RE: Modem Config [7:62479]
Thanks Scott ! I got modem to work, and can get to router prompt, but it's doing the funny thing. It types twice eventhough I type it once. For example, if i type telnet command, it will type "ttlleenneett"", it's really frustrating, it's a new 33.6 modem, but don't know why it is doing that. Regards, Teza--- On Tue 02/04, Scott Terminiello < [EMAIL PROTECTED] > wrote:From: Scott Terminiello [mailto: [EMAIL PROTECTED]]To: [EMAIL PROTECTED], [EMAIL PROTECTED]: Tue, 4 Feb 2003 22:08:30 -0500Subject: RE: Modem Config [7:62479]Make sure the dip switch settings are as follows:1 UP Data terminal ready normal2 UP Verbal result codes3 Down Display result codes4 UP Echo offline commands5 UP Auto Answer first ring6 UP Carrier detect normal7 UP Load NVRAM defaults8 Down Smart ModeYou need to reverse telnet into the modem to configure. When you reversetelnet enter the command string. Here is a good link.http://www.cisco.com/warp/customer/471/mod-aux-exec.htmlGood luck,Scott TerminielloPresidentScott Enterprises5 Whitney DriveMarlboro, NJ 07746-1241Office: (732)972-2698Email: [EMAIL PROTECTED] Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf OfAzhar TezaSent: Tuesday, February 04, 2003 9:08 PMTo: [EMAIL PROTECTED]: Modem Config [7:62479]I am trying to setup a modem dialup for Cisco AUX or Console port. Themodem connects fine, but then hangsand never goes to to the router prompt. Is there any special configs for setting up 33.6 usroobotics modem. Here iswhat I am doing: GLOBAL MODE:modemcap entryusrobotics:MSC=&F1&D3S0=1 LINE MODE:line aux 0 modem InOut modemautoconfigure type usrobotics transport input all speed 38400 flowcontrolhardware line con 0 modem InOut modem autoconfigure type usroboticstransport input all speed 38400 flowcontrol hardware PIN 1, 3 AND 8 DOWN ANDTHE REST OF THEM UP. Any idea? Thanks, Teza___Join Excite! - http://www.excite.comThe most personalized portal on the Web!Message Posted at:http://www.groupstudy.com/form/read.php?f=7&i=62479&t=62479--FAQ, list archives, and subscription info:http://www.groupstudy.com/list/cisco.htmlReport misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ Join Excite! - http://www.excite.com The most personalized portal on the Web! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62566&t=62479 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: QOS Question [7:62351]
Hi, CBWFQ will meet your requirement. If no VPN traffic, the rest will fill the line. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62565&t=62351 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OT-Netscreen 5xp VPN very slow [7:62461]
Do you think it is the LAN negotiation problem? As 5XP only have 10M interface. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62564&t=62461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OT-Netscreen 5xp VPN very slow [7:62461]
My mistake, I thought that you were implying that there was a performance issue with that architecture. Will Gragido CISSP CCNP CIPTSS CCDA MCP 9450 W. Bryn Mawr Ave. Suite 325 Rosemont, Il 60018 www.ins.com [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 05, 2003 10:49 PM To: [EMAIL PROTECTED] Subject: RE: OT-Netscreen 5xp VPN very slow [7:62461] William, I just pointed out the one of the possible architecture. VPN gateway I mentioned may be other vendors that can work with netscreen like checkpoint... Any problems on my thought? Ivan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62561&t=62461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OT-Netscreen 5xp VPN very slow [7:62461]
William, I just pointed out the one of the possible architecture. VPN gateway I mentioned may be other vendors that can work with netscreen like checkpoint... Any problems on my thought? Ivan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62559&t=62461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IP SoftPhone- Problem [7:62558]
Hi All, I have a problem facing with IP SoftPhone. Let me explain about the IP Telephone Network setup This is for one of the customer who has got an IP Telephone Setup. The network is having a CCM 3.1(4) Version. Around 4 numbers of IP Phones (7960 & 7910) has been installed on this network and all the phones are working perfectly. The customer has got one Cisco SoftPhone (v1.3). This SoftPhone is installed on the one of the client Machine which is having Windows XP as OS. Below is the problem which I am facing. After installing & opening the Soft Phone, I am not able to see any lines (extension) for the particular soft phone and its coming as blank. I have configured the CTI Port, and i have associated the device to the particular user. Inspite of the same i am not able get any lines for the SoftPhone. I have gone through the Cisco Documentation Cisco IP SoftPhone Administration v 1.3. As per the documentation I did the troubleshooting to find out what is the problem, but not able to get a breakthrough. On the call manager I checked the event viewer and provides follwoing error message. 2/4/20031:15:03 PM Cisco CTIManagerError None3 N/A CALLMGR Error: kCtiIncompatibleProtocolVersion - Incompatible protocol version. UNKNOWN_PARAMTYPE:Message Version: 196608 UNKNOWN_PARAMTYPE:Minimum Version: 131072 UNKNOWN_PARAMTYPE:Current Version: 131072 App ID: Cisco CTIManager Cluster ID: CALLMGR-Cluster Node ID: CALLMGR Application ID: Cisco Telephony Call Dispatcher Process ID: 0 Process Name: CtiHandler Provider Name: CTI Framework Explanation: The JTAPI/TAPI application version is not compatible with this version of CTIManager, so received message has been rejected. Recommended Action: Verify correct version of application is being used; otherwise, contact TAC.. I installed the same software on another machine, tested it and its working without any problem and I am able to place the calls from the softphone to other IP Phones. Has anyone faced this porblem before? Can any one give idea / solution for this? Regards...Anil __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62558&t=62558 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Specifying networks in OSPF - How? [7:62463]
I use OSPF quite a lot, and I have followed John/Chuck/Pricilla/Larry L . and a few others and re-done my configs and moved the actual interfaces into the ospf statements. I had problems the other way (maybe because sometimes I rush through my configs and wonder why they don't work the next day) Jb -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 5 February 2003 8:13 AM To: [EMAIL PROTECTED] Subject: Re: Specifying networks in OSPF - How? [7:62463] In OSPF, the network statement specifies which interfaces will participate in OSPF routing. Use whichever syntax you prefer. Your first example would cause all interfaces in the 10.10.10.0/24 range to participate. Your second example activates only the interface with the IP address 10.10.10.1. It really depends on what you're trying to accomplish. As a guideline, though, many including myself would suggest that you always be as specific as possible, using one network statement with a mask of 0.0.0.0 for each interface. This is a little more work but it reduces errors and aids in troubleshooting. Regards, John >>> "Cisco Nuts" 2/4/03 1:52:53 PM >>> Hello, Is there a rule of thumb on specifying the network commands in an Ospf FR topology? Ex. for netw. 10.10.10.1/24, would one specify under ospf: #router ospf 1 #netw 10.10.10.0 0.0.0.255 area 0 OR #router ospf 1 #netw 10.10.10.1 0.0.0.0 area 0 Which one?? Is the network specified or the host address itself. Does it depend if it's a frame-relay full-mesh (ip ospf network broadcast/non-broadcast) or partial-mesh (ip ospf network point-to-multipoint) ? Thank you. Sincerely, CN _ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail ** visit http://www.solution6.com UK Customers - http://www.solution6.co.uk ** The Solution 6 Head Office and NSW Branch has moved premises. Please make sure you have updated your records with our new details. Level 14, 383 Kent Street, Sydney NSW 2000. General Phone: 61 2 9278 0666 General Fax: 61 2 9278 0555 ** This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62557&t=62463 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: SQLNET/TNS Firewall Rule [7:62472]
First of all, what version of Pix OS are you running? I have a similar setup like yours with a "franken" pix firewall between an Oracle9i Server running on Linux and an Oracle9i Client running on a windows 2k machine. I am running version 6.3(0) build 131 on my "franken" pix firewall and it works great connecting to port sqlnet 1521 on the Oracle server behind firewall. Just make sure you have this in your pix configuration: fixup protocol sqlnet 1521 Make sure that you're running version 6.2(2) or 6.3(0) build 131 beta and you will be fine. Have fun. D. Paulo Roque wrote:I have a PIX firewall between a oracle server and a client. The client always start a connection on port 1521 on the server. The server always send a port redirect to the client informing the client to start a new connection on second port. This second port is always random, what makes me create a rule that permits the client to connect to any port on the server. This situation is bad. Is it possible to create a rule that restrict the client access to the server and still permit the oracle connection to occur? -- Eng. Paulo Roque Network Engineer Cisco Certified Network Associate [EMAIL PROTECTED] Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62556&t=62472 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
WLAN Bridge [7:62555]
Hi All, I have two building linked up with WLAN Bridge 350, the question is how to block the DHCP of plant 2 reach Plant 1. Currently P1 DHCP goto P2 and P2 DHCP goto P1. Please HELP. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62555&t=62555 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: List of ip protocols [7:62460]
Me wrote: > > search for rfc1700 RFC 1700 has been superceded by the IANA Protocol Numbers and Assignment Services. RFC 1700 hasn't been updated or re-released in RFC form in years. See here: http://www.iana.org/numbers.html Priscilla > > ""Symon Thurlow"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi all, > > > > Does anyone know of a reference list of ip protocols and > their numbers > > > > For example gre = 47, tcp = 6? Etc > > > > Cheers, > > > > Symon > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62554&t=62460 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: T1 Csu dsu issue(commands) [7:62445]
Hi Dave Thanx replying is this in version 2 of WIC-1DSU-T1 these commands work fine or what I could not get u. May be somebody else who has worked on WIC-1DSU-T1,please do send your valuable comments if u have any. MADMAN wrote: > > The documentation is not very accurate on this as you have > discovered.Thanks for pointing this out, I am beta testing > a version > 2 of the WIC-1DSU-T1 and it is not optional, I will pass this > on. > >Aside from testing though I have never needed to change the > default > in the real world. The defaults let you loop the CSU with a > standard > issue T-BERD. > >Dave > > Simmi Singh wrote: > > I have 1 Port T1 CSU/DSU WAN Interface Card, > > some more problems I am facing are > > 1) when I am trying to give > > service-module t1 remote-loopback payload command with out > any optional > > parameter it does not work and gives that incomplete command > error.where as > > the V54 is optional parameter > > > > 2) this combination of command also does not work and gives > format error. > > service-module t1 remote-loopback full alternate > > > > this both v54 and alternate are optional parameters as > mentioned in the > > documentation. > > > > > http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_command_reference_chapter09186a00800874e6.html#1019309 > > > > Please refer this link that these are optional parameters(v54 > and > > alternate). > > In my knowledge there could be 4 possible combinations but > only two work > > > > full > > full with alternate(doesnot work) > > payload(doesnot work) > > payload with v54 > > > > Can anybody explain these also in additional to the previous > doubts > > mentioned below > > --- > > > > > > Simmi Singh wrote: > > > >>Hi all, > >>while configuring the T1 CSU DSU card we use service-module > >>commands. > >>Here when I have the following command > >>service-module t1 remote-loopback {full | payload} [alternate > | > >>v54] > >>The default option is Full and payload loopbacks with > >>standard-loopup codes. and its mentioned in documentation > also > >>that by entering the service-module t1 remote-loopback > command > >>without specifying any keywords, you enable the > standard-loopup > >>codes, which use a 1-in-5 pattern for loopup and a 1-in-3 > >>pattern for loopdown. > >> > >> > >>The calrifications needed are that > >>1) What is thedefault option for loopback.If I select the > full option from > > > > the cli then want to switch > > > >>back to the default option, do the above command without > >>parameters will do that function > >>example > >>service-module t1 remote-loopback full alternate > >> > >> > >>then if i want to switch to default option will this work > >> > >>service-module t1 remote-loopback > >> > >>But I tried this command doesnot work(incomplete command) > >>so how to enable both payload and alternate with standard > >>loopup codes. > >>Just by negating the earlier command > >>is their some command for this > >> > >>2) For what this default option used for > >> > >>any help will be appreciated > -- > David Madland > CCIE# 2016 > Sr. Network Engineer > Qwest Communications > 612-664-3367 > > "You don't make the poor richer by making the rich poorer." > --Winston > Churchill > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62553&t=62445 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: frame-relay theoretical topic / question [7:62517]
Stull, Cory wrote: > > 3 locations. Milwaukee, Madison, Greenbay. Milwaukee and > Madison both > have a 128k port 64k CIR. Greenbay has full T1 with 64k CIR. > > From Milwaukee why is Greenbay's ping response times almost 3 > times faster > than Madisons? Wouldn't Milwaukee being the bottle neck of > 128k port rate > make both ping response times closer to the same? The Milwaukee router would be a bottleneck if you were sending more traffic than the 128 Kbps interface can send. Once you start sending more than 128 Kbps, then the Milwaukee router has to start queuing packets, which would introduce some delay. For the delay to be noticeable, you would have to be doing quite a bit more than 128 Kbps. For it to be definitely noticable, you would need to exceed the queue depth, resulting in dropped and retransmitted packets. Does the router show that it is dropping any packets? What does the router say the load on the serial interface is? Where are the pings originating? What ping tool are you using? How much bandwidth can it use? Are delays being introduced between your ping station and the serial interface? For example, are they going across swithces or a shared Ethernet segment? My guess is that you aren't using 128 Kbps. Let's say that you are, though. Because Frame Relay is a packet-switched network, packets could be queuing up more in the path to Madison compared to the path to Greenbay. Also, of course, the egress FR relay switch in Greenbay can whip out the packets much faster than the egress switch in Madison which has just a 128 Kbps link, compared to the T1 link in Greenbay. So, it might seem odd that packets can pick up speed, but due to the queuing at routers and switches in the path, they can. They might get jumbled up at some point, but then whipped out at 1.544 Mbps at another point. I hope that explanation isn't too confusing and I hope you're not freezing there in Wisconsin! :-) Priscilla > Or is this > like the > highway theory of Greenbay has a Full T1 most of the way so you > can go > faster on that portion of the drive therefore the ping response > times are > much faster?? > > Thanks for any input. > > > > > Cory > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62552&t=62517 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: SAFE exam (9e0-131) [7:62494]
Hi Keith, I have just sat the safe exam and failed I went in after reading the safe documents as well I have my CSS1 this exam seems fairly easy but I still failed After the exam I went home and re read the safe documents and I personally can't see from the questions asked how I failed but I did. The questions are mainly based on the safe whitepapers as well there are a few simulators in the exam. Hope this helps -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hanna, Keith Sent: Wednesday, 5 February 2003 21:10 To: [EMAIL PROTECTED] Subject: SAFE exam (9e0-131) [7:62494] Has anyone taken this exam yet? I am about to register for it, and having read the blueprints, I'm not sure I understand what will be asked for. Do I need to know actual recommend configs? Or is it more of a 'general' overview? I have gone throught the blueprint several time, and if you don't need to know actual config info, there doesn't appear to be that much to need to know? Anyone care to comment? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62551&t=62494 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN Dialer Watch on 4500 [7:62423]
Of course I had to copy the wrong log file up yesterday (02/04/03 - recorded as 02-05-03 4:01). That one had a serious flaw that was corrected. This is the one that should have been posted. My apologies to everyone. Following is the client/dial-up router ** r4500b#sh run Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname r4500b ! no logging buffered enable secret 5 $1$dmkQ$LhX8ezIO8y81ypOR34wvt. ! username r4000m password 0 wienerdog ip subnet-zero isdn switch-type basic-ni ! ! ! interface Loopback0 ip address 172.255.255.240 255.255.255.255 no ip directed-broadcast ! interface Loopback1 ip address 172.18.200.9 255.255.255.248 no ip directed-broadcast ! interface Loopback2 ip address 172.18.200.17 255.255.255.240 no ip directed-broadcast ! interface Loopback3 ip address 172.18.200.33 255.255.255.224 no ip directed-broadcast ! interface Ethernet0 no ip address no ip directed-broadcast media-type 10BaseT ! interface Ethernet1 ip address 172.18.15.254 255.255.255.0 no ip directed-broadcast media-type 10BaseT ! interface Serial0 ip address 172.18.196.2 255.255.255.252 no ip directed-broadcast shutdown ! interface Serial1 bandwidth 250 ip address 172.18.200.2 255.255.255.252 no ip directed-broadcast ! interface BRI0 ip address 192.254.254.1 255.255.255.252 no ip directed-broadcast encapsulation ppp dialer idle-timeout 30 dialer watch-disable 15 dialer map ip 172.255.255.245 name r4000m broadcast 8358662 dialer map ip 192.254.254.2 name r4000m broadcast 8358662 dialer load-threshold 5 outbound dialer watch-group 10 dialer-group 1 isdn switch-type basic-ni isdn spid1 0835866101 isdn spid2 0835866301 ppp authentication chap ppp multilink ! interface BRI1 no ip address no ip directed-broadcast shutdown isdn switch-type basic-ni ! interface BRI2 no ip address no ip directed-broadcast shutdown isdn switch-type basic-ni ! interface BRI3 no ip address no ip directed-broadcast shutdown isdn switch-type basic-ni ! router eigrp 666 network 172.18.0.0 network 172.255.0.0 network 192.254.254.0 no auto-summary ! ip classless ! access-list 101 deny eigrp any any access-list 101 permit ip any any dialer watch-list 10 ip 172.255.255.245 255.255.255.255 dialer-list 1 protocol ip list 101 ! line con 0 session-timeout 2880 exec-timeout 2880 0 logging synchronous transport input none line aux 0 line vty 0 4 session-timeout 2880 exec-timeout 2880 0 password wiener login ! end r4500b# Following is the dial-in router ** r4000m#sh run Building configuration... Current configuration : 2238 bytes ! version 12.1 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname r4000m ! no logging buffered enable secret 5 $1$51sJ$.h3NUdXcZI/hNuQefakc60 ! username r4500b password 0 wienerdog ! ! ! ! ip subnet-zero no ip finger ! ! ! ! source-bridge ring-group 100 source-bridge remote-peer 100 tcp 172.19.21.1 source-bridge remote-peer 100 tcp 172.19.21.5 source-bridge remote-peer 100 tcp 172.19.21.9 ! ! interface Loopback0 ip address 172.255.255.245 255.255.255.255 ! interface Loopback1 ip address 172.19.21.1 255.255.255.252 ! interface Loopback2 ip address 172.18.196.9 255.255.255.248 ! interface Loopback3 ip address 172.18.196.17 255.255.255.240 ! interface Loopback4 ip address 172.18.196.33 255.255.255.224 ! interface Loopback5 ip address 172.18.196.65 255.255.255.192 ! interface Loopback6 ip address 172.18.196.129 255.255.255.128 ! interface Serial0 bandwidth 250 ip address 172.18.200.1 255.255.255.252 ! interface Serial1 bandwidth 250 ip address 172.18.196.2 255.255.255.252 ! interface TokenRing0 no ip address shutdown ring-speed 16 multiring all source-bridge 10 1 100 source-bridge spanning ! interface BRI0 ip address 192.254.254.2 255.255.255.252 encapsulation ppp dialer idle-timeout dialer-group 1 isdn switch-type basic-ni isdn spid1 0835866201 isdn spid2 0835866401 ppp authentication chap ! interface BRI1 no ip address shutdown isdn switch-type basic-ni ! interface BRI2 no ip address shutdown isdn switch-type basic-ni ! interface BRI3 no ip address isdn switch-type basic-ni ! router eigrp 666 network 172.18.196.0 0.0.0.3 network 172.18.196.8 0.0.0.7 network 172.18.196.16 0.0.0.15 network 172.18.196.32 0.0.0.31 network 172.18.196.64 0.0.0.63 network 172.18.196.128 0.0.0.127 network 172.18.200.0 0.0.0.3 network 172.19.21.0 0.0.0.3 network 172.255.255.245 0.0.0.0 network 192.254.254.0 0.0.0.3 no auto-summary no eigrp log-neighbor-changes ! ip classless no ip http server ! dialer-list 1 protocol ip permit ! ! line con 0 session-timeout 2880 exec-timeout 2880 0 logging synchronous transport input none line aux 0 line vty 0 4 session-timeout 2880 exec-timeout 2880 0 password wiener login ! e
Re: RE: question(routing) [7:62490]
I know what WCCP is for. I just want to find out why it is there in the config. It may have some relation to the problem. "Andrew Larkins" wrote: WCCP is for web caching - it is used in conjunction with a Cisco content engine to pass all HTTP requests (an others) to a cache engine without the users physically having a proxy configured -Original Message- From: Keyur Lavingia [mailto:[EMAIL PROTECTED]] Sent: 05 February 2003 16:15 To: [EMAIL PROTECTED] Subject: Re: question(routing) [7:62490] Hi, I notice some wccp commands in your config. Can you please tell me where u are using it and for what ? Thanks, Keyur. "kaushalender" wrote: Hello group, Kindly resolve my confussion.I have cisco 2610 router.We r running static routing with our service provider .Now what is happening that suddely my http request stoped going out means there was no browsing on lan and customer I was able to telnet every website on port 80 that means i able to reach website till apllication layer from my pc .Now how can i find out what is killing my http request in my network . and my service provider is saying that from my side huge amount of routing loops is coming but i have put whole announced network on ethernet. This is the conf .PLz help me sh run >Building configuration... > >Current configuration : 4962 bytes >! >version 12.2 >service timestamps debug datetime msec localtime show-timezone >service timestamps log datetime msec localtime show-timezone >service password-encryption >! >hostname Rainbow >! >logging buffered 1 debugging >no logging console >aaa new-model >aaa authentication login default local group radius >aaa authorization exec default local group radius >enable secret 5 $1$WyvH$D/U2xWxcDfbROyR7PtGXS1 >enable password 7 000D0016457B525F56 >! >username rainbow password 7 095E4F0017071805 > >clock timezone GMT 5 >clock summer-time GMT recurring >ip subnet-zero >no ip source-route >ip wccp version 1 >ip flow-cache timeout inactive 300 >ip flow-cache timeout active 1 >ip cef >! >! >ip name-server 202.78.168.6 >ip name-server 202.78.168.14 > >p name-server 202.54.15.1 >! >! >class-map match-any http-hacks > match protocol http url "*.ida*" > match protocol http url "*cmd.exe*" > match protocol http url "*root.exe*" > match protocol http url "*readme.eml*" >! >! >policy-map mark-inbound-http-hacks > class http-hacks > set ip dscp 1 >! > >! >interface Ethernet0/0 > ip address 202.78.164.3 255.255.252.0 secondary > ip address 202.54.194.65 255.255.255.224 secondary > ip address 202.78.168.26 255.255.248.0 > ip access-group 115 in > ip access-group 115 out > no ip proxy-arp > rate-limit input access-group 121 48000 52000 52000 conform-action >transmit exceed-action drop > rate-limit input access-group 122 32000 32000 32000 conform-action >transmit exceed-action drop > rate-limit output access-group 110 64000 64000 64000 conform-action >transmit exceed-action drop > rate-limit output access-group 121 296000 30 30 conform-action >transmit exceed-action drop > rate-limit output access-group 122 32000 32000 32000 conform-action >transmit exceed-action drop > no ip mroute-cache > full-duplex > service-policy input mark-inbound-http-hacks >service-policy output mark-inbound-http-hacks > no cdp enable >interface Serial0/0 > bandwidth 512 > no ip address > no ip mroute-cache > shutdown > no fair-queue >! >interface Serial0/1 > bandwidth 512 > no ip address > no ip route-cache > no ip mroute-cache > shutdown >! >interface Serial0/2 > no ip address > shutdown >! >interface Serial0/3 > description "OASIS LINK" >ip address 216.252.243.5 255.255.255.252 > ip access-group 107 in > ip access-group 107 out > rate-limit input 64000 128000 128000 conform-action transmit >exceed-action drop > rate-limit output 64000 128000 128000 conform-action transmit >exceed-action drop > encapsulation ppp >! >interface Serial1/0 > description Shapura Link > ip address 216.252.243.1 255.255.255.252 > ip access-group 107 in > ip access-group 107 out > rate-limit input 32000 32768 32768 conform-action transmit >exceed-action drop > >interface Serial1/1 > description DOIT LINK > bandwidth 128 > ip address 216.252.243.17 255.255.255.252 >rate-limit input 32000 65536 65536 conform-action transmit exceed-action >drop > rate-limit output 32000 65536 65536 conform-action transmit >exceed-action drop > encapsulation ppp > service-policy input mark-inbound-http-hacks > service-policy output mark-inbound-http-hacks >! >nterface Serial1/2 > no ip address > shutdown >! >interface Serial1/3 > description vsnl link > ip address 202.54.192.66 255.255.255.252 > ip access-group 115 in > ip access-group 115 out > encapsulation ppp > service-policy input mark-inbound-http-hacks > service-policy output mark-inbound-http-hacks >!p flow-export source Ethernet0/0 >ip flow-export version 5 peer-as >ip flow-export destination 202.78.168.2 2055 >ip classless >ip route 0.0.0.0 0.0.0.0 202.54.192.65 >ip route 202.78.160.0
Re: List of ip protocols [7:62460]
search for rfc1700 ""Symon Thurlow"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all, > > Does anyone know of a reference list of ip protocols and their numbers > > For example gre = 47, tcp = 6? Etc > > Cheers, > > Symon Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62548&t=62460 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: T1 Csu dsu issue(commands) [7:62445]
The documentation is not very accurate on this as you have discovered.Thanks for pointing this out, I am beta testing a version 2 of the WIC-1DSU-T1 and it is not optional, I will pass this on. Aside from testing though I have never needed to change the default in the real world. The defaults let you loop the CSU with a standard issue T-BERD. Dave Simmi Singh wrote: > I have 1 Port T1 CSU/DSU WAN Interface Card, > some more problems I am facing are > 1) when I am trying to give > service-module t1 remote-loopback payload command with out any optional > parameter it does not work and gives that incomplete command error.where as > the V54 is optional parameter > > 2) this combination of command also does not work and gives format error. > service-module t1 remote-loopback full alternate > > this both v54 and alternate are optional parameters as mentioned in the > documentation. > > http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_command_reference_chapter09186a00800874e6.html#1019309 > > Please refer this link that these are optional parameters(v54 and > alternate). > In my knowledge there could be 4 possible combinations but only two work > > full > full with alternate(doesnot work) > payload(doesnot work) > payload with v54 > > Can anybody explain these also in additional to the previous doubts > mentioned below > --- > > > Simmi Singh wrote: > >>Hi all, >>while configuring the T1 CSU DSU card we use service-module >>commands. >>Here when I have the following command >>service-module t1 remote-loopback {full | payload} [alternate | >>v54] >>The default option is Full and payload loopbacks with >>standard-loopup codes. and its mentioned in documentation also >>that by entering the service-module t1 remote-loopback command >>without specifying any keywords, you enable the standard-loopup >>codes, which use a 1-in-5 pattern for loopup and a 1-in-3 >>pattern for loopdown. >> >> >>The calrifications needed are that >>1) What is thedefault option for loopback.If I select the full option from > > the cli then want to switch > >>back to the default option, do the above command without >>parameters will do that function >>example >>service-module t1 remote-loopback full alternate >> >> >>then if i want to switch to default option will this work >> >>service-module t1 remote-loopback >> >>But I tried this command doesnot work(incomplete command) >>so how to enable both payload and alternate with standard >>loopup codes. >>Just by negating the earlier command >>is their some command for this >> >>2) For what this default option used for >> >>any help will be appreciated -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "You don't make the poor richer by making the rich poorer." --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62546&t=62445 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 7500 Router CPU rocketing to 90% [7:62530]
Yes I'm running dlsw. There are 400 to 500 dlsw circuits open, and there are no performance issues strange enough. CIP has its own CPU I had run trend report on that and it's running at 30 to 40%. The Cisco site does not explain how the cpu utilization is added up. Mohsin Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62545&t=62530 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX Licensing [7:62233]
Thanks! Jarett ""Sam Sneed"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > A failover PIX will reload every 24 hours until primary is back up. > ""J.D. Chaiken"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi, > > > > Maybe this is a naive question, but if the primary PIX goes down and fails > > over to the failover PIX doesn't that make it a standalone unit? > > What makes the Failover a failover? did Cisco completly diable the > console > > port so the only way to configure it is with write standby? > > > > Jarett > > > > > > ""Claudio Spescha"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Hi > > > > > > In a Pix 515 with restricted license you can have a max of 3 interfaces, > > > with a PIX 515 unrestricted license up to 6 interfaces > > > > > > For failover you always need an unrestricted license. > > > You can not run a PIX with failover license as standalone box. A PIX > with > > > failover license is only a quarter of the price of a standalone PIX. > > > > > > With "show version" you can see what type of license you have. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62544&t=62233 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX Licensing [7:62233]
A failover PIX will reload every 24 hours until primary is back up. ""J.D. Chaiken"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, > > Maybe this is a naive question, but if the primary PIX goes down and fails > over to the failover PIX doesn't that make it a standalone unit? > What makes the Failover a failover? did Cisco completly diable the console > port so the only way to configure it is with write standby? > > Jarett > > > ""Claudio Spescha"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi > > > > In a Pix 515 with restricted license you can have a max of 3 interfaces, > > with a PIX 515 unrestricted license up to 6 interfaces > > > > For failover you always need an unrestricted license. > > You can not run a PIX with failover license as standalone box. A PIX with > > failover license is only a quarter of the price of a standalone PIX. > > > > With "show version" you can see what type of license you have. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62543&t=62233 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 7500 Router CPU rocketing to 90% [7:62530]
Mohsin, If you have not seen it already, check out the link below. Note that cpu utilization is caused by both processes and interrupts, so adding up the processes will not give you total cpu utilization (unless utilization due to interrupts is 0). When you do show proc cpu the first number you get is: x%/y% where x is total utilization and y is utilization due to interrupts. http://www.cisco.com/warp/public/63/highcpu.html#show_process_cpu -Bob Sinclair CCIE #10427, MCSE Senior Network Engineer Networking For Future, Inc. www.nffinc.com - Original Message - From: "Mohsin Hussain" To: Sent: Wednesday, February 05, 2003 2:18 PM Subject: 7500 Router CPU rocketing to 90% [7:62530] > We have 2 7500 routers with CIPs installed. Recently the router started to > have its CPU shooting upto 90%. When show process cpu is run. It does not > show what process is causing this because none of the processes are or add > upto 80 or 90%. Only two processes: IP input at 10% and cls background at > 14%. The rest of the processes are at 0 or 0.1%. > > Are there hidden processes that could be cause of the high cpu utilization? > If so how can it be seen (i.e any show commands?. > > Thanks, > > Mohsin Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62542&t=62530 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Alternate password recovery procedures? [7:62541]
All, I was looking for a way to recover an enable password on a misconfigured router, and I came across the SNMP method of password recovery, which I was able to use to change the enable password remotely on the router. I was wondering: Does anyone knows of even more alternate password recovery procedures? Thanks! Geoff Mossburg Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62541&t=62541 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: History of the PIX Firewall [7:62512]
Cool. ""Richard Deal"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62540&t=62512 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
T1 Csu dsu issue(commands) [7:62445]
I have 1 Port T1 CSU/DSU WAN Interface Card, some more problems I am facing are 1) when I am trying to give service-module t1 remote-loopback payload command with out any optional parameter it does not work and gives that incomplete command error.where as the V54 is optional parameter 2) this combination of command also does not work and gives format error. service-module t1 remote-loopback full alternate this both v54 and alternate are optional parameters as mentioned in the documentation. http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_command_reference_chapter09186a00800874e6.html#1019309 Please refer this link that these are optional parameters(v54 and alternate). In my knowledge there could be 4 possible combinations but only two work full full with alternate(doesnot work) payload(doesnot work) payload with v54 Can anybody explain these also in additional to the previous doubts mentioned below --- Simmi Singh wrote: > > Hi all, > while configuring the T1 CSU DSU card we use service-module > commands. > Here when I have the following command > service-module t1 remote-loopback {full | payload} [alternate | > v54] > The default option is Full and payload loopbacks with > standard-loopup codes. and its mentioned in documentation also > that by entering the service-module t1 remote-loopback command > without specifying any keywords, you enable the standard-loopup > codes, which use a 1-in-5 pattern for loopup and a 1-in-3 > pattern for loopdown. > > > The calrifications needed are that > 1) What is thedefault option for loopback.If I select the full option from the cli then want to switch > back to the default option, do the above command without > parameters will do that function > example > service-module t1 remote-loopback full alternate > > > then if i want to switch to default option will this work > > service-module t1 remote-loopback > > But I tried this command doesnot work(incomplete command) > so how to enable both payload and alternate with standard > loopup codes. > Just by negating the earlier command > is their some command for this > > 2) For what this default option used for > > any help will be appreciated Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62539&t=62445 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Passed CID 3.0 Test [7:62536]
Hi Steve, Congrats. I'm working on the CSPFA myself. JoeT Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62538&t=62536 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco 4000 Series [7:62507]
Some routers have a jumper that forces the console port to 9600. I was not able to find it for the 4000. Perhaps someone else knows if the 4000 does or does not have such a jumper. As I suggested before - try different console speeds. > -Original Message- > From: Domingo Ferrero [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, February 05, 2003 11:10 AM > To: [EMAIL PROTECTED] > Subject: Re: Cisco 4000 Series [7:62507] > > > The router dont work because in the screen a rare sequence of commands > appears "ajdsdgaqljiohangasdsa" and not the CTRL Break functions > > As is able resetear the router to traves of jumpers so that > return to have > the registration 0x2102 since accidentally himself change by > another that is > not correct > > Thanks and Regards > -- > --- > Domingo Ferrero Saavedra [EMAIL PROTECTED] > Dept. Sistemas, IdecNet S.A. > c/ Guzman el Bueno 125 > Madrid-Spain > Tfn: +34 91 824 00 00 > http://www.idecnet.com > --- > ""Daniel Cotts"" escribis en el mensaje > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > There could be several issues here: > > 1) Break sequence doesn't work. This may be due to the > terminal emulation > > software that you are using. Some versions of Hyperterminal > would not > > properly send the break signal. One solution is to go to > the Hilgraeve > site > > (hope I've spelled that correctly) and download a newer > version. If you > have > > another router, see if you can send a break to it. > > 2) When you say that the router doesn't start - does > anything appear on > the > > screen? If so, is it readable? If it is not readable you might try > different > > console speeds. > > 3) Your IOS upgrade may have failed. Check the Cisco web site for > > documentation on that. > > Here's the link to the config register page: > > > http://www.cisco.com/en/US/products/hw/routers/ps285/products_ > installation_g > > uide_chapter09186a008007cb01.html > > > > > -Original Message- > > > From: Domingo Ferrero [mailto:[EMAIL PROTECTED]] > > > Sent: Wednesday, February 05, 2003 8:58 AM > > > To: [EMAIL PROTECTED] > > > Subject: Cisco 4000 Series [7:62507] > > > > > > > > > I have a router of the series 4000 of cisco, I have changed > > > it the IOS but > > > there I am position in in conf reg a value that is not 0x2101 > > > neither 0x2102 > > > and the router does not start, I have tried to enter way > > > rommon but does not > > > function any tecla of break. > > > > > > Someone it knows like podria to recover the router > > > > > > > > > Thanks and Regards, > > > > > > -- > > > --- > > > Domingo Ferrero Saavedra [EMAIL PROTECTED] > > > Dept. Sistemas, IdecNet S.A. > > > c/ Guzman el Bueno 125 > > > Madrid-Spain > > > Tfn: +34 91 824 00 00 > > > http://www.idecnet.com > > > --- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62537&t=62507 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Passed CID 3.0 Test [7:62536]
Passed the CID 3.0 test this afternoon. (Hmm wonder if I just violated the NDA?) Thanks to Priscilla for Top-Down Network Design, Paul for having this place, and all those who answered my questions over the last few years! Steve Ringley CCNP/CCDP Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62536&t=62536 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 7500 Router CPU rocketing to 90% [7:62530]
At 07:18 PM 2/5/2003 +, Mohsin Hussain wrote: >We have 2 7500 routers with CIPs installed. Recently the router started to >have its CPU shooting upto 90%. When show process cpu is run. It does not >show what process is causing this because none of the processes are or add >upto 80 or 90%. Only two processes: IP input at 10% and cls background at >14%. The rest of the processes are at 0 or 0.1%. I would call the TAC on this. >Are there hidden processes that could be cause of the high cpu utilization? >If so how can it be seen (i.e any show commands?. > >Thanks, > >Mohsin Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62535&t=62530 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 7500 Router CPU rocketing to 90% [7:62530]
In mail.net.groupstudy.pro, you wrote: > We have 2 7500 routers with CIPs installed. Recently the router started to > have its CPU shooting upto 90%. When show process cpu is run. It does not > show what process is causing this because none of the processes are or add > upto 80 or 90%. Only two processes: IP input at 10% and cls background at > 14%. The rest of the processes are at 0 or 0.1%. Proceed according to http://www.cisco.com/warp/public/63/highcpu.html (doesn't require a CCO login.) The document pretty much describes what might be the root cause and how to locate it. // kaj Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62534&t=62530 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 7500 Router CPU rocketing to 90% [7:62530]
That is pretty strange, could you send the full sh proc cpu next time you see this. You may want to try and "if-console" to the CIP and see if anything unusual is occurring on it. Dave Mohsin Hussain wrote: > We have 2 7500 routers with CIPs installed. Recently the router started to > have its CPU shooting upto 90%. When show process cpu is run. It does not > show what process is causing this because none of the processes are or add > upto 80 or 90%. Only two processes: IP input at 10% and cls background at > 14%. The rest of the processes are at 0 or 0.1%. > > Are there hidden processes that could be cause of the high cpu utilization? > If so how can it be seen (i.e any show commands?. > > Thanks, > > Mohsin -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "You don't make the poor richer by making the rich poorer." --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62533&t=62530 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 7500 Router CPU rocketing to 90% [7:62530]
Are you using DLSw+ or bridging on the router? On Wed, 2003-02-05 at 14:18, Mohsin Hussain wrote: > We have 2 7500 routers with CIPs installed. Recently the router started to > have its CPU shooting upto 90%. When show process cpu is run. It does not > show what process is causing this because none of the processes are or add > upto 80 or 90%. Only two processes: IP input at 10% and cls background at > 14%. The rest of the processes are at 0 or 0.1%. -- Jason Greenberg, CCIE #11021 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62532&t=62530 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: semipermanent connections & radius authentication [7:62526]
Milan, In mail.net.groupstudy.pro, you wrote: > I have problem that when I use local authentication on access-server for ppp > authentication for semipermanent connection, the username that I use where > send to radius server. Can anybody tell me why this happens because it > shouldn't send local username to radius? The aaa model goes like this: Do you actually use group isdn-ll anywhere in the rest of your config, ie. ppp authen/author/acco isdn-ll? Apply the following debugs and you'll most likely spot why use-radius is being used if it's not evident in the config. debug ppp aut debug aaa eve debug aaa authen debug aaa author debug aaa acco debug aaa per-us debug rad aut // kaj Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62531&t=62526 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
7500 Router CPU rocketing to 90% [7:62530]
We have 2 7500 routers with CIPs installed. Recently the router started to have its CPU shooting upto 90%. When show process cpu is run. It does not show what process is causing this because none of the processes are or add upto 80 or 90%. Only two processes: IP input at 10% and cls background at 14%. The rest of the processes are at 0 or 0.1%. Are there hidden processes that could be cause of the high cpu utilization? If so how can it be seen (i.e any show commands?. Thanks, Mohsin Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62530&t=62530 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Difference between SNMP notifications and trap [7:62478]
In mail.net.groupstudy.pro, you wrote: > In SNMPv3 documents, the term "trap" no longer appears, but "notification" > does. So, I think they mean the same thing. But I didn't read the v3 > documents very carefully. They are hard to read, and in my opinion, no > longer deserve the S in the acronym. :-) SNMPv3 is closer to CMISE/CMIP models than most people realise. Most people never did appreciate the abstraction levels those provided for real world (uh, well, pretty much only TMN ;-)) applications. Not only are they complex to understand but also to setup, maintain and troubleshoot. People making RFPs should request their vendor to implement easily scriptable things like JUNOScript (or TL1 on ADMs.) I guess this sort of got out of topic.. // kaj Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62529&t=62478 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP question. [7:62519]
Hi Rajesh, In mail.net.groupstudy.pro, you wrote: > I come across some situations where I could see some routes in the BGP > table, but those routes aren't there in the regular routing table. The > configuration has "no sync" configured and couldn't guess how to go > about it. Can somebody help me out here? Is this an EBGP or IBGP neighbor? If EBGP, is the prefix being dampened? Is the nexthop for the prefix reachable? Is there a route-map being applied inbound? Is there a prefix-list being applied inbound? Is there a distribute-list being applied inbound? Are you using soft-reconfig? Is this a normal AFI IPv4 prefix? Are you using traditional config or NLRIs? Do the routes not imported have something in common? It would help a lot if you pasted sh ip bgp nei addr, sh ip bgp prefix and sh ip ro nexthop. Everybody uses "no synchronization" nowadays, it's a bugwards compatibility feature that you need to turn specify it in your configuration. // kaj Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62527&t=62519 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
semipermanent connections & radius authentication [7:62526]
Hello all, I have problem that when I use local authentication on access-server for ppp authentication for semipermanent connection, the username that I use where send to radius server. Can anybody tell me why this happens because it shouldn't send local username to radius? The aaa model goes like this: aaa new-model aaa authentication username-prompt "Login: " aaa authentication login line-login line aaa authentication login console-login line aaa authentication login use-radius local group radius aaa authentication ppp use-radius if-needed group radius aaa authentication ppp isdn-ll local <--- authentication for ppp semipermanent connection aaa authorization exec use-radius local group radius if-authenticated aaa authorization network use-radius group radius if-authenticated aaa authorization network isdn-ll if-authenticated aaa accounting network use-radius start-stop group radius Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62526&t=62526 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
snmp poll object [7:62525]
Hello I have a problem to poll object on snmp mode from my snmp server to my internal network devices I have snmp server with external ip address that connect to vpn server to have an internal ip to gain access to my internal network The internal devices are configured to accept the external ip address of the snmp server as agent The problem is my snmp server can poll object on snmp mode only with devices that have external ip addresses and cant poll object with internal ip address only can on icmp mode. Snmp server receive traps from the internal devices so no problem with receiving traps There is isa server between the snmp server and the internal network I enabled all snmp ports on isa server 161,162, 165---170 Could you please help to know where is the problem exactly Hanan.mawla Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62525&t=62525 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Difference between SNMP notifications and trap [7:62478]
My $.02, As defined in the two SNMP documents below, notification appears to be a term used to include both traps and informs. Informs are an SNMP V3 trap which is acknowledged, unlike "regular old traps". So, All traps are notifications, but not all notifications are traps (some are informs). http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120 t/120t3/snmp3.htm http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113t/113t_ 1/snmpinfm.htm -Bob Sinclair CCIE #10427, MCSE Senior Network Engineer Networking For Future, Inc. www.nffinc.com - Original Message - From: "Priscilla Oppenheimer" To: Sent: Wednesday, February 05, 2003 12:43 PM Subject: Re: Difference between SNMP notifications and trap [7:62478] > John Neiberger wrote: > > > > >What is the difference between an SNMP notification and an > > SNMP trap? > > > > I'd have to check later to verify this but I believe 'trap' is > > the SNMP > > version 1 term, while 'notification' is the SNMP v2 (or v3?) > > term. I > > don't recall what the technical differences are, but they are > > essentially the same animal. > > > > That was essentially going to be my answer too. If you search on the word > "notification" in SNMPv1 RFCs, you won't find it, but you will find lots of > cases of "trap." > > If you search on "notification" in SNMPv2 RFCs, you find the term "trap > notification." > > In SNMPv3 documents, the term "trap" no longer appears, but "notification" > does. So, I think they mean the same thing. But I didn't read the v3 > documents very carefully. They are hard to read, and in my opinion, no > longer deserve the S in the acronym. :-) > > Also, as is always the case, we need to see terms in their context to > explain them. So, "notification" could have some other meaning. The answer > about it meaning an e-mail or pager notification is right too, but maybe on > a different tangent, but we can't tell from the question if it's on the same > tangent or not. > > Priscilla > > > > > > John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62524&t=62478 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: frame-relay theoretical topic / question [7:62517]
Ya that is part of the reason and most likely the path is shorter between GB and Mil than Mil and and Madison and there may be more switches and/or and NNI between Mil and Madison, more congestions, etc... Dave Stull, Cory wrote: > 3 locations. Milwaukee, Madison, Greenbay. Milwaukee and Madison both > have a 128k port 64k CIR. Greenbay has full T1 with 64k CIR. > >>From Milwaukee why is Greenbay's ping response times almost 3 times faster > than Madisons? Wouldn't Milwaukee being the bottle neck of 128k port rate > make both ping response times closer to the same? Or is this like the > highway theory of Greenbay has a Full T1 most of the way so you can go > faster on that portion of the drive therefore the ping response times are > much faster?? > > Thanks for any input. > > > > > Cory -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "You don't make the poor richer by making the rich poorer." --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62523&t=62517 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP question. [7:62519]
Rajesh, Check the next hop for the BGP routes and see if it is reachable. If not you can use next-hop-self command to fix the issue or have IGP reach that next hop address. Hope this helps. Sunil Soporie ""Rajesh Kumar"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all, > > I come across some situations where I could see some routes in the BGP > table, but those routes aren't there in the regular routing table. The > configuration has "no sync" configured and couldn't guess how to go > about it. Can somebody help me out here? > > thanks, > r Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62522&t=62519 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DR Planning capacity [7:62492]
Han Chuan Alex Ang wrote: > > hi, I am trying to plan for disaster recovery and the data that > are to be backup will be transfer between a 3548 switch via a > gigabit link to Core 6006 as well as to a backup server via > gigabit link, therefore , data will be passing through a Fast > Ethernet and 1 gigabits pipe line with back plane of 10.8 Gbps > for 3548 and 6006 with 32 Gbps. Wonder if any body there who > could shed some light as to any website or way to go about > doing this capacity planning.What are the factor to take note > and how do we calculate.thank Capacity planning works best with real application-layer data that takes into account client/server (or server/server) transaction behavior. In other words, you should try it first and measure how much bandwidth actually gets used. Put a protocol analyzer on the network and make some measurements. Investigate things like packet size, packet turnaround time, efficiency, how much bandwidth is used by lower-layers in addition to the application layer, etc. Then you can pose "what if" questions such as what if the capacity were increased by 10 fold or if the switches were faster, etc. Simulation packages can help you do this. Sometimes you can get a good idea by just doing some basic calculations also. But, bottom line, you should start with some real-world data about the application. Unless you are the programmer who wrote the application and have a lot of theoretical knowledge about how it behaves, then you should gather the data empirically. (Actually programmers rarely really understand how their programs behave on a network, so still I would say, do some measurements.) Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62521&t=62492 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Difference between SNMP notifications and trap [7:62478]
John Neiberger wrote: > > >What is the difference between an SNMP notification and an > SNMP trap? > > I'd have to check later to verify this but I believe 'trap' is > the SNMP > version 1 term, while 'notification' is the SNMP v2 (or v3?) > term. I > don't recall what the technical differences are, but they are > essentially the same animal. > That was essentially going to be my answer too. If you search on the word "notification" in SNMPv1 RFCs, you won't find it, but you will find lots of cases of "trap." If you search on "notification" in SNMPv2 RFCs, you find the term "trap notification." In SNMPv3 documents, the term "trap" no longer appears, but "notification" does. So, I think they mean the same thing. But I didn't read the v3 documents very carefully. They are hard to read, and in my opinion, no longer deserve the S in the acronym. :-) Also, as is always the case, we need to see terms in their context to explain them. So, "notification" could have some other meaning. The answer about it meaning an e-mail or pager notification is right too, but maybe on a different tangent, but we can't tell from the question if it's on the same tangent or not. Priscilla > > John > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62520&t=62478 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP question. [7:62519]
Hi all, I come across some situations where I could see some routes in the BGP table, but those routes aren't there in the regular routing table. The configuration has "no sync" configured and couldn't guess how to go about it. Can somebody help me out here? thanks, r Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62519&t=62519 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 4000 Series [7:62507]
The router dont work because in the screen a rare sequence of commands appears "ajdsdgaqljiohangasdsa" and not the CTRL Break functions As is able resetear the router to traves of jumpers so that return to have the registration 0x2102 since accidentally himself change by another that is not correct Thanks and Regards -- --- Domingo Ferrero Saavedra [EMAIL PROTECTED] Dept. Sistemas, IdecNet S.A. c/ Guzman el Bueno 125 Madrid-Spain Tfn: +34 91 824 00 00 http://www.idecnet.com --- ""Daniel Cotts"" escribis en el mensaje [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > There could be several issues here: > 1) Break sequence doesn't work. This may be due to the terminal emulation > software that you are using. Some versions of Hyperterminal would not > properly send the break signal. One solution is to go to the Hilgraeve site > (hope I've spelled that correctly) and download a newer version. If you have > another router, see if you can send a break to it. > 2) When you say that the router doesn't start - does anything appear on the > screen? If so, is it readable? If it is not readable you might try different > console speeds. > 3) Your IOS upgrade may have failed. Check the Cisco web site for > documentation on that. > Here's the link to the config register page: > http://www.cisco.com/en/US/products/hw/routers/ps285/products_installation_g > uide_chapter09186a008007cb01.html > > > -Original Message- > > From: Domingo Ferrero [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, February 05, 2003 8:58 AM > > To: [EMAIL PROTECTED] > > Subject: Cisco 4000 Series [7:62507] > > > > > > I have a router of the series 4000 of cisco, I have changed > > it the IOS but > > there I am position in in conf reg a value that is not 0x2101 > > neither 0x2102 > > and the router does not start, I have tried to enter way > > rommon but does not > > function any tecla of break. > > > > Someone it knows like podria to recover the router > > > > > > Thanks and Regards, > > > > -- > > --- > > Domingo Ferrero Saavedra [EMAIL PROTECTED] > > Dept. Sistemas, IdecNet S.A. > > c/ Guzman el Bueno 125 > > Madrid-Spain > > Tfn: +34 91 824 00 00 > > http://www.idecnet.com > > --- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62518&t=62507 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
frame-relay theoretical topic / question [7:62517]
3 locations. Milwaukee, Madison, Greenbay. Milwaukee and Madison both have a 128k port 64k CIR. Greenbay has full T1 with 64k CIR. >From Milwaukee why is Greenbay's ping response times almost 3 times faster than Madisons? Wouldn't Milwaukee being the bottle neck of 128k port rate make both ping response times closer to the same? Or is this like the highway theory of Greenbay has a Full T1 most of the way so you can go faster on that portion of the drive therefore the ping response times are much faster?? Thanks for any input. Cory Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62517&t=62517 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OT-Netscreen 5xp VPN very slow [7:62461]
I'm using the first connection. But if I access intranet, I would go through a gateway on the other end. Don't see anything abnormal in log. Thanks. Xueyan Ivan Yip wrote: > > Hi, > > Did you check the NS-5XP log? > Also, if you place your PC behind the NS and access internet, > what's the path of your traffic? Simply PC-> FW-> cable modem-> > Internet OR > PC-> FW( VPN gateway ) -> cable modem -> VPN gateway -> > Internet? > > BUT you mentioned 3DES, if NS is just using as a Firewall, > encryption (3DES and VPN) should not cause your problem. > > rgds, > ivan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62516&t=62461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ATM explanation [7:62502]
Silvia, We can better help you if you could share the ATM interface and sub-interfaces' configuration lines. Feel free to sanitize them first before sharing though. It is common practice that when you use sub-interfaces on a router ATM port, you apply global Interface settings to the physical interface, but not IP addresses or vpi/vci settings for instance. So, I would think that the physical interface on your router does not have an IP assigned to it. Thus, you can't ping it. You should be able to ping the other sub-interfaces, provided that they have an IP address, form part of the routing table and there are no ACLs that prevent your host from getting the echo replies. My 2 cents Angel Leiva, EE, CCNP R&S + WAN, MCSE International Network Services 1255 Corporate Drive, Suite 210 Irving, TX 75038 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 05, 2003 9:43 AM To: [EMAIL PROTECTED] Subject: RE: ATM explanation [7:62502] Hi I dont want to ping the subinterface down, but the physical interface. And still does not reply. This behaviour is not card model linked. I have a feeling is something to do the NNI or LMI's but I cant not find the info. Any ideas? Thanks, Silvia Elaluf Silvia wrote: > > Hi Guys, > > I am not an ATM Expert and I need a proper explanation of why > when in a CISCO router with an ATM interface, if there is > multiple subinterfaces and one of the subinterfaces is down, it > is not possible to ping the interface? > Any ideas? > > Thanks > > Silvia Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62515&t=62502 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ATM explanation [7:62502]
Are you saying you can ping the physical interface when your subinterface is up? Can you send the pertinent configs? Dave Elaluf Silvia wrote: > Hi > > I dont want to ping the subinterface down, but the physical interface. And > still does not reply. > This behaviour is not card model linked. > I have a feeling is something to do the NNI or LMI's but I cant not find the > info. > > Any ideas? > > Thanks, > > Silvia > Elaluf Silvia wrote: > >>Hi Guys, >> >>I am not an ATM Expert and I need a proper explanation of why >>when in a CISCO router with an ATM interface, if there is >>multiple subinterfaces and one of the subinterfaces is down, it >>is not possible to ping the interface? >>Any ideas? >> >>Thanks >> >>Silvia -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "You don't make the poor richer by making the rich poorer." --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62514&t=62502 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco 4000 Series [7:62507]
There could be several issues here: 1) Break sequence doesn't work. This may be due to the terminal emulation software that you are using. Some versions of Hyperterminal would not properly send the break signal. One solution is to go to the Hilgraeve site (hope I've spelled that correctly) and download a newer version. If you have another router, see if you can send a break to it. 2) When you say that the router doesn't start - does anything appear on the screen? If so, is it readable? If it is not readable you might try different console speeds. 3) Your IOS upgrade may have failed. Check the Cisco web site for documentation on that. Here's the link to the config register page: http://www.cisco.com/en/US/products/hw/routers/ps285/products_installation_g uide_chapter09186a008007cb01.html > -Original Message- > From: Domingo Ferrero [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, February 05, 2003 8:58 AM > To: [EMAIL PROTECTED] > Subject: Cisco 4000 Series [7:62507] > > > I have a router of the series 4000 of cisco, I have changed > it the IOS but > there I am position in in conf reg a value that is not 0x2101 > neither 0x2102 > and the router does not start, I have tried to enter way > rommon but does not > function any tecla of break. > > Someone it knows like podria to recover the router > > > Thanks and Regards, > > -- > --- > Domingo Ferrero Saavedra [EMAIL PROTECTED] > Dept. Sistemas, IdecNet S.A. > c/ Guzman el Bueno 125 > Madrid-Spain > Tfn: +34 91 824 00 00 > http://www.idecnet.com > --- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62513&t=62507 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
History of the PIX Firewall [7:62512]
To all, I have received an email from Brantley Coile, on of the two co-developers of the PIX firewall, congratulating me on my book. He kindly sent me information about the development of the PIX and its subsequent sale to Cisco. If you would like to see the entire story, please visit this link (watch the wrap): http://home.cfl.rr.com/dealgroup/pix/pix_page_history.htm Cheers! -- Richard A. Deal Visit my home page at http://home.cfl.rr.com/dealgroup/ Author of Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP Remote Access Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco LAN Switch Configuration Exam Cram Cisco Test Prep author for QuizWare, providing the most comprehensive Cisco exams on the market. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62512&t=62512 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Lost area on CCO [7:62511]
I used to be able to order ROMS and Documentation under entitlement from the old CCO page. I can't seem to find it anymore. Can anyone point me to it on the new page? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62511&t=62511 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 4000 Series [7:62507]
Domingo Ferrero wrote: > Someone it knows like podria to recover the router http://www.cisco.com/warp/public/474/pswdrec_2500.html Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62510&t=62507 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ATM explanation [7:62502]
Hi I dont want to ping the subinterface down, but the physical interface. And still does not reply. This behaviour is not card model linked. I have a feeling is something to do the NNI or LMI's but I cant not find the info. Any ideas? Thanks, Silvia Elaluf Silvia wrote: > > Hi Guys, > > I am not an ATM Expert and I need a proper explanation of why > when in a CISCO router with an ATM interface, if there is > multiple subinterfaces and one of the subinterfaces is down, it > is not possible to ping the interface? > Any ideas? > > Thanks > > Silvia > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62509&t=62502 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ATM explanation [7:62502]
This has nothing to do with ATM. Why do you think you should be able to ping a down interface?? Dave Elaluf Silvia wrote: > Hi Guys, > > I am not an ATM Expert and I need a proper explanation of why when in a > CISCO router with an ATM interface, if there is multiple subinterfaces and > one of the subinterfaces is down, it is not possible to ping the interface? > Any ideas? > > Thanks > > Silvia -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "You don't make the poor richer by making the rich poorer." --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62508&t=62502 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco 4000 Series [7:62507]
I have a router of the series 4000 of cisco, I have changed it the IOS but there I am position in in conf reg a value that is not 0x2101 neither 0x2102 and the router does not start, I have tried to enter way rommon but does not function any tecla of break. Someone it knows like podria to recover the router Thanks and Regards, -- --- Domingo Ferrero Saavedra [EMAIL PROTECTED] Dept. Sistemas, IdecNet S.A. c/ Guzman el Bueno 125 Madrid-Spain Tfn: +34 91 824 00 00 http://www.idecnet.com --- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62507&t=62507 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ATM explanation [7:62502]
i had proper behavior on a PA-A3-E3 configured with OAM support. ""Elaluf Silvia"" a icrit dans le message de news: [EMAIL PROTECTED] > Hi Guys, > > I am not an ATM Expert and I need a proper explanation of why when in a > CISCO router with an ATM interface, if there is multiple subinterfaces and > one of the subinterfaces is down, it is not possible to ping the interface? > Any ideas? > > Thanks > > Silvia Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62506&t=62502 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Content Switch Module and Server Load Balancing [7:62443]
In mail.net.groupstudy.pro, you wrote: > Any Thoughts? Does anybody could share any real example of using Server > Load Balancing in 6000 switches? Never had the opportunity to play around with the CSM. Is there a specific need to use the CSM? IOS SLB works well on 7200/6000/6500s with MSFCs. Basic config to load-balance all traffic destined to 80/tcp on 10.0.0.1 on two servers (192.168.0.1, 192.168.0.2) could be as follows: ip slb serverfarm myfarm1 real 192.168.0.1 inservice real 192.168.0.2 inservice ip slb vserver mypr0n virtual 10.0.0.1 tcp www serverfarm myfarm1 inservice The default balancing method is weighted round robin. Use sticky in vserver if you want the clients to always return (within a timeframe) to the same server. It's a good way of ensuring application state would be kept on one server instead of 10 or so (this really depends on what your application needs are.) Do "sh ip slb vs" to check the state of your virtual server(s), "sh ip slb se de" to check the state of your farm(s) and "sh ip slb st" would show generic SLB stats. // kaj Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62505&t=62443 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: question(routing) [7:62490]
WCCP is for web caching - it is used in conjunction with a Cisco content engine to pass all HTTP requests (an others) to a cache engine without the users physically having a proxy configured -Original Message- From: Keyur Lavingia [mailto:[EMAIL PROTECTED]] Sent: 05 February 2003 16:15 To: [EMAIL PROTECTED] Subject: Re: question(routing) [7:62490] Hi, I notice some wccp commands in your config. Can you please tell me where u are using it and for what ? Thanks, Keyur. "kaushalender" wrote: Hello group, Kindly resolve my confussion.I have cisco 2610 router.We r running static routing with our service provider .Now what is happening that suddely my http request stoped going out means there was no browsing on lan and customer I was able to telnet every website on port 80 that means i able to reach website till apllication layer from my pc .Now how can i find out what is killing my http request in my network . and my service provider is saying that from my side huge amount of routing loops is coming but i have put whole announced network on ethernet. This is the conf .PLz help me sh run >Building configuration... > >Current configuration : 4962 bytes >! >version 12.2 >service timestamps debug datetime msec localtime show-timezone >service timestamps log datetime msec localtime show-timezone >service password-encryption >! >hostname Rainbow >! >logging buffered 1 debugging >no logging console >aaa new-model >aaa authentication login default local group radius >aaa authorization exec default local group radius >enable secret 5 $1$WyvH$D/U2xWxcDfbROyR7PtGXS1 >enable password 7 000D0016457B525F56 >! >username rainbow password 7 095E4F0017071805 > >clock timezone GMT 5 >clock summer-time GMT recurring >ip subnet-zero >no ip source-route >ip wccp version 1 >ip flow-cache timeout inactive 300 >ip flow-cache timeout active 1 >ip cef >! >! >ip name-server 202.78.168.6 >ip name-server 202.78.168.14 > >p name-server 202.54.15.1 >! >! >class-map match-any http-hacks > match protocol http url "*.ida*" > match protocol http url "*cmd.exe*" > match protocol http url "*root.exe*" > match protocol http url "*readme.eml*" >! >! >policy-map mark-inbound-http-hacks > class http-hacks > set ip dscp 1 >! > >! >interface Ethernet0/0 > ip address 202.78.164.3 255.255.252.0 secondary > ip address 202.54.194.65 255.255.255.224 secondary > ip address 202.78.168.26 255.255.248.0 > ip access-group 115 in > ip access-group 115 out > no ip proxy-arp > rate-limit input access-group 121 48000 52000 52000 conform-action >transmit exceed-action drop > rate-limit input access-group 122 32000 32000 32000 conform-action >transmit exceed-action drop > rate-limit output access-group 110 64000 64000 64000 conform-action >transmit exceed-action drop > rate-limit output access-group 121 296000 30 30 conform-action >transmit exceed-action drop > rate-limit output access-group 122 32000 32000 32000 conform-action >transmit exceed-action drop > no ip mroute-cache > full-duplex > service-policy input mark-inbound-http-hacks >service-policy output mark-inbound-http-hacks > no cdp enable >interface Serial0/0 > bandwidth 512 > no ip address > no ip mroute-cache > shutdown > no fair-queue >! >interface Serial0/1 > bandwidth 512 > no ip address > no ip route-cache > no ip mroute-cache > shutdown >! >interface Serial0/2 > no ip address > shutdown >! >interface Serial0/3 > description "OASIS LINK" >ip address 216.252.243.5 255.255.255.252 > ip access-group 107 in > ip access-group 107 out > rate-limit input 64000 128000 128000 conform-action transmit >exceed-action drop > rate-limit output 64000 128000 128000 conform-action transmit >exceed-action drop > encapsulation ppp >! >interface Serial1/0 > description Shapura Link > ip address 216.252.243.1 255.255.255.252 > ip access-group 107 in > ip access-group 107 out > rate-limit input 32000 32768 32768 conform-action transmit >exceed-action drop > >interface Serial1/1 > description DOIT LINK > bandwidth 128 > ip address 216.252.243.17 255.255.255.252 >rate-limit input 32000 65536 65536 conform-action transmit exceed-action >drop > rate-limit output 32000 65536 65536 conform-action transmit >exceed-action drop > encapsulation ppp > service-policy input mark-inbound-http-hacks > service-policy output mark-inbound-http-hacks >! >nterface Serial1/2 > no ip address > shutdown >! >interface Serial1/3 > description vsnl link > ip address 202.54.192.66 255.255.255.252 > ip access-group 115 in > ip access-group 115 out > encapsulation ppp > service-policy input mark-inbound-http-hacks > service-policy output mark-inbound-http-hacks >!p flow-export source Ethernet0/0 >ip flow-export version 5 peer-as >ip flow-export destination 202.78.168.2 2055 >ip classless >ip route 0.0.0.0 0.0.0.0 202.54.192.65 >ip route 202.78.160.0 255.255.252.0 203.129.200.193 >ip route 202.78.167.0 255.255.255.240 202.78.164.2 >ip route 202.78.167.8 255.255.255.248 202.78.164.2 >ip route 20
RE: Content Switch Module and Server Load Balancing [7:62443]
yes -we have done it on the 6509 and all is great. What exactly are you after?? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: 05 February 2003 15:18 To: [EMAIL PROTECTED] Subject: Content Switch Module and Server Load Balancing [7:62443] Any Thoughts? "[EMAIL PROTECTED]" @groupstudy.com em 04/02/2003 13:44:09 Favor responder a "[EMAIL PROTECTED]" Enviado Por: [EMAIL PROTECTED] Para: [EMAIL PROTECTED] cc: Assunto:Content Switch Module and Server Load Balancing [7:62443] Does anybody could share any real example of using Server Load Balancing in 6000 switches? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62503&t=62443 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ATM explanation [7:62502]
Hi Guys, I am not an ATM Expert and I need a proper explanation of why when in a CISCO router with an ATM interface, if there is multiple subinterfaces and one of the subinterfaces is down, it is not possible to ping the interface? Any ideas? Thanks Silvia Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62502&t=62502 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: question(routing) [7:62490]
Hi, I notice some wccp commands in your config. Can you please tell me where u are using it and for what ? Thanks, Keyur. "kaushalender" wrote: Hello group, Kindly resolve my confussion.I have cisco 2610 router.We r running static routing with our service provider .Now what is happening that suddely my http request stoped going out means there was no browsing on lan and customer I was able to telnet every website on port 80 that means i able to reach website till apllication layer from my pc .Now how can i find out what is killing my http request in my network . and my service provider is saying that from my side huge amount of routing loops is coming but i have put whole announced network on ethernet. This is the conf .PLz help me sh run >Building configuration... > >Current configuration : 4962 bytes >! >version 12.2 >service timestamps debug datetime msec localtime show-timezone >service timestamps log datetime msec localtime show-timezone >service password-encryption >! >hostname Rainbow >! >logging buffered 1 debugging >no logging console >aaa new-model >aaa authentication login default local group radius >aaa authorization exec default local group radius >enable secret 5 $1$WyvH$D/U2xWxcDfbROyR7PtGXS1 >enable password 7 000D0016457B525F56 >! >username rainbow password 7 095E4F0017071805 > >clock timezone GMT 5 >clock summer-time GMT recurring >ip subnet-zero >no ip source-route >ip wccp version 1 >ip flow-cache timeout inactive 300 >ip flow-cache timeout active 1 >ip cef >! >! >ip name-server 202.78.168.6 >ip name-server 202.78.168.14 > >p name-server 202.54.15.1 >! >! >class-map match-any http-hacks > match protocol http url "*.ida*" > match protocol http url "*cmd.exe*" > match protocol http url "*root.exe*" > match protocol http url "*readme.eml*" >! >! >policy-map mark-inbound-http-hacks > class http-hacks > set ip dscp 1 >! > >! >interface Ethernet0/0 > ip address 202.78.164.3 255.255.252.0 secondary > ip address 202.54.194.65 255.255.255.224 secondary > ip address 202.78.168.26 255.255.248.0 > ip access-group 115 in > ip access-group 115 out > no ip proxy-arp > rate-limit input access-group 121 48000 52000 52000 conform-action >transmit exceed-action drop > rate-limit input access-group 122 32000 32000 32000 conform-action >transmit exceed-action drop > rate-limit output access-group 110 64000 64000 64000 conform-action >transmit exceed-action drop > rate-limit output access-group 121 296000 30 30 conform-action >transmit exceed-action drop > rate-limit output access-group 122 32000 32000 32000 conform-action >transmit exceed-action drop > no ip mroute-cache > full-duplex > service-policy input mark-inbound-http-hacks >service-policy output mark-inbound-http-hacks > no cdp enable >interface Serial0/0 > bandwidth 512 > no ip address > no ip mroute-cache > shutdown > no fair-queue >! >interface Serial0/1 > bandwidth 512 > no ip address > no ip route-cache > no ip mroute-cache > shutdown >! >interface Serial0/2 > no ip address > shutdown >! >interface Serial0/3 > description "OASIS LINK" >ip address 216.252.243.5 255.255.255.252 > ip access-group 107 in > ip access-group 107 out > rate-limit input 64000 128000 128000 conform-action transmit >exceed-action drop > rate-limit output 64000 128000 128000 conform-action transmit >exceed-action drop > encapsulation ppp >! >interface Serial1/0 > description Shapura Link > ip address 216.252.243.1 255.255.255.252 > ip access-group 107 in > ip access-group 107 out > rate-limit input 32000 32768 32768 conform-action transmit >exceed-action drop > >interface Serial1/1 > description DOIT LINK > bandwidth 128 > ip address 216.252.243.17 255.255.255.252 >rate-limit input 32000 65536 65536 conform-action transmit exceed-action >drop > rate-limit output 32000 65536 65536 conform-action transmit >exceed-action drop > encapsulation ppp > service-policy input mark-inbound-http-hacks > service-policy output mark-inbound-http-hacks >! >nterface Serial1/2 > no ip address > shutdown >! >interface Serial1/3 > description vsnl link > ip address 202.54.192.66 255.255.255.252 > ip access-group 115 in > ip access-group 115 out > encapsulation ppp > service-policy input mark-inbound-http-hacks > service-policy output mark-inbound-http-hacks >!p flow-export source Ethernet0/0 >ip flow-export version 5 peer-as >ip flow-export destination 202.78.168.2 2055 >ip classless >ip route 0.0.0.0 0.0.0.0 202.54.192.65 >ip route 202.78.160.0 255.255.252.0 203.129.200.193 >ip route 202.78.167.0 255.255.255.240 202.78.164.2 >ip route 202.78.167.8 255.255.255.248 202.78.164.2 >ip route 202.78.173.0 255.255.255.248 216.252.243.18 >ip route 202.78.173.8 255.255.255.248 216.252.243.10 >ip route 202.78.173.24 255.255.255.248 216.252.243.2 >ip route 202.78.173.248 255.255.255.248 216.252.243.14 >ip route 202.78.175.0 255.255.255.224 216.252.243.6 logging trap debugging logging facility local1 logging 202.78.168.2 access-list 107 deny ip any any ds
RE: OT-Netscreen 5xp VPN very slow [7:62461]
Well, having worked with the Netscreen Firewall products, I find it interesting that you feel its your bottle neck. Take a look at the architecture you've outlined: PC--->NetScreen--->Cable Modem> VPN Gateway (what type of gateyway is this?)>Internet. The short answer here is that anytime you add security devices to a traffic flow especially when cipher-decipher takes place, you'll take a performance hit. That's the price we pay (though things are improving dramatically!) for privacy. NetScreens traditionally are quite fast devices and though the 5X is a smaller appliance its still quite good. Will Gragido CISSP CCNP CIPTSS CCDA MCP 9450 W. Bryn Mawr Ave. Suite 325 Rosemont, Il 60018 www.ins.com [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 05, 2003 1:24 AM To: [EMAIL PROTECTED] Subject: RE: OT-Netscreen 5xp VPN very slow [7:62461] Hi, Did you check the NS-5XP log? Also, if you place your PC behind the NS and access internet, what's the path of your traffic? Simply PC-> FW-> cable modem-> Internet OR PC-> FW( VPN gateway ) -> cable modem -> VPN gateway -> Internet? BUT you mentioned 3DES, if NS is just using as a Firewall, encryption (3DES and VPN) should not cause your problem. rgds, ivan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62500&t=62461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: question(routing) [7:62490]
At 08:02 AM 2/5/2003 +, kaushalender wrote: >Hello group, > >Kindly resolve my confussion.I have cisco 2610 router.We r running >static routing with our service provider .Now what is happening that >suddely my http request stoped going out means there was no browsing on > lan and customer I was able to telnet every website on port 80 that >means i able to reach website till apllication layer from my pc .Now how >can i find out what is killing my http request in my network . and my >service provider is saying that from my side huge amount of routing >loops is coming but i have put whole announced network on ethernet. This >is the conf .PLz help me If you had routing loops, everything would be broken, not just http. Try traceroutes from a site like route-views.oregon-ix.net into your network and likewise outbound to prove out your routing config. Beyond that, look at things that are impacting performance and layer 4 and above. Also, ask your ISP to clarify what they mean by loops. Given you run statically to them, I'm not sure what they mean. >sh run > >Building configuration... > > > >Current configuration : 4962 bytes > >! > >version 12.2 > >service timestamps debug datetime msec localtime show-timezone > >service timestamps log datetime msec localtime show-timezone > >service password-encryption > >! > >hostname Rainbow > >! > >logging buffered 1 debugging > >no logging console > >aaa new-model > >aaa authentication login default local group radius > >aaa authorization exec default local group radius > >enable secret 5 $1$WyvH$D/U2xWxcDfbROyR7PtGXS1 > >enable password 7 000D0016457B525F56 > >! > >username rainbow password 7 095E4F0017071805 > > > >clock timezone GMT 5 > >clock summer-time GMT recurring > >ip subnet-zero > >no ip source-route > >ip wccp version 1 > >ip flow-cache timeout inactive 300 > >ip flow-cache timeout active 1 > >ip cef > >! > >! > >ip name-server 202.78.168.6 > >ip name-server 202.78.168.14 > > > >p name-server 202.54.15.1 > >! > >! > >class-map match-any http-hacks > > match protocol http url "*.ida*" > > match protocol http url "*cmd.exe*" > > match protocol http url "*root.exe*" > > match protocol http url "*readme.eml*" > >! > >! > >policy-map mark-inbound-http-hacks > > class http-hacks > > set ip dscp 1 > >! > > > >! > >interface Ethernet0/0 > > ip address 202.78.164.3 255.255.252.0 secondary > > ip address 202.54.194.65 255.255.255.224 secondary > > ip address 202.78.168.26 255.255.248.0 > > ip access-group 115 in > > ip access-group 115 out > > no ip proxy-arp > > rate-limit input access-group 121 48000 52000 52000 conform-action > >transmit exceed-action drop > > rate-limit input access-group 122 32000 32000 32000 conform-action > >transmit exceed-action drop > > rate-limit output access-group 110 64000 64000 64000 conform-action > >transmit exceed-action drop > > rate-limit output access-group 121 296000 30 30 conform-action > >transmit exceed-action drop > > rate-limit output access-group 122 32000 32000 32000 conform-action > >transmit exceed-action drop > > no ip mroute-cache > > full-duplex > > service-policy input mark-inbound-http-hacks > >service-policy output mark-inbound-http-hacks > > no cdp enable > >interface Serial0/0 > > bandwidth 512 > > no ip address > > no ip mroute-cache > > shutdown > > no fair-queue > >! > >interface Serial0/1 > > bandwidth 512 > > no ip address > > no ip route-cache > > no ip mroute-cache > > shutdown > >! > >interface Serial0/2 > > no ip address > > shutdown > >! > >interface Serial0/3 > > description "OASIS LINK" > >ip address 216.252.243.5 255.255.255.252 > > ip access-group 107 in > > ip access-group 107 out > > rate-limit input 64000 128000 128000 conform-action transmit > >exceed-action drop > > rate-limit output 64000 128000 128000 conform-action transmit > >exceed-action drop > > encapsulation ppp > >! > >interface Serial1/0 > > description Shapura Link > > ip address 216.252.243.1 255.255.255.252 > > ip access-group 107 in > > ip access-group 107 out > > rate-limit input 32000 32768 32768 conform-action transmit > >exceed-action drop > > > >interface Serial1/1 > > description DOIT LINK > > bandwidth 128 > > ip address 216.252.243.17 255.255.255.252 > >rate-limit input 32000 65536 65536 conform-action transmit exceed-action > >drop > > rate-limit output 32000 65536 65536 conform-action transmit > >exceed-action drop > > encapsulation ppp > > service-policy input mark-inbound-http-hacks > > service-policy output mark-inbound-http-hacks > >! > >nterface Serial1/2 > > no ip address > > shutdown > >! > >interface Serial1/3 > > description vsnl link > > ip address 202.54.192.66 255.255.255.252 > > ip access-group 115 in > > ip access-group 115 out > > encapsulation ppp > > service-policy input mark-inbound-http-hacks > > service-policy output mark-inbound-http-hack
Content Switch Module and Server Load Balancing [7:62443]
Any Thoughts? "[EMAIL PROTECTED]" @groupstudy.com em 04/02/2003 13:44:09 Favor responder a "[EMAIL PROTECTED]" Enviado Por: [EMAIL PROTECTED] Para: [EMAIL PROTECTED] cc: Assunto:Content Switch Module and Server Load Balancing [7:62443] Does anybody could share any real example of using Server Load Balancing in 6000 switches? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62498&t=62443 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Difference between SNMP notifications and traps [7:62478]
>What is the difference between an SNMP notification and an SNMP trap? I'd have to check later to verify this but I believe 'trap' is the SNMP version 1 term, while 'notification' is the SNMP v2 (or v3?) term. I don't recall what the technical differences are, but they are essentially the same animal. Someone please correct me if I'm wrong. I've been awake since 2:30AM so I'm not thinking clearly. :-) John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62497&t=62478 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DR Planning capacity [7:62492]
In mail.net.groupstudy.pro, you wrote: > hi, I am trying to plan for disaster recovery and the data that are to be > backup will be transfer between a 3548 switch via a gigabit link to Core > 6006 as well as to a backup server via gigabit link, therefore , data will > be passing through a Fast Ethernet and 1 gigabits pipe line with back plane > of 10.8 Gbps for 3548 and 6006 with 32 Gbps. The slowest component is your servers. You're not going to write data to disk at a sustained rate of 125 megabytes/s. Would suggest you try out the disaster recovery scenario on the same LAN (VLAN, whatever) in a lab or so to get a pointer on how your servers will perform next to eachother. // kaj Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62495&t=62492 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
SAFE exam (9e0-131) [7:62494]
Has anyone taken this exam yet? I am about to register for it, and having read the blueprints, I'm not sure I understand what will be asked for. Do I need to know actual recommend configs? Or is it more of a 'general' overview? I have gone throught the blueprint several time, and if you don't need to know actual config info, there doesn't appear to be that much to need to know? Anyone care to comment? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62494&t=62494 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
vlan map in Cat.3550 switch [7:62493]
Hi all, I would like to configure ip access control within a same VLAN at a Cat.3550 switch, so that unauthorized users cannot access the critical servers even they are at same vlan. I found that "vlan map" can do this. Does anyone use "vlan map" before? Is it stable? Is it difficult in troubleshooting? Regards, Dovelet Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62493&t=62493 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
DR Planning capacity [7:62492]
hi, I am trying to plan for disaster recovery and the data that are to be backup will be transfer between a 3548 switch via a gigabit link to Core 6006 as well as to a backup server via gigabit link, therefore , data will be passing through a Fast Ethernet and 1 gigabits pipe line with back plane of 10.8 Gbps for 3548 and 6006 with 32 Gbps. Wonder if any body there who could shed some light as to any website or way to go about doing this capacity planning.What are the factor to take note and how do we calculate.thank Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62492&t=62492 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
question(routing) [7:62490]
Hello group, Kindly resolve my confussion.I have cisco 2610 router.We r running static routing with our service provider .Now what is happening that suddely my http request stoped going out means there was no browsing on lan and customer I was able to telnet every website on port 80 that means i able to reach website till apllication layer from my pc .Now how can i find out what is killing my http request in my network . and my service provider is saying that from my side huge amount of routing loops is coming but i have put whole announced network on ethernet. This is the conf .PLz help me sh run >Building configuration... > >Current configuration : 4962 bytes >! >version 12.2 >service timestamps debug datetime msec localtime show-timezone >service timestamps log datetime msec localtime show-timezone >service password-encryption >! >hostname Rainbow >! >logging buffered 1 debugging >no logging console >aaa new-model >aaa authentication login default local group radius >aaa authorization exec default local group radius >enable secret 5 $1$WyvH$D/U2xWxcDfbROyR7PtGXS1 >enable password 7 000D0016457B525F56 >! >username rainbow password 7 095E4F0017071805 > >clock timezone GMT 5 >clock summer-time GMT recurring >ip subnet-zero >no ip source-route >ip wccp version 1 >ip flow-cache timeout inactive 300 >ip flow-cache timeout active 1 >ip cef >! >! >ip name-server 202.78.168.6 >ip name-server 202.78.168.14 > >p name-server 202.54.15.1 >! >! >class-map match-any http-hacks > match protocol http url "*.ida*" > match protocol http url "*cmd.exe*" > match protocol http url "*root.exe*" > match protocol http url "*readme.eml*" >! >! >policy-map mark-inbound-http-hacks > class http-hacks > set ip dscp 1 >! > >! >interface Ethernet0/0 > ip address 202.78.164.3 255.255.252.0 secondary > ip address 202.54.194.65 255.255.255.224 secondary > ip address 202.78.168.26 255.255.248.0 > ip access-group 115 in > ip access-group 115 out > no ip proxy-arp > rate-limit input access-group 121 48000 52000 52000 conform-action >transmit exceed-action drop > rate-limit input access-group 122 32000 32000 32000 conform-action >transmit exceed-action drop > rate-limit output access-group 110 64000 64000 64000 conform-action >transmit exceed-action drop > rate-limit output access-group 121 296000 30 30 conform-action >transmit exceed-action drop > rate-limit output access-group 122 32000 32000 32000 conform-action >transmit exceed-action drop > no ip mroute-cache > full-duplex > service-policy input mark-inbound-http-hacks >service-policy output mark-inbound-http-hacks > no cdp enable >interface Serial0/0 > bandwidth 512 > no ip address > no ip mroute-cache > shutdown > no fair-queue >! >interface Serial0/1 > bandwidth 512 > no ip address > no ip route-cache > no ip mroute-cache > shutdown >! >interface Serial0/2 > no ip address > shutdown >! >interface Serial0/3 > description "OASIS LINK" >ip address 216.252.243.5 255.255.255.252 > ip access-group 107 in > ip access-group 107 out > rate-limit input 64000 128000 128000 conform-action transmit >exceed-action drop > rate-limit output 64000 128000 128000 conform-action transmit >exceed-action drop > encapsulation ppp >! >interface Serial1/0 > description Shapura Link > ip address 216.252.243.1 255.255.255.252 > ip access-group 107 in > ip access-group 107 out > rate-limit input 32000 32768 32768 conform-action transmit >exceed-action drop > >interface Serial1/1 > description DOIT LINK > bandwidth 128 > ip address 216.252.243.17 255.255.255.252 >rate-limit input 32000 65536 65536 conform-action transmit exceed-action >drop > rate-limit output 32000 65536 65536 conform-action transmit >exceed-action drop > encapsulation ppp > service-policy input mark-inbound-http-hacks > service-policy output mark-inbound-http-hacks >! >nterface Serial1/2 > no ip address > shutdown >! >interface Serial1/3 > description vsnl link > ip address 202.54.192.66 255.255.255.252 > ip access-group 115 in > ip access-group 115 out > encapsulation ppp > service-policy input mark-inbound-http-hacks > service-policy output mark-inbound-http-hacks >!p flow-export source Ethernet0/0 >ip flow-export version 5 peer-as >ip flow-export destination 202.78.168.2 2055 >ip classless >ip route 0.0.0.0 0.0.0.0 202.54.192.65 >ip route 202.78.160.0 255.255.252.0 203.129.200.193 >ip route 202.78.167.0 255.255.255.240 202.78.164.2 >ip route 202.78.167.8 255.255.255.248 202.78.164.2 >ip route 202.78.173.0 255.255.255.248 216.252.243.18 >ip route 202.78.173.8 255.255.255.248 216.252.243.10 >ip route 202.78.173.24 255.255.255.248 216.252.243.2 >ip route 202.78.173.248 255.255.255.248 216.252.243.14 >ip route 202.78.175.0 255.255.255.224 216.252.243.6 logging trap debugging logging facility local1 logging 202.78.168.2 access-list 107 deny ip any any dscp 1 log access-
Netflow, IP Accounting and RMON [7:62489]
Dear All, Can anyone share some useful links for me to explain the above items? I am quite confused about them. Thanks in advance. rgds, Ivan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62489&t=62489 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]