TCP connection drops after 11 minutes [7:62855]
Hello everyone, it's been a while since I last posted a message on this board My question is: I currently experience a session timeout after 11 minutes running a query on IE5. I was thinking it may be the MTU size being set incorrectly on the router. I may be wrong but has anyone ever came across this in their network? What are the things to check for? Any suggestion will be greatly appreciated. Thanks, jd Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62855t=62855 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: tftp question [7:62852]
It is possible if you give the user a privilege level etc.. So first you create a privelege level.. say 7 and allow the user to do a copy run tftp i.e privilege exec level 7 copy running-config tftp username test privilege 7 password test and that should allow them :) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62856t=62852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: New Instructor Experiences [7:62826]
John, First...CONGRATS You can do it!! Yes, there area moments when you feel that way...especially the first couple of timesbut in the end you will come out a champ!! When I started teaching the CCNA/NP a couple of years back, I too felt the same initially, but personally, teaching has been the best thing for me in my life!! I love teaching and am passionate about it. I am just dying to pass the CCIE Lab so I can begin my own tutoring in my basement for the CCNA/NP/IP courses. The trick is to really prepare for it the night before and then dive straight to the hands-on section in the class. Then start explaining the concepts about the material as you do the hands-on. Students love the hands-on!! Preparing your own notes help as students respect you more than just saying Ok guys, let's turn to page 31 and talk about Ospf. Ospf is. Good Luck. From: John Neiberger Reply-To: John Neiberger To: [EMAIL PROTECTED] Subject: OT: New Instructor Experiences [7:62826] Date: Tue, 11 Feb 2003 22:12:07 GMT I just feel the need to rant/vent for a bit and I knew there were a bunch of you who might be able to relate to this. I've started teaching a short, one-session general networking class for some of the people here at the bank. The first session, which was really just a runthrough with a handful of students, went fairly well. In fact, it went so well that they increased the number of overall attendees to about 60 or so. Last week I had another session that went exceptionally well, except for a couple of students who really didn't want to be there. I couldn't have asked for it to go better, and my boss heard lots of good things about it. One person even said I should be a professor! :-) Now, that brings us to today Today I had an afternoon class, and in my opinion it sucked rotten eggs. I feel embarrassed to have been involved with it.I can't think of too many ways in which it could have gone worse. I rambled, I flew through 2.5 hours of material in about an hour, I lost my place a lot. I'm not certain that I ever formed a train of thought longer than a couple of cars, and I think even those trains were without engine and caboose. Have any of you other instructors had days like that? As I even mentioned in class, I felt like my 'explainer' was broken today, and it certainly was. I'm hoping that I could get some sympathy from other instructors with similar experiences. Okay, I'm going to go drown my disappointment in some coffee! John _ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62857t=62826 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TCP connection drops after 11 minutes [7:62855]
Hi Jason, Can you explain further about your issue? Is there a firewall in place? When you are saying running a query on IE5, you mean you are doing HTTP to a server somewhere in your network? Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jason Dimagiba Sent: Wednesday, February 12, 2003 9:14 PM To: [EMAIL PROTECTED] Subject: TCP connection drops after 11 minutes [7:62855] Hello everyone, it's been a while since I last posted a message on this board My question is: I currently experience a session timeout after 11 minutes running a query on IE5. I was thinking it may be the MTU size being set incorrectly on the router. I may be wrong but has anyone ever came across this in their network? What are the things to check for? Any suggestion will be greatly appreciated. Thanks, jd Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62858t=62855 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: changing cat6000 from VTP Server to transparent mode [7:62859]
I don't want all vlan information to be broadcasted to all the switch... i.e, I want the switch to receive only the vlan information that it is configured for. Thanks kum From: [EMAIL PROTECTED] To: kuma kk CC: [EMAIL PROTECTED] Subject: Re: changing cat6000 from VTP Server to transparent mode [7:62802] Date: Tue, 11 Feb 2003 15:17:47 -0300 I do remember I had some problem related to it; change from server to transparent lost connectivity. It is a bad idea play with that during production time . What performance issue is that with Server mode? kuma kk @groupstudy.com em 11/02/2003 05:38:29 Favor responder a kuma kk Enviado Por: [EMAIL PROTECTED] Para: [EMAIL PROTECTED] cc: Assunto:changing cat6000 from VTP Server to transparent mode [7:62802] Hi Everybody, I have three cat6000 switch configured in vtp in server mode in a production environment. Now I am going to make all of them in transparent mode(including the switch have RSM)as there is some performance issue due to broadcast in server mode. I heard that while doing so, all the vlan information will be lost in the switches. Please share with us if any of have already tried this and came across any issues. Thanks in Advance kum _ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail _ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62859t=62859 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP config question. [7:62860]
Folks A quick question on external BGP connection configuration. Given an organisation (ORG) with 2 EBGP routers (up1, up2) and two upstream providers (pr1, and pr2) where provider pr1 is currently linked to the router up1 via a serial link and provider pr2 is currently linked to router up2 via a traffic shaped and limited ethernet link. ORG is does not allow transit between the providers. Is there any reason why ORG should not a) connect pr1 to the same ethernet segment b) form bgp neighbor relationship with BGP peer at provider pr2 c) advertise appropriate MED values requesting that pr2 prefer up2 d) set local preference to prefer link via up2 to pr2 over up1 to pr2 What I am looking for is technical (or business/political) reasons why this is a good or bad idea. I understand that all this would give is redundancy at the router level (up1, up2), the ethernet link and pr2's router are all still potential single points of failure. I also understand that pr2 may not wish to allow such a configuration. Also, what would need to be done to ensure that any changes made would not have any impact on decisions regarding the routing choice between pr1 and pr2? Regards Peter Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62860t=62860 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AUX port and modems [7:62755]
J, Thanks for responding. What I am trying to do is simulate a dial-up connection to a router without an external telephone line. The first option looks to me good but I will not be able to program the AUX port. Or am I wrong? About the second option, can I connect the 2 modems back to back and still be able to program the router to accept dial-up? host---modem---modem--AUX (router) Regards, MO |+- || Jarett D. Chaiken| || | || | || 10/02/2003 11:27 AM| || | |+- --| | || | To:| | cc: | | Subject: Re: AUX port and modems [7:62755] | --| Well, I can think of a couple of ways. The first and most obvious to me is to not use the modem at all, and just connect the Host to the AUX port. The second method involves using a Phone system (Key System, PBX, FXS ports) to connect the 2 modems (You'll need 2 modems. Host-Modem---Modem-AUX Port). If I understood wha you were trying to accomplish I could assist you better. J wrote in message news:... I need to connect to the AUX port using a modem. The only problem is that I do not want to use an external telephone line. Is there a way to simulate : host--modemAUX (router) Where can I find the information? Thanks in advance. MO Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62862t=62755 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Internet Connections [7:62863]
I have a class B network subnetted using a 21 bit mask. This network has 2 connections to the internet, 1 is by a T3 the other is a 512K T1. Each connection to the internet comes out of a subnet, goes through a firewall, and then through a Cisco 7200 router. We have static routes in place to assure that the returning packets go to the proper firewall. I don't know for sure if the routers connecting to the internet are running BGP or some thing else. We have seen packets go out one interface and return on the other. I suspect that something is not right with the border routers. Any thoughts or suggestions? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62863t=62863 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Monitoring Memory Utilization(%) on a router. [7:62800]
This reply from my colleague makes it very clear. 1) i do a show memory on a cisco 26xx router. It shows me the Total Processor Memory and Total IO memory. When i add up these 2 values, why is it not equal to total amount of DRAM in your router (as shown by sh ver)??? Simply because Processor + I/O mem is not equal total DRAM. The IOS loaded in RAM and additional datas need also some space: muuma#sh ver | i with cisco 2611 (MPC860) processor (revision 0x202) with 28672K/4096K bytes of memory. muuma#sh mem Head Total(b)Used(b)Free(b) Lowest(b) Largest(b) Processor 80B7D5D0 173123042375180 14937124 14745720 14822080 I/O 1C041943041709592248471224847122484668 Below you can see that the total main memory + I/O fits the physical 32 megs: muuma#sh region Region Manager: Start End Size(b) Class Media Name 0x01C0 0x01FF 4194304 Iomem R/Wiomem 0x6000 0x60FF16777216 Flash R/Oflash 0x8000 0x81BF29360128 Local R/Wmain 0x80008088 0x807C18AB 8099876 IText R/Omain:text 0x807C18AC 0x80A78F27 2848380 IData R/Wmain:data 0x80A78F28 0x80B7D5CF 104 IBss R/Wmain:bss 0x80B7D5D0 0x81BF17312304 Local R/Wmain:heap That brings me to my second question::-)) Q:How do i get the total amount of DRAM installed in the router via SNMP?? Which MIB and OID? Thanks Simon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 12, 2003 1:09 AM To: [EMAIL PROTECTED] Subject: Re: Monitoring Memory Utilization(%) on a router. [7:62800] Could you send us the result of the `show memory` and `show version`. Maybe it helps the discussion. [EMAIL PROTECTED] @groupstudy.com em 11/02/2003 12:42:37 Favor responder a [EMAIL PROTECTED] Enviado Por: [EMAIL PROTECTED] Para: [EMAIL PROTECTED] cc: Assunto:Monitoring Memory Utilization(%) on a router. [7:62800] Hi, 1) i do a show memory on a cisco 26xx router. It shows me the Total Processor Memory and Total IO memory. When i add up these 2 values, why is it not equal to total amount of DRAM in your router (as shown by sh ver)??? 2)Assuming the sh memory output does not give us the correct picture about memory utilization, which MIBs and objects should we monitor to get the memory utilization( as a %)of the router? Or can we atleast get the free memory , used memory or total memory via SNMP and using MIB expressions, we can compute the Memory utilization as a %??What are the MIBs and objects to get this info? Cheers Simon Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62849t=62800 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Lab - I have seen he future and it is.... [7:62776]
I've had those before...once! Not very good. Would not want to build a network on them. Logan, Harold wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I think your problem with the dipping dots analogy is that dipping dots have to be served from the bottom up; there's no such thing as Top-Down Dipping Dot Design. Hal -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 11, 2003 2:39 PM To: [EMAIL PROTECTED] Subject: Re: CCIE Lab - I have seen he future and it is [7:62776] Glad you're not depressed and are continuing your quest. You should consider being a writer. Your writing is really good, although the dipping dots ice cream analogy is just not working for me. I just can't imagine freeze-dried ice cream for one thing. Does it use dotted-decimal notation? ;-) Priscilla Charles Riley wrote: Thanks to all who wrote in. My Kafkaseque post yesterday apparently touched a chord (or nerve) with several folks. I was hoping to start an OT discussion on those Dippin' Dots ice cream, and draw analogies to networking. Heck, I would even settle for Howard asking a variation of his favorite question: what is the ice cream you are trying to eat? In all seriousness, I haven't abandoned all hope yet, it has just lessened in importance and intensity for me. In response to CN's question, I have attempted the lab at least once, Brussels, way back when the lab was a two day lab, and the numbers were still quad digits.Without violating the NDA, let's just say that I will never forgive ISDN for what it did to me. As far as my motives for CCIE chasing, the main reason I am persisting is that not only have I invested time, money, and freeze dried ice cream, but the CCIE quest motivates me to study topics that I don't necessarily deal with on a daily basis, and to practice exotic configurations with those that I do. OSPF through a GRE tunnel over an ISDN DBU to the Dippin' Dots website, anyone? Thanks, Charles Cisco Nuts wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello Charles, With due respect I ask, why did you abandon your quest for the CCIE? I am curious as to how many times you actually hit the Lab? Sincerely, CN From: Charles Riley Reply-To: Charles Riley To: [EMAIL PROTECTED] Subject: Re: CCIE Lab - I have seen he future and it is [7:62776] Date: Mon, 10 Feb 2003 22:19:54 GMT Chuck, Your post reminds me of those weird little ice cream stands that I sometimes see at the mall and various carnivals. It's called something like Dipping Dots - The Ice Cream of the Future. The initial human instinct is much like the Cro-Magnon humanoids encountering the monolith at the beginning of 2001: A Space Odyssey (sp): jump up and down with excitement until you realize it's just freeze dried ice cream. Rounding out that analogy, the CCIE of the future will probably be reduced to being the CCNP of today. Regardless, I have spent too much time and money to abandon the quest for CCIE now, but frankly, if I hadn't invested as much as I have, I would most likely abandon the quest in favor of broadening into other areas. I really don't see much market value for the CCIE anymore, especially with Cisco hellbent on making it a meatgrinding cash cow. Your java console and one way only to configure experience kind of bears this out. Sorry for the depressing post, just wanted to share. Charles The Long and Winding Road wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Been spending this weekend on what was once the Cisco Advanced SE Training ( ASET ) set of labs. These are available for those whose Cisco account team approves - there are a few conditions which can be found in the wee places of certification training. The program is run by Lab Gear ( the only link I have is www.labgear.net, but this is a login page ) There are a number of labs of CCIE level, look, and feel. Supposed to be real equipment, but the access is via java script windows, not terminal emulation. This makes for some interesting situations. The windows show or provide output only when they are active. So if you had two router sessions open, and you made changes on one router that would generate systems messages of one sort or another you would not see those messages on the other. also, I have yet to find a way to generate output from debugging commands. Things like term mon and logging of one kind or another have not been successful. so no debug ip routing and debug ip ospf adj. As with the real lab, there are a series of tasks to be completed. Grading is done via a script. This is the point of
Passed CCIE written exam [7:62854]
Hi all, Just passed the written and feel like i need to say something. Really want to say thanks for all the helps I gained from this study group. Test is 3 hours, 150 questions, single or multiple choices. If mulitple, will give indication how many answers. Can go backward and forward to check the questions. Passing score 58. Highly recommend 1. Boson #1 and #3. You should make sure you either remember or understand every answer. Don't even give up hard ones. Only give up something you really think it is going to be nonesense if you have to waste your brain resource memorizing the answers. 2. Need to understand these topics in depth: VoIP, MPLS(mpls-vpn, mpls-te), QoS. Those are my failing points where i only read superficially, but not in depth. 3. Try to read the online CCO website as much as you can, here is my another failing point. 4. The rest are the usual stuffs that every one talks a lot: books to read: Doyle's routing, lan switching, cisco press QoS, cisco press mpls, Caslow. Now it is time to crack the most difficult part: Lab. Cheers, Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62854t=62854 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP config question. [7:62860]
At 01:36 PM 2/12/2003 +, Peter Walker wrote: Folks A quick question on external BGP connection configuration. Given an organisation (ORG) with 2 EBGP routers (up1, up2) and two upstream providers (pr1, and pr2) where provider pr1 is currently linked to the router up1 via a serial link and provider pr2 is currently linked to router up2 via a traffic shaped and limited ethernet link. ORG is does not allow transit between the providers. Is there any reason why ORG should not a) connect pr1 to the same ethernet segment b) form bgp neighbor relationship with BGP peer at provider pr2 c) advertise appropriate MED values requesting that pr2 prefer up2 d) set local preference to prefer link via up2 to pr2 over up1 to pr2 I'm not sure if you are messing up your prs and ups here, but I'm not following you entirely. Why would you not just peer both routers and use prepend/med and pref to control load like most folks do? Maybe explaining what is better or different about this approach would help explain what the approach is :) Pete What I am looking for is technical (or business/political) reasons why this is a good or bad idea. I understand that all this would give is redundancy at the router level (up1, up2), the ethernet link and pr2's router are all still potential single points of failure. I also understand that pr2 may not wish to allow such a configuration. Also, what would need to be done to ensure that any changes made would not have any impact on decisions regarding the routing choice between pr1 and pr2? Regards Peter Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62864t=62860 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco CWDM Experiences [7:62841]
Actually, this CWDM seems to be Cisco specific and is incompatible with DWDM, looks like mostly because of the wavelengths used in this solution. Cisco has a 2-slot chassis that pretty much you populate with OADM or MUX cards. These cards in turn are crossconnected to switches by SMF and you use special CWDM GBIC's for that. The GBIC's are what provides different lambda. These GBIC's seem to be supported on multiple platforms with proper IOS/CatOS ranging from 2900 to 6500 series. Here's the link: http://www.cisco.com/en/US/customer/netsol/ns110/ns112/ns113/ns197/networkin g_solutions_package.html Looks like mostly plug-n-play as long as proper attenuation is considered and you get the correct modules/GBIC's mix in there. Henry D. wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi everyone, I'm looking at some of the CWDM docs and this solution seems to be a really good (read easy) way to increase the bandwidth between sites with existing SMF. I don't have any DWDM experience, but looking at this solution it would seem you don't need to do much in order to achieve pretty substantial bandwidth increase. Does anyone have any experience with this technology ? Pretty much just looking to see how well this stuff really works in the field. It doesn't seem like you can do much to monitor/manage this solution which kind of makes me skeptical. Any inputs welcomed ! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62865t=62841 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: \31 Mak could it be used on leased lines(serial) [7:62853]
It's a feature supported in 12.2. http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087aeb.html Hal -Original Message- From: Monu Sekhon [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 12, 2003 1:30 AM To: [EMAIL PROTECTED] Subject: \31 Mak could it be used on leased lines(serial) [7:62853] Hi Harold/all, In your description u mentioned that u can use /31 mask also, Your comments: Since the point-to-point link is likely to have a /30 (or /31 if they're running 12.2) mask on it questions is - -will the connection work , till now i only know that 30 is the max mask used on serial lines .how will we use this 31 mask - Does this applies only in ios version 12.2 or later as mentioned. - Do people use these 31 mask - Can anybody provide me any inf link Thanx in Advance (Please refer the description below in thread he mentioned that.) Over a leased line I can't see the harm in leaving it running. If someone manages to get into your router, there's very little target enumeration they can do with CDP that can't be done by other means. Since the point-to-point link is likely to have a /30 (or /31 if they're running 12.2) mask on it, it's not going to be a stretch to figure out the other router's IP. While disabling CDP is certainly a sound practice on LAN interfaces, we also disable it on our switched WAN connections on general principles. That isn't a magic bullet by any means though, disabling CDP is security through obscurity more than anything else. If you're concerned about unauthorized access to your routers, then you should consider running access classes on your vty lines and AAA so you can audit access to the routers, if you aren't already. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 11, 2003 1:12 PM To: [EMAIL PROTECTED] Subject: Re: Why disable cdp for back-to-back serial connec [7:62798] Lawrence Law wrote: Dear Priscilla, Thank you for your clear explaination. May be it is better to disable cdp for low speed link, and security issue. CDP uses very little bandwidth, so unless it's a really low-speed link, I wouldn't turn it off for that reason. Regarding security, if it's a private point-to-point HDLC link, then security probably isn't too much of an issue. It would be hard for a hacker to see the packets. On the other hand, if the hacker somehow got into a router that was running CDP on any of its interfaces, then the hacker could learn about one or more additional routers, and that's not good. You want to limit how much a hacker can learn. It's sort of a close call since CDP is so helpful for troubleshooting, though. How about the rest of you out there? Do you disable CDP like some security documents say to do? If often occurs to me these days that we spent the '80s and '90s developing all sorts of cool protocols to share info of all sorts, and were spending the '00s disabling most of them for security reasons. It's a crazy world we live in. Priscilla Regards, Lawrence Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Cisco Discovery Protocol (CDP) is a managment protocol that allows routers and switches to tell each other about their IOS version, hardware platform, and basic config info. Some security experts say to disable it because it tells too much. It has nothing to do with bringing the serial interface up/up. You could use it or you could not. The two routers on the HDLC link don't have to agree. One could send CDP while the other doesn't and the link should still come up/up, assuming everything is OK at the physical and data-link layers. It's too bad they used no cdp enable in that simple example with no explanation. I don't think it's the default? So someone had to type it in, so they should have explained it. Priscilla Lawrence Law wrote: Dear all, From cisco configuration example http://www.cisco.com/en/US/tech/tk713/tk317/technologies_confi guration_examp le09186a00800944ff.shtml I'm wondering that the line no cdp enable is required for both router in order to make a serial connection up for back-to-back connection. Regards, Lawrence Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62866t=62853 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL
long ack times [7:62867]
I have several users who are trying to run an application and often have problems. In using a sniffer on the packets I have found that some of the packets are experiencing long ack times. How does one troubleshoot this sort of problem? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62867t=62867 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: bsci passed [7:62805]
Hey guys, what were your study materials? John On Tue, Feb 11, 2003 at 03:47:01PM +, Mark Smith wrote: Congratulations, Alejandro. That was a tough test for me too. I passed mine yesterday morning. I'm not exactly bragging about the score but I passed. Got a lot more on IS-IS than I expected - about 20% or more of my test. Had only read about it. My home lab routers aren't beefy enough to set it up and play with it and I've never used it in the real world. Guess I read enough about it though. On to switching. Mark Quoting Alejandro Quemada : Hi it4s mi first post I have just passes bsci test this morning. it was a bit hard but passing score 700 [EMAIL PROTECTED] -- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62868t=62805 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Aironet 350 SSID Broadcast [7:60472]
Additionally, if security is a real concern for you, check out www.cranite.com. They offer some additional wireless security products that may help. Kelly Cobean -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of neal r Sent: Tuesday, January 07, 2003 11:10 PM To: [EMAIL PROTECTED] Subject: Re: Aironet 350 SSID Broadcast [7:60472] Disable broadcast SSID under radio hardware setup. Unix tools like kismet can see that cell even if you have broadcast SSID disabled. If you want real security, use IPsec between the buildings. If you want some fake security you can fool with WEP ... that'd likely be safe on a point to point link since no one is going to rat out your SSID and WEP settings, unlike the wireless ISP market ... Firesox wrote: Folks I have two 350s and one is configured as Root Bridge and the other is configured as non-root bridge without client. They connect two buildings together. No wireless client should be connected to these bridges. I forgot how to turn off the SSID broadcast. I am getting SSID on my 802.11b NIC when I am in the range. Could someone tell me how to avoid this? I don't want any wireless nic to get any packets whatsoever. Also any comment to make these two bridges as sucure as possible would be appreicated. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62869t=60472 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: \31 Mak could it be used on leased lines(serial) [7:62853]
In mail.net.groupstudy.pro, you wrote: -will the connection work , till now i only know that 30 is the max mask used on serial lines .how will we use this 31 mask It will. Here's an example: RtrA int se0/0 ip add 192.168.0.0 255.255.255.254 RtrB int se0/1 ip add 192.168.0.1 255.255.255.254 - Does this applies only in ios version 12.2 or later as mentioned. Or a late-stage 12.0S. - Do people use these 31 mask Yes, they work well. - Can anybody provide me any inf link Check out RFC 3021, Using 31-Bit Prefixes on IPv4 Point-to-Point Links. // kaj Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62870t=62853 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Study group in Chicago? [7:62777]
Well here is a question for the group in general: Would you think that a combination of a CCNP study group and a CCIE Written group (mainly people that have just started studying for the CCIE) be beneficial to everyone involved? Or would the focus be completely different? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, February 11, 2003 6:12 PM To: [EMAIL PROTECTED] Subject: RE: CCIE Study group in Chicago? [7:62777] I hear ya on that one... I'm just trying to find the time to hook up my lab; so I can study for the CCNP. -Original Message- From: Fernandez, Tim [mailto:[EMAIL PROTECTED]] Sent: Monday, February 10, 2003 5:55 PM To: [EMAIL PROTECTED] Subject: RE: CCIE Study group in Chicago? [7:62777] Hey, what about a CCNP Study Group in Chicago? Timothy B. Fernandez Network Technician Technical Operations New York 2 Thomson Financial -Original Message- From: Chris Theiss [mailto:[EMAIL PROTECTED]] Sent: Monday, February 10, 2003 5:09 PM To: [EMAIL PROTECTED] Subject: Re: CCIE Study group in Chicago? [7:62777] I'd be interested in joining one, or forming a new one. Nguyen, David wrote: Any CCIE study groups here in the Chicago area? Regards, David -- Chris Theiss IPG WAN Group [EMAIL PROTECTED] (312) 425-6624 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62872t=62777 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: long ack times [7:62867]
I had that problem last weekend too (observed using Windows XP against Windows 2000 servrs), it was caused by WIN2K DFS not working properly, and telling local clients to go across the WAN to retrieve data from DFS (instead of from a local server). The long ack was due to 10 clients trying to install apps across a 512Kb frame link, and the RTT had gone up to quite a long time (can't remember excactly). So in my limited experience, I would say you have congestion somewhere. Maybe time to do some traceroutes, and see where the problem lies. Hmm, also found this: Ack Too Long The time that it has taken to acknowledge data exceeds the Long Ack Time threshold plus three times the average acknowledgement time for this connection. Refer to the detail statistics screen for the value of this average acknowledgement time. Possible causes: 1 The recipient of the original data frame was temporarily busy, and could not process the frame as quickly as usual. 2 The ACK arrived late because a server had to look up and/or process data before responding with an ACK. 3 The path changed in a way that increased the time between the request and its acknowledgement. 4 There were multiple paths between the two stations, and the time to acknowledgement was longer for some paths than for others. Symon -Original Message- From: DeVoe, Charles (PKI) [mailto:[EMAIL PROTECTED]] Sent: 12 February 2003 14:51 To: [EMAIL PROTECTED] Subject: long ack times [7:62867] I have several users who are trying to run an application and often have problems. In using a sniffer on the packets I have found that some of the packets are experiencing long ack times. How does one troubleshoot this sort of problem? = This email has been content filtered and subject to spam filtering. If you consider this email is unsolicited please forward the email to [EMAIL PROTECTED] and request that the sender's domain be blocked from sending any further emails. = Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62873t=62867 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Internet Connections [7:62863]
Hi Charles, I have had this problem too. Infact, I think it has been the topic of discussion here many times. My problem is I have a customer (online trading presence) with two ISP connections (both E1's) however they only have a /26 on each connection. Because this is such a small network, no one is going to add them to their BGP tables (apart from the ISP that owns them). I looked at getting a provider independent address range, but again, because it is so small, it may not get added to some ISP's routing tables (people, please feel free to clarify this better) which means that not everyone in the world will be able to connect. The solution (at the moment) is to just have two separate networks (pretty much), and have two NIC's in the trading servers, with custom application layer proxies in front of them, so that requests hitting each card go out the same way they came in. Symon -Original Message- From: DeVoe, Charles (PKI) [mailto:[EMAIL PROTECTED]] Sent: 12 February 2003 14:19 To: [EMAIL PROTECTED] Subject: Internet Connections [7:62863] I have a class B network subnetted using a 21 bit mask. This network has 2 connections to the internet, 1 is by a T3 the other is a 512K T1. Each connection to the internet comes out of a subnet, goes through a firewall, and then through a Cisco 7200 router. We have static routes in place to assure that the returning packets go to the proper firewall. I don't know for sure if the routers connecting to the internet are running BGP or some thing else. We have seen packets go out one interface and return on the other. I suspect that something is not right with the border routers. Any thoughts or suggestions? = This email has been content filtered and subject to spam filtering. If you consider this email is unsolicited please forward the email to [EMAIL PROTECTED] and request that the sender's domain be blocked from sending any further emails. = Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62874t=62863 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP config question. [7:62860]
Yep you are right. Lets try that again ... a) connect up1 to the same ethernet segment b) form bgp neighbor relationship with BGP peer at provider pr2 c) advertise appropriate MED values requesting that pr2 prefer up2 d) set local preference to prefer link via up2 to pr2 over up1 to pr2 In terms of what I am asking is, are there any issues with having two 'redundant' bgp links from two different routers in one AS over a single multi-access link to a single router in another AS. It seems to me that this would be a simple no-brainer type of change to make, but I just have a nagging suspicion that there is some gotcha waiting to jump out when you least expect it. None of the sample configurations I have seen seem to mention this sort of config and I was wondering if there was some reason why it shouldnt be done, or if it was just one of those obscure variations of common configurations that did not warrant it's own explicit mention. Peter --On 12 February 2003 14:27 + Peter van Oene wrote: At 01:36 PM 2/12/2003 +, Peter Walker wrote: Folks A quick question on external BGP connection configuration. Given an organisation (ORG) with 2 EBGP routers (up1, up2) and two upstream providers (pr1, and pr2) where provider pr1 is currently linked to the router up1 via a serial link and provider pr2 is currently linked to router up2 via a traffic shaped and limited ethernet link. ORG is does not allow transit between the providers. Is there any reason why ORG should not a) connect pr1 to the same ethernet segment b) form bgp neighbor relationship with BGP peer at provider pr2 c) advertise appropriate MED values requesting that pr2 prefer up2 d) set local preference to prefer link via up2 to pr2 over up1 to pr2 I'm not sure if you are messing up your prs and ups here, but I'm not following you entirely. Why would you not just peer both routers and use prepend/med and pref to control load like most folks do? Maybe explaining what is better or different about this approach would help explain what the approach is :) Pete What I am looking for is technical (or business/political) reasons why this is a good or bad idea. I understand that all this would give is redundancy at the router level (up1, up2), the ethernet link and pr2's router are all still potential single points of failure. I also understand that pr2 may not wish to allow such a configuration. Also, what would need to be done to ensure that any changes made would not have any impact on decisions regarding the routing choice between pr1 and pr2? Regards Peter Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62875t=62860 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: AUX port and modems [7:62877]
[EMAIL PROTECTED] wrote: J, Thanks for responding. What I am trying to do is simulate a dial-up connection to a router without an external telephone line. The first option looks to me good but I will not be able to program the AUX port. Or am I wrong? The AUX port can be set to act as a CONS port. You would be able to modify any aspect of the router config from the AUX, including the AUX itself. But it won't really *simulate* a dialup. About the second option, can I connect the 2 modems back to back and still be able to program the router to accept dial-up? host---modem---modem--AUX (router) Two standard analog modems won't talk back to back. You need a telephone line simulator to do that (or a telephone line!). I bought one about a year ago for around $500. Got it from Black Box. Regards, MO |+- || Jarett D. Chaiken| || || kills.com | || | || 10/02/2003 11:27 AM| || | |+- --| | || | To: | | cc: | | Subject: Re: AUX port and modems [7:62755] | --| Well, I can think of a couple of ways. The first and most obvious to me is to not use the modem at all, and just connect the Host to the AUX port. The second method involves using a Phone system (Key System, PBX, FXS ports) to connect the 2 modems (You'll need 2 modems. Host-Modem---Modem-AUX Port). If I understood wha you were trying to accomplish I could assist you better. J wrote in message news:... I need to connect to the AUX port using a modem. The only problem is that I do not want to use an external telephone line. Is there a way to simulate : host--modemAUX (router) Where can I find the information? Thanks in advance. MO Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62877t=62877 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
New CCDA exam reviewed [7:62876]
Here is my review of the new CCDA exam for your reading enjoyment! http://www.tcpmag.com/Exams/article.asp?EditorialsID=71 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62876t=62876 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP config question. [7:62860]
At 03:59 PM 2/12/2003 +, Peter Walker wrote: Yep you are right. Lets try that again ... a) connect up1 to the same ethernet segment b) form bgp neighbor relationship with BGP peer at provider pr2 c) advertise appropriate MED values requesting that pr2 prefer up2 d) set local preference to prefer link via up2 to pr2 over up1 to pr2 In terms of what I am asking is, are there any issues with having two 'redundant' bgp links from two different routers in one AS over a single multi-access link to a single router in another AS. So basically you have two routers and both r1 and r2 connect to the same router on the provider side while r1 also maintains a connection to another router on the provider side. In this case, you don't really buy yourself much other than router redundancy on your side. The cost is purely in control traffic that will transit the ethernet link. BGP isn't that chatty unless peering sessions are flapping (which would be abnormal) so this shouldn't be a big problem. Only other cost would be additional config complexity which might impede troubleshooting. Beyond that, things should work fine as long as the provider agrees to set it up. Pete It seems to me that this would be a simple no-brainer type of change to make, but I just have a nagging suspicion that there is some gotcha waiting to jump out when you least expect it. None of the sample configurations I have seen seem to mention this sort of config and I was wondering if there was some reason why it shouldnt be done, or if it was just one of those obscure variations of common configurations that did not warrant it's own explicit mention. Peter --On 12 February 2003 14:27 + Peter van Oene wrote: At 01:36 PM 2/12/2003 +, Peter Walker wrote: Folks A quick question on external BGP connection configuration. Given an organisation (ORG) with 2 EBGP routers (up1, up2) and two upstream providers (pr1, and pr2) where provider pr1 is currently linked to the router up1 via a serial link and provider pr2 is currently linked to router up2 via a traffic shaped and limited ethernet link. ORG is does not allow transit between the providers. Is there any reason why ORG should not a) connect pr1 to the same ethernet segment b) form bgp neighbor relationship with BGP peer at provider pr2 c) advertise appropriate MED values requesting that pr2 prefer up2 d) set local preference to prefer link via up2 to pr2 over up1 to pr2 I'm not sure if you are messing up your prs and ups here, but I'm not following you entirely. Why would you not just peer both routers and use prepend/med and pref to control load like most folks do? Maybe explaining what is better or different about this approach would help explain what the approach is :) Pete What I am looking for is technical (or business/political) reasons why this is a good or bad idea. I understand that all this would give is redundancy at the router level (up1, up2), the ethernet link and pr2's router are all still potential single points of failure. I also understand that pr2 may not wish to allow such a configuration. Also, what would need to be done to ensure that any changes made would not have any impact on decisions regarding the routing choice between pr1 and pr2? Regards Peter Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62878t=62860 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Study group in Chicago? [7:62777]
That sounds like an excellent idea. Timothy B. Fernandez Network Technician Technical Operations New York 2 Thomson Financial -Original Message- From: David Nguyen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 12, 2003 9:37 AM To: [EMAIL PROTECTED] Subject: RE: CCIE Study group in Chicago? [7:62777] Well here is a question for the group in general: Would you think that a combination of a CCNP study group and a CCIE Written group (mainly people that have just started studying for the CCIE) be beneficial to everyone involved? Or would the focus be completely different? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, February 11, 2003 6:12 PM To: [EMAIL PROTECTED] Subject: RE: CCIE Study group in Chicago? [7:62777] I hear ya on that one... I'm just trying to find the time to hook up my lab; so I can study for the CCNP. -Original Message- From: Fernandez, Tim [mailto:[EMAIL PROTECTED]] Sent: Monday, February 10, 2003 5:55 PM To: [EMAIL PROTECTED] Subject: RE: CCIE Study group in Chicago? [7:62777] Hey, what about a CCNP Study Group in Chicago? Timothy B. Fernandez Network Technician Technical Operations New York 2 Thomson Financial -Original Message- From: Chris Theiss [mailto:[EMAIL PROTECTED]] Sent: Monday, February 10, 2003 5:09 PM To: [EMAIL PROTECTED] Subject: Re: CCIE Study group in Chicago? [7:62777] I'd be interested in joining one, or forming a new one. Nguyen, David wrote: Any CCIE study groups here in the Chicago area? Regards, David -- Chris Theiss IPG WAN Group [EMAIL PROTECTED] (312) 425-6624 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62879t=62777 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Trunking on C2924-XL [7:62880]
Hello All, I'm attempting to configure trunking on a C2924-XL switch runiing IOS version Version 11.2(8.10)SA6 from file c2900XL-hs-mz-112.8.10 SA6.bin. I've read CCO enough to realize that the command under interface configuration mode would be switchport mode trunk. However, the switch does not accept that command and executing switchport mode ? only show two options, access and multi, not trunk. I'd appreciate anyone letting me in on why I cannot select trunk when it ought to be there. Thank you very much. Richard Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62880t=62880 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Trunking on C2924-XL [7:62881]
Hello All, I'm attempting to configure trunking on a C2924-XL switch runiing IOS version Version 11.2(8.10)SA6 from file c2900XL-hs-mz-112.8.10-SA6.bin. I've read CCO enough to realize that the command under interface configuration mode would be switchport mode trunk. However, the switch does not accept that command and executing switchport mode ? only show two options, access and multi, not trunk. I'd appreciate anyone letting me in on why I cannot select trunk when it ought to be there. Thank you very much. Richard Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62881t=62881 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: \31 Mak could it be used on leased lines(seria [7:62853]
Thanx Kaj Logan I have gne through document . thanx for the information. My doubts are cleared:-) Kaj J. Niemi wrote: In mail.net.groupstudy.pro, you wrote: -will the connection work , till now i only know that 30 is the max mask used on serial lines .how will we use this 31 mask It will. Here's an example: RtrA int se0/0 ip add 192.168.0.0 255.255.255.254 RtrB int se0/1 ip add 192.168.0.1 255.255.255.254 - Does this applies only in ios version 12.2 or later as mentioned. Or a late-stage 12.0S. - Do people use these 31 mask Yes, they work well. - Can anybody provide me any inf link Check out RFC 3021, Using 31-Bit Prefixes on IPv4 Point-to-Point Links. // kaj Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62882t=62853 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Trunking on C2924-XL [7:62881]
Richard, Trunking is only supported in the enterprise image release. You do not have that image From: Richard Burdette Reply-To: Richard Burdette To: [EMAIL PROTECTED] Subject: Trunking on C2924-XL [7:62881] Date: Wed, 12 Feb 2003 16:41:19 GMT Hello All, I'm attempting to configure trunking on a C2924-XL switch runiing IOS version Version 11.2(8.10)SA6 from file c2900XL-hs-mz-112.8.10-SA6.bin. I've read CCO enough to realize that the command under interface configuration mode would be switchport mode trunk. However, the switch does not accept that command and executing switchport mode ? only show two options, access and multi, not trunk. I'd appreciate anyone letting me in on why I cannot select trunk when it ought to be there. Thank you very much. misconduct and Nondisclosure violations to [EMAIL PROTECTED] Tired of spam? Get advanced junk mail protection with MSN 8. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62886t=62881 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP config question. [7:62860]
Pete Thanks for your help. I know it doesnt buy much redundancy, however it is something that could be done to an existing system without much capital outlay, and the organisation that I was thinking of has seemed to have had a run of bad luck with single routers falling over during the last few months. I know the org would prefer to rely on the dual providers for uplink redundancy rather than adding additional redundant links to any single provider. I dont even know if the upstream provider would allow it, but it was just something that occured to me while reading up for the BGP exam I am taking this week and I couldnt really find any answers in my study materials. Yet again, thanks Peter --On 12 February 2003 16:28 + Peter van Oene wrote: At 03:59 PM 2/12/2003 +, Peter Walker wrote: Yep you are right. Lets try that again ... a) connect up1 to the same ethernet segment b) form bgp neighbor relationship with BGP peer at provider pr2 c) advertise appropriate MED values requesting that pr2 prefer up2 d) set local preference to prefer link via up2 to pr2 over up1 to pr2 In terms of what I am asking is, are there any issues with having two 'redundant' bgp links from two different routers in one AS over a single multi-access link to a single router in another AS. So basically you have two routers and both r1 and r2 connect to the same router on the provider side while r1 also maintains a connection to another router on the provider side. In this case, you don't really buy yourself much other than router redundancy on your side. The cost is purely in control traffic that will transit the ethernet link. BGP isn't that chatty unless peering sessions are flapping (which would be abnormal) so this shouldn't be a big problem. Only other cost would be additional config complexity which might impede troubleshooting. Beyond that, things should work fine as long as the provider agrees to set it up. Pete It seems to me that this would be a simple no-brainer type of change to make, but I just have a nagging suspicion that there is some gotcha waiting to jump out when you least expect it. None of the sample configurations I have seen seem to mention this sort of config and I was wondering if there was some reason why it shouldnt be done, or if it was just one of those obscure variations of common configurations that did not warrant it's own explicit mention. Peter --On 12 February 2003 14:27 + Peter van Oene wrote: At 01:36 PM 2/12/2003 +, Peter Walker wrote: Folks A quick question on external BGP connection configuration. Given an organisation (ORG) with 2 EBGP routers (up1, up2) and two upstream providers (pr1, and pr2) where provider pr1 is currently linked to the router up1 via a serial link and provider pr2 is currently linked to router up2 via a traffic shaped and limited ethernet link. ORG is does not allow transit between the providers. Is there any reason why ORG should not a) connect pr1 to the same ethernet segment b) form bgp neighbor relationship with BGP peer at provider pr2 c) advertise appropriate MED values requesting that pr2 prefer up2 d) set local preference to prefer link via up2 to pr2 over up1 to pr2 I'm not sure if you are messing up your prs and ups here, but I'm not following you entirely. Why would you not just peer both routers and use prepend/med and pref to control load like most folks do? Maybe explaining what is better or different about this approach would help explain what the approach is :) Pete What I am looking for is technical (or business/political) reasons why this is a good or bad idea. I understand that all this would give is redundancy at the router level (up1, up2), the ethernet link and pr2's router are all still potential single points of failure. I also understand that pr2 may not wish to allow such a configuration. Also, what would need to be done to ensure that any changes made would not have any impact on decisions regarding the routing choice between pr1 and pr2? Regards Peter Nondisclosure violations to [EMAIL PROTECTED] Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62885t=62860 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
vlan help [7:62888]
hi. on a cisco2950, how can I configure a port to be tagged for one vlan and untagged for another? Please give me sample. thanks. - Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62888t=62888 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Policing and Shaping [7:62889]
Based on the following text, from http://www.cisco.com/warp/customer/105/policevsshape.html; Class Based Policing could not guarantee the bandwith specified in the `priority command. Any thoughts? In this configuration, the police command sends packets from the child classes based on the size of the packet and the number of bytes remaining in the conform and exceed token buckets. (See Traffic Policing.) The result is that rates given to the Voice over IP (VoIP) and Internet Protocol (IP) classes may not be guaranteed since the police feature is overriding the guarantees made by the priority feature. However, if the shape command is used, the result is a hierarchical queuing system, and all guarantees are made Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62889t=62889 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: New Instructor Experiences [7:62826]
At 10:48 AM + 2/12/03, Cisco Nuts wrote: John, First...CONGRATS You can do it!! Yes, there area moments when you feel that way...especially the first couple of timesbut in the end you will come out a champ!! When I started teaching the CCNA/NP a couple of years back, I too felt the same initially, but personally, teaching has been the best thing for me in my life!! I love teaching and am passionate about it. I am just dying to pass the CCIE Lab so I can begin my own tutoring in my basement for the CCNA/NP/IP courses. The trick is to really prepare for it the night before and then dive straight to the hands-on section in the class. Agreed, and I'd like to home in on this a little, at least from personal experience. Even when you are having fun, teaching all or most of the day is stressful. When you're writing programs or books, you control the pace and can let your mind float a little, but not so in a live situation. Don't count on your breaks, because you often either have to fix something or respond to student questions--unless there's an escape door at the instructor end of the classroom! I suppose my telecommuting equivalent is to have a cat crash into/with something in my office. They are pretty good about that, other than Rhonda keeps trying to fax herself. I really have to figure out a copy/fax cover that can stay on the machine without it overheating. Looking behind me, she's at least not on the control panel but in the feeder tray. There's also a difference between courses of up to about 2-3 days versus 3-5 days. I remember that when I taught RSC, ICRC, and ACRC, all 5 day courses, I hit a wall sometime on Wednesday, and it took me many months, if not a year, to learn to get through Wednesday (usually) afternoon. I was fine on Thursday and Friday. Incidentally, I found CID much easier to teach _for me_, as it NEVER was the same twice given students are bringing in new problems and a good CID instructor is constantly updating the lecture. There are just so many times you can point out the missing permit all in an access list, or an order dependency in OSPF network statements, etc., before you need to start suppressing the screams. If you're teaching on the road, it's even more exciting. Even the beancounters at a number of training partners finally recognized that getting dinner from room service was not really a luxury, but something that prevented embarrassment from falling asleep in the soup at a restaurant. It's usually too late for traditional sightseeing. I did find that workouts helped, which generally needed to be in the morning if I could get up that early, as well as social dinners--preferably with local friends, but sometimes with students. It's especially nice when you can meet up with instructor colleagues that know what it's like! I usually see Paul and Neill when they are teaching in DC, as well as others. Then start explaining the concepts about the material as you do the hands-on. Students love the hands-on!! Preparing your own notes help as students respect you more than just saying Ok guys, let's turn to page 31 and talk about Ospf. Ospf is. Good Luck. From: John Neiberger Reply-To: John Neiberger To: [EMAIL PROTECTED] Subject: OT: New Instructor Experiences [7:62826] Date: Tue, 11 Feb 2003 22:12:07 GMT I just feel the need to rant/vent for a bit and I knew there were a bunch of you who might be able to relate to this. I've started teaching a short, one-session general networking class for some of the people here at the bank. The first session, which was really just a runthrough with a handful of students, went fairly well. In fact, it went so well that they increased the number of overall attendees to about 60 or so. Last week I had another session that went exceptionally well, except for a couple of students who really didn't want to be there. I couldn't have asked for it to go better, and my boss heard lots of good things about it. One person even said I should be a professor! :-) Now, that brings us to today Today I had an afternoon class, and in my opinion it sucked rotten eggs. I feel embarrassed to have been involved with it.I can't think of too many ways in which it could have gone worse. I rambled, I flew through 2.5 hours of material in about an hour, I lost my place a lot. I'm not certain that I ever formed a train of thought longer than a couple of cars, and I think even those trains were without engine and caboose. Have any of you other instructors had days like that? As I even mentioned in class, I felt like my 'explainer' was broken today, and it certainly was. I'm hoping that I could get some sympathy from other instructors with similar experiences. Okay, I'm going to go drown my disappointment in some coffee! John _ The new MSN 8: advanced junk mail protection and 2 months FREE*
Catalyst 6500 vs 7200 VXR [7:62892]
What benefits can a Catalyst 6500 switch provide that a 7200 router cannot? Are the FLEXWAN modules a reliable product or is it better to separate your WAN traffic devices from you LAN devices? What about the performance of the FLEXWAN modules? I am just trying to understand if money is no object why would someone buy a 7200 router over a Catalyst 6500 with FLEXWAN modules. Thank you, sorry if this is too vague. Brett Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62892t=62892 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Passed CCIE written exam [7:62854]
I feel that I need to say something. You just sent this exact same message a week ago. Shawn K. -Original Message- From: Paul Dong So [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 12, 2003 9:27 AM To: [EMAIL PROTECTED] Subject: Passed CCIE written exam [7:62854] Hi all, Just passed the written and feel like i need to say something. Really want to say thanks for all the helps I gained from this study group. Test is 3 hours, 150 questions, single or multiple choices. If mulitple, will give indication how many answers. Can go backward and forward to check the questions. Passing score 58. Highly recommend 1. Boson #1 and #3. You should make sure you either remember or understand every answer. Don't even give up hard ones. Only give up something you really think it is going to be nonesense if you have to waste your brain resource memorizing the answers. 2. Need to understand these topics in depth: VoIP, MPLS(mpls-vpn, mpls-te), QoS. Those are my failing points where i only read superficially, but not in depth. 3. Try to read the online CCO website as much as you can, here is my another failing point. 4. The rest are the usual stuffs that every one talks a lot: books to read: Doyle's routing, lan switching, cisco press QoS, cisco press mpls, Caslow. Now it is time to crack the most difficult part: Lab. Cheers, Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62883t=62854 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Monitoring Memory Utilization(%) on a router. [7:62800]
You can try this one 1.3.6.1.4.1.9.2.1.8.0 and compare with your values. I used a time ago so I am not sure, but I think it is the free memory. Hope helps [EMAIL PROTECTED] em 12/02/2003 02:25:45 Para: [EMAIL PROTECTED], [EMAIL PROTECTED] cc: Assunto:RE: Monitoring Memory Utilization(%) on a router. [7:62800] This reply from my colleague makes it very clear. 1) i do a show memory on a cisco 26xx router. It shows me the Total Processor Memory and Total IO memory. When i add up these 2 values, why is it not equal to total amount of DRAM in your router (as shown by sh ver)??? Simply because Processor + I/O mem is not equal total DRAM. The IOS loaded in RAM and additional datas need also some space: muuma#sh ver | i with cisco 2611 (MPC860) processor (revision 0x202) with 28672K/4096K bytes of memory. muuma#sh mem Head Total(b)Used(b)Free(b) Lowest(b) Largest(b) Processor 80B7D5D0 173123042375180 14937124 14745720 14822080 I/O 1C041943041709592248471224847122484668 Below you can see that the total main memory + I/O fits the physical 32 megs: muuma#sh region Region Manager: Start End Size(b) Class Media Name 0x01C0 0x01FF 4194304 Iomem R/Wiomem 0x6000 0x60FF16777216 Flash R/Oflash 0x8000 0x81BF29360128 Local R/Wmain 0x80008088 0x807C18AB 8099876 IText R/Omain:text 0x807C18AC 0x80A78F27 2848380 IData R/Wmain:data 0x80A78F28 0x80B7D5CF 104 IBss R/Wmain:bss 0x80B7D5D0 0x81BF17312304 Local R/Wmain:heap That brings me to my second question::-)) Q:How do i get the total amount of DRAM installed in the router via SNMP?? Which MIB and OID? Thanks Simon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 12, 2003 1:09 AM To: [EMAIL PROTECTED] Subject: Re: Monitoring Memory Utilization(%) on a router. [7:62800] Could you send us the result of the `show memory` and `show version`. Maybe it helps the discussion. [EMAIL PROTECTED] @groupstudy.com em 11/02/2003 12:42:37 Favor responder a [EMAIL PROTECTED] Enviado Por: [EMAIL PROTECTED] Para: [EMAIL PROTECTED] cc: Assunto:Monitoring Memory Utilization(%) on a router. [7:62800] Hi, 1) i do a show memory on a cisco 26xx router. It shows me the Total Processor Memory and Total IO memory. When i add up these 2 values, why is it not equal to total amount of DRAM in your router (as shown by sh ver)??? 2)Assuming the sh memory output does not give us the correct picture about memory utilization, which MIBs and objects should we monitor to get the memory utilization( as a %)of the router? Or can we atleast get the free memory , used memory or total memory via SNMP and using MIB expressions, we can compute the Memory utilization as a %??What are the MIBs and objects to get this info? Cheers Simon Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62890t=62800 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: bsci passed [7:62805]
I took a class recently at a local juco that was very good. They used labs from the Academy material aimed towards advanced router config. I have a lab at home with a couple of 2600's and a couple of 2500's that I've picked up off of eBay over the last couple of years and was able to do the labs over again at home. What I blew thru in the class due to time constraints I was able to dissect a little more completely and try different commands and such with at home. As far as reading material I used the BSCN text book and printed out the Cisco link on IS-IS that is available here (watch for text wrap) http://www.ciscopress.com/content/images/1578702283/downloads/2283newchap2.p df?session_id={191E20FE-35FE-420B-94D2-D7BAA31347FC} but I understand the actual BSCI text book is available now http://www.ciscopress.com/catalog/product.asp?product_id={E9CBCDAF-77DF-468E -B2F6-C902C0B78D6F} I used a couple of practice tests that were very good but very similar to each other in content. Either would have probably been enough. http://www.fravo.com/cisco/index.htm and http://216.197.111.79/testking/index.cfm?pageid=714productid=102 Both were outstanding (IMHO) conceptually. If you're looking for braindump, these-are-exactly-the-questions-you'll-see-on-the-real-test-type study guides then these aren't what you're looking for. I didn't see any *exact* questions from either of these on my test but all of the concepts I found on the test were covered in both of these. TestKing is a PDF and Fravo is a little app that you run. Fravo probably has more questions but not any more material is covered. They just ask the same type question 3 different ways. From my experience with the test know IS-IS. I was told to expect maybe 3 or 4 questions on IS-IS. I got more like a dozen or maybe even more. The rest was pretty evenly scattered thru all of the topics that the BSCI topics list at Cisco has in it. No one area was hit any harder than any other in mine. I did have fewer actual config the scenario questions than I expected. Know how OSPF, BGP work and how to set them up. Understand route sumarization and VLSM. Understand EIGRP and how it interacts with IGRP. Know IS-IS and CLNS. Know route redistribution. Be familiar with RIP v2. Basically, know everything in the BCSN book and IS-IS. I know I'm Forrest Gump-like compared to most I see post here regularly so I may not be the most accurate indicator of it's difficulty but that was my toughest cert test of the eight that I've taken to date. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Faulk Sent: Wednesday, February 12, 2003 8:53 AM To: [EMAIL PROTECTED] Subject: Re: bsci passed [7:62805] Hey guys, what were your study materials? John On Tue, Feb 11, 2003 at 03:47:01PM +, Mark Smith wrote: Congratulations, Alejandro. That was a tough test for me too. I passed mine yesterday morning. I'm not exactly bragging about the score but I passed. Got a lot more on IS-IS than I expected - about 20% or more of my test. Had only read about it. My home lab routers aren't beefy enough to set it up and play with it and I've never used it in the real world. Guess I read enough about it though. On to switching. Mark Quoting Alejandro Quemada : Hi it4s mi first post I have just passes bsci test this morning. it was a bit hard but passing score 700 [EMAIL PROTECTED] -- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62893t=62805 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ccie per hour rate [7:62894]
I want just general networking. Not really designing any really big projects or anything. How much per hour would be reasonable? Paul Beckman CIS Department Delta Health Group 850-470-0155 [EMAIL PROTECTED] The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62894t=62894 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CS11152 port channel? [7:62831]
just heard from Cisco and this is not possible. They're looking to implement it in future releases. Sam Sneed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I want to connect a cs11152 to a cisco switch. I want to have over 100MB over the link. Is there anyway to do the equivalent of prot channeling on 2 links? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62896t=62831 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Catalyst 6500 vs 7200 VXR [7:62892]
Brett Johnson wrote: What benefits can a Catalyst 6500 switch provide that a 7200 router cannot? The 6500 is also a switch. Are the FLEXWAN modules a reliable product or is it better to separate your WAN traffic devices from you LAN devices? They work well though some would rather keep the WAN out of their core. Some cusomters keep the core layer 2 etc... What about the performance of the FLEXWAN modules? I have a local customer that have two 6509's at each of 4 hospitals with flexwans in each. One switches flexwan has an ATM PA the other a PA-4T. ATM is the primary link and frame for the backup. The core site has 7200's simply because of the number of WANs to be terminated. Works very well. I am just trying to understand if money is no object why would someone buy a 7200 router over a Catalyst 6500 with FLEXWAN modules. Thank you, sorry if this is too vague. If the 6500 was the core of my net I would not want to terminate vendor WANs or an Internet connection on a flexwan for example so the decision depends on your network design, security issues, number of WAN ports etc... I'm sure if you look hard you can find the various packet forwarding rates for each on CCO. Brett -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62897t=62892 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ccie per hour rate [7:62894]
Jeez people get that on this list for free but if you want to send a check... :) Dave Paul Beckman wrote: I want just general networking. Not really designing any really big projects or anything. How much per hour would be reasonable? Paul Beckman CIS Department Delta Health Group 850-470-0155 [EMAIL PROTECTED] The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers. -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62898t=62894 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Trunking on C2924-XL [7:62880]
In mail.net.groupstudy.pro, you wrote: I'm attempting to configure trunking on a C2924-XL switch runiing IOS version Version 11.2(8.10)SA6 from file c2900XL-hs-mz-112.8.10 SA6.bin. I've read CCO enough to realize that the command under interface configuration mode would be switchport mode trunk. However, the switch does not accept that command and executing switchport mode ? only show two options, access If the switch really is a WS-C2924-XL, ie. an original 2900XL switch, trunking isn't supported at all. You need a WS-C2924-XL-EN. // kaj Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62900t=62880 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Internet Connections [7:62863]
I have a class B network subnetted using a 21 bit mask. This network has 2 connections to the internet, 1 is by a T3 the other is a 512K T1. Each connection to the internet comes out of a subnet, goes through a firewall, and then through a Cisco 7200 router. We have static routes in place to assure that the returning packets go to the proper firewall. I don't know for sure if the routers connecting to the internet are running BGP or some thing else. We have seen packets go out one interface and return on the other. I suspect that something is not right with the border routers. Any thoughts or suggestions? They're probably using BGP and they're both advertising the same prefixes. This is actually pretty normal behavior. You don't have a large degree of control of return traffic back to your network. There are a number of things that you can try to influence the path other providers use but they key word there is influence. It's very difficult--if not impossible--to enforce your routing policies on other providers. If one of them chooses one path over another to get back to your network, the best you can do is attempt to determine why that traffic is behaving that way and try to come up with a way to alleviate the problem. That's assuming it's really a problem. In your case, it could be a problem because your links are so imbalanced. I'd be tempted to leave the 512K T1 shutdown until it was needed. If you get too much traffic coming back down that link you'll create pinhole congestion. The rest of the world doesn't know that you have a T3 and a 512K fractional T1. They just see two paths back to your network. If your links were on the same router I think you could configure a conditional advertisement with BGP. This allow you not to advertise your network from the 512K T1 unless you stopped seeing BGP routes from the provider on the T3. There are other things that can be tried, such as AS path prepends, tweaking the MED, etc., but there is no rule that any other provider has to pay any attention to that information whatsoever so your results may vary. HTH, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62901t=62863 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: vlan help [7:62888]
CiscoNewbie wrote: hi. on a cisco2950, how can I configure a port to be tagged for one vlan and untagged for another? Please give me sample. thanks. switchport mode trunk switchport trunk native vlan That will 802.1Q tag all frames except those in vlan . You can't have more than one untagged VLAN. Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62899t=62888 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Catalyst 6500 vs 7200 VXR [7:62892]
Or if you have plenty of money and nothing better to spend it on, you can remove the 7200's and purchase 6506's with flex-wans. Provides the same service and cost a bit more. Those of us here San Jose wont mind a bit Larry Letterman Network Engineer Cisco Systems - Original Message - From: MADMAN To: Sent: Wednesday, February 12, 2003 12:18 PM Subject: Re: Catalyst 6500 vs 7200 VXR [7:62892] Brett Johnson wrote: What benefits can a Catalyst 6500 switch provide that a 7200 router cannot? The 6500 is also a switch. Are the FLEXWAN modules a reliable product or is it better to separate your WAN traffic devices from you LAN devices? They work well though some would rather keep the WAN out of their core. Some cusomters keep the core layer 2 etc... What about the performance of the FLEXWAN modules? I have a local customer that have two 6509's at each of 4 hospitals with flexwans in each. One switches flexwan has an ATM PA the other a PA-4T. ATM is the primary link and frame for the backup. The core site has 7200's simply because of the number of WANs to be terminated. Works very well. I am just trying to understand if money is no object why would someone buy a 7200 router over a Catalyst 6500 with FLEXWAN modules. Thank you, sorry if this is too vague. If the 6500 was the core of my net I would not want to terminate vendor WANs or an Internet connection on a flexwan for example so the decision depends on your network design, security issues, number of WAN ports etc... I'm sure if you look hard you can find the various packet forwarding rates for each on CCO. Brett -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62902t=62892 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: vlan help [7:62888]
M.C. van den Bovenkamp wrote: switchport mode trunk switchport trunk native vlan That will 802.1Q tag all frames except those in vlan . You can't have more than one untagged VLAN. OK, groupstudy doesn't like angle brackets; forgot about that. That would be 'switchport trunk native vlan X' and '...in vlan X.' Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62903t=62888 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Parascope 2000 WAN/LAN analyser for sale [7:62884]
Ok after winding up a small networking company I am left with a few bits of kit for sale, the most interesting of which is: Parascope 2000 T1/E1 analyser with - cables for testing the following: ISDN BRI, RS449, X21, V35, V24/RS232, ISDN T1/E1 - connection cable PCMCIA adapter for any laptop - WIN XL software suitable for Win NT/98 Version 2.10 according to the CD. List price for the product is #7,995 without cables, software or adapters for ISDN or DDS. This one certainly has the ISDN S/T adapters. The adapters are #1,335 so you get some idea of the total package. The url takes you to the UK distributor website for full spec http://www.sygnusdata.co.uk/products/fe/feline.htm#para2000 Anyone interested email me direct [EMAIL PROTECTED] Oh yes how much? Well sensible offers please in UK #'s and remember if you want it shipped abroad the buyer can arrange shipping and pay the costs once your money transfer has cleared. [GroupStudy.com removed an attachment of type application/ms-tnef which had a name of winmail.dat] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62884t=62884 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: AES license [7:62905]
Yea, and in the pix guide it also list proposed part numbers for the AES. It is about as free as 3DES is (which is not free). I wonder if AES is enabled in my 6.3beta version? Hmmm? Probably not... -Original Message- From: Jim [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 21, 2003 5:09 AM To: [EMAIL PROTECTED] Subject: AES license Hi all, With PIXS OS 6.3 coming out with AES does anyone know what the license requirements for it will be? Free for AES or $$ like for 3DES? Any word on this for IOS w/o the need for the AIM? thanks, JT ___ Join Excite! - http://www.excite.com The most personalized portal on the Web! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62905t=62905 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Catalyst 6500 vs 7200 VXR [7:62892]
At 06:37 PM 2/12/2003 +, Brett Johnson wrote: What benefits can a Catalyst 6500 switch provide that a 7200 router cannot? Are the FLEXWAN modules a reliable product or is it better to separate your WAN traffic devices from you LAN devices? What about the performance of the FLEXWAN modules? I am just trying to understand if money is no object why would someone buy a 7200 router over a Catalyst 6500 with FLEXWAN modules. Thank you, sorry if this is too vague. I personally would recommend separating L2 switching from routing myself. Purpose built platforms tend to have optimal cost efficiencies and stable software. Nice, fast, cheap L2 switching to the desktop tapped into a decent routed backbone sounds ideal to me. Small broadcast domains are quite helpful as well, unless you are a big fan of Sapping Tree. Brett Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62906t=62892 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX 501 NAT / PAT [7:62907]
Fellows I have PIX 501 on my home netwoek, it is connected with Cable Router, from where its gets Dynamic Internet IP address. Now lets say i want to run my Web Server or Email Server, i have to NAT or PAT my Web Server Internal Address with Dynamic Internet IP address that PIX gets from ISP. My concern is when Internet IP address will change, i will loose my Web Server will be down also. Is there a way i can do dynamic NAT / PAT. People who have Used Link Sys Cable / DSL Routers knows what i am talking about. When ever Internet IP address changes Linksys (or other brands) change the NAT / PAT. and your Web Server / Email Server is always UP. -- Curious MCSE, CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62907t=62907 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ccie per hour rate [7:62894]
If you looking to directly hire a CCIE who is incorporated, about $80-$100 should be fine, depending on quantity,quality of work exp. Its another story if you are hiring a ccie through a consulting or staffing agency. cya Paul Beckman wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I want just general networking. Not really designing any really big projects or anything. How much per hour would be reasonable? Paul Beckman CIS Department Delta Health Group 850-470-0155 [EMAIL PROTECTED] The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62908t=62894 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Internet Connections [7:62863]
On Wed, 12 Feb 2003, John Neiberger wrote: thing else. We have seen packets go out one interface and return on the other. I suspect that something is not right with the border routers. Any thoughts or suggestions? They're probably using BGP and they're both advertising the same prefixes. This is actually pretty normal behavior. You don't have a So do your two links terminate at the same provider at the same POP? If so they may have simply added two static routes pointing your block over the two links. This is commonly done for companies who have two links (2xT1s) without a multiplexor and don't want to run BGP. It's kind of a poor man's configuration. It's easy and simple to implement but gives the end user unpredictable return paths. Inbound Router-1 = 192.168.1.254 Inbound Router-2 = 192.168.2.254 Your IP Block = 172.16.0.0 255.255.0.0 Your ISP May have the following on the POP router: ip route 172.16.0.0 255.255.0.0 192.168.1.254 ip route 172.16.0.0 255.255.0.0 192.168.2.254 Andrew --- http://www.andrewsworld.net/ ICQ: 2895251 Cisco Certified Network Associate Learn from the mistakes of others. You won't live long enough to make all of them yourself. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62910t=62863 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Internet Connections [7:62863]
I think we need more info. Questions below... DeVoe, Charles (PKI) wrote: I have a class B network subnetted using a 21 bit mask. This network has 2 connections to the internet, 1 is by a T3 the other is a 512K T1. Each connection to the internet comes out of a subnet, goes through a firewall, and then through a Cisco 7200 router. We have static routes in place to assure that the returning packets go to the proper firewall. I don't know for sure if the routers connecting to the internet are running BGP or some thing else. We have seen packets go out one interface and return on the other. One interface of what? The 7200? Does the 7200 connect to multiple border routers? Can you tell us more about that part of the topology? I suspect that something is not right with the border routers. Any thoughts or suggestions? It's very difficult to control how traffic comes back into your network over the Internet. Entire books by Berkowitz, etc. have been written on this topic. But it's not necessarily a problem. If the traffic all ends up at the 7200 and the 7200 is configured correctly with the static routes that you mentioned, the traffic should end up at the right place. What problem are you trying to solve? By the way, John makes a really good point about pinhole congestion. See his post too. Thanks. Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62911t=62863 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TCP connection drops after 11 minutes [7:62855]
Jason Dimagiba wrote: Hello everyone, it's been a while since I last posted a message on this board My question is: I currently experience a session timeout after 11 minutes running a query on IE5. I was thinking it may be the MTU size being set incorrectly on the router. It's unlikely that suddenly after 11 minutes you encountered a large packet that hit an MTU size problem. Usually if there's an MTU issue, a problem happens right away. On the other hand, a lot of HTTP servers don't send full packets until you do something wild like start downloading songs or video or FTP a file. Were you doing something different at 11 minutes, like downloading something, whereas you were simply surfing before? Does it always happen after 11 minutes, regardless of the Web site you go to? If it's always 11 minutes for any Web site, maybe there's some timer set somewhere like on your firewall or caching server. It's hard to say. I may be wrong but has anyone ever came across this in their network? Sure, disconnects happen all the time for about a billion different reasons. What are the things to check for? Information. You have to gather more data about the problem. Priscilla Any suggestion will be greatly appreciated. Thanks, jd Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62912t=62855 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: New Instructor Experiences [7:62826]
Cisco Nuts wrote: John, First...CONGRATS You can do it!! Yes, there area moments when you feel that way...especially the first couple of timesbut in the end you will come out a champ!! When I started teaching the CCNA/NP a couple of years back, I too felt the same initially, but personally, teaching has been the best thing for me in my life!! I love teaching and am passionate about it. I am just dying to pass the CCIE Lab so I can begin my own tutoring in my basement for the CCNA/NP/IP courses. The trick is to really prepare for it the night before and then dive straight to the hands-on section in the class. Then start explaining the concepts about the material as you do the hands-on. Students love the hands-on!! This brings me to a comment I was thinking about making anyway. Tom Lisa mentioned four types of learners. I think it was visual, aural, read/write, and kinesthetic (as in movement). I bet the kinesthetic learners do indeed like to dive right into hands-on, but how about the others? They may not. Take me, for example. Please take, me. Just kidding. If you do hands-on too early in a class, I won't get much out of it at all. I'll be thinking, OK, that's a nice marketing demo, but what's it really doing behind the scenes? How does it work? Why does it work? Show me some architectural drawings, explain the components and how they relate to each other. I have to hear the theory first and see some visual explanations. And I'm not the only one like this. John has a difficult task because he has learners of all levels, from different walks of life. I bet he has a huge mix of learning styles. Now, you might think that networking attracts hands-on learners, so if he were teaching all real networking people, he would have an esier time. I have actually studied this, and that's not so. There's definitely a mix of types who are attracted to networking, both analytical/theoretical types and kinesthetic learners. A few years ago I participated in a study of personality types of networking people. We used the Myers Briggs personality test. I came out as INTJ (Introvert, iNtuitive, Thinking, Judgeing.) A lot of other people did too. We have a tendency to do way to much theory first! ;-) The other side of Intuitive is Sensory. A lot of people in the networking field have S in their Myers Briggs personality type. These folks learn with their senses, especially their hands. They like lots of hands-on. Anyway, bottom line, you need to run your class in a balanced manner to accomodate all these types as much as possible. There's more about the Myers Briggs personality sorter here: http://keirsey.com/ Anyone else want to share what they are, or have we wasted enough bandwidth on this already? :-) Priscilla Preparing your own notes help as students respect you more than just saying Ok guys, let's turn to page 31 and talk about Ospf. Ospf is. Good Luck. From: John Neiberger Reply-To: John Neiberger To: [EMAIL PROTECTED] Subject: OT: New Instructor Experiences [7:62826] Date: Tue, 11 Feb 2003 22:12:07 GMT I just feel the need to rant/vent for a bit and I knew there were a bunch of you who might be able to relate to this. I've started teaching a short, one-session general networking class for some of the people here at the bank. The first session, which was really just a runthrough with a handful of students, went fairly well. In fact, it went so well that they increased the number of overall attendees to about 60 or so. Last week I had another session that went exceptionally well, except for a couple of students who really didn't want to be there. I couldn't have asked for it to go better, and my boss heard lots of good things about it. One person even said I should be a professor! :-) Now, that brings us to today Today I had an afternoon class, and in my opinion it sucked rotten eggs. I feel embarrassed to have been involved with it.I can't think of too many ways in which it could have gone worse. I rambled, I flew through 2.5 hours of material in about an hour, I lost my place a lot. I'm not certain that I ever formed a train of thought longer than a couple of cars, and I think even those trains were without engine and caboose. Have any of you other instructors had days like that? As I even mentioned in class, I felt like my 'explainer' was broken today, and it certainly was. I'm hoping that I could get some sympathy from other instructors with similar experiences. Okay, I'm going to go drown my disappointment in some coffee! John _ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62913t=62826 -- FAQ, list
BGP Question [7:62914]
Hi all, I am looking for some guidelines and I cannot find any relevant examples. I have a situation where I have SWIP'd a /24 of my address block to a customer downstream. They have their own AS and are multi-homed. My concern/question is: the /24 will originate from their AS and not mine. Is there any special concerns I will need to take into accoutn for BGP advertisements to my upstream providers? That is, I will peer with him and allow his AS to originate the router and allow ^$ from him, but I am concerned that this will mess up my advertisements of a /19. (the /24 I gave him is out of my larger. Can I no longer advertise that? Are my concerns founded at all? Any advice? thanks, Jim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62914t=62914 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Myers Briggs Re: OT: New Instructor Experiences [7:62826]
John has a difficult task because he has learners of all levels, from different walks of life. I bet he has a huge mix of learning styles. Now, you might think that networking attracts hands-on learners, so if he were teaching all real networking people, he would have an esier time. I have actually studied this, and that's not so. There's definitely a mix of types who are attracted to networking, both analytical/theoretical types and kinesthetic learners. A few years ago I participated in a study of personality types of networking people. We used the Myers Briggs personality test. I came out as INTJ (Introvert, iNtuitive, Thinking, Judgeing.) A lot of other people did too. We have a tendency to do way to much theory first! ;-) The other side of Intuitive is Sensory. A lot of people in the networking field have S in their Myers Briggs personality type. These folks learn with their senses, especially their hands. They like lots of hands-on. Anyway, bottom line, you need to run your class in a balanced manner to accomodate all these types as much as possible. There's more about the Myers Briggs personality sorter here: http://keirsey.com/ Anyone else want to share what they are, or have we wasted enough bandwidth on this already? :-) Priscilla First, you're correct about the mix of learning styles in my class. This is just a three-hour overview of networking and TCP/IP, and it is a little difficult to convey the necessary information without a portion of the class getting lost or falling asleep. :-) I've heard good things about the class yesterday that I thought went so poorly so perhaps I was overreacting. As for Myers Briggs, I'm a fellow INTJ. However, I really dislike their testing process. It seems to consist of Given a certain situation would you do A or would you do B with no room for a 'maybe' answer. At least a third of the time I wish there were a sometimes A and sometimes B answer. Perhaps that means I'm an INTJ with definite ISTJ leanings? John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62916t=62826 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
SPAN and slammer [7:62917]
Hi All, Have a 4006 in place here using Version 12.1(12c)EW as my core switch. Yesterday had fun with Slammer, and last night also. I wanted to use the SPAN so I could mirror the data from one port to my snort box so I could verify to the sys-admins that it was slammer (they said it would never happen here). However, noticed that this command was not available on this IOS. I had to revert back to a hub scenario between my switch and firewall to see what was going on. My question is, how do you people monitor this without using SPAN, and also, how do you implement security on a per port basis (such as denying hubs on your network) PS: Any one ever used a tap here, and if so, how did it fit into your switched network. Thanks all John ** visit http://www.solution6.com UK Customers - http://www.solution6.co.uk ** The Solution 6 Head Office and NSW Branch has moved premises. Please make sure you have updated your records with our new details. Level 14, 383 Kent Street, Sydney NSW 2000. General Phone: 61 2 9278 0666 General Fax: 61 2 9278 0555 ** This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62917t=62917 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP Question [7:62914]
Jim, Continue to announce the /19 as before. You MAY want to also announce the /24 you've allocated to your downstream; depending upon the business relationship around this connectivity you may really want to announce the more specific /24. This is probably the critical choice you'll make. More details about the desired function of this interconnection would be needed to make intelligent comments on that. Depending upon the specifics of the environment...The covering /19 will attract some traffic for this /24 regardless of the customer announcing the /24 via other providers. If you also propagate the announcement of this /24 then you will get a bigger % of the inbound traffic for this /24 depending upon the announcements made on the other interconnection(s) the customer AS has. Againmore specifics on the desired traffic flow would be helpful in deciding behaviour in various states. For some example of this When you give backup connectivity to a company which has sublet space from your shrinking dotcom, you'd not like to carry any of this downstream's traffic unless you have to. When you are billing the customer by the bit you'd like to bill them for as much traffic as you can carry without increasing your own costs enough to hurt your margins on the service. Suggestions: -Filter his announcements to you beyond just the as-path filter you've mentioned. Also use prefix list or such to limit the announcements you'll listen to be just the prefixes you've agreed to accept. This is probably just the /24(and nothing longer) you are allocating to him now. -Make sure you are allowing all your routers(especially border) to see this /24(or some covering aggregate) so that you don't create blackholes for some subset of the network. -Adjust your outbound route filters to permit the one /24(and nothing longer) to leak if you've decided you wanted this announced to the world via your network. This probably will require you to speak with your upstreams for them to adjust route filters on their side. -Regardless verify the announcements from outside your network by using a public looking glass. It is likely that all of the objectives for this interconnection will not be met with canned configuration or suggestions. It's also quite common that no one will notice that the objectives are failing to be met. This is usually due to the fact that it works right now and it works under simple failure modes. Best of luck and if you've got the time to share more details about what is desired the group can make more suggestions, Darrell Newcomb darrell(at)hayaitacosnet http://www.hayaitacos.net/mpeer/ Home of the Managed Peering Service Jim Devane wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, I am looking for some guidelines and I cannot find any relevant examples. I have a situation where I have SWIP'd a /24 of my address block to a customer downstream. They have their own AS and are multi-homed. My concern/question is: the /24 will originate from their AS and not mine. Is there any special concerns I will need to take into accoutn for BGP advertisements to my upstream providers? That is, I will peer with him and allow his AS to originate the router and allow ^$ from him, but I am concerned that this will mess up my advertisements of a /19. (the /24 I gave him is out of my larger. Can I no longer advertise that? Are my concerns founded at all? Any advice? thanks, Jim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62918t=62914 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
translating network from VPN site [7:62919]
Hello, I have some interesting scenario for all. Well, I have two location connected over ISP thru VPN tunnel: Central office side: I have router and PIX 515E with 3 interface. 'remote office' network: 192.168.2.0/24 'main office' network : 192.0/24 VPN tunnel is over frame-relay dlci and only one subinterface on central office router can access to global network: IPsec Tunnel: (outside port PIX) (router on remote office some Alaied Tellesyn) The hint: I can access from remote office to main office, but I CAN'T do static map IP address from remote office to exit to internet with public IP address, because a can't nat ip address from outside interface back to outside interface again with public IP, or I can!? The one solution is probably to configure another interface for VPN tunnelling with remote office and than do NAT for that interface thru outside, but I don't have another interface only for intf2/DMZ. Please is there any good advice for this scenario? Best regards, Milan Jovancic Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62919t=62919 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Internet Connections [7:62863]
What is the T1's purpose? If it is for failover add a route map with a metric for the BGP. I am not sure who your provider is; however, they may be doing some static routing. If you have more information on your setup and what you are trying to accomplish I can give more input. Daniel Ladrach CCNP, CCNA WorldCom -Original Message- From: DeVoe, Charles (PKI) [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 12, 2003 9:19 AM To: [EMAIL PROTECTED] Subject: Internet Connections [7:62863] I have a class B network subnetted using a 21 bit mask. This network has 2 connections to the internet, 1 is by a T3 the other is a 512K T1. Each connection to the internet comes out of a subnet, goes through a firewall, and then through a Cisco 7200 router. We have static routes in place to assure that the returning packets go to the proper firewall. I don't know for sure if the routers connecting to the internet are running BGP or some thing else. We have seen packets go out one interface and return on the other. I suspect that something is not right with the border routers. Any thoughts or suggestions? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62920t=62863 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: long ack times [7:62867]
DeVoe, Charles (PKI) wrote: I have several users who are trying to run an application and often have problems. In using a sniffer on the packets I have found that some of the packets are experiencing long ack times. How does one troubleshoot this sort of problem? Gather the following info: 1. Do you see the Long ACK Time symptom on your Sniffer even when the users aren't complaining? The Sniffer threshold could be set too low. (Is this a Sniffer symptom or diagnosis by the way? Sniffer symptoms are sometimes misleading noise, sorry to say.) 2. Find out which side of the conversation is slow in sending the ACKs, the client or server. (Also, find out if this Sniffer symptom may just be for the server side. I think I remember that it only concerns itself with the server side.) 3. What is your topology? What internetworking equipment is between the users and the resources they are trying to reach? What errors to these devices report? Gather statistics from the devices, including reliability, load, errors, collisions if it's Ethernet, dropped packets, buffer exhaustion, etc. 4. Assuming you were sniffing near the user when you saw this symptom, incrementally move the Sniffer hop-by-hop until you're on the server's LAN. If the symptom disappears at some point, then you have an idea where the congestion is, one hop back from the hop where the problem disappears. 5. If you still see the Long ACK Time on the server's LAN, then call the server dudes in. Tell them you have proof that the server is slow. Harrass them 'til they fix the problem. :-) 6. Depending on the OS of the server, there are probably quite a few tools you could use at the server, if you ARE the server dude. Check CPU, memory, and disk usage; caching behavior; thrashing behavior; etc. 7. If the Long ACK problem doesn't occur on the LAN that the server is on but does occur closer to the client, then you can't blame the server dudes. You have to blame the network engineers. You may have to point the finger at yourself, unfortunatley. Go back to step 3 where you analyze internetworking device statistics. Could there be a congested shared Ethernet network somewhere. Could there be an Ethernet duplex mismach problem? Are WANs invovled? Are they congested or experiencing errors? Oh, one more thing, buy a copy of Troubleshooting Campus Networks! :-) ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62909t=62867 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco GSS-type solution? [7:62921]
Does anyone know of a cheaper solution that works like Cisco's GSS? I need a device that will monitor an actual website and redirect traffic to another geographically located website in the event of the primary website's failure. Thanks, Ed Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62921t=62921 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: SPAN and slammer [7:62917]
Hey, you can't expect Cisco to be consistent, can you? :-) It looks like on the 4000 the SPAN command is monitor session. See here: ww.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_1_14/config/span.htm Although I understand the gist of your question about port security and hope somebody answers it, I just wanted to mention that you can't recognize that a hub has been inserted. It's just a physical-layer device. It doesn't send frames, just bits. It doesn't have a MAC address. (If it's a managed hub and needs to send management data, then it does have a MAC address, and then you could identify it was there if it happened to send some management data.) Sniffing on switched networks is problematic. I think, strange though it might sound, it's rather common to insert a hub in order to use an analyzer or IDS. It's a shame, though, because you have to set the endpoints to half duplex and risk performance and, worse, auto-negotiation problems. Of course, getting SPAN to work is preferable, but as you noticed, that can be problematic too! Priscilla John Brandis wrote: Hi All, Have a 4006 in place here using Version 12.1(12c)EW as my core switch. Yesterday had fun with Slammer, and last night also. I wanted to use the SPAN so I could mirror the data from one port to my snort box so I could verify to the sys-admins that it was slammer (they said it would never happen here). However, noticed that this command was not available on this IOS. I had to revert back to a hub scenario between my switch and firewall to see what was going on. My question is, how do you people monitor this without using SPAN, and also, how do you implement security on a per port basis (such as denying hubs on your network) PS: Any one ever used a tap here, and if so, how did it fit into your switched network. Thanks all John ** visit http://www.solution6.com UK Customers - http://www.solution6.co.uk ** The Solution 6 Head Office and NSW Branch has moved premises. Please make sure you have updated your records with our new details. Level 14, 383 Kent Street, Sydney NSW 2000. General Phone: 61 2 9278 0666 General Fax: 61 2 9278 0555 ** This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62922t=62917 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Internet Connections [7:62863]
If both links go to smae provider they're the ones responsible for returning traffic. Contact them and I'm sure they could help you out. DeVoe, Charles (PKI) wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a class B network subnetted using a 21 bit mask. This network has 2 connections to the internet, 1 is by a T3 the other is a 512K T1. Each connection to the internet comes out of a subnet, goes through a firewall, and then through a Cisco 7200 router. We have static routes in place to assure that the returning packets go to the proper firewall. I don't know for sure if the routers connecting to the internet are running BGP or some thing else. We have seen packets go out one interface and return on the other. I suspect that something is not right with the border routers. Any thoughts or suggestions? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62923t=62863 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: SPAN and slammer [7:62917]
John, It looks like you need the monitor session command on this box. Check this out in the command reference. HTH, -Bob Sinclair CCIE #10427, MCSE Senior Network Engineer Networking For Future, Inc. www.nffinc.com - Original Message - From: John Brandis To: Sent: Wednesday, February 12, 2003 6:56 PM Subject: SPAN and slammer [7:62917] Hi All, Have a 4006 in place here using Version 12.1(12c)EW as my core switch. Yesterday had fun with Slammer, and last night also. I wanted to use the SPAN so I could mirror the data from one port to my snort box so I could verify to the sys-admins that it was slammer (they said it would never happen here). However, noticed that this command was not available on this IOS. I had to revert back to a hub scenario between my switch and firewall to see what was going on. My question is, how do you people monitor this without using SPAN, and also, how do you implement security on a per port basis (such as denying hubs on your network) PS: Any one ever used a tap here, and if so, how did it fit into your switched network. Thanks all John ** visit http://www.solution6.com UK Customers - http://www.solution6.co.uk ** The Solution 6 Head Office and NSW Branch has moved premises. Please make sure you have updated your records with our new details. Level 14, 383 Kent Street, Sydney NSW 2000. General Phone: 61 2 9278 0666 General Fax: 61 2 9278 0555 ** This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62924t=62917 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Myers Briggs Re: OT: New Instructor Experiences [7:62826]
John Neiberger wrote: As for Myers Briggs, I'm a fellow INTJ. Cool! :-) However, I really dislike their testing process. It seems to consist of Given a certain situation would you do A or would you do B with no room for a 'maybe' answer. At least a third of the time I wish there were a sometimes A and sometimes B answer. Perhaps that means I'm an INTJ with definite ISTJ leanings? Yeah, it's kind of silly. And the entire idea of classifying people into 16 slots is questionable too, but it has its uses. Also, I wanted to mention to people that if you go through the pain of answering the 70 questions on that Keirsey site that I mentioned before, when they score you, they don't give you complete information. They just clasify you into one of 4 types. You have to pay to get your full results and your exact type! The creeps. There are probably free tests on the Web too somewhere. Priscilla John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62925t=62826 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TCP connection drops after 11 minutes [7:62855]
Since there isn't enough details and the answers to Priscilla's questions would help us. I'll continue the speculative guessing game with a few spare minutes. When I read the description I thought Jason meant that he made (one) request to a webserver which was taking a VERY long time to complete. 11 minutes later this request failed as per some message from the web browser. Guessing Scenarios: 1)The request being made to the server was really an http upload of a file and transferring the file was taking a long time. Do you see mid to high levels of network activity to/from the endhost running the web browser? 2)The request required backend operations by the webserver which were particularly weighty for this specific request. Is this specific request a particularly big query? Do similar queries over smaller time periods, datasets, or whatever dimension (you have to scale down the workload) also take this long? Have you checked server logs? I assumed this only happens for a specific type or subset of the queries you launch so there should be something to point you in the right direction. Also the specific timeout on the client side(web browser) would be helpful. Is it the tcp session which is dropping, an error message delivered from the webserver due to an application timeout, ... Best of Luck, Darrell Netswitch Technology Management http://www.netswitch.net Jason Dimagiba wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello everyone, it's been a while since I last posted a message on this board My question is: I currently experience a session timeout after 11 minutes running a query on IE5. I was thinking it may be the MTU size being set incorrectly on the router. I may be wrong but has anyone ever came across this in their network? What are the things to check for? Any suggestion will be greatly appreciated. Thanks, jd Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62926t=62855 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cataylst 5505 or 3500 [7:62927]
Hi all, Please clear confusion. For my CCNP labs which Switch is recomended. 3500 or should use 5500 series? They both support layer 3 switching as well as multilayer switch. Is 3500 fix and 5500 is modular??? In 5500 I need to put Net flow card and Route switch card for layer 3 and multi layer switching then how about 3500?? Are these cards builtin in 3500?? 5500 is set based then how about 3500??? Is it also set based or Ios based? So finally which one more recomended one as I know the official CCNP books they use 5500 for labs and for CCIE prep they use 3500. Thanks.. Will appreciate your help. Regards, Ali Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62927t=62927 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: explain these ACLs [7:62843]
Not sure if IPX is used, but this will block any incoming/Outgoing IP traffic correct... I will investigate more and get back... Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62929t=62843 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
HDLC, line protocols, and keepalives. [7:62928]
All, I'm having a problem that I don't understand and I was hoping someone out there might be able to give me some insight. I have a 2503 with an HDLC connection on Serial0 going out to my service provider. The running-config is very basic (sanitized, of course): version 11.2 ! ip subnet-zero ! interface Serial0 ip address x.x.x.18 255.255.255.252 keepalive 9 no fair-queue ! interface Serial1 shutdown ! interface BRI0 no ip address shutdown ! router eigrp 100 network 10.0.0.0 ! no ip classless ! bridge 11 protocol ieee end The problem I am having is that the line protocol is bouncing, but neither my provider nor I can find a problem. I have swapped all the cables AND the router, but the problem persists. I noticed that the line protocol goes down for 9 seconds, then is up for 18 seconds, then the cycle repeats. For SG, I lowered the keepalives to 2 seconds; sure enough, the line protocol dropped for 2 seconds, then was up for 4. By removing keepalives altogether, the circuit stays up! What is going on here? Am I missing something painfully obvious? Thanks! Geoff Mossburg Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62928t=62928 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Study Materials - Anti-Rant [7:62930]
There was some off line discussion earlier today about an attempted post asking about CCIE study materials, in particular vendors of practice labs. I don't see that particular post in the list today, so I'm going to assume that the decision was made not to allow it. And I am going to rant a bit about this and the topic of posting questions like which study materials, which books, which practice labs are best for whatever? Having been a regular participant on this news group for over three years now, I, like many here, have seen these same questions over and over. As the off line discussion went - maybe we should tell whomever just to go search the archives. My rant is this - maybe I'm cynical, and maybe I've seen all the same questions over an over, but dammit, this newsgroup was started to help people prepare for certifications, and dammit just because I or anyone else has seen the same questions over an over doesn't mean that everyone else has. These topics should be permitted, should be discussed, and names should be named. I appreciate the concern about commercial posts. I appreciate that there have been a couple of people who have footers advertising all of their business ventures, and will regularly post that's right answers to other posts just to get their products and services out in front of this group. I appreciate that folks like Howard and Priscilla also have books and other things to sell, but are welcome here because of their unselfish participation, and unselfish helpfulness. I appreciate that there are other sources of study materials and rent a rack time than those whose names come up regularly here and over on the CCIE list. I appreciate that some of the purveyors of books and study materials don't bother participating on this forum, but that does not in and of itself say anything about the value of their products or services. I think a forum like this is an appropriate avenue to discuss the options out there. While I personally don't care for a lot of the what's best questions because I think they beg he issue and really miss the point, I do think that the purpose of this news list remains exchange of information and advice to those who ask and from those willing to offer. I will finish this anti rant with two thoughts. 1) it's up to the participants here to determine how they want things to go. If people don't want to read posts about what's best they are certainly free to ignore them. If they can offer advice, I believe people should be free to offer it. I certainly think people should be free to ask. I also think that vendors should not be sneaking in here under false names and false pretenses asking people to comment on their product. 2) in the end, I don't believe that any of the books or classes or practice labs are better than any others in terms of preparing people for certs, particularly for the CCIE Lab. It is more important to read a lot, study a lot, practice a lot. Sorry to all of the purveyors of study materials for saying it, but the key is practice with lots of different situations, not practice with one vendor or another. Presented for your consideration. Chuck TANSTAAFL there ain't no such thing as a free lunch Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62930t=62930 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP question [7:62931]
Larry, Care to elaborate a little on the downside to doing this? We're doing it in our network but I'd love to present some reasons why we shouldn't and start looking at some proper VLAN config's. Right now we have something like 6 class-c networks configured on a single interface of each of our routers. I know it creates a really overpopulated broadcast domain...What else should I be considering? Thanks. Kelly Cobean -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Larry Letterman Sent: Wednesday, February 12, 2003 7:31 PM To: MADMAN; CCIE FUN Cc: [EMAIL PROTECTED] Subject: Re: HSRP question I have run hsrp on primary and secondary address's and it works.. However , I support Dave's thoughts that I dont like to do it for prduction networks or for long periods of time... Larry Letterman Network Engineer Cisco Systems - Original Message - From: MADMAN To: CCIE FUN Cc: Sent: Wednesday, February 12, 2003 3:29 PM Subject: Re: HSRP question Yes you can do this but I wouldn't design a network with secondaries. Just because you can doesn't mean you should. Secondaries should be used only for temporary situations, converting ip addresses for example. have fun Dave CCIE FUN wrote: Hi all I have two routers running HSRP for a network subnet lets say for e.g 1.1.1.0/24 on E0 of both the routers. now can i add secondary address to these routers on Interface E0 and also run HSRP for these secondary address. I want to add about 10 secondary address. how will the HSRP config be. Can i run HSRP for multiple secondary addresses on these routers. thanks __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com . -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill . FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Myers Briggs Re: OT: New Instructor Experiences [7:62826]
John Neiberger wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... John has a difficult task because he has learners of all levels, from different walks of life. I bet he has a huge mix of learning styles. Now, you might think that networking attracts hands-on learners, so if he were teaching all real networking people, he would have an esier time. I have actually studied this, and that's not so. There's definitely a mix of types who are attracted to networking, both analytical/theoretical types and kinesthetic learners. A few years ago I participated in a study of personality types of networking people. We used the Myers Briggs personality test. I came out as INTJ (Introvert, iNtuitive, Thinking, Judgeing.) A lot of other people did too. We have a tendency to do way to much theory first! ;-) The other side of Intuitive is Sensory. A lot of people in the networking field have S in their Myers Briggs personality type. These folks learn with their senses, especially their hands. They like lots of hands-on. Anyway, bottom line, you need to run your class in a balanced manner to accomodate all these types as much as possible. There's more about the Myers Briggs personality sorter here: http://keirsey.com/ Anyone else want to share what they are, or have we wasted enough bandwidth on this already? :-) Priscilla First, you're correct about the mix of learning styles in my class. This is just a three-hour overview of networking and TCP/IP, and it is a little difficult to convey the necessary information without a portion of the class getting lost or falling asleep. :-) I've heard good things about the class yesterday that I thought went so poorly so perhaps I was overreacting. As for Myers Briggs, I'm a fellow INTJ. However, I really dislike their testing process. It seems to consist of Given a certain situation would you do A or would you do B with no room for a 'maybe' answer. At least a third of the time I wish there were a sometimes A and sometimes B answer. Perhaps that means I'm an INTJ with definite ISTJ leanings? no, it means you're management material, if not husband material. ;- John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62932t=62826 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cataylst 5505 or 3500 [7:62927]
K, I recently went through this thought process myself and in the end went with the 5000 series. I based my decision of several items; 1. I already had a 5000 switch. 2. CCNP switching track knows nothing of the 3550 3. Expense, I added a SupIII engine and RSM on my 5000 relatively cheaply One thought you might keep in mind is the 3550, from what I've gathered on this new group, is in the CCIE lab so if you were to want to seek that designation, you'd then have to look into one of those, or rent one from an online rack. If I get that far I'll probably use a rack myself. Rich K Ali wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, Please clear confusion. For my CCNP labs which Switch is recomended. 3500 or should use 5500 series? They both support layer 3 switching as well as multilayer switch. Is 3500 fix and 5500 is modular??? In 5500 I need to put Net flow card and Route switch card for layer 3 and multi layer switching then how about 3500?? Are these cards builtin in 3500?? 5500 is set based then how about 3500??? Is it also set based or Ios based? So finally which one more recomended one as I know the official CCNP books they use 5500 for labs and for CCIE prep they use 3500. Thanks.. Will appreciate your help. Regards, Ali Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62933t=62927 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Top Down Book [7:62934]
While we are speaking of books, I went to the bookshop just then and had a look at Pricilla's book. Don't know what you pay in the US for a book, however it was on sale for $140AUD... That's to much for me, however it looked like a good book. ** visit http://www.solution6.com UK Customers - http://www.solution6.co.uk ** The Solution 6 Head Office and NSW Branch has moved premises. Please make sure you have updated your records with our new details. Level 14, 383 Kent Street, Sydney NSW 2000. General Phone: 61 2 9278 0666 General Fax: 61 2 9278 0555 ** This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62934t=62934 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Top Down Book [7:62934]
John Brandis wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... While we are speaking of books, I went to the bookshop just then and had a look at Pricilla's book. Don't know what you pay in the US for a book, however it was on sale for $140AUD... I thought the US dollar was low worldwide. Boy, your economy sure must be down under. :- ( the book lists at 55 USD. ) That's to much for me, however it looked like a good book. ** visit http://www.solution6.com UK Customers - http://www.solution6.co.uk ** The Solution 6 Head Office and NSW Branch has moved premises. Please make sure you have updated your records with our new details. Level 14, 383 Kent Street, Sydney NSW 2000. General Phone: 61 2 9278 0666 General Fax: 61 2 9278 0555 ** This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62936t=62934 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HDLC, line protocols, and keepalives. [7:62928]
It sure sounds like your service provider isn't using keepalives, i.e. has no keepalive configured on their serial interface. Both ends have to either be using keepalives or not, with the same timer. You would think that they would checked that, but the symptoms point to that being the problem. Let us know if that's not the case, though. In fact, let us know if you find out that it is the case! Thanks. Priscilla Mossburg, Geoff (MAN-Corporate) wrote: All, I'm having a problem that I don't understand and I was hoping someone out there might be able to give me some insight. I have a 2503 with an HDLC connection on Serial0 going out to my service provider. The running-config is very basic (sanitized, of course): version 11.2 ! ip subnet-zero ! interface Serial0 ip address x.x.x.18 255.255.255.252 keepalive 9 no fair-queue ! interface Serial1 shutdown ! interface BRI0 no ip address shutdown ! router eigrp 100 network 10.0.0.0 ! no ip classless ! bridge 11 protocol ieee end The problem I am having is that the line protocol is bouncing, but neither my provider nor I can find a problem. I have swapped all the cables AND the router, but the problem persists. I noticed that the line protocol goes down for 9 seconds, then is up for 18 seconds, then the cycle repeats. For SG, I lowered the keepalives to 2 seconds; sure enough, the line protocol dropped for 2 seconds, then was up for 4. By removing keepalives altogether, the circuit stays up! What is going on here? Am I missing something painfully obvious? Thanks! Geoff Mossburg Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62935t=62928 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Site-to-Site and Remote Access VPN on PIX? [7:62937]
Greetings, Can I configure a Cisco PIX firewall to do both site-to-site and remote access vpn preshares key in one box? The reason I asked because after configuring site-to-site vpn, my remote access vpn stops working. Kim. __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62937t=62937 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Top Down Book [7:62934]
However, you people in the US get paid double what we earn here, it so tempting to come there and work, however I could not take the kids there at the moment with all that's going on there. Would not feel safe. A good network person here, with Unix skills, Windows Skills and at least 2 years security, hovering around CCNP, would earn about $70kAUD ($1AUD=$0.55USD). That would be good pay. However my friend is a CCIE with solid VOIP experience, and gets paid $100kAUD -Original Message- From: The Long and Winding Road [mailto:[EMAIL PROTECTED]] Sent: Thursday, 13 February 2003 3:02 PM To: [EMAIL PROTECTED] Subject: Re: Top Down Book [7:62934] John Brandis wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... While we are speaking of books, I went to the bookshop just then and had a look at Pricilla's book. Don't know what you pay in the US for a book, however it was on sale for $140AUD... I thought the US dollar was low worldwide. Boy, your economy sure must be down under. :- ( the book lists at 55 USD. ) That's to much for me, however it looked like a good book. ** visit http://www.solution6.com UK Customers - http://www.solution6.co.uk ** The Solution 6 Head Office and NSW Branch has moved premises. Please make sure you have updated your records with our new details. Level 14, 383 Kent Street, Sydney NSW 2000. General Phone: 61 2 9278 0666 General Fax: 61 2 9278 0555 ** This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62938t=62934 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Snort versus Cisco IDS [7:62939]
Someone told me in an authoritative voice today that Cisco doesn't recommend their IDS. They recommend Snort. Is this really true? Isn't Cisco's IDS a big part of SAFE? Of course, the person who said this doesn't understand that Cisco is a huge, chaotic organism, and that saying Cisco does something based on what one person does, doesn't make sense. But I'm just curious, what do you all recommend for intrusion detection? How do Snort and Cisco IDS compare? I guess Cisco's solution is a bit more complicated, requiring appliances or IDS cards in a switch and a console: Cisco Secure IDS DirectorHP OpenView Network Node Manager plug-in that runs on UNIX (Solaris and HP-UX) Cisco Secure Policy Manager (v2.2+)Windows NT-based package Thanks. Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62939t=62939 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Ethernet/Server Issues [7:62940]
I have run into a problem in produciton network. I have 3548XL switches connecting servers and workstations. One server I am having problem with is running NT4.0 with Oracle database running. The connection to this server drops at random interval. It goes away and comes back. Contiuous ping will succeed for 10 minutes and fail for 2 minutes without any traffic at all as the troubleshooting took place after hours. Tried different NICs in the server and didn't make any difference. We have spanning-tree enabled. The Speed/Duplex setting on the server and Switch port don't make any difference wheather set to auto-auto or 100full-100full. Portfast is enabled on the port. Software is the latest version. I did notice error message saying ***RTD(or RDT cannot remember which one):ADDFLAP: port f0/1 relarned 5 times*** or something along that line. I looked it up on the TAC, but no luck. Any help would be appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62940t=62940 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP question [7:62941]
Issues I have with secondary ip address's : In the sh ip int br command, the 10.x.x.x secondary on the below interface does not show up The dhcp request for that interface will advertise out the primary interface not the secondary address, so it is extremely difficult to get the secondary ip address's a dhcp address It adds a lot of overhead to the interface connection tables and hsrp can act strange on certain routers, especially older routers with resource limits... interface FastEthernet1/0 description 590 Brennan St. ip address 10.17.212.2 255.255.255.0 secondary ip address 171.70.34.3 255.255.255.0 no ip redirects arp timeout 1740 standby priority 105 preempt standby ip 171.70.34.1 standby track Se6/0/0 standby 2 priority 105 preempt standby 2 ip 10.17.212.1 standby 2 track Se6/0/0 hold-queue 150 in sjbrn-gw1#sh ip int br Ethernet0/0192.168.54.131 YES NVRAM up up FastEthernet1/0171.70.34.3 YES NVRAM up up Serial6/0/0171.68.2.22 YES NVRAM up up Larry Letterman Network Engineer Cisco Systems - Original Message - From: Kelly Cobean To: Larry Letterman ; Cisco groupstudy Sent: Wednesday, February 12, 2003 7:01 PM Subject: RE: HSRP question Larry, Care to elaborate a little on the downside to doing this? We're doing it in our network but I'd love to present some reasons why we shouldn't and start looking at some proper VLAN config's. Right now we have something like 6 class-c networks configured on a single interface of each of our routers. I know it creates a really overpopulated broadcast domain...What else should I be considering? Thanks. Kelly Cobean -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Larry Letterman Sent: Wednesday, February 12, 2003 7:31 PM To: MADMAN; CCIE FUN Cc: [EMAIL PROTECTED] Subject: Re: HSRP question I have run hsrp on primary and secondary address's and it works.. However , I support Dave's thoughts that I dont like to do it for prduction networks or for long periods of time... Larry Letterman Network Engineer Cisco Systems - Original Message - From: MADMAN To: CCIE FUN Cc: Sent: Wednesday, February 12, 2003 3:29 PM Subject: Re: HSRP question Yes you can do this but I wouldn't design a network with secondaries. Just because you can doesn't mean you should. Secondaries should be used only for temporary situations, converting ip addresses for example. have fun Dave CCIE FUN wrote: Hi all I have two routers running HSRP for a network subnet lets say for e.g 1.1.1.0/24 on E0 of both the routers. now can i add secondary address to these routers on Interface E0 and also run HSRP for these secondary address. I want to add about 10 secondary address. how will the HSRP config be. Can i run HSRP for multiple secondary addresses on these routers. thanks __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com . -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill . . Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62941t=62941 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Snort versus Cisco IDS [7:62939]
I work on most of Cisco IDS devices. At the beginning, when the ids was just new, you could only operate it from the Director which need as u know HP open view and Unix machine which was not easy compared with other IDS. Then Cisco came out with the CSPM 2.3 which in my opinion was really a headache. It was operating over NT. And you won't believe how many times it crashes and I have to reinstall it without any reson. Now, I guess Cisco IDS is getting more stable. If you buy the IDS alone , you can operate it fully without the need to have special software since it has a web interface which in my opinion are really very good. It s web interface. Also the new IDS managmenet console that comes bundled with the CiscoWorks VPN/Security Management Solution (VMS) 2.1. It is really good and operate on Windows 2000 and stable. People who works on the CSPM 2.3, I think they will thank God that now they have this. I guess Cisco IDS is getting more and more stable and more productive. This is what I think. Regards, Anan Beshara CCIE 7791 Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Someone told me in an authoritative voice today that Cisco doesn't recommend their IDS. They recommend Snort. Is this really true? Isn't Cisco's IDS a big part of SAFE? Of course, the person who said this doesn't understand that Cisco is a huge, chaotic organism, and that saying Cisco does something based on what one person does, doesn't make sense. But I'm just curious, what do you all recommend for intrusion detection? How do Snort and Cisco IDS compare? I guess Cisco's solution is a bit more complicated, requiring appliances or IDS cards in a switch and a console: Cisco Secure IDS Director-HP OpenView Network Node Manager plug-in that runs on UNIX (Solaris and HP-UX) Cisco Secure Policy Manager (v2.2+)-Windows NT-based package Thanks. Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62943t=62939 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]