only way to configure it is with write standby?
>
> Jarett
>
>
> ""Claudio Spescha""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi
> >
> > In a Pix 515 with restricted license you can have a max of 3 interfaces,
> > with a PIX 515 unrestricted license up to 6 interfaces
> >
> > For failover you always need an unrestricted license.
> > You can not run a PIX with failover license as standalone box. A PIX
with
> > failover license is only a quarter of the price of a standalone PIX.
> >
> > With "show version" you can see what type of license you have.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62543&t=62233
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 7500 Router CPU rocketing to 90% [7:62530]

[Bob Sinclair]

Mohsin,

If you have not seen it already, check out the link below.  Note that cpu
utilization is caused by both processes and interrupts, so adding up the
processes will not give you total cpu utilization (unless utilization due to
interrupts is 0).

When you do show proc cpu the first number you get is:  x%/y%  where x is
total utilization and y is utilization due to interrupts.

http://www.cisco.com/warp/public/63/highcpu.html#show_process_cpu


-Bob Sinclair
CCIE #10427, MCSE
Senior Network Engineer
Networking For Future, Inc.
www.nffinc.com
- Original Message -
From: "Mohsin Hussain" 
To: 
Sent: Wednesday, February 05, 2003 2:18 PM
Subject: 7500 Router CPU rocketing to 90% [7:62530]


> We have 2 7500 routers with CIPs installed. Recently the router started to
> have its CPU shooting upto 90%. When show process cpu is run. It does not
> show what process is causing this because none of the processes are or add
> upto 80 or 90%. Only two processes: IP input at 10% and cls background at
> 14%. The rest of the processes are at 0 or 0.1%.
>
> Are there hidden processes that could be cause of the high cpu
utilization?
> If so how can it be seen (i.e  any show commands?.
>
> Thanks,
>
> Mohsin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62542&t=62530
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Alternate password recovery procedures? [7:62541]

[Mossburg, Geoff (MAN-Corporate)]

All,
I was looking for a way to recover an enable password on a
misconfigured router, and I came across the SNMP method of password
recovery, which I was able to use to change the enable password remotely on
the router. I was wondering: Does anyone knows of even more alternate
password recovery procedures?
Thanks!
Geoff Mossburg




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62541&t=62541
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: History of the PIX Firewall [7:62512]

[Alex Lee]

Cool.

""Richard Deal""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62540&t=62512
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

T1 Csu dsu issue(commands) [7:62445]

[Simmi Singh]

I have 1 Port T1 CSU/DSU WAN Interface Card, 
some more problems I am facing are 
1) when I am trying to give 
service-module t1 remote-loopback payload command with out any optional
parameter it does not work and gives that incomplete command error.where as
the V54 is optional parameter

2) this combination of command also does not work and gives format error. 
service-module t1 remote-loopback full alternate 

this both v54 and alternate are optional parameters as mentioned in the
documentation.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_command_reference_chapter09186a00800874e6.html#1019309
 

Please refer this link that these are optional parameters(v54 and
alternate).
In my knowledge there could be 4 possible combinations but only two work 

full 
full with alternate(doesnot work) 
payload(doesnot work) 
payload with v54 

Can anybody explain these also in additional to the previous doubts
mentioned below
--- 


Simmi Singh wrote: 
> 
> Hi all, 
> while configuring the T1 CSU DSU card we use service-module 
> commands. 
> Here when I have the following command 
> service-module t1 remote-loopback {full | payload} [alternate | 
> v54] 
> The default option is Full and payload loopbacks with 
> standard-loopup codes. and its mentioned in documentation also 
> that by entering the service-module t1 remote-loopback command 
> without specifying any keywords, you enable the standard-loopup 
> codes, which use a 1-in-5 pattern for loopup and a 1-in-3 
> pattern for loopdown. 
> 
> 
> The calrifications needed are that 
> 1) What is thedefault option for loopback.If I select the full option from
the cli then want to switch
> back to the default option, do the above command without 
> parameters will do that function 
> example 
> service-module t1 remote-loopback full alternate 
> 
> 
> then if i want to switch to default option will this work 
> 
> service-module t1 remote-loopback 
> 
> But I tried this command doesnot work(incomplete command) 
> so how to enable both payload and alternate with standard 
> loopup codes. 
> Just by negating the earlier command 
> is their some command for this 
> 
> 2) For what this default option used for 
> 
> any help will be appreciated 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62539&t=62445
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Passed CID 3.0 Test [7:62536]

[Joseph R. Taylor]

Hi Steve,
   Congrats. I'm working on the CSPFA myself.
 JoeT


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62538&t=62536
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco 4000 Series [7:62507]

[Daniel Cotts]

Some routers have a jumper that forces the console port to 9600. I was not
able to find it for the 4000. Perhaps someone else knows if the 4000 does or
does not have such a jumper.
As I suggested before - try different console speeds.

> -Original Message-
> From: Domingo Ferrero [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, February 05, 2003 11:10 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Cisco 4000 Series [7:62507]
> 
> 
> The router dont work because in the screen a rare sequence of commands
> appears "ajdsdgaqljiohangasdsa" and not the CTRL Break functions
> 
> As is able resetear the router to traves of jumpers so that 
> return to have
> the registration 0x2102 since accidentally himself change by 
> another that is
> not correct
> 
> Thanks and Regards
> --
> ---
>   Domingo Ferrero Saavedra  [EMAIL PROTECTED]
>   Dept. Sistemas, IdecNet S.A.
>   c/ Guzman el Bueno 125
>   Madrid-Spain
>   Tfn: +34 91 824 00 00
>   http://www.idecnet.com
> ---
> ""Daniel Cotts""  escribis en el mensaje
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > There could be several issues here:
> > 1) Break sequence doesn't work. This may be due to the 
> terminal emulation
> > software that you are using. Some versions of Hyperterminal 
> would not
> > properly send the break signal. One solution is to go to 
> the Hilgraeve
> site
> > (hope I've spelled that correctly) and download a newer 
> version. If you
> have
> > another router, see if you can send a break to it.
> > 2) When you say that the router doesn't start - does 
> anything appear on
> the
> > screen? If so, is it readable? If it is not readable you might try
> different
> > console speeds.
> > 3) Your IOS upgrade may have failed. Check the Cisco web site for
> > documentation on that.
> > Here's the link to the config register page:
> >
> http://www.cisco.com/en/US/products/hw/routers/ps285/products_
> installation_g
> > uide_chapter09186a008007cb01.html
> >
> > > -Original Message-
> > > From: Domingo Ferrero [mailto:[EMAIL PROTECTED]]
> > > Sent: Wednesday, February 05, 2003 8:58 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: Cisco 4000 Series [7:62507]
> > >
> > >
> > > I have a router of the series 4000 of cisco, I have changed
> > > it the IOS but
> > > there I am position in in conf reg a value that is not 0x2101
> > > neither 0x2102
> > > and the router does not start, I have tried to enter way
> > > rommon but does not
> > > function any tecla of break.
> > >
> > > Someone it knows like podria to recover the router
> > >
> > >
> > > Thanks and Regards,
> > >
> > > --
> > > ---
> > >   Domingo Ferrero Saavedra  [EMAIL PROTECTED]
> > >   Dept. Sistemas, IdecNet S.A.
> > >   c/ Guzman el Bueno 125
> > >   Madrid-Spain
> > >   Tfn: +34 91 824 00 00
> > >   http://www.idecnet.com
> > > ---




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62537&t=62507
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Passed CID 3.0 Test [7:62536]

[Steve Ringley]

Passed the CID 3.0 test this afternoon.  (Hmm wonder if I just violated the
NDA?)  Thanks to Priscilla for Top-Down Network Design, Paul for having this
place, and all those who answered my questions over the last few years!

Steve Ringley
CCNP/CCDP




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62536&t=62536
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 7500 Router CPU rocketing to 90% [7:62530]

[Peter van Oene]

At 07:18 PM 2/5/2003 +, Mohsin Hussain wrote:
>We have 2 7500 routers with CIPs installed. Recently the router started to
>have its CPU shooting upto 90%. When show process cpu is run. It does not
>show what process is causing this because none of the processes are or add
>upto 80 or 90%. Only two processes: IP input at 10% and cls background at
>14%. The rest of the processes are at 0 or 0.1%.

I would call the TAC on this.

>Are there hidden processes that could be cause of the high cpu utilization?
>If so how can it be seen (i.e  any show commands?.
>
>Thanks,
>
>Mohsin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62535&t=62530
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 7500 Router CPU rocketing to 90% [7:62530]

[[EMAIL PROTECTED] (Kaj J. Niemi)]

In mail.net.groupstudy.pro, you wrote:

>  We have 2 7500 routers with CIPs installed. Recently the router started to
>  have its CPU shooting upto 90%. When show process cpu is run. It does not
>  show what process is causing this because none of the processes are or add
>  upto 80 or 90%. Only two processes: IP input at 10% and cls background at
>  14%. The rest of the processes are at 0 or 0.1%.

Proceed according to http://www.cisco.com/warp/public/63/highcpu.html
(doesn't require a CCO login.) The document pretty much describes what
might be the root cause and how to locate it.



// kaj




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62534&t=62530
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 7500 Router CPU rocketing to 90% [7:62530]

[MADMAN]

That is pretty strange, could you send the full sh proc cpu next time 
you see this.  You may want to try and "if-console" to the CIP and see 
if anything unusual is occurring on it.

  Dave

Mohsin Hussain wrote:
> We have 2 7500 routers with CIPs installed. Recently the router started to
> have its CPU shooting upto 90%. When show process cpu is run. It does not
> show what process is causing this because none of the processes are or add
> upto 80 or 90%. Only two processes: IP input at 10% and cls background at
> 14%. The rest of the processes are at 0 or 0.1%.
> 
> Are there hidden processes that could be cause of the high cpu utilization?
> If so how can it be seen (i.e  any show commands?.
> 
> Thanks,
> 
> Mohsin
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

"You don't make the poor richer by making the rich poorer." --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62533&t=62530
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 7500 Router CPU rocketing to 90% [7:62530]

[Jay Greenberg]

Are you using DLSw+ or bridging on the router?

On Wed, 2003-02-05 at 14:18, Mohsin Hussain wrote:
> We have 2 7500 routers with CIPs installed. Recently the router started to
> have its CPU shooting upto 90%. When show process cpu is run. It does not
> show what process is causing this because none of the processes are or add
> upto 80 or 90%. Only two processes: IP input at 10% and cls background at
> 14%. The rest of the processes are at 0 or 0.1%.

-- 
Jason Greenberg, CCIE #11021




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62532&t=62530
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: semipermanent connections & radius authentication [7:62526]

[[EMAIL PROTECTED] (Kaj J. Niemi)]

Milan,

In mail.net.groupstudy.pro, you wrote:

>  I have problem that when I use local authentication on access-server for
ppp
>  authentication for semipermanent connection, the username that I use where
>  send to radius server. Can anybody tell me why this happens because it
>  shouldn't send local username to radius? The aaa model goes like this:

Do you actually use group isdn-ll anywhere in the rest of your config, ie.
ppp
authen/author/acco isdn-ll?

Apply the following debugs and you'll most likely spot why use-radius is
being used if it's not evident in the config.

debug ppp aut
debug aaa eve
debug aaa authen
debug aaa author
debug aaa acco
debug aaa per-us
debug rad aut



// kaj




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62531&t=62526
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

7500 Router CPU rocketing to 90% [7:62530]

[Mohsin Hussain]

We have 2 7500 routers with CIPs installed. Recently the router started to
have its CPU shooting upto 90%. When show process cpu is run. It does not
show what process is causing this because none of the processes are or add
upto 80 or 90%. Only two processes: IP input at 10% and cls background at
14%. The rest of the processes are at 0 or 0.1%.

Are there hidden processes that could be cause of the high cpu utilization?
If so how can it be seen (i.e  any show commands?.

Thanks,

Mohsin



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62530&t=62530
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Difference between SNMP notifications and trap [7:62478]

[[EMAIL PROTECTED] (Kaj J. Niemi)]

In mail.net.groupstudy.pro, you wrote:

>  In SNMPv3 documents, the term "trap" no longer appears, but "notification"
>  does. So, I think they mean the same thing. But I didn't read the v3
>  documents very carefully. They are hard to read, and in my opinion, no
>  longer deserve the S in the acronym. :-)

SNMPv3 is closer to CMISE/CMIP models than most people realise. Most people
never did appreciate the abstraction levels those provided for real world
(uh, well, pretty much only TMN ;-)) applications. Not only are they complex
to understand but also to setup, maintain and troubleshoot.

People making RFPs should request their vendor to implement easily scriptable
things like JUNOScript (or TL1 on ADMs.)

I guess this sort of got out of topic..



// kaj




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62529&t=62478
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP question. [7:62519]

[[EMAIL PROTECTED] (Kaj J. Niemi)]

Hi Rajesh,

In mail.net.groupstudy.pro, you wrote:

>  I come across some situations where I could see some routes in the BGP
>  table, but those routes aren't there in the regular routing table.  The
>  configuration has "no sync" configured and couldn't guess how to go
>  about it.  Can somebody help me out here?

Is this an EBGP or IBGP neighbor?
If EBGP, is the prefix being dampened?
Is the nexthop for the prefix reachable?
Is there a route-map being applied inbound?
Is there a prefix-list being applied inbound?
Is there a distribute-list being applied inbound?
Are you using soft-reconfig?
Is this a normal AFI IPv4 prefix?
Are you using traditional config or NLRIs?
Do the routes not imported have something in common?

It would help a lot if you pasted sh ip bgp nei addr, sh ip bgp prefix
and sh ip ro nexthop.

Everybody uses "no synchronization" nowadays, it's a bugwards compatibility
feature that you need to turn specify it in your configuration.



// kaj




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62527&t=62519
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

semipermanent connections & radius authentication [7:62526]

[Milan Jovancic]

Hello all,

I have problem that when I use local authentication on access-server for ppp
authentication for semipermanent connection, the username that I use where
send to radius server. Can anybody tell me why this happens because it
shouldn't send local username to radius? The aaa model goes like this:

aaa new-model
aaa authentication username-prompt "Login: "
aaa authentication login line-login line
aaa authentication login console-login line
aaa authentication login use-radius local group radius
aaa authentication ppp use-radius if-needed group radius

aaa authentication ppp isdn-ll local <--- authentication for ppp
semipermanent connection

aaa authorization exec use-radius local group radius if-authenticated 
aaa authorization network use-radius group radius if-authenticated 
aaa authorization network isdn-ll if-authenticated 
aaa accounting network use-radius start-stop group radius


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62526&t=62526
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

snmp poll object [7:62525]

[hanan]

Hello
I have a problem to poll object on snmp mode from my snmp server to my
internal network devices
I have snmp server with external ip address that connect to vpn server to
have an internal ip to gain access to my internal network
The internal devices are configured to accept the external ip address of the
snmp server as agent
The problem is my snmp server can poll object on snmp mode only with devices
that have external ip addresses and cant poll object with internal ip
address only can on icmp mode.
Snmp server receive traps from the internal devices so no problem with
receiving traps
There is isa server between the snmp server and the internal network I
enabled all snmp ports on isa server 161,162, 165---170
Could you please help to know where is the problem exactly

Hanan.mawla




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62525&t=62525
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Difference between SNMP notifications and trap [7:62478]

[Bob Sinclair]

My $.02,

As defined in the two SNMP documents below, notification appears to be a
term used to include both traps and informs.  Informs are an SNMP V3 trap
which is acknowledged, unlike "regular old traps".   So, All traps are
notifications, but not all notifications are traps (some are informs).

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120
t/120t3/snmp3.htm

http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113t/113t_
1/snmpinfm.htm

-Bob Sinclair
CCIE #10427, MCSE
Senior Network Engineer
Networking For Future, Inc.
www.nffinc.com
- Original Message -
From: "Priscilla Oppenheimer" 
To: 
Sent: Wednesday, February 05, 2003 12:43 PM
Subject: Re: Difference between SNMP notifications and trap [7:62478]


> John Neiberger wrote:
> >
> > >What is the difference between an SNMP notification and an
> > SNMP trap?
> >
> > I'd have to check later to verify this but I believe 'trap' is
> > the SNMP
> > version 1 term, while 'notification' is the SNMP v2 (or v3?)
> > term.  I
> > don't recall what the technical differences are, but they are
> > essentially the same animal.
> >
>
> That was essentially going to be my answer too. If you search on the word
> "notification" in SNMPv1 RFCs, you won't find it, but you will find lots
of
> cases of "trap."
>
> If you search on "notification" in SNMPv2 RFCs, you find the term "trap
> notification."
>
> In SNMPv3 documents, the term "trap" no longer appears, but "notification"
> does. So, I think they mean the same thing. But I didn't read the v3
> documents very carefully. They are hard to read, and in my opinion, no
> longer deserve the S in the acronym. :-)
>
> Also, as is always the case, we need to see terms in their context to
> explain them. So, "notification" could have some other meaning. The answer
> about it meaning an e-mail or pager notification is right too, but maybe
on
> a different tangent, but we can't tell from the question if it's on the
same
> tangent or not.
>
> Priscilla
>
>
> >
> > John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62524&t=62478
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: frame-relay theoretical topic / question [7:62517]

[MADMAN]

Ya that is part of the reason and most likely the path is shorter 
between GB and Mil than Mil and and Madison and there may be more 
switches and/or and NNI between Mil and Madison, more congestions, etc...

   Dave

Stull, Cory wrote:
> 3 locations.   Milwaukee,  Madison, Greenbay. Milwaukee and Madison
both
> have a 128k port 64k CIR. Greenbay has full T1 with 64k CIR.
>  
>>From Milwaukee why is Greenbay's ping response times almost 3 times faster
> than Madisons?   Wouldn't Milwaukee being the bottle neck of 128k port rate
> make both ping response times closer to the same?   Or is this like the
> highway theory of Greenbay has a Full T1 most of the way so you can go
> faster on that portion of the drive therefore the ping response times are
> much faster??
>  
> Thanks for any input.
>  
>  
>  
>  
> Cory
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

"You don't make the poor richer by making the rich poorer." --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62523&t=62517
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP question. [7:62519]

[neil K.]

Rajesh,

Check the next hop for the BGP routes and see if it is reachable. If not you
can use next-hop-self command to fix the issue or have IGP reach that next
hop address.

Hope this helps.

Sunil Soporie
""Rajesh Kumar""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi all,
>
>   I come across some situations where I could see some routes in the BGP
> table, but those routes aren't there in the regular routing table.  The
> configuration has "no sync" configured and couldn't guess how to go
> about it.  Can somebody help me out here?
>
> thanks,
> r




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62522&t=62519
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: DR Planning capacity [7:62492]

[Priscilla Oppenheimer]

Han Chuan Alex Ang wrote:
> 
> hi, I am trying to plan for disaster recovery and the data that
> are to be backup will be transfer between a 3548 switch via a
> gigabit link to Core 6006 as well as to a backup server via
> gigabit link, therefore , data will be passing through a Fast
> Ethernet and 1 gigabits pipe line with back plane of 10.8 Gbps
> for 3548 and 6006 with 32 Gbps. Wonder if any body there who
> could shed some light as to any website or way to go about
> doing this capacity planning.What are the factor to take note
> and how do we calculate.thank

Capacity planning works best with real application-layer data that takes
into account client/server (or server/server) transaction behavior. In other
words, you should try it first and measure how much bandwidth actually gets
used. Put a protocol analyzer on the network and make some measurements.
Investigate things like packet size, packet turnaround time, efficiency, how
much bandwidth is used by lower-layers in addition to the application layer,
etc.

Then you can pose "what if" questions such as what if the capacity were
increased by 10 fold or if the switches were faster, etc. Simulation
packages can help you do this. Sometimes you can get a good idea by just
doing some basic calculations also.

But, bottom line, you should start with some real-world data about the
application. Unless you are the programmer who wrote the application and
have a lot of theoretical knowledge about how it behaves, then you should
gather the data empirically. (Actually programmers rarely really understand
how their programs behave on a network, so still I would say, do some
measurements.)

Priscilla






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62521&t=62492
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Difference between SNMP notifications and trap [7:62478]

[Priscilla Oppenheimer]

John Neiberger wrote:
> 
> >What is the difference between an SNMP notification and an
> SNMP trap?
> 
> I'd have to check later to verify this but I believe 'trap' is
> the SNMP
> version 1 term, while 'notification' is the SNMP v2 (or v3?)
> term.  I
> don't recall what the technical differences are, but they are
> essentially the same animal.
> 

That was essentially going to be my answer too. If you search on the word
"notification" in SNMPv1 RFCs, you won't find it, but you will find lots of
cases of "trap."

If you search on "notification" in SNMPv2 RFCs, you find the term "trap
notification."

In SNMPv3 documents, the term "trap" no longer appears, but "notification"
does. So, I think they mean the same thing. But I didn't read the v3
documents very carefully. They are hard to read, and in my opinion, no
longer deserve the S in the acronym. :-)

Also, as is always the case, we need to see terms in their context to
explain them. So, "notification" could have some other meaning. The answer
about it meaning an e-mail or pager notification is right too, but maybe on
a different tangent, but we can't tell from the question if it's on the same
tangent or not.

Priscilla


> 
> John
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62520&t=62478
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

BGP question. [7:62519]

[Rajesh Kumar]

Hi all,

  I come across some situations where I could see some routes in the BGP
table, but those routes aren't there in the regular routing table.  The
configuration has "no sync" configured and couldn't guess how to go
about it.  Can somebody help me out here?

thanks,
r




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62519&t=62519
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco 4000 Series [7:62507]

[Domingo Ferrero]

The router dont work because in the screen a rare sequence of commands
appears "ajdsdgaqljiohangasdsa" and not the CTRL Break functions

As is able resetear the router to traves of jumpers so that return to have
the registration 0x2102 since accidentally himself change by another that is
not correct

Thanks and Regards
--
---
  Domingo Ferrero Saavedra  [EMAIL PROTECTED]
  Dept. Sistemas, IdecNet S.A.
  c/ Guzman el Bueno 125
  Madrid-Spain
  Tfn: +34 91 824 00 00
  http://www.idecnet.com
---
""Daniel Cotts""  escribis en el mensaje
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> There could be several issues here:
> 1) Break sequence doesn't work. This may be due to the terminal emulation
> software that you are using. Some versions of Hyperterminal would not
> properly send the break signal. One solution is to go to the Hilgraeve
site
> (hope I've spelled that correctly) and download a newer version. If you
have
> another router, see if you can send a break to it.
> 2) When you say that the router doesn't start - does anything appear on
the
> screen? If so, is it readable? If it is not readable you might try
different
> console speeds.
> 3) Your IOS upgrade may have failed. Check the Cisco web site for
> documentation on that.
> Here's the link to the config register page:
>
http://www.cisco.com/en/US/products/hw/routers/ps285/products_installation_g
> uide_chapter09186a008007cb01.html
>
> > -Original Message-
> > From: Domingo Ferrero [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, February 05, 2003 8:58 AM
> > To: [EMAIL PROTECTED]
> > Subject: Cisco 4000 Series [7:62507]
> >
> >
> > I have a router of the series 4000 of cisco, I have changed
> > it the IOS but
> > there I am position in in conf reg a value that is not 0x2101
> > neither 0x2102
> > and the router does not start, I have tried to enter way
> > rommon but does not
> > function any tecla of break.
> >
> > Someone it knows like podria to recover the router
> >
> >
> > Thanks and Regards,
> >
> > --
> > ---
> >   Domingo Ferrero Saavedra  [EMAIL PROTECTED]
> >   Dept. Sistemas, IdecNet S.A.
> >   c/ Guzman el Bueno 125
> >   Madrid-Spain
> >   Tfn: +34 91 824 00 00
> >   http://www.idecnet.com
> > ---




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62518&t=62507
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

frame-relay theoretical topic / question [7:62517]

[Stull, Cory]

3 locations.   Milwaukee,  Madison, Greenbay. Milwaukee and Madison both
have a 128k port 64k CIR. Greenbay has full T1 with 64k CIR.
 
>From Milwaukee why is Greenbay's ping response times almost 3 times faster
than Madisons?   Wouldn't Milwaukee being the bottle neck of 128k port rate
make both ping response times closer to the same?   Or is this like the
highway theory of Greenbay has a Full T1 most of the way so you can go
faster on that portion of the drive therefore the ping response times are
much faster??
 
Thanks for any input.
 
 
 
 
Cory




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62517&t=62517
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OT-Netscreen 5xp VPN very slow [7:62461]

[Xueyan Liu]

I'm using the first connection. But if I access intranet, I would go through
a gateway on the other end.

Don't see anything abnormal in log.

Thanks.

Xueyan

Ivan Yip wrote:
> 
> Hi,
> 
> Did you check the NS-5XP log?
> Also, if you place your PC behind the NS and access internet,
> what's the path of your traffic? Simply PC-> FW-> cable modem->
> Internet OR
> PC-> FW( VPN gateway ) -> cable modem -> VPN gateway ->
> Internet?
> 
> BUT you mentioned 3DES, if NS is just using as a Firewall,
> encryption (3DES and VPN) should not cause your problem.
> 
> rgds,
> ivan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62516&t=62461
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ATM explanation [7:62502]

[Angel Leiva]

Silvia,



We can better help you if you could share the ATM interface and
sub-interfaces' configuration lines. Feel free to sanitize them first before
sharing though.



It is common practice that when you use sub-interfaces on a router ATM port,
you apply global Interface settings to the physical interface, but not IP
addresses or vpi/vci settings for instance.



So, I would think that the physical interface on your router does not have
an IP assigned to it. Thus, you can't ping it.



You should be able to ping the other sub-interfaces, provided that they have
an IP address, form part of the routing table and there are no ACLs that
prevent your host from getting the echo replies.



My 2 cents



Angel Leiva, EE, CCNP R&S + WAN, MCSE

International Network Services

1255 Corporate Drive, Suite 210

Irving, TX 75038



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 05, 2003 9:43 AM
To: [EMAIL PROTECTED]
Subject: RE: ATM explanation [7:62502]



Hi



I dont want to ping the subinterface down, but the physical interface. And

still does not reply.

This behaviour is not card model linked.

I have a feeling is something to do the NNI or LMI's but I cant not find the

info.



Any ideas?



Thanks,



Silvia

Elaluf Silvia wrote:

>

> Hi Guys,

>

> I am not an ATM Expert and I need a proper explanation of why

> when in a CISCO router with an ATM interface, if there is

> multiple subinterfaces and one of the subinterfaces is down, it

> is not possible to ping the interface?

> Any ideas?

>

> Thanks

>

> Silvia




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62515&t=62502
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ATM explanation [7:62502]

[MADMAN]

Are you saying you can ping the physical interface when your 
subinterface is up?  Can you send the pertinent configs?

   Dave

Elaluf Silvia wrote:
> Hi
> 
> I dont want to ping the subinterface down, but the physical interface. And
> still does not reply.
> This behaviour is not card model linked.
> I have a feeling is something to do the NNI or LMI's but I cant not find
the
> info.
> 
> Any ideas?
> 
> Thanks,
> 
> Silvia
> Elaluf Silvia wrote:
> 
>>Hi Guys,
>>
>>I am not an ATM Expert and I need a proper explanation of why
>>when in a CISCO router with an ATM interface, if there is
>>multiple subinterfaces and one of the subinterfaces is down, it
>>is not possible to ping the interface?
>>Any ideas?
>>
>>Thanks
>>
>>Silvia
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

"You don't make the poor richer by making the rich poorer." --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62514&t=62502
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco 4000 Series [7:62507]

[Daniel Cotts]

There could be several issues here:
1) Break sequence doesn't work. This may be due to the terminal emulation
software that you are using. Some versions of Hyperterminal would not
properly send the break signal. One solution is to go to the Hilgraeve site
(hope I've spelled that correctly) and download a newer version. If you have
another router, see if you can send a break to it. 
2) When you say that the router doesn't start - does anything appear on the
screen? If so, is it readable? If it is not readable you might try different
console speeds.
3) Your IOS upgrade may have failed. Check the Cisco web site for
documentation on that.
Here's the link to the config register page:
http://www.cisco.com/en/US/products/hw/routers/ps285/products_installation_g
uide_chapter09186a008007cb01.html

> -Original Message-
> From: Domingo Ferrero [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, February 05, 2003 8:58 AM
> To: [EMAIL PROTECTED]
> Subject: Cisco 4000 Series [7:62507]
> 
> 
> I have a router of the series 4000 of cisco, I have changed 
> it the IOS but
> there I am position in in conf reg a value that is not 0x2101 
> neither 0x2102
> and the router does not start, I have tried to enter way 
> rommon but does not
> function any tecla of break.
> 
> Someone it knows like podria to recover the router
> 
> 
> Thanks and Regards,
> 
> --
> ---
>   Domingo Ferrero Saavedra  [EMAIL PROTECTED]
>   Dept. Sistemas, IdecNet S.A.
>   c/ Guzman el Bueno 125
>   Madrid-Spain
>   Tfn: +34 91 824 00 00
>   http://www.idecnet.com
> ---




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62513&t=62507
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

History of the PIX Firewall [7:62512]

[Richard Deal]

To all,

I have received an email from Brantley Coile, on of the two co-developers of
the PIX firewall, congratulating me on my book. He kindly sent me
information about the development of the PIX and its subsequent sale to
Cisco. If you would like to see the entire story, please visit this link
(watch the wrap):

http://home.cfl.rr.com/dealgroup/pix/pix_page_history.htm

Cheers!
--

Richard A. Deal

Visit my home page at http://home.cfl.rr.com/dealgroup/

Author of Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP Remote Access
Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco LAN Switch Configuration
Exam Cram

Cisco Test Prep author for QuizWare, providing the most comprehensive Cisco
exams on the market.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62512&t=62512
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Lost area on CCO [7:62511]

[Maccubbin, Duncan]

I used to be able to order ROMS and Documentation under entitlement from
the old CCO page. I can't seem to find it anymore. Can anyone point me to it
on the new page?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62511&t=62511
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco 4000 Series [7:62507]

[M.C. van den Bovenkamp]

Domingo Ferrero wrote:

> Someone it knows like podria to recover the router

http://www.cisco.com/warp/public/474/pswdrec_2500.html

Regards,

Marco.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62510&t=62507
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ATM explanation [7:62502]

[Elaluf Silvia]

Hi

I dont want to ping the subinterface down, but the physical interface. And
still does not reply.
This behaviour is not card model linked.
I have a feeling is something to do the NNI or LMI's but I cant not find the
info.

Any ideas?

Thanks,

Silvia
Elaluf Silvia wrote:
> 
> Hi Guys,
> 
> I am not an ATM Expert and I need a proper explanation of why
> when in a CISCO router with an ATM interface, if there is
> multiple subinterfaces and one of the subinterfaces is down, it
> is not possible to ping the interface?
> Any ideas?
> 
> Thanks
> 
> Silvia
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62509&t=62502
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ATM explanation [7:62502]

[MADMAN]

This has nothing to do with ATM.  Why do you think you should be 
able to ping a down interface??

   Dave

Elaluf Silvia wrote:
> Hi Guys,
> 
> I am not an ATM Expert and I need a proper explanation of why when in a
> CISCO router with an ATM interface, if there is multiple subinterfaces and
> one of the subinterfaces is down, it is not possible to ping the interface?
> Any ideas?
> 
> Thanks
> 
> Silvia
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

"You don't make the poor richer by making the rich poorer." --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62508&t=62502
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco 4000 Series [7:62507]

[Domingo Ferrero]

I have a router of the series 4000 of cisco, I have changed it the IOS but
there I am position in in conf reg a value that is not 0x2101 neither 0x2102
and the router does not start, I have tried to enter way rommon but does not
function any tecla of break.

Someone it knows like podria to recover the router


Thanks and Regards,

--
---
  Domingo Ferrero Saavedra  [EMAIL PROTECTED]
  Dept. Sistemas, IdecNet S.A.
  c/ Guzman el Bueno 125
  Madrid-Spain
  Tfn: +34 91 824 00 00
  http://www.idecnet.com
---




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62507&t=62507
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ATM explanation [7:62502]

[Juntao]

i had proper behavior on a PA-A3-E3 configured with OAM support.

""Elaluf Silvia""  a icrit dans le message de news:
[EMAIL PROTECTED]
> Hi Guys,
>
> I am not an ATM Expert and I need a proper explanation of why when in a
> CISCO router with an ATM interface, if there is multiple subinterfaces and
> one of the subinterfaces is down, it is not possible to ping the
interface?
> Any ideas?
>
> Thanks
>
> Silvia




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62506&t=62502
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Content Switch Module and Server Load Balancing [7:62443]

[[EMAIL PROTECTED] (Kaj J. Niemi)]

In mail.net.groupstudy.pro, you wrote:

> Any Thoughts? Does anybody could share any real example of using Server
> Load Balancing in 6000 switches?

Never had the opportunity to play around with the CSM. Is there a specific
need to use the CSM? IOS SLB works well on 7200/6000/6500s with MSFCs.
Basic config to load-balance all traffic destined to 80/tcp on 10.0.0.1
on two servers (192.168.0.1, 192.168.0.2) could be as follows:

ip slb serverfarm myfarm1
  real 192.168.0.1
inservice
  real 192.168.0.2
inservice

ip slb vserver mypr0n
  virtual 10.0.0.1 tcp www
  serverfarm myfarm1
  inservice

The default balancing method is weighted round robin. Use sticky in vserver
if you want the clients to always return (within a timeframe) to the same
server. It's a good way of ensuring application state would be kept on one
server instead of 10 or so (this really depends on what your application
needs are.)

Do "sh ip slb vs" to check the state of your virtual server(s),
"sh ip slb se de" to check the state of your farm(s) and "sh ip slb st"
would show generic SLB stats.
  


// kaj




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62505&t=62443
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: question(routing) [7:62490]

[Andrew Larkins]

WCCP is for web caching - it is used in conjunction with a Cisco content
engine to pass all HTTP requests (an others) to a cache engine without the
users physically having a proxy configured

-Original Message-
From: Keyur Lavingia [mailto:[EMAIL PROTECTED]]
Sent: 05 February 2003 16:15
To: [EMAIL PROTECTED]
Subject: Re: question(routing) [7:62490]


Hi,


 


I notice some wccp commands in your config. Can you please tell me where u
are using it and for what ?


 


Thanks,


 


Keyur.


 




"kaushalender" wrote:



Hello group,

Kindly resolve my confussion.I have cisco 2610 router.We r running 
static routing with our service provider .Now what is happening that 
suddely my http request stoped going out means there was no browsing on 
lan and customer I was able to telnet every website on port 80 that 
means i able to reach website till apllication layer from my pc .Now how 
can i find out what is killing my http request in my network . and my 
service provider is saying that from my side huge amount of routing 
loops is coming but i have put whole announced network on ethernet. This 
is the conf .PLz help me

sh run
>Building configuration...
>
>Current configuration : 4962 bytes
>!
>version 12.2
>service timestamps debug datetime msec localtime show-timezone
>service timestamps log datetime msec localtime show-timezone
>service password-encryption
>!
>hostname Rainbow
>!
>logging buffered 1 debugging
>no logging console
>aaa new-model
>aaa authentication login default local group radius
>aaa authorization exec default local group radius
>enable secret 5 $1$WyvH$D/U2xWxcDfbROyR7PtGXS1
>enable password 7 000D0016457B525F56
>!
>username rainbow password 7 095E4F0017071805
>
>clock timezone GMT 5
>clock summer-time GMT recurring
>ip subnet-zero
>no ip source-route
>ip wccp version 1
>ip flow-cache timeout inactive 300
>ip flow-cache timeout active 1
>ip cef
>!
>!
>ip name-server 202.78.168.6
>ip name-server 202.78.168.14
>
>p name-server 202.54.15.1
>!
>!
>class-map match-any http-hacks
> match protocol http url "*.ida*"
> match protocol http url "*cmd.exe*"
> match protocol http url "*root.exe*"
> match protocol http url "*readme.eml*"
>!
>!
>policy-map mark-inbound-http-hacks
> class http-hacks
> set ip dscp 1
>!
>
>!
>interface Ethernet0/0
> ip address 202.78.164.3 255.255.252.0 secondary
> ip address 202.54.194.65 255.255.255.224 secondary
> ip address 202.78.168.26 255.255.248.0
> ip access-group 115 in
> ip access-group 115 out
> no ip proxy-arp
> rate-limit input access-group 121 48000 52000 52000 conform-action
>transmit exceed-action drop
> rate-limit input access-group 122 32000 32000 32000 conform-action
>transmit exceed-action drop
> rate-limit output access-group 110 64000 64000 64000 conform-action
>transmit exceed-action drop
> rate-limit output access-group 121 296000 30 30 conform-action
>transmit exceed-action drop
> rate-limit output access-group 122 32000 32000 32000 conform-action
>transmit exceed-action drop
> no ip mroute-cache
> full-duplex
> service-policy input mark-inbound-http-hacks
>service-policy output mark-inbound-http-hacks
> no cdp enable
>interface Serial0/0
> bandwidth 512
> no ip address
> no ip mroute-cache
> shutdown
> no fair-queue
>!
>interface Serial0/1
> bandwidth 512
> no ip address
> no ip route-cache
> no ip mroute-cache
> shutdown
>!
>interface Serial0/2
> no ip address
> shutdown
>!
>interface Serial0/3
> description "OASIS LINK"
>ip address 216.252.243.5 255.255.255.252
> ip access-group 107 in
> ip access-group 107 out
> rate-limit input 64000 128000 128000 conform-action transmit
>exceed-action drop
> rate-limit output 64000 128000 128000 conform-action transmit
>exceed-action drop
> encapsulation ppp
>!
>interface Serial1/0
> description Shapura Link
> ip address 216.252.243.1 255.255.255.252
> ip access-group 107 in
> ip access-group 107 out
> rate-limit input 32000 32768 32768 conform-action transmit
>exceed-action drop
>
>interface Serial1/1
> description DOIT LINK
> bandwidth 128
> ip address 216.252.243.17 255.255.255.252
>rate-limit input 32000 65536 65536 conform-action transmit exceed-action
>drop
> rate-limit output 32000 65536 65536 conform-action transmit
>exceed-action drop
> encapsulation ppp
> service-policy input mark-inbound-http-hacks
> service-policy output mark-inbound-http-hacks
>!
>nterface Serial1/2
> no ip address
> shutdown
>!
>interface Serial1/3
> description vsnl link
> ip address 202.54.192.66 255.255.255.252
> ip access-group 115 in
> ip access-group 115 out
> encapsulation ppp
> service-policy input mark-inbound-http-hacks
> service-policy output mark-inbound-http-hacks
>!p flow-export source Ethernet0/0
>ip flow-export version 5 peer-as
>ip flow-export destination 202.78.168.2 2055
>ip classless
>ip route 0.0.0.0 0.0.0.0 202.54.192.65
>ip route 202.78.160.0 255.255.252.0 203.129.200.193
>ip route 202.78.167.0 255.255.255.240 202.78.164.2
>ip route 202.78.167.8 255.255.255.248 202.78.164.2
>ip route 20

RE: Content Switch Module and Server Load Balancing [7:62443]

[Andrew Larkins]

yes -we have done it on the 6509 and all is great. What exactly are you
after??


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: 05 February 2003 15:18
To: [EMAIL PROTECTED]
Subject: Content Switch Module and Server Load Balancing [7:62443]


Any Thoughts?





"[EMAIL PROTECTED]" @groupstudy.com em
04/02/2003 13:44:09

Favor responder a "[EMAIL PROTECTED]" 

Enviado Por:  [EMAIL PROTECTED]


Para:  [EMAIL PROTECTED]
cc:

Assunto:Content Switch Module and Server Load Balancing [7:62443]


Does anybody could share any real example of using Server Load Balancing in
6000 switches?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62503&t=62443
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ATM explanation [7:62502]

[Elaluf Silvia]

Hi Guys,

I am not an ATM Expert and I need a proper explanation of why when in a
CISCO router with an ATM interface, if there is multiple subinterfaces and
one of the subinterfaces is down, it is not possible to ping the interface?
Any ideas?

Thanks

Silvia



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62502&t=62502
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: question(routing) [7:62490]

[Keyur Lavingia]

Hi,


 


I notice some wccp commands in your config. Can you please tell me where u
are using it and for what ?


 


Thanks,


 


Keyur.


 




"kaushalender" wrote:



Hello group,

Kindly resolve my confussion.I have cisco 2610 router.We r running 
static routing with our service provider .Now what is happening that 
suddely my http request stoped going out means there was no browsing on 
lan and customer I was able to telnet every website on port 80 that 
means i able to reach website till apllication layer from my pc .Now how 
can i find out what is killing my http request in my network . and my 
service provider is saying that from my side huge amount of routing 
loops is coming but i have put whole announced network on ethernet. This 
is the conf .PLz help me

sh run
>Building configuration...
>
>Current configuration : 4962 bytes
>!
>version 12.2
>service timestamps debug datetime msec localtime show-timezone
>service timestamps log datetime msec localtime show-timezone
>service password-encryption
>!
>hostname Rainbow
>!
>logging buffered 1 debugging
>no logging console
>aaa new-model
>aaa authentication login default local group radius
>aaa authorization exec default local group radius
>enable secret 5 $1$WyvH$D/U2xWxcDfbROyR7PtGXS1
>enable password 7 000D0016457B525F56
>!
>username rainbow password 7 095E4F0017071805
>
>clock timezone GMT 5
>clock summer-time GMT recurring
>ip subnet-zero
>no ip source-route
>ip wccp version 1
>ip flow-cache timeout inactive 300
>ip flow-cache timeout active 1
>ip cef
>!
>!
>ip name-server 202.78.168.6
>ip name-server 202.78.168.14
>
>p name-server 202.54.15.1
>!
>!
>class-map match-any http-hacks
> match protocol http url "*.ida*"
> match protocol http url "*cmd.exe*"
> match protocol http url "*root.exe*"
> match protocol http url "*readme.eml*"
>!
>!
>policy-map mark-inbound-http-hacks
> class http-hacks
> set ip dscp 1
>!
>
>!
>interface Ethernet0/0
> ip address 202.78.164.3 255.255.252.0 secondary
> ip address 202.54.194.65 255.255.255.224 secondary
> ip address 202.78.168.26 255.255.248.0
> ip access-group 115 in
> ip access-group 115 out
> no ip proxy-arp
> rate-limit input access-group 121 48000 52000 52000 conform-action
>transmit exceed-action drop
> rate-limit input access-group 122 32000 32000 32000 conform-action
>transmit exceed-action drop
> rate-limit output access-group 110 64000 64000 64000 conform-action
>transmit exceed-action drop
> rate-limit output access-group 121 296000 30 30 conform-action
>transmit exceed-action drop
> rate-limit output access-group 122 32000 32000 32000 conform-action
>transmit exceed-action drop
> no ip mroute-cache
> full-duplex
> service-policy input mark-inbound-http-hacks
>service-policy output mark-inbound-http-hacks
> no cdp enable
>interface Serial0/0
> bandwidth 512
> no ip address
> no ip mroute-cache
> shutdown
> no fair-queue
>!
>interface Serial0/1
> bandwidth 512
> no ip address
> no ip route-cache
> no ip mroute-cache
> shutdown
>!
>interface Serial0/2
> no ip address
> shutdown
>!
>interface Serial0/3
> description "OASIS LINK"
>ip address 216.252.243.5 255.255.255.252
> ip access-group 107 in
> ip access-group 107 out
> rate-limit input 64000 128000 128000 conform-action transmit
>exceed-action drop
> rate-limit output 64000 128000 128000 conform-action transmit
>exceed-action drop
> encapsulation ppp
>!
>interface Serial1/0
> description Shapura Link
> ip address 216.252.243.1 255.255.255.252
> ip access-group 107 in
> ip access-group 107 out
> rate-limit input 32000 32768 32768 conform-action transmit
>exceed-action drop
>
>interface Serial1/1
> description DOIT LINK
> bandwidth 128
> ip address 216.252.243.17 255.255.255.252
>rate-limit input 32000 65536 65536 conform-action transmit exceed-action
>drop
> rate-limit output 32000 65536 65536 conform-action transmit
>exceed-action drop
> encapsulation ppp
> service-policy input mark-inbound-http-hacks
> service-policy output mark-inbound-http-hacks
>!
>nterface Serial1/2
> no ip address
> shutdown
>!
>interface Serial1/3
> description vsnl link
> ip address 202.54.192.66 255.255.255.252
> ip access-group 115 in
> ip access-group 115 out
> encapsulation ppp
> service-policy input mark-inbound-http-hacks
> service-policy output mark-inbound-http-hacks
>!p flow-export source Ethernet0/0
>ip flow-export version 5 peer-as
>ip flow-export destination 202.78.168.2 2055
>ip classless
>ip route 0.0.0.0 0.0.0.0 202.54.192.65
>ip route 202.78.160.0 255.255.252.0 203.129.200.193
>ip route 202.78.167.0 255.255.255.240 202.78.164.2
>ip route 202.78.167.8 255.255.255.248 202.78.164.2
>ip route 202.78.173.0 255.255.255.248 216.252.243.18
>ip route 202.78.173.8 255.255.255.248 216.252.243.10
>ip route 202.78.173.24 255.255.255.248 216.252.243.2
>ip route 202.78.173.248 255.255.255.248 216.252.243.14
>ip route 202.78.175.0 255.255.255.224 216.252.243.6
logging trap debugging
logging facility local1
logging 202.78.168.2
access-list 107 deny ip any any ds

RE: OT-Netscreen 5xp VPN very slow [7:62461]

[William]

Well, having worked with the Netscreen Firewall products, I find it
interesting that you feel its your bottle neck.  Take a look at the
architecture you've outlined:

PC--->NetScreen--->Cable Modem> VPN Gateway (what type of gateyway is
this?)>Internet.

The short answer here is that anytime you add security devices to a traffic
flow especially when cipher-decipher takes place, you'll take a performance
hit.  That's the price we pay (though things are improving dramatically!)
for privacy.  NetScreens traditionally are quite fast devices and though the
5X is a smaller appliance its still quite good.

Will Gragido CISSP CCNP CIPTSS CCDA MCP
9450 W. Bryn Mawr Ave.
Suite 325
Rosemont, Il 60018
www.ins.com
[EMAIL PROTECTED]


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, February 05, 2003 1:24 AM
To: [EMAIL PROTECTED]
Subject: RE: OT-Netscreen 5xp VPN very slow [7:62461]

Hi,

Did you check the NS-5XP log?
Also, if you place your PC behind the NS and access internet, what's the
path of your traffic? Simply PC-> FW-> cable modem-> Internet OR
PC-> FW( VPN gateway ) -> cable modem -> VPN gateway -> Internet?

BUT you mentioned 3DES, if NS is just using as a Firewall, encryption (3DES
and VPN) should not cause your problem.

rgds,
ivan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62500&t=62461
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: question(routing) [7:62490]

[Peter van Oene]

At 08:02 AM 2/5/2003 +, kaushalender wrote:
>Hello group,
>
>Kindly resolve my confussion.I have cisco 2610 router.We r running
>static routing with our service provider .Now what is happening that
>suddely my http request stoped going out means there was no browsing on
>   lan and customer I was able to telnet every website on port 80 that
>means i able to reach website till apllication layer from my pc .Now how
>can i find out what is killing my http request in my network . and my
>service provider is saying that from my side huge amount of routing
>loops is coming but i have put whole announced network on ethernet. This
>is the conf .PLz help me

If you had routing loops, everything would be broken, not just http.  Try 
traceroutes from a site like route-views.oregon-ix.net into your network 
and likewise outbound to prove out your routing config.  Beyond that, look 
at things that are impacting performance and layer 4 and above.

Also, ask your ISP to clarify what they mean by loops.  Given you run 
statically to them, I'm not sure what they mean.



>sh run
>  >Building configuration...
>  >
>  >Current configuration : 4962 bytes
>  >!
>  >version 12.2
>  >service timestamps debug datetime msec localtime show-timezone
>  >service timestamps log datetime msec localtime show-timezone
>  >service password-encryption
>  >!
>  >hostname Rainbow
>  >!
>  >logging buffered 1 debugging
>  >no logging console
>  >aaa new-model
>  >aaa authentication login default local group radius
>  >aaa authorization exec default local group radius
>  >enable secret 5 $1$WyvH$D/U2xWxcDfbROyR7PtGXS1
>  >enable password 7 000D0016457B525F56
>  >!
>  >username rainbow password 7 095E4F0017071805
>  >
>  >clock timezone GMT 5
>  >clock summer-time GMT recurring
>  >ip subnet-zero
>  >no ip source-route
>  >ip wccp version 1
>  >ip flow-cache timeout inactive 300
>  >ip flow-cache timeout active 1
>  >ip cef
>  >!
>  >!
>  >ip name-server 202.78.168.6
>  >ip name-server 202.78.168.14
>  >
>  >p name-server 202.54.15.1
>  >!
>  >!
>  >class-map match-any http-hacks
>  >  match protocol http url "*.ida*"
>  >  match protocol http url "*cmd.exe*"
>  >  match protocol http url "*root.exe*"
>  >  match protocol http url "*readme.eml*"
>  >!
>  >!
>  >policy-map mark-inbound-http-hacks
>  >  class http-hacks
>  >   set ip dscp 1
>  >!
>  >
>  >!
>  >interface Ethernet0/0
>  > ip address 202.78.164.3 255.255.252.0 secondary
>  > ip address 202.54.194.65 255.255.255.224 secondary
>  > ip address 202.78.168.26 255.255.248.0
>  > ip access-group 115 in
>  > ip access-group 115 out
>  > no ip proxy-arp
>  > rate-limit input access-group 121 48000 52000 52000 conform-action
>  >transmit exceed-action drop
>  > rate-limit input access-group 122 32000 32000 32000 conform-action
>  >transmit exceed-action drop
>  > rate-limit output access-group 110 64000 64000 64000 conform-action
>  >transmit exceed-action drop
>  > rate-limit output access-group 121 296000 30 30 conform-action
>  >transmit exceed-action drop
>  > rate-limit output access-group 122 32000 32000 32000 conform-action
>  >transmit exceed-action drop
>  > no ip mroute-cache
>  > full-duplex
>  > service-policy input mark-inbound-http-hacks
>  >service-policy output mark-inbound-http-hacks
>  > no cdp enable
>  >interface Serial0/0
>  > bandwidth 512
>  > no ip address
>  > no ip mroute-cache
>  > shutdown
>  > no fair-queue
>  >!
>  >interface Serial0/1
>  > bandwidth 512
>  > no ip address
>  > no ip route-cache
>  > no ip mroute-cache
>  > shutdown
>  >!
>  >interface Serial0/2
>  > no ip address
>  > shutdown
>  >!
>  >interface Serial0/3
>  > description "OASIS LINK"
>  >ip address 216.252.243.5 255.255.255.252
>  > ip access-group 107 in
>  > ip access-group 107 out
>  > rate-limit input 64000 128000 128000 conform-action transmit
>  >exceed-action drop
>  > rate-limit output 64000 128000 128000 conform-action transmit
>  >exceed-action drop
>  > encapsulation ppp
>  >!
>  >interface Serial1/0
>  > description Shapura Link
>  > ip address 216.252.243.1 255.255.255.252
>  > ip access-group 107 in
>  > ip access-group 107 out
>  > rate-limit input 32000 32768 32768 conform-action transmit
>  >exceed-action drop
>  >
>  >interface Serial1/1
>  > description DOIT LINK
>  > bandwidth 128
>  > ip address 216.252.243.17 255.255.255.252
>  >rate-limit input 32000 65536 65536 conform-action transmit exceed-action
>  >drop
>  > rate-limit output 32000 65536 65536 conform-action transmit
>  >exceed-action drop
>  > encapsulation ppp
>  > service-policy input mark-inbound-http-hacks
>  > service-policy output mark-inbound-http-hacks
>  >!
>  >nterface Serial1/2
>  > no ip address
>  > shutdown
>  >!
>  >interface Serial1/3
>  > description vsnl link
>  > ip address 202.54.192.66 255.255.255.252
>  > ip access-group 115 in
>  > ip access-group 115 out
>  > encapsulation ppp
>  > service-policy input mark-inbound-http-hacks
>  > service-policy output mark-inbound-http-hack

Content Switch Module and Server Load Balancing [7:62443]

[[EMAIL PROTECTED]]

Any Thoughts?





"[EMAIL PROTECTED]" @groupstudy.com em
04/02/2003 13:44:09

Favor responder a "[EMAIL PROTECTED]" 

Enviado Por:  [EMAIL PROTECTED]


Para:  [EMAIL PROTECTED]
cc:

Assunto:Content Switch Module and Server Load Balancing [7:62443]


Does anybody could share any real example of using Server Load Balancing in
6000 switches?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62498&t=62443
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Difference between SNMP notifications and traps [7:62478]

[John Neiberger]

>What is the difference between an SNMP notification and an SNMP trap?

I'd have to check later to verify this but I believe 'trap' is the SNMP
version 1 term, while 'notification' is the SNMP v2 (or v3?) term.  I
don't recall what the technical differences are, but they are
essentially the same animal.

Someone please correct me if I'm wrong.  I've been awake since 2:30AM
so I'm not thinking clearly.  :-)

John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62497&t=62478
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DR Planning capacity [7:62492]

[[EMAIL PROTECTED] (Kaj J. Niemi)]

In mail.net.groupstudy.pro, you wrote:

>  hi, I am trying to plan for disaster recovery and the data that are to be
>  backup will be transfer between a 3548 switch via a gigabit link to Core
>  6006 as well as to a backup server via gigabit link, therefore , data will
>  be passing through a Fast Ethernet and 1 gigabits pipe line with back
plane
>  of 10.8 Gbps for 3548 and 6006 with 32 Gbps.

The slowest component is your servers. You're not going to write data to
disk at a sustained rate of 125 megabytes/s.

Would suggest you try out the disaster recovery scenario on the same LAN
(VLAN, whatever) in a lab or so to get a pointer on how your servers will
perform next to eachother.



// kaj




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62495&t=62492
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

SAFE exam (9e0-131) [7:62494]

[Hanna, Keith]

Has anyone taken this exam yet?

I am about to register for it, and having read the blueprints, I'm not sure I
understand what will be asked for.

Do I need to know actual recommend configs? Or is it more of a 'general'
overview? I have gone throught the blueprint several time, and if you don't
need to know actual config info, there doesn't appear to be that much to need
to know?

Anyone care to comment?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62494&t=62494
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

vlan map in Cat.3550 switch [7:62493]

[dovelet]

Hi all,

I would like to configure ip access control within a same VLAN at a Cat.3550
switch, so that unauthorized users cannot access the critical servers even
they are at same vlan. I found that "vlan map" can do this. Does anyone use
"vlan map" before? Is it stable? Is it difficult in troubleshooting?

Regards,
Dovelet




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62493&t=62493
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

DR Planning capacity [7:62492]

[Han Chuan Alex Ang]

hi, I am trying to plan for disaster recovery and the data that are to be
backup will be transfer between a 3548 switch via a gigabit link to Core
6006 as well as to a backup server via gigabit link, therefore , data will
be passing through a Fast Ethernet and 1 gigabits pipe line with back plane
of 10.8 Gbps for 3548 and 6006 with 32 Gbps. Wonder if any body there who
could shed some light as to any website or way to go about doing this
capacity planning.What are the factor to take note and how do we
calculate.thank


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62492&t=62492
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

question(routing) [7:62490]

[kaushalender]

Hello group,

Kindly resolve my confussion.I have cisco 2610 router.We r running 
static routing with our service provider .Now what is happening that 
suddely my http request stoped going out means there was no browsing on 
  lan and customer I was able to telnet every website on port 80 that 
means i able to reach website till apllication layer from my pc .Now how 
can i find out what is killing my http request in my network . and my 
service provider is saying that from my side huge amount of routing 
loops is coming but i have put whole announced network on ethernet. This 
is the conf .PLz help me

sh run
 >Building configuration...
 >
 >Current configuration : 4962 bytes
 >!
 >version 12.2
 >service timestamps debug datetime msec localtime show-timezone
 >service timestamps log datetime msec localtime show-timezone
 >service password-encryption
 >!
 >hostname Rainbow
 >!
 >logging buffered 1 debugging
 >no logging console
 >aaa new-model
 >aaa authentication login default local group radius
 >aaa authorization exec default local group radius
 >enable secret 5 $1$WyvH$D/U2xWxcDfbROyR7PtGXS1
 >enable password 7 000D0016457B525F56
 >!
 >username rainbow password 7 095E4F0017071805
 >
 >clock timezone GMT 5
 >clock summer-time GMT recurring
 >ip subnet-zero
 >no ip source-route
 >ip wccp version 1
 >ip flow-cache timeout inactive 300
 >ip flow-cache timeout active 1
 >ip cef
 >!
 >!
 >ip name-server 202.78.168.6
 >ip name-server 202.78.168.14
 >
 >p name-server 202.54.15.1
 >!
 >!
 >class-map match-any http-hacks
 >  match protocol http url "*.ida*"
 >  match protocol http url "*cmd.exe*"
 >  match protocol http url "*root.exe*"
 >  match protocol http url "*readme.eml*"
 >!
 >!
 >policy-map mark-inbound-http-hacks
 >  class http-hacks
 >   set ip dscp 1
 >!
 >
 >!
 >interface Ethernet0/0
 > ip address 202.78.164.3 255.255.252.0 secondary
 > ip address 202.54.194.65 255.255.255.224 secondary
 > ip address 202.78.168.26 255.255.248.0
 > ip access-group 115 in
 > ip access-group 115 out
 > no ip proxy-arp
 > rate-limit input access-group 121 48000 52000 52000 conform-action
 >transmit exceed-action drop
 > rate-limit input access-group 122 32000 32000 32000 conform-action
 >transmit exceed-action drop
 > rate-limit output access-group 110 64000 64000 64000 conform-action
 >transmit exceed-action drop
 > rate-limit output access-group 121 296000 30 30 conform-action
 >transmit exceed-action drop
 > rate-limit output access-group 122 32000 32000 32000 conform-action
 >transmit exceed-action drop
 > no ip mroute-cache
 > full-duplex
 > service-policy input mark-inbound-http-hacks
 >service-policy output mark-inbound-http-hacks
 > no cdp enable
 >interface Serial0/0
 > bandwidth 512
 > no ip address
 > no ip mroute-cache
 > shutdown
 > no fair-queue
 >!
 >interface Serial0/1
 > bandwidth 512
 > no ip address
 > no ip route-cache
 > no ip mroute-cache
 > shutdown
 >!
 >interface Serial0/2
 > no ip address
 > shutdown
 >!
 >interface Serial0/3
 > description "OASIS LINK"
 >ip address 216.252.243.5 255.255.255.252
 > ip access-group 107 in
 > ip access-group 107 out
 > rate-limit input 64000 128000 128000 conform-action transmit
 >exceed-action drop
 > rate-limit output 64000 128000 128000 conform-action transmit
 >exceed-action drop
 > encapsulation ppp
 >!
 >interface Serial1/0
 > description Shapura Link
 > ip address 216.252.243.1 255.255.255.252
 > ip access-group 107 in
 > ip access-group 107 out
 > rate-limit input 32000 32768 32768 conform-action transmit
 >exceed-action drop
 >
 >interface Serial1/1
 > description DOIT LINK
 > bandwidth 128
 > ip address 216.252.243.17 255.255.255.252
 >rate-limit input 32000 65536 65536 conform-action transmit exceed-action
 >drop
 > rate-limit output 32000 65536 65536 conform-action transmit
 >exceed-action drop
 > encapsulation ppp
 > service-policy input mark-inbound-http-hacks
 > service-policy output mark-inbound-http-hacks
 >!
 >nterface Serial1/2
 > no ip address
 > shutdown
 >!
 >interface Serial1/3
 > description vsnl link
 > ip address 202.54.192.66 255.255.255.252
 > ip access-group 115 in
 > ip access-group 115 out
 > encapsulation ppp
 > service-policy input mark-inbound-http-hacks
 > service-policy output mark-inbound-http-hacks
 >!p flow-export source Ethernet0/0
 >ip flow-export version 5 peer-as
 >ip flow-export destination 202.78.168.2 2055
 >ip classless
 >ip route 0.0.0.0 0.0.0.0 202.54.192.65
 >ip route 202.78.160.0 255.255.252.0 203.129.200.193
 >ip route 202.78.167.0 255.255.255.240 202.78.164.2
 >ip route 202.78.167.8 255.255.255.248 202.78.164.2
 >ip route 202.78.173.0 255.255.255.248 216.252.243.18
 >ip route 202.78.173.8 255.255.255.248 216.252.243.10
 >ip route 202.78.173.24 255.255.255.248 216.252.243.2
 >ip route 202.78.173.248 255.255.255.248 216.252.243.14
 >ip route 202.78.175.0 255.255.255.224 216.252.243.6
logging trap debugging
logging facility local1
logging 202.78.168.2
access-list 107 deny   ip any any dscp 1 log
access-

Netflow, IP Accounting and RMON [7:62489]

[Ivan Yip]

Dear All,

Can anyone share some useful links for me to explain the above items?
I am quite confused about them.

Thanks in advance.

rgds,
Ivan


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62489&t=62489
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]