Layer 3 switching and VLANs - an epiphany [7:63240]
Ok, its 1:29AM CST - and I am setting here chewing on this switching study guide information about VLANs. I think I see where my confusion has come from and what the answer is now. Layer 3 switching does not require VLANs, but what is DOES require is a physical port connection on the common L3 switch for every IP network that is connected to the L2 switches. (Hosts on the same L2 switch that are configured to be in 2 different IP networks.) This is not always possible nor administratively friendly. With VLANs, you can create the equivalent of sub interfaces on a single port on the L3 switch - hence trunking. You cannot trunk multiple IP networks (without VLANs) on a single port connection the L3 switch, because you cannot create Ethernet sub-interfaces... That's where I was missing it. I think it both Vicki and Jens mentioned something about this. Of course if I am off-kilter here, someone please slap me about :) Otherwise I am confident this is where my misunderstanding really occurred. Thanks to EVERYONE who responded - you are all a great group of people to stick it out until this was beat into my thick skull!!! Stephen Hoover Dallas, Texas Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63240t=63240 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]
I have a data center on the cisco campus that has well over 80 subnets in it, using L3 routing and no vlans on the 6509 gateways(routers).. We also have a production data center that uses 6509's with vlans that span different areas in the data center...due to the application structure of the servers and the fact that a lot of the servers have a need for redundant nics ... It works both ways folks...depends on what the need is Larry Letterman Network Engineer Cisco Systems - Original Message - From: Priscilla Oppenheimer To: Sent: Monday, February 17, 2003 10:07 PM Subject: RE: Does MLS (Layer 3 switching) require VLANs? [7:63147] I'm loath to continue this discussion, but I do have a question for Kelly. Why do you have a VLAN at all in your example?? Isn't a single VLAN sort of like one hand clapping? Seriously, what role is it playing in your network? Of course you don't have to have VLANs to do routing/L3 switching, as you probabaly know. But maybe there's some weird configuration gotcha, specific to the 6509? Just curious. Thanks. Larry said the majority of the Cisco campus is networked with L3 switches and not using vlans. That says a lot right there! Priscilla Kelly Cobean wrote: All, I'd like to add to this something that I haven't seen in other posts yet, and that is a quick look at layer2 function. I have a Catalyst 6509 with an MSFC on it. There is only *ONE* VLAN configured on the MSFC, however, that VLAN has several secondary addresses assigned to it (I know, not a great solution, but let's not go there). If I do a show mls entry on my switch, it is full of entries for hosts talking to hosts on the same VLAN. My point? When a host wants to talk to a host on another subnet (VLAN or not), it ANDs the address with it's own mask, determines that the host is in fact on a different subnet, then arps (if necessary) for it's default gateway (the MSFC) and sends the packet on it's way. The 6509/MSFC receive the packet and begin the MLS cache setup process (candidate packet, timeout, etc). All this is still done inspite of the fact that the MSFC only has a single VLAN. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Stephen Hoover Sent: Monday, February 17, 2003 8:33 PM To: [EMAIL PROTECTED] Subject: Re: Does MLS (Layer 3 switching) require VLANs? [7:63147] - actually it is by doing secondaries, but i would highly recommend doing vlans if possible. keep it clean and simple. one may also configure the physical interfaces as L3 interfaces - just as one might do on a router with several ethernet ports. Oo ok, now THAT statement leads me to believe the L3 switching IS possible without VLANs. -Stephen [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63241t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
1003 as Internet gateway [7:63242]
Which IOS I need on 1003 to use it as ISDN gateway to Internet? IOS should support NAT and dynamic IP addressing on WAN port. Regards. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63242t=63242 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Layer 3 switching and VLANs - an epiphany [7:63240]
your still a little off target... Layer 2 interfaces can be access ports or trunks for vlans Layer 2 or Layer 3 switch interfaces dont need to be sub-interfaces.. Layer 3 vlan interfaces(svi) require layer 2 trunk interfaces to interconnect vlans in other switches Layer 3 interfaces only require an ip address and routing support to make them function Larry Letterman Network Engineer Cisco Systems - Original Message - From: Stephen Hoover To: Layer 3 switching does not require VLANs, but what is DOES require is a physical port connection on the common L3 switch for every IP network that is connected to the L2 switches. (Hosts on the same L2 switch that are configured to be in 2 different IP networks.) This is not always possible nor administratively friendly. With VLANs, you can create the equivalent of sub interfaces on a single port on the L3 switch - hence trunking. You cannot trunk multiple IP networks (without VLANs) on a single port connection the L3 switch, because you cannot create Ethernet sub-interfaces... That's where I was missing it. I think it both Vicki and Jens mentioned something about this. Of course if I am off-kilter here, someone please slap me about :) Otherwise I am confident this is where my misunderstanding really occurred. Thanks to EVERYONE who responded - you are all a great group of people to stick it out until this was beat into my thick skull!!! Stephen Hoover Dallas, Texas [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63243t=63240 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
pix + router, design issue [7:63244]
I have a case with a customer that I am installing a PIX and a border router for, He want´s to have controle over the border router, but the Service Provider, is providing their router as the CPE. one interface on the Service Providers router has an ip address from the customers public ip address range, so I am thinking about what would be the best way to config the customers border router, as it will need to be sending some ip address that is on the interface connected to the CPE router back to the pix. - -- -- - - -- -- - - -- -- - PIX 213.100.1.10 Border RouterCPE Router 213.100.1.1 I am beeing a little slow to day, so I would like to get some input on how you would handle this secenario. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63244t=63244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Questions [7:63226]
Bill, In reference to your other questions 2) Conceptual questions on PIX (i am learning pix in a lab environment) a)will a higher-security interface always be able to initiate connections to a lower-security interface without configuration of an access-list,etc ? So, with a pix consisting of 8 interfaces, will e7(dmz with security70) be able to initiate a connection to e5(dmz with security50) but not the other way around? The thing to rememeber about PIX's is that to go from a higher to lower security level interface you require NAT (whether it is dynamic or static), and to go from lower to a higher level security interface you need a static translation and a conduit or access-list allowing the traffic. So e7 will be able to communicate with e5 if there is NAT, but for hosts on e5 to communicate with e7 you will need a static and conduits/ACL's. b)access-list 101 permit tcp any host 175.1.1.254 access-list 101 deny tcp any host 175.1.1.254 eq www What is the effect of the above access list in regards to www traffic? Remember that ACL's work in a sequential way. So in regards to yours. All TCP traffic will be allowed to pass through with any source IP address to 175.1.1.254 specifically, the second line is denying any www (port 80) - however, your previous statement has allowed this traffic already so this 'policy' will never be matched. So, web traffic to 175.1.1.254 will be allowed. If its not behaving the way you think it should, remember there is an implicit deny ip any any at the end of any access-list, and that you need a static translation to go from lower to a higher level security interface. c)access-list 1 deny tcp host 10.0.1.2 This access-list is applied to interface e1(ip:10.0.1.1) and thus i expect that 10.0.1.2 cannot initiate any communications. However it could reach internet websites. When I used the same command but with a 'eq www' at the end, the access-list worked and denied the host access to the web. Why is that? I was under the impression that my access-list would simply deny all traffic which would normally be the case on a router, but this seems to be working differently on a pix. Not too sure on this one and no time to investigate... perhaps someone else can answer. Adios, Brian Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63245t=63226 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 1003 as Internet gateway [7:63242]
If you have CCO access, you can use feature navigator: http://www.cisco.com/go/fn/ to quickly find information of this kind. I'm fairly certain that there is non-cco version, but I can't seem to be able to find it now. Regarding your original question, I believe you're fairly safe with any 12.x version. Marko. -Original Message- From: Slobodan Gajic [mailto:[EMAIL PROTECTED]] Sent: ~ripjudagur, 18. febrzar 2003. 09:05 To: [EMAIL PROTECTED] Subject: 1003 as Internet gateway [7:63242] Which IOS I need on 1003 to use it as ISDN gateway to Internet? IOS should support NAT and dynamic IP addressing on WAN port. Regards. Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Tvlvupsstur ~essi er fra Margmiplun hf., Supurlandsbraut 4, Reykjavmk. Fyrirvara og leipbeiningar til viptakenda tvlvupssts fra Margmiplun hf. er ap finna a vefsmpunni http://www.mi.is/fyrirvari Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63246t=63242 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE written exercise question [7:63247]
All, I'm preparing CCIE written exam and encounter some tricky questions in exercise. Would like to ask for help for those who can solve it: 1) Which one is NOT Well-known attribute for BGP ? - local preference - origin - weight - community - cluster-id You can only choose one out of 5. _ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63247t=63247 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Frame relay in Lab [7:63248]
Hi, I want to set up frame relay in a lab, are there any emulation software to mimic the frame relay cloud? if not, what's the best was of doing this ___ Kerry [GroupStudy removed an attachment of type image/jpeg which had a name of Clear Day Bkgrd.JPG] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63248t=63248 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Bandwidth limitation [7:63154]
With 12.2 use the police command within a policy map not rate-limit HTH Dom Stocqueler -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: 17 February 2003 16:27 To: [EMAIL PROTECTED] Subject: Re: Bandwidth limitation [7:63154] Use rate-limit instead. HTH, Hamid Hi, the bandwidth command is for information only. It does not change the interface. It is used by routing protocols like EIGRP to evaluate the metric and to compare different links. For serial links the default is 1544 kbps (=T1 line) and on other interfaces the default is the link speed (e.g. 10 kbps for FastEthernet). Jens Neelsen --- Projet AIM wrote: Hi all, I am working on a cisco 3620 router and I am trying to limit bandwidth on the FastEthernet interface with the Bandwidth command but I still have a superior rate than the one I choose can anyone please help me ( I have the IOS version 12.2) sincerly PIPPOO _ Gagnez 1 appareil photo num. en envoyant KDO par SMS au 61321 (prix dun SMS+ 0.35) http://www.msn.fr/jeux/kdo/ [EMAIL PROTECTED] Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63249t=63154 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Frame relay in Lab [7:63248]
Hi Kerry, The easiest way of doing this is just getting a cisco router with numerous serial interfaces and configure it as a frame relay switch. I uase a Cisco 4500 with 8 serial ports in my lab. Cheers Troy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63250t=63248 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Frame relay in Lab [7:63248]
The best way is to get a box with multiple serial interfaces such as a 2522 or 2523 and configure it as a frame switch. This seems to be the most common way, anyway. -- Johnny Routin )?) - Kerry Ogedegbe [ MTN - Portharcourt ] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, I want to set up frame relay in a lab, are there any emulation software to mimic the frame relay cloud? if not, what's the best was of doing this ___ Kerry [GroupStudy removed an attachment of type image/jpeg which had a name of Clear Day Bkgrd.JPG] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63251t=63248 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Connect two offices with dynamic ip [7:63252]
Hi, I need to connect two offices with VPN. They both can only get an Internet Connection with dynamic IP addresses, static addressing is not possible. Is there a possibility to establish a connection? Thanks in advance. Tarry Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63252t=63252 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
modem compression techniques [7:63253]
Dear all, If I'd like to enable compression for my analog dial-up customers what will be the recommended method?? Is it via Layer1 compression (controlling compression via S Register parameters) or via L2 compression via STAC,Predictor.,?? and plz recommend the necessary configuration for applying the compression techniques on the tty lines of the AS?? Regards, Mohamed Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63253t=63253 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: pix + router, design issue [7:63244]
Hi, Normally, the CPE router would be the border router that gives you the global IP address range to access. However, in this case it looks like you essentially have 2 border routers. You can get your border router to route the global ip range to the PIX, so the PIX outside interface will have a global IP address. But that would mean you have to break up the subnet the ISP has allocate you. If you have a large range, it may be ok, but if it's a small range (eg. /28), then you will waste IP addresses by doing that. A solution would be to do NAT on your border router, and everything behind the border router will be private IP address range. That would also mean your PIX will not be doing any NAT, so use either nat 0 or statics depending on your purpose. If I were you, I would get rid of the border router. I'm not sure what advantages it is going to have in using it. Regards, Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 8:42 PM To: [EMAIL PROTECTED] Subject: pix + router, design issue [7:63244] I have a case with a customer that I am installing a PIX and a border router for, He want4s to have controle over the border router, but the Service Provider, is providing their router as the CPE. one interface on the Service Providers router has an ip address from the customers public ip address range, so I am thinking about what would be the best way to config the customers border router, as it will need to be sending some ip address that is on the interface connected to the CPE router back to the pix. - -- -- - - -- -- - - -- -- - PIX 213.100.1.10 Border RouterCPE Router 213.100.1.1 I am beeing a little slow to day, so I would like to get some input on how you would handle this secenario. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63254t=63244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Isdn error with PPP - Why always?? [7:63255]
Hello, Just set up basic Isdn b/w 2 routers using the default hdlc encap and was working perfectly fine till I changed the encap to ppp, ppp auth chap, ppp multilink and ppp chap hostname R7. Then it just stopped working :- This has been very frustrating!! It started spitting out this msg. on the screen:R8-G# 4d19h: %ISDN-4-INVALID_CALLEDNUMBER: Interface BR0, Ignoring call, LDN and Called Party Number mismatch I looked to see if the called number had changed even though I had not touched it. It is still valid and so are the spids. R8-G#ri b0 Building configuration...Current configuration : 353 bytes ! interface BRI0 ip address 9.9.9.1 255.255.255.0 ip ospf demand-circuit dialer idle-timeout 90 dialer map ip 9.9.9.1 broadcast 5553000 dialer load-threshold 1 outbound dialer-group 1 isdn switch-type basic-ni isdn spid1 055511 5551000 isdn spid2 055521 5552000 R8-G#sh is st TEI Global ISDN Switchtype = basic-niter Age Seq# C Layer 1 Status: ACTIVE Layer 2 Status: TEI = 123, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED TEI = 124, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED TEI 123, ces = 1, state = 5(init) spid1 configured, spid1 sent, spid1 valid Endpoint ID Info: epsf = 0, usid = 1, tid = 1 TEI 124, ces = 2, state = 5(init) spid2 configured, spid2 sent, spid2 valid Endpoint ID Info: epsf = 0, usid = 3, tid = 1 Layer 3 Status: 0 Active Layer 3 Call(s) CCB:callid=801C, sapi=0, ces=1, B-chan=1, calltype=DATA Active dsl 0 CCBs = 1 The Free Channel Mask: 0x8002 Total Allocated ISDN CCBs = 1 I am beginning to guess that the problem is a HARDWARE one with the ISDN switch being the culprit. I guess as usual I need to give it rest for a couple of hours and start it again for this to work with just HDLC encap. To think that I was told that the Merge switch was the Rolls Royce of ISDN switches when I paid a million $$ for it last year :-(But if any one has any suggestions/advice, I would gratefully appreciate it.Thank you.Sincerely,CN STOP MORE SPAM with the new MSN 8 and get 2 months FREE* Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63255t=63255 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE written exercise question [7:63247]
weight is not an attribute carried in BGP. It's a cisco specific mechanism that is local to a router, and when configured, may impact the BGP path selection on that router. lee wooi keat wrote: All, I'm preparing CCIE written exam and encounter some tricky questions in exercise. Would like to ask for help for those who can solve it: 1) Which one is NOT Well-known attribute for BGP ? - local preference - origin - weight - community - cluster-id You can only choose one out of 5. _ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63256t=63247 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE written exercise question [7:63247]
cluster id looks a little out of place for me - Original Message - From: lee wooi keat To: Sent: Tuesday, February 18, 2003 10:50 AM Subject: CCIE written exercise question [7:63247] All, I'm preparing CCIE written exam and encounter some tricky questions in exercise. Would like to ask for help for those who can solve it: 1) Which one is NOT Well-known attribute for BGP ? - local preference - origin - weight - community - cluster-id You can only choose one out of 5. _ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63257t=63247 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]
Vicky Rode shaped photons and electrons to say: see comments in-line: -Original Message- From: Stephen Hoover [mailto:[EMAIL PROTECTED]] Sent: Monday, February 17, 2003 11:20 AM To: Vicky Rode Cc: [EMAIL PROTECTED] Subject: Re: Does MLS (Layer 3 switching) require VLANs? [7:63147] Say for instance I have 2 hosts on the same layer 3 switch, but the two hosts are on 2 different IP subnets (No VLANs are defined). That's not possible! if you are talking about 2 IP subnet, than: - actually it is by doing secondaries, but i would highly recommend doing vlans if possible. keep it clean and simple. Vicki, You mention the use of secondary IP's. On a L3 switch (a switch with the router engine in it) is it not possible to define Ethernet sub interfaces instead of using secondary IPs - without VLANs defined? Yes and no. Secondaries and VLANs serve different purposes. Basic IP assumption:1 physical medium[1] = 1 subnet Secondary assumption: 1 physical medium[2] = multiple subnets Basic VLAN assumption: multiple phyical media [3] = 1 subnet VLAN with secondaries: multiple physical media = multiple subnets on all Notes - [1] Based on the local versus remote IP assumption: if a host is on your subnet, you have layer 2 connectivity to it. if a host is on a different subnet, you need to reach it through a router. This works nicely for broadcast and point-to-point media. NBMA and demand circuits break the local-vs-remote assumption. If you do assume a broadcast* medium, then the physical medium = 1 broadcast domain = 1 subnet (* broadcast is used loosely -- multicast is often closer. Some stupid NICs don't recognize multicasts and treat all multicasts as a broadcast. Broadcasts, indeed, are special cases of multicasts.) [2] The medium simultaneously must support a broadcast domain for each subnet, unless it is a non-broadcast medium. [3] The media in different locations are assumed to be linked by L2** trunking, typically IEEE 802.1q. While the trunks do contain traffic from multiple subnets, they are effectively tunneled. The only multicasts on the trunk medium are for layer management functions, such as 802.1d, 802.1q, VTP, etc. (** there are exotic variants where you could carry trunking over a conventionally routed tunnel, but let's not go there.) yes you can but when you create sub-interfaces it ask for encapsulation type and this is where vlans come into play. Encapsulation type is one reason to use VLANs, because it does create different broadcast domains for each encapsulation. This is preferred, but Cisco certainly has supported secondaries for different encapsulations -- more an IPX than an IP support technique. whereas with secondaries it will route between the subnets. I'm sorry to be so thick, I'm just not getting it. If a L3 switch (with a routing module/engine in it) is essentially a wire speed router, then the VLAN just seems like an additional identifier on top of the L3 address - and doesn't really serve any purpose. Not exactly. It lets you have the _same_ broadcast domain in several L2 switches. That's what gives you the portability of hosts from VLAN (same subnet) to same VLAN in different buildings. There need be only one router on the subnet, but there can be multiple VLAN segments connected by trunking. In my previous example, 2 hosts on the same L3 switch, but on 2 different IP subnets - wouldn't a defined Ethernet subinterface be each clients respective gateway, and thus normal L3 routing would occur, just at switch speeds - well let me you ask this, why not just supernet and put all stations on the same subnet (don't do this i'm being facetious). that's because you do not want to create this huge broadcast domain. that's the whole purpose of having vlans. if this still doesn't make sense, feel free to ask...would love to help. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63259t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]
At 5:30 AM + 2/18/03, Ken Diliberto wrote: The nit I'm picking is inline... (I'm feeling like chipping in tonight) The Long and Winding Road 02/17/03 06:13PM [snip] if I have a 75xx router with 300 ethernet ports, and I bridge all those ports, do I have an L3 switch, or a router? [KD] You have a router performing L2 operations (forwarding, switching, bridging -- whatever). Would a cheap Linksys switch be faster? What makes a L3 switch in my mind is where the forwarding happens. If the L3 CPU (new way to look at it?) has to handle every packet, that's a router. If the first L3 packet is handled by the CPU which then programs ASICs to handle the rest of the flow without bothering the CPU, that's an L3 switch. Is there a difference from a packet/network perspective? No. The L2 headers and L3 headers are all properly updated in both cases (at least we *hope* they are) and traffic is delivered most of the time. (If it was delivered all the time, networks wouldn't need us to fix them) :-) Does that make a 7500 with VIPs a L3 switch? A 12000 with distributed forwarding processors? Substituting router for L3 switch is a good idea, but go farther than that. You can think of a high-performance router as a small hidden network, containing one or more (think high availability) path determination routing processors/hosts that download FIB information to multiple forwarding processors/hosts. One public and vendor-independent discussion of this architecture continues in the IETF FORCES Working Group (go to www.ietf.org and navigate to Working Groups). What does this mean to us? Not much other than for capacity planning. IMHO, an L3 switch has a longer life than a router. Not really, as you say in your next paragraph. I could go off into the ozone and say all high-speed routers are L3 switches. Indeed, ASICs aren't a necessity. I've worked on research router designs that used RISC processors in each forwarding and path determination engine, which gave lots of power but much more flexibility than ASICs. Admittedly, at least one of these was a specifically designed processor, but it definitely was software loadable and ran a real time OS. ASIC gets blurry anyway, when you start getting into the pure hard-etched IC, field-programmable gate arrays, electrically alterable field-programmable gate arrays, microcode sequencers, etc. When I design networks, I don't think L3 switch. I think about routers interconnecting L2 segments. I even draw them that way most of the time. :-) My advice to those having problems with this subject: Replace every occurrence of layer 3 switch with router. [/KD] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63260t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE written exercise question [7:63247]
At 10:50 AM + 2/18/03, lee wooi keat wrote: All, I'm preparing CCIE written exam and encounter some tricky questions in exercise. Would like to ask for help for those who can solve it: 1) Which one is NOT Well-known attribute for BGP ? - local preference - origin - weight - community - cluster-id You can only choose one out of 5. If this isn't a question I've written, it's very close. Hint: take well-known out of the question and see if the answer pops out. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63261t=63247 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Dropped Packet on 6506 switch [7:63053]
The Long and Winding Road wrote: hey, Dave, request for clarification whenever I run my config tools ( either CCO or NetFormX, which validates against Cisco's config server anyway ), the requirement is CAT OS plus IOS. I can go CAT OS only, but I cannot get a validation using IOS only. I Don't use the config tool, sounds like it is probably just as well:) So is that an error in the validation engine? or is something else going on that I don't understand. Send me the URL you use for this tool, I'll take a look at it. on a 3550, I can configure all ports as routed ports, or I can configure all ports as switched ports, or any combination. 6500 running native you can do the same. The 4xxx boxes with sup 3 or better can go IOS only. 6500 in native mode looks like the 4000 with a supIII except the 4000 with a supIII, all ports are L2 by default and on a 6500 runing native they are L3, go figure. With the introduction of the 4500 switch the 6500 is the only platform running catOS that is being produced. The 65xx seems to be the problem child, as anyone who has stumbled through either tool mentioned above can attest to. Check out this URL: http://www.cisco.com/en/US/customer/products/hw/switches/ps700/products_tech_note09186a00801350b8.shtml Dave any clarifications you can offer? MADMAN wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The Long and Winding Road wrote: 65xx without the MSFC card run Cat OS mode. Add the MSCF card, and you have hybrid mode. unless somethng has changed recently, you cannot run a 65xx in native IOS mode only - it has to be an L2 box alone, or a hybrid box, running IOS and Cat OS. Actually you can run a 6500 in native only. In native mode all ports are layer 3 ports. In fact in order to run most of the OSM cards you must run native mode, the inverse is true for most voice modules. Dave Native6506#sh ver Cisco Internetwork Operating System Software IOS (tm) c6sup2_rp Software (c6sup2_rp-JS-M), Version 12.1(13)E, EARLY DEPLOYMEN T RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Wed 04-Sep-02 18:45 by eaarmas Image text-base: 0x40008C00, data-base: 0x41A68000 ROM: System Bootstrap, Version 12.1(4r)E, RELEASE SOFTWARE (fc1) BOOTLDR: c6sup2_rp Software (c6sup2_rp-JS-M), Version 12.1(13)E, EARLY DEPLOYMEN T RELEASE SOFTWARE (fc1) Native6506 uptime is 6 weeks, 3 days, 23 hours, 24 minutes Time since Native6506 switched to active is 6 weeks, 3 days, 23 hours, 23 minute s System returned to ROM by power-on (SP by power-on) System image file is slot0:c6sup12-js-mz.121-13.E.bin cisco Catalyst 6000 (R7000) processor with 112640K/18432K bytes of memory. Processor board ID SAD05020HUX R7000 CPU at 300Mhz, Implementation 39, Rev 2.1, 256KB L2, 1024KB L3 Cache Last reset from power-on Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). TN3270 Emulation software. 8 Virtual Ethernet/IEEE 802.3 interface(s) 120 FastEthernet/IEEE 802.3 interface(s) 4 Gigabit Ethernet/IEEE 802.3 interface(s) 381K bytes of non-volatile configuration memory. 16384K bytes of Flash internal SIMM (Sector size 512K). Standby is up Standby has 112640K/18432K bytes of memory. Configuration register is 0x2102 Native6506# Native6506#sh conf Using 8122 out of 391160 bytes ! version 12.1 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Native6506 ! boot system flash slot0:c6sup12-js-mz.121-13.E.bin boot bootldr bootflash:c6msfc2-boot-mz.121-4.E1 enable password cisco ! ip subnet-zero ! ! no ip domain-lookup ! mls flow ip destination mls flow ipx destination ! redundancy mode rpr-plus main-cpu auto-sync running-config auto-sync standard ! ! ! interface GigabitEthernet1/1 no ip address switchport switchport trunk encapsulation dot1q switchport trunk native vlan 64 ! interface GigabitEthernet1/2 no ip address shutdown Priscilla Sam Sneed wrote: I'm not sure what you mean by hybrid mode. I have the sh ver, sh mod, sh ver for MSFC and below. I have nothing plugged into at leat 3 ports which still report dropped packets. 800,000 daily. Whats strange is that the 800,000 is almost the same on all 3 ports. I have disabled them since then but would like to know why I was getting those numbers. The MSFC does the layer 3 routing, but the dropped packets were at L2 I believe. Any ideas? Console1 sh ver WS-C6509 Software, Version NmpSW: 7.1(2) Copyright (c) 1995-2002 by Cisco Systems NMP S/W compiled on Feb 7 2002, 16:06:00 System Bootstrap Version: 5.3(1) Hardware Version: 2.0 Model: WS-C6509 Serial #: PS1 Module: WS-CAC-2500WSerial #: PS2 Module: WS-CAC-1300WSerial #: Mod Port Model Serial #Versions --- --- --- - 1 2
RE: modem compression techniques [7:63253]
are u stupid man? it is very very easy modemcap entry elkomy s27=12s28=12s30=13s43=67 interface group-async 0 ip unnumbered fastethernet x/x encapsulation ppp group-range x/x y/y compress stac ip tcp header-compression Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63263t=63253 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Isdn error with PPP - Why always?? [7:63255]
try debug isdn q931, this may give you some more info. Dave Cisco Nuts wrote: Hello, Just set up basic Isdn b/w 2 routers using the default hdlc encap and was working perfectly fine till I changed the encap to ppp, ppp auth chap, ppp multilink and ppp chap hostname R7. Then it just stopped working :- out this msg. on the screen:R8-G# 4d19h: %ISDN-4-INVALID_CALLEDNUMBER: Interface BR0, Ignoring call, LDN and Called Party Number mismatch I looked to see if the called number had changed even though I had not touched it. It is still valid and so are the spids. R8-G#ri b0 Building configuration...Current configuration : 353 bytes ! interface BRI0 ip address 9.9.9.1 255.255.255.0 ip ospf demand-circuit dialer idle-timeout 90 dialer map ip 9.9.9.1 broadcast 5553000 dialer load-threshold 1 outbound dialer-group 1 isdn switch-type basic-ni isdn spid1 055511 5551000 isdn spid2 055521 5552000 R8-G#sh is st TEI Global ISDN Switchtype = basic-niter Age Seq# C Layer 1 Status: ACTIVE Layer 2 Status: TEI = 123, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED TEI = 124, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED TEI 123, ces = 1, state = 5(init) spid1 configured, spid1 sent, spid1 valid Endpoint ID Info: epsf = 0, usid = 1, tid = 1 TEI 124, ces = 2, state = 5(init) spid2 configured, spid2 sent, spid2 valid Endpoint ID Info: epsf = 0, usid = 3, tid = 1 Layer 3 Status: 0 Active Layer 3 Call(s) CCB:callid=801C, sapi=0, ces=1, B-chan=1, calltype=DATA Active dsl 0 CCBs = 1 The Free Channel Mask: 0x8002 Total Allocated ISDN CCBs = 1 I am beginning to guess that the problem is a HARDWARE one with the ISDN switch being the culprit. I guess as usual I need to give it rest for a couple of hours and start it again for this to work with just HDLC encap. To think that I was told that the Merge switch was the Rolls Royce of ISDN switches when I paid a million $$ for it last year :-(But if any one has any suggestions/advice, I would gratefully appreciate it.Thank you.Sincerely,CN STOP MORE SPAM with the new MSN 8 and get 2 months FREE* -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63264t=63255 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: modem compression techniques [7:63253]
Dear wise man, First of all ,I think there's a more polite way we can discuss such issues with each other. Second none of those S register parameters is related to the modem compression S27 enable/disable V.25 calling tone S28-- Guard tone S30--- Max connect rate S43--- V.34 carrier frequency The parameters related to compression are: S21 - specify permited methods of data compression. but I need to know the value of S21 to enable compression (S21=??) Regards, Mohamed Chivertison Micheal wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... are u stupid man? it is very very easy modemcap entry elkomy s27=12s28=12s30=13s43=67 interface group-async 0 ip unnumbered fastethernet x/x encapsulation ppp group-range x/x y/y compress stac ip tcp header-compression Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63265t=63253 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX enable SYN Floodguard by default on outer int? [7:63266]
Hi.. Group, May I know whether the SYN Floodguard is enabled on PIX outside interface or I have to manually enable by the following command PIX(config)#nat (outside) 1 0.0.0.0 0.0.0.0 8000 8000 Is the command correct? assuming my nat_id is 1. Thanks a lot _ Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63266t=63266 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
W1T Interfaces [7:63267]
Hi all, I have a 2620 series running IOS (C2600-I-M), Version 12.2(8)T4. I also have 2 x WIC-1T installed. When I do this both of the interfaces show as down / down. However when I install either interface on its own (In either slot) they work fine. Is this a limitation of the 2600, I cannot find anything on Cisco site regarding this. Sincerely, Derek Walsh Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63267t=63267 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: FW: Lab workbook? Voice modules? [7:63163]
Dear Scott, Your advise would be great helpful to me! Thanks a lot! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63268t=63163 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: modem compression techniques [7:63253]
First man you are so polite so i have to apologize concerning the way we have to talk with each other, but this Access Server infront of me (Ebn el Gazma) mosh rady yeping a3mel leomoh eih??? Can u tell me howa mashy rady yeping leih?? BTW what i wrote to you was habal don't ever try to run on your router or the router will be explode Thanks ya m3alem Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63269t=63253 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE written exercise question [7:63247]
In line: -Original Message- From: lee wooi keat [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 4:51 AM To: [EMAIL PROTECTED] Subject: CCIE written exercise question [7:63247] All, I'm preparing CCIE written exam and encounter some tricky questions in exercise. Would like to ask for help for those who can solve it: 1) Which one is NOT Well-known attribute for BGP ? - local preference = Well-known discretionary attribute - origin = Well-known mandatory attribute - weight = Cisco proprietary attribute - community = Optional Transitive attribute - cluster-id = Used in configuring Route Reflectors You can only choose one out of 5. Problem is that only two are well-known attributes. If they allow any of the three then this is an easy question. (grin) Maybe the question should have asked Which one is not a BGP attribute? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63270t=63247 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Isdn error with PPP - Why always?? [7:63255]
For more information; http://www.cisco.com/warp/public/129/bri_invalid_spid.html regards /Stuart -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of MADMAN Sent: 18 February 2003 15:06 To: [EMAIL PROTECTED] Subject: Re: Isdn error with PPP - Why always?? [7:63255] try debug isdn q931, this may give you some more info. Dave Cisco Nuts wrote: Hello, Just set up basic Isdn b/w 2 routers using the default hdlc encap and was working perfectly fine till I changed the encap to ppp, ppp auth chap, ppp multilink and ppp chap hostname R7. Then it just stopped working :- out this msg. on the screen:R8-G# 4d19h: %ISDN-4-INVALID_CALLEDNUMBER: Interface BR0, Ignoring call, LDN and Called Party Number mismatch I looked to see if the called number had changed even though I had not touched it. It is still valid and so are the spids. R8-G#ri b0 Building configuration...Current configuration : 353 bytes ! interface BRI0 ip address 9.9.9.1 255.255.255.0 ip ospf demand-circuit dialer idle-timeout 90 dialer map ip 9.9.9.1 broadcast 5553000 dialer load-threshold 1 outbound dialer-group 1 isdn switch-type basic-ni isdn spid1 055511 5551000 isdn spid2 055521 5552000 R8-G#sh is st TEI Global ISDN Switchtype = basic-niter Age Seq# C Layer 1 Status: ACTIVE Layer 2 Status: TEI = 123, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED TEI = 124, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED TEI 123, ces = 1, state = 5(init) spid1 configured, spid1 sent, spid1 valid Endpoint ID Info: epsf = 0, usid = 1, tid = 1 TEI 124, ces = 2, state = 5(init) spid2 configured, spid2 sent, spid2 valid Endpoint ID Info: epsf = 0, usid = 3, tid = 1 Layer 3 Status: 0 Active Layer 3 Call(s) CCB:callid=801C, sapi=0, ces=1, B-chan=1, calltype=DATA Active dsl 0 CCBs = 1 The Free Channel Mask: 0x8002 Total Allocated ISDN CCBs = 1 I am beginning to guess that the problem is a HARDWARE one with the ISDN switch being the culprit. I guess as usual I need to give it rest for a couple of hours and start it again for this to work with just HDLC encap. To think that I was told that the Merge switch was the Rolls Royce of ISDN switches when I paid a million $$ for it last year :-(But if any one has any suggestions/advice, I would gratefully appreciate it.Thank you.Sincerely,CN STOP MORE SPAM with the new MSN 8 and get 2 months FREE* -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63271t=63255 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Isdn error with PPP - Why always?? [7:63255]
I ran into a similar problem. I converted to PPP from HDLC, as well as to dialer profiles from legacy ddr. The problem was I forgot to put ppp authentication chap on the bri interface. It was there on the dialer Interface, but not in both places. Adding it to the bri interface fixed it. I remember the debug and errors did not make it look like a ppp authentication error. Rick. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Cisco Nuts Sent: Tuesday, February 18, 2003 8:13 AM To: [EMAIL PROTECTED] Subject: Isdn error with PPP - Why always?? [7:63255] Hello, Just set up basic Isdn b/w 2 routers using the default hdlc encap and was working perfectly fine till I changed the encap to ppp, ppp auth chap, ppp multilink and ppp chap hostname R7. Then it just stopped working :- This has been very frustrating!! It started spitting out this msg. on the screen:R8-G# 4d19h: %ISDN-4-INVALID_CALLEDNUMBER: Interface BR0, Ignoring call, LDN and Called Party Number mismatch I looked to see if the called number had changed even though I had not touched it. It is still valid and so are the spids. R8-G#ri b0 Building configuration...Current configuration : 353 bytes ! interface BRI0 ip address 9.9.9.1 255.255.255.0 ip ospf demand-circuit dialer idle-timeout 90 dialer map ip 9.9.9.1 broadcast 5553000 dialer load-threshold 1 outbound dialer-group 1 isdn switch-type basic-ni isdn spid1 055511 5551000 isdn spid2 055521 5552000 R8-G#sh is st TEI Global ISDN Switchtype = basic-niter Age Seq# C Layer 1 Status: ACTIVE Layer 2 Status: TEI = 123, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED TEI = 124, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED TEI 123, ces = 1, state = 5(init) spid1 configured, spid1 sent, spid1 valid Endpoint ID Info: epsf = 0, usid = 1, tid = 1 TEI 124, ces = 2, state = 5(init) spid2 configured, spid2 sent, spid2 valid Endpoint ID Info: epsf = 0, usid = 3, tid = 1 Layer 3 Status: 0 Active Layer 3 Call(s) CCB:callid=801C, sapi=0, ces=1, B-chan=1, calltype=DATA Active dsl 0 CCBs = 1 The Free Channel Mask: 0x8002 Total Allocated ISDN CCBs = 1 I am beginning to guess that the problem is a HARDWARE one with the ISDN switch being the culprit. I guess as usual I need to give it rest for a couple of hours and start it again for this to work with just HDLC encap. To think that I was told that the Merge switch was the Rolls Royce of ISDN switches when I paid a million $$ for it last year :-(But if any one has any suggestions/advice, I would gratefully appreciate it.Thank you.Sincerely,CN STOP MORE SPAM with the new MSN 8 and get 2 months FREE* Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63272t=63255 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Flow exporter bug? [7:63274]
Although the destination address 172.2.x.x are showed on the switch mls entries, it is not exported. I tested many flows generated by Flow-Tools and there is no network 172.2.x.x as the destination; there are lots of data sent to that network I am wondering if it is a bug on the CATOS version 6.1(1d), because I do not have this behavior with version Sw : 6.3(4a). The configuration is the same on both switches. Any thought? SWITCH (enable) sh mls statistics entry ip destination 10.2.1.76 LastUsed Destination IP Source IP Prot DstPrt SrcPrt Stat-Pkts Stat-Bytes --- - -- -- -- --- 172.2.1.76 10.6.9.45 TCP 3343 Telnet 0 0 UNIX$ flow-cat -p -z9 ./ft-v07.2003-02-16.043501-0300 |flow-print file srcIP dstIP router_scprot srcPort dstPortoctets packets 172.2.8.28/0 10.3.1.159/010.4.55.217 32773 44419180 3 172.7.192.45/0 10.6.9.110/010.4.55.21 0 060 1 172.8.128.253/0 10.1.7.192/010.4.55.217 138 138254 1 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63274t=63274 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Isdn error with PPP - Why always?? [7:63255]
I frequently have trouble when I go from hdlc to ppp. Usually it's something I didn't configure with the ppp. I take one command out at a time that I added until things come back up. I start with removing ppp multilink. also you may want to turn on some debugs debug dialer debug ppp negot debug ppp authen Debbie On Tue, 18 Feb 2003, Cisco Nuts wrote: Hello, Just set up basic Isdn b/w 2 routers using the default hdlc encap and was working perfectly fine till I changed the encap to ppp, ppp auth chap, ppp multilink and ppp chap hostname R7. Then it just stopped working :- out this msg. on the screen:R8-G# 4d19h: %ISDN-4-INVALID_CALLEDNUMBER: Interface BR0, Ignoring call, LDN and Called Party Number mismatch I looked to see if the called number had changed even though I had not touched it. It is still valid and so are the spids. R8-G#ri b0 Building configuration...Current configuration : 353 bytes ! interface BRI0 ip address 9.9.9.1 255.255.255.0 ip ospf demand-circuit dialer idle-timeout 90 dialer map ip 9.9.9.1 broadcast 5553000 dialer load-threshold 1 outbound dialer-group 1 isdn switch-type basic-ni isdn spid1 055511 5551000 isdn spid2 055521 5552000 R8-G#sh is st TEI Global ISDN Switchtype = basic-niter Age Seq# C Layer 1 Status: ACTIVE Layer 2 Status: TEI = 123, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED TEI = 124, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED TEI 123, ces = 1, state = 5(init) spid1 configured, spid1 sent, spid1 valid Endpoint ID Info: epsf = 0, usid = 1, tid = 1 TEI 124, ces = 2, state = 5(init) spid2 configured, spid2 sent, spid2 valid Endpoint ID Info: epsf = 0, usid = 3, tid = 1 Layer 3 Status: 0 Active Layer 3 Call(s) CCB:callid=801C, sapi=0, ces=1, B-chan=1, calltype=DATA Active dsl 0 CCBs = 1 The Free Channel Mask: 0x8002 Total Allocated ISDN CCBs = 1 I am beginning to guess that the problem is a HARDWARE one with the ISDN switch being the culprit. I guess as usual I need to give it rest for a couple of hours and start it again for this to work with just HDLC encap. To think that I was told that the Merge switch was the Rolls Royce of ISDN switches when I paid a million $$ for it last year :-(But if any one has any suggestions/advice, I would gratefully appreciate it.Thank you.Sincerely,CN STOP MORE SPAM with the new MSN 8 and get 2 months FREE* Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63273t=63255 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Switch Port [7:63275]
switch1 (enable) set port duplex 6/8 half Port 6/8 is in auto-sensing mode. The above switch is a 6500. AS i understand, the ports can be set to full,half or auto but when i try setting it to half, it doesn't allow me to. thank you Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63275t=63275 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: modem compression techniques [7:63253]
are u stupid man? How would that be demonstrated? Inability to capitalize, to spell you, or to use commas? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63277t=63253 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: modem compression techniques [7:63253]
Very well put Mohamed! Kudos to you for not lowering yourself to his level in reply. Unfortunately, I don't have the answer to your S-Register question... sure wish I did. I haven't tried it myself, but maybe you can do a search on S Register or S21 and Modem Compression with Cisco (Via Google). That might yield an answer. Regards, Mark -Original Message- From: Mohamed Elkomy [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 9:13 AM To: [EMAIL PROTECTED] Subject: Re: modem compression techniques [7:63253] Dear wise man, First of all ,I think there's a more polite way we can discuss such issues with each other. Second none of those S register parameters is related to the modem compression S27 enable/disable V.25 calling tone S28-- Guard tone S30--- Max connect rate S43--- V.34 carrier frequency The parameters related to compression are: S21 - specify permited methods of data compression. but I need to know the value of S21 to enable compression (S21=??) Regards, Mohamed Chivertison Micheal wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... are u stupid man? it is very very easy modemcap entry elkomy s27=12s28=12s30=13s43=67 interface group-async 0 ip unnumbered fastethernet x/x encapsulation ppp group-range x/x y/y compress stac ip tcp header-compression Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63276t=63253 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Switch Port [7:63275]
You need to change the speed first, then you can change the duplex. It has to be in that order. SamN wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... switch1 (enable) set port duplex 6/8 half Port 6/8 is in auto-sensing mode. The above switch is a 6500. AS i understand, the ports can be set to full,half or auto but when i try setting it to half, it doesn't allow me to. thank you Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63279t=63275 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Firewall/PIX help.... [7:63167]
PIX does not have Antivirus, IDS, or content filtering bultin. I don't think I know of any hardware based firewalls that do. You may have to look into a software based solution. Maybe computer associates or Symantec make such a suite. Gunjan Mathur wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, I'm looking for firewall solution for my company, we have two WAN connections and currently my users are connected thru two proxy m/c to Internet. Which PIX model would server the needs. I also need content filtering, Intrustion detection and Anti-virus protection on firewall itself. Is all these things are possible on PIX? TIA __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63280t=63167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
clearing conduit [7:63278]
Lets say you are administering a PIX remotely. You SSH into a machine on the PIX's internal network and from there you telnet into the PIX. Security is via conduits and it might look like this: conduit permit tcp 192.168.43.0 255.255.255.255 eq 22 any conduit permit tcp 192.168.43.0 255.255.255.255 eq 80 any conduit permit tcp 192.168.43.0 255.255.255.255 eq 443 any No I want to put conduit permit tcp 192.168.43.0 255.255.255.255 eq 21 any in between the top 2 statements. Why it needs to be there is not important, this is a theoreitcal question. How can I do this without blocking myself out of the PIX? I imagine I would have to do a clear conduit and then enter the whole new list in again since you can't add a statement in the middle of a conduit. Once I do clear conduit I'd suspect I'd be blocked out before I can add the new conduit. Is this true? I know I could probably use access-lists to do this but I'm speaking strictly about conduits when I ask this question. The main question is if I'm administering the PIX remotely and need to add a conduit anywhere except the end of the list then how can I do that without locking myself out. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63278t=63278 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Equipment for sales [7:63258]
I4m selling: 2 Wireless cisco PC Cards PCM350 (For laptops) 1 Wireless cisco PC Cards PCM340 (For laptops) 1 Router 1750 2V, CAB-V35MT, 1 FXS, 8-32 If you are interested just write me! _ Charla con tus amigos en lmnea mediante MSN Messenger: http://messenger.yupimsn.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63258t=63258 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Can this nat be done on a pix?? [7:63281]
Please help, I went with PIX instead of CP and I cannot find a way to do this now!!! Setup PIX 515E-ur - | PIX inside PIX intf2| | 192.168.25.0/24 10.178.25.25/16 | | | | | | Inside get nat when | | going to intf2 | Network Network I want the following NAT setup to happen: If src inside=any, dst intf2=10.178.10.10 then xlate src=10.178.70.20 If src inside=any, dst intf2=10.178.10.11 then xlate src=10.178.80.30 If src inside=any, dst intf2=10.178.10.12 then xlate src=10.178.90.40 otherwise if src inside=any, dst intf2=any then no Xlate I do not want to use statics because there are alot of different boxes and there is no router in this setup that can perform the nat Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63281t=63281 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE written exercise question [7:63247]
At 4:06 PM + 2/18/03, Daniel Cotts wrote: In line: -Original Message- From: lee wooi keat [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 4:51 AM To: [EMAIL PROTECTED] Subject: CCIE written exercise question [7:63247] All, I'm preparing CCIE written exam and encounter some tricky questions in exercise. Would like to ask for help for those who can solve it: 1) Which one is NOT Well-known attribute for BGP ? - local preference = Well-known discretionary attribute - origin = Well-known mandatory attribute - weight = Cisco proprietary attribute - community = Optional Transitive attribute - cluster-id = Used in configuring Route Reflectors You can only choose one out of 5. Problem is that only two are well-known attributes. If they allow any of the three then this is an easy question. (grin) Maybe the question should have asked Which one is not a BGP attribute? Good point, and I have to remember exactly the way I wrote the question (if indeed it's mine -- I don't remember including cluster-ID in the CertZone question). The point I was driving at when I wrote a question on this, and was not trying to give it away, is that weight is NOT an attribute at all. It is never sent in BGP but is local to the router. All the others can be transmitted in BGP, but, as you point out, not all are well-known. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63282t=63247 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Can this nat be done on a pix?? [7:63281]
Tried Nat 0 (inside) access-list_nat0 Nat 1 rest ip traffic to outside(nat id 1 same as global (int) id 1) Access-list_nat0 do not nat to ip range 2nd interface Martijn -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Robert Perez Verzonden: dinsdag 18 februari 2003 19:15 Aan: [EMAIL PROTECTED] Onderwerp: Can this nat be done on a pix?? [7:63281] Please help, I went with PIX instead of CP and I cannot find a way to do this now!!! Setup PIX 515E-ur - | PIX inside PIX intf2| | 192.168.25.0/24 10.178.25.25/16 | | | | | | Inside get nat when | | going to intf2 | Network Network I want the following NAT setup to happen: If src inside=any, dst intf2=10.178.10.10 then xlate src=10.178.70.20 If src inside=any, dst intf2=10.178.10.11 then xlate src=10.178.80.30 If src inside=any, dst intf2=10.178.10.12 then xlate src=10.178.90.40 otherwise if src inside=any, dst intf2=any then no Xlate I do not want to use statics because there are alot of different boxes and there is no router in this setup that can perform the nat Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63284t=63281 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: clearing conduit [7:63278]
Look at the problem from another direction. How about a modem connected to a terminal server. The TS connects to the PIX console port. That way your connection is out-of-band. I'd agree that the modem should be powered off except when needed. Local admin staff would have to hit the big red switch. -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 11:32 AM To: [EMAIL PROTECTED] Subject: clearing conduit [7:63278] Lets say you are administering a PIX remotely. You SSH into a machine on the PIX's internal network and from there you telnet into the PIX. Security is via conduits and it might look like this: conduit permit tcp 192.168.43.0 255.255.255.255 eq 22 any conduit permit tcp 192.168.43.0 255.255.255.255 eq 80 any conduit permit tcp 192.168.43.0 255.255.255.255 eq 443 any No I want to put conduit permit tcp 192.168.43.0 255.255.255.255 eq 21 any in between the top 2 statements. Why it needs to be there is not important, this is a theoreitcal question. How can I do this without blocking myself out of the PIX? I imagine I would have to do a clear conduit and then enter the whole new list in again since you can't add a statement in the middle of a conduit. Once I do clear conduit I'd suspect I'd be blocked out before I can add the new conduit. Is this true? I know I could probably use access-lists to do this but I'm speaking strictly about conduits when I ask this question. The main question is if I'm administering the PIX remotely and need to add a conduit anywhere except the end of the list then how can I do that without locking myself out. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63285t=63278 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Switch Port [7:63275]
Sam, Speed and Duplex are tied at the hip - if speed is auto, duplex must be auto. Try hard-coding the speed, first, then the duplex. -Bob Sinclair - Original Message - From: SamN To: Sent: Tuesday, February 18, 2003 12:18 PM Subject: Switch Port [7:63275] switch1 (enable) set port duplex 6/8 half Port 6/8 is in auto-sensing mode. The above switch is a 6500. AS i understand, the ports can be set to full,half or auto but when i try setting it to half, it doesn't allow me to. thank you Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63286t=63275 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Eric Greenberg's Latest Book [7:63220]
Looks like he has a nice Web site regarding security too. I purchased the book. It sounds good and very approachable at a low cost and low page-count. I have no affiliation with the author, having never met him or even corresponded with him, except maybe a couple e-mails after he published his first book, which was very good. This is filler, can you tell? :-) The URL to his security Web site is here: http://www.criticalsecurity.com/ Priscilla Nigel Taylor wrote: All, I'm sure every one is aware of Eric Greenberg's previous title - Network Application Frameworks which received numerous mentions on this list. I was just out getting my daily nerd-related update from another great web site /. and found this link. http://books.slashdot.org/article.pl?sid=03/02/13/1515257mode=nocommenttid= 172 Apparently, Eric is busy at it again and based on the review seems to have done another great job. I was just wondering if anyone on the list has had the opportunity to read the book, and would like to share their thoughts. I just placed my order on bookpool :-) Nigel Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63287t=63220 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: clearing conduit [7:63278]
I've thought of this and will have this in place as well. So then I guess that there is no way to add to middle of conduit without locking yourself out. Daniel Cotts wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Look at the problem from another direction. How about a modem connected to a terminal server. The TS connects to the PIX console port. That way your connection is out-of-band. I'd agree that the modem should be powered off except when needed. Local admin staff would have to hit the big red switch. -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 11:32 AM To: [EMAIL PROTECTED] Subject: clearing conduit [7:63278] Lets say you are administering a PIX remotely. You SSH into a machine on the PIX's internal network and from there you telnet into the PIX. Security is via conduits and it might look like this: conduit permit tcp 192.168.43.0 255.255.255.255 eq 22 any conduit permit tcp 192.168.43.0 255.255.255.255 eq 80 any conduit permit tcp 192.168.43.0 255.255.255.255 eq 443 any No I want to put conduit permit tcp 192.168.43.0 255.255.255.255 eq 21 any in between the top 2 statements. Why it needs to be there is not important, this is a theoreitcal question. How can I do this without blocking myself out of the PIX? I imagine I would have to do a clear conduit and then enter the whole new list in again since you can't add a statement in the middle of a conduit. Once I do clear conduit I'd suspect I'd be blocked out before I can add the new conduit. Is this true? I know I could probably use access-lists to do this but I'm speaking strictly about conduits when I ask this question. The main question is if I'm administering the PIX remotely and need to add a conduit anywhere except the end of the list then how can I do that without locking myself out. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63288t=63278 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Certification Digest V2 #2446 [7:63289]
Your message to [EMAIL PROTECTED] sent Tue, 18 Feb 2003 19:48:02 GMT cannot be delivered because the intended recipient has left the Company. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63289t=63289 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]
Stephen Hoover wrote: Ken, Thanks for the input on this discussion. I follow and understand your example without any problems. Now if taking it back to the original original question - Does L3 switching require VLANs - produces this question for your example: You state 1 fiber feed for both Science and Engineering in the Labs building. I am then assuming that they are all connected to the same set of switches (Layer 2) in that building. Could you have not just simply assigned the hosts for Science to 1 IP network and the hosts for Engineering to another IP network - then created respective gateway interfaces for each network back on the common Layer 3 switch and accomplished the same thing?? It depends on the meaning of thing in your accomplish the same thing comment. :-) I think you already figured out your confusion and maybe this message is old, but I'll reply just in case. With your design you would accomplish connectivity. However, you would not accomplish separation of broadcast traffic for the two user communities. VLANs in the L2-switched part of the network give you that. VLANs have lots of features, but that's one of their primary ones. I think Ken's example is one of the cleanest I've seen. I may have to borrow it for my classes. Thanks for a good discussion, Stephen. THE END (hopefully! :-) Priscilla If the answer is yes, I will followup with another question. If the answer is no, then please explain. Thanks!! Stephen - Original Message - From: Ken Diliberto To: Sent: Tuesday, February 18, 2003 12:24 AM Subject: Re: Does MLS (Layer 3 switching) require VLANs? [7:63147] Stephen, You're getting there. Let me give an example of how VLANs are used (I'd draw a picture, but it probably wouldn't look good). For this example, let's use two of the colleges on my university network: Science and Engineering. Each has their own block of IP addresses and want their traffic separate from the other. They also want flat addressing (no subnetting). We have three buildings: Science, Engineering and Labs. Science and Engineering both have computer labs in the Labs building. Each want their labs on their respective IP address blocks. If money were no object, this would be fairly easy with vanilla switches and a router with two ethernet interfaces. Multiple fiber feeds and two sets of switches would be everywhere. With budget limitations (for this example), we only have a single fiber feed to each location. That means each fiber feed needs to carry traffic for both networks. To keep the traffic separate, we partition the switch ports into two LANs: LAN 10 and LAN 20. These two LANs in one switch are treated as unique. To do this, the switch creates Virtual LANs or VLANs. The fiber feeds are now trunks because a header is added to each frame to identify the VLAN it belongs to. So far so good? Why would we need a router? To talk between VLANs. Do routers understand trunks? Yes. This brings up one more concept: the Router on a Stick. A router on a stick is a router with a single network connection. This single connection is configured as a trunk so the router can see all the different VLANs. If the router finds a packet on VLAN 10 with a destination on VLAN 20, it rewrites the headers for the destination and puts it back on the same trunk with VLAN 20 headers. Remember: replace layer 3 switch with router every time you see it. That might make more sense. Hope this helps. Ken Stephen Hoover 02/17/03 06:55PM I appreciate everyone's input on this subject to help me understand this concept. As far as the newbies comment goes - I most definitely am. I'm about as green as they come. I have both my CCNA and my CCDA, but my only real experience is installing 2 T1s (at different locations) and configuring NAT for them. I have large amount of knowledge, just no experience. It has been my goal and my dream to become a serious network engineer for the last 6 years, but I just cannot seem to get a job that offers any experience. Everytime I get a network position, I just seemed to end up doing desktop support. When I first heard the term Layer 3 switching (some 4 years ago now) the first thing that popped into my mind was a switch that can route. I never even heard of a VLAN until a couple of years ago. The Cisco Study guide starts off talking about VLANs, and moves right into Inter-VLAN routing without ever really discussing Layer 3 switching as a seperate process. This is really where my confusion started. The book makes it sound like L3 switching is directly dependent on VLANs, and I just didn't see it - it wasn't something I was just willing to accept. Further more, the book states that VLANs allow for physical
Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]
Stephen Hoover wrote: Ken, Thanks for the input on this discussion. I follow and understand your example without any problems. Now if taking it back to the original original question - Does L3 switching require VLANs - produces this question for your example: You state 1 fiber feed for both Science and Engineering in the Labs building. I am then assuming that they are all connected to the same set of switches (Layer 2) in that building. Could you have not just simply assigned the hosts for Science to 1 IP network and the hosts for Engineering to another IP network - then created respective gateway interfaces for each network back on the common Layer 3 switch and accomplished the same thing?? It depends on the meaning of thing in your accomplish the same thing comment. :-) I think you already figured out your confusion and maybe this message is old, but I'll reply just in case. With your design you would accomplish connectivity. However, you would not accomplish separation of broadcast traffic for the two user communities. VLANs in the L2-switched part of the network give you that. VLANs have lots of features, but that's one of their primary ones. I think Ken's example is one of the cleanest I've seen. I may have to borrow it for my classes. Thanks for a good discussion, Stephen. THE END (hopefully! :-) Priscilla If the answer is yes, I will followup with another question. If the answer is no, then please explain. Thanks!! Stephen - Original Message - From: Ken Diliberto To: Sent: Tuesday, February 18, 2003 12:24 AM Subject: Re: Does MLS (Layer 3 switching) require VLANs? [7:63147] Stephen, You're getting there. Let me give an example of how VLANs are used (I'd draw a picture, but it probably wouldn't look good). For this example, let's use two of the colleges on my university network: Science and Engineering. Each has their own block of IP addresses and want their traffic separate from the other. They also want flat addressing (no subnetting). We have three buildings: Science, Engineering and Labs. Science and Engineering both have computer labs in the Labs building. Each want their labs on their respective IP address blocks. If money were no object, this would be fairly easy with vanilla switches and a router with two ethernet interfaces. Multiple fiber feeds and two sets of switches would be everywhere. With budget limitations (for this example), we only have a single fiber feed to each location. That means each fiber feed needs to carry traffic for both networks. To keep the traffic separate, we partition the switch ports into two LANs: LAN 10 and LAN 20. These two LANs in one switch are treated as unique. To do this, the switch creates Virtual LANs or VLANs. The fiber feeds are now trunks because a header is added to each frame to identify the VLAN it belongs to. So far so good? Why would we need a router? To talk between VLANs. Do routers understand trunks? Yes. This brings up one more concept: the Router on a Stick. A router on a stick is a router with a single network connection. This single connection is configured as a trunk so the router can see all the different VLANs. If the router finds a packet on VLAN 10 with a destination on VLAN 20, it rewrites the headers for the destination and puts it back on the same trunk with VLAN 20 headers. Remember: replace layer 3 switch with router every time you see it. That might make more sense. Hope this helps. Ken Stephen Hoover 02/17/03 06:55PM I appreciate everyone's input on this subject to help me understand this concept. As far as the newbies comment goes - I most definitely am. I'm about as green as they come. I have both my CCNA and my CCDA, but my only real experience is installing 2 T1s (at different locations) and configuring NAT for them. I have large amount of knowledge, just no experience. It has been my goal and my dream to become a serious network engineer for the last 6 years, but I just cannot seem to get a job that offers any experience. Everytime I get a network position, I just seemed to end up doing desktop support. When I first heard the term Layer 3 switching (some 4 years ago now) the first thing that popped into my mind was a switch that can route. I never even heard of a VLAN until a couple of years ago. The Cisco Study guide starts off talking about VLANs, and moves right into Inter-VLAN routing without ever really discussing Layer 3 switching as a seperate process. This is really where my confusion started. The book makes it sound like L3 switching is directly dependent on VLANs, and I just didn't see it - it wasn't something I was just willing to accept. Further more, the book states that VLANs allow for physical
Re: Switch Port [7:63275]
You first have to set the speed, it currently in auto. C6509 (enable) set port speed 5/8 auto Port(s) 5/8 speed set to auto detect. C6509 (enable) set port duplex 5/8 half Port 5/8 is in auto-sensing mode. C6509 (enable) set port speed 5/8 100 Port(s) 5/8 speed set to 100Mbps. C6509 (enable) set port duplex 5/8 half Port(s) 5/8 set to half-duplex. C6509 (enable) Dave SamN wrote: switch1 (enable) set port duplex 6/8 half Port 6/8 is in auto-sensing mode. The above switch is a 6500. AS i understand, the ports can be set to full,half or auto but when i try setting it to half, it doesn't allow me to. thank you -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63292t=63275 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cat 6000 PCMCIA Flash Card Same as 3600? [7:63293]
I would like to buy a flash PC card for my Cat 6000 with Sup1A. I know there are different file system formats for various devices, but do the 3600 and 6000 cards have the same physical spec? Can I use the same card in both devices if I reformat? Thanks, -Bob Sinclair Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63293t=63293 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE written exercise question [7:63247]
Problem being that Cisco uses the term attribute in the discussion of weight. Source BSCN ver1.0 Training Materials. There is a page listing the various types of attributes and which attributes fall under each type. A kicker line states In addition, Cisco has defined a weight attribute for BGP. Following pages explain the various attributes. Page for Weight has slide Weight Attribute (Cisco Only) with discussion: The weight attribute is a Cisco-defined attribute used for the path selection process. The weight is configued locally to a router and is not propagated to any other routers. ... etc. So the right answer vs the Cisco answer. Maybe we can say it's an attribute for CCNP exams and not an attribute at NANOG meetings. -Original Message- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 12:19 PM To: [EMAIL PROTECTED] Subject: RE: CCIE written exercise question [7:63247] At 4:06 PM + 2/18/03, Daniel Cotts wrote: In line: -Original Message- From: lee wooi keat [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 4:51 AM To: [EMAIL PROTECTED] Subject: CCIE written exercise question [7:63247] All, I'm preparing CCIE written exam and encounter some tricky questions in exercise. Would like to ask for help for those who can solve it: 1) Which one is NOT Well-known attribute for BGP ? - local preference = Well-known discretionary attribute - origin = Well-known mandatory attribute - weight = Cisco proprietary attribute - community = Optional Transitive attribute - cluster-id = Used in configuring Route Reflectors You can only choose one out of 5. Problem is that only two are well-known attributes. If they allow any of the three then this is an easy question. (grin) Maybe the question should have asked Which one is not a BGP attribute? Good point, and I have to remember exactly the way I wrote the question (if indeed it's mine -- I don't remember including cluster-ID in the CertZone question). The point I was driving at when I wrote a question on this, and was not trying to give it away, is that weight is NOT an attribute at all. It is never sent in BGP but is local to the router. All the others can be transmitted in BGP, but, as you point out, not all are well-known. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63294t=63247 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE written exercise question [7:63247]
At 3:27 PM -0600 2/18/03, Daniel Cotts wrote: Problem being that Cisco uses the term attribute in the discussion of weight. Source BSCN ver1.0 Training Materials. There is a page listing the various types of attributes and which attributes fall under each type. A kicker line states In addition, Cisco has defined a weight attribute for BGP. If you listen closely, you can hear the sound of my head pounding on the desk so it will feel good when I stop. Maybe this should get copied to Phil Smith or Barry Greene. Following pages explain the various attributes. Page for Weight has slide Weight Attribute (Cisco Only) with discussion: The weight attribute is a Cisco-defined attribute used for the path selection process. The weight is configued locally to a router and is not propagated to any other routers. ... etc. Of course! It has to be a BGP attribute to be propagated! So the right answer vs the Cisco answer. Maybe we can say it's an attribute for CCNP exams and not an attribute at NANOG meetings. *moan* -Original Message- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 12:19 PM To: [EMAIL PROTECTED] Subject: RE: CCIE written exercise question [7:63247] At 4:06 PM + 2/18/03, Daniel Cotts wrote: In line: -Original Message- From: lee wooi keat [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 4:51 AM To: [EMAIL PROTECTED] Subject: CCIE written exercise question [7:63247] All, I'm preparing CCIE written exam and encounter some tricky questions in exercise. Would like to ask for help for those who can solve it: 1) Which one is NOT Well-known attribute for BGP ? - local preference = Well-known discretionary attribute - origin = Well-known mandatory attribute - weight = Cisco proprietary attribute - community = Optional Transitive attribute - cluster-id = Used in configuring Route Reflectors You can only choose one out of 5. Problem is that only two are well-known attributes. If they allow any of the three then this is an easy question. (grin) Maybe the question should have asked Which one is not a BGP attribute? Good point, and I have to remember exactly the way I wrote the question (if indeed it's mine -- I don't remember including cluster-ID in the CertZone question). The point I was driving at when I wrote a question on this, and was not trying to give it away, is that weight is NOT an attribute at all. It is never sent in BGP but is local to the router. All the others can be transmitted in BGP, but, as you point out, not all are well-known. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63295t=63247 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Firewall/PIX help.... [7:63167]
The PIX does have IDS capabilities, but very rudimentary. no anti-virus or content filtering. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63296t=63167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IP Helper with Netware 5.1 and win 9598 [7:63297]
I have two ip-helper addresses configured on 2621 which connects to another 2621 at the HUB where DHCP servers reside. I have 2 Novell Netware 5.1 servers as DHPC servers. Lease is set to 3 days Everthing is working as expected except windows 95 and 98 clients are not renewing the IP after three days. If you manually release and renew the IP, it works fine, but when users turn on the pc after the lease has expired, it's not renewing it automatically. DCHP clients on the hub site are working just fine using same DHCP servers. Rihgt now the Helper addresses are set to unicast address pointing to those two servers. I was wondering if setting the helper address to subnet broadcast address makes any difference. Thanks in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63297t=63297 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: access-list acl_out permit ip impact [7:63234]
Here is a correct statment for Access group access-group acl_out in interface outside Rest is correct. -- Curious MCSE, CCNP Ismail Al-Shelh wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... 10.10.0.0 255.255.0.0---515E PIX FIREWALL--1750 ROUTER10.15.0.0 255.255.0.0 10.15.0.0 Is the inside network 10.10.10.0 Is the outside network In CISCO PIX FIREWALL Version 6.1(4), what is the impact of this command? access-list acl_out permit ip 10.10.0.0 255.255.0.0 10.15.0.0 255.255.0.0 access-group in interface outside does it mean that the 10.10 network can reach 10.15 network through any port ! and if not then how can I let the 10.10 network can reach 10.15 network through any port ! is IP include TCP and UDP ? Please help me with the exact impact of this command. Ismail Al-Shelh Abdulla Fouad Company Network Engineer CD-Dammam Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63298t=63234 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: clearing conduit [7:63278]
Not sure if this is possible on PIX, but I've done this with access lists on routers. you would need tftp access to the router / pix in question. copy the running config to the tftp server and modify the copy on the tftp server. copy from the tftp server to STARTUP config. then issue copy start run. AFAIK this should work, but the safer way is definitely out of band as Daniel has already mentioned. Keith Sam Sneed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've thought of this and will have this in place as well. So then I guess that there is no way to add to middle of conduit without locking yourself out. Daniel Cotts wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Look at the problem from another direction. How about a modem connected to a terminal server. The TS connects to the PIX console port. That way your connection is out-of-band. I'd agree that the modem should be powered off except when needed. Local admin staff would have to hit the big red switch. -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 11:32 AM To: [EMAIL PROTECTED] Subject: clearing conduit [7:63278] Lets say you are administering a PIX remotely. You SSH into a machine on the PIX's internal network and from there you telnet into the PIX. Security is via conduits and it might look like this: conduit permit tcp 192.168.43.0 255.255.255.255 eq 22 any conduit permit tcp 192.168.43.0 255.255.255.255 eq 80 any conduit permit tcp 192.168.43.0 255.255.255.255 eq 443 any No I want to put conduit permit tcp 192.168.43.0 255.255.255.255 eq 21 any in between the top 2 statements. Why it needs to be there is not important, this is a theoreitcal question. How can I do this without blocking myself out of the PIX? I imagine I would have to do a clear conduit and then enter the whole new list in again since you can't add a statement in the middle of a conduit. Once I do clear conduit I'd suspect I'd be blocked out before I can add the new conduit. Is this true? I know I could probably use access-lists to do this but I'm speaking strictly about conduits when I ask this question. The main question is if I'm administering the PIX remotely and need to add a conduit anywhere except the end of the list then how can I do that without locking myself out. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63299t=63278 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CS11152 MIB's [7:63300]
Anyone know where I can download these? I couldn't find them on Cisco site. I'd like to get CPU stats on my CSS11152 via snmp. thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63300t=63300 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Aironet Client Adaptor Software with Avaya Wireless Card [7:63302]
I have :Cisco ACS with Aironet 350 and all clients have Avaya Gold card installed. Is it possible to use the EAP in this scenario? Could I load the newest version of client adaptor firmware from Cisco on Avaya cards? I need to secure the authentication using ACS and EAP using Avaya Cards. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63302t=63302 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]
Priscilla, All I want is credit. :-) Some guy on one of the many mailling lists I frequent put it this way: (maybe not) Ken Priscilla Oppenheimer 02/18/03 12:06PM [snip] I think Ken's example is one of the cleanest I've seen. I may have to borrow it for my classes. [snip] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63303t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Layer 3 switching [7:63304]
hi, I am trying to have a clearer picture of the layer 3 switching concept. Assuming that I have a Core Catalyst 6 series switch with layer 3 switching capabilities, I have a Access layer switch connected to the core with two port label Vlan 1 subnet 1 and Vlan 2 subnet 2, when frames is sent from from Vlan 1 to Vlan 2 on the same Access switch, my understanding is that for layer 3 switching , it will evoke a route one and switch the rest concept , my question is that, after the first route , if no Access list has been created, will the the Access switch be smart enough to perform internal switching, that is , frame direct from Vlan 1 to Vlan 2 internally within the Access switch. If the answer is no, Are there switches on the market that is routing by this concept, please advice , thanks to all the guys who have tried to entertain all my questions Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63304t=63304 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Firewall/PIX help.... [7:63167]
I thought the PIX can do content filtering if hooked up with websense? Doesn't it use WCCP to do this. Sonicwall says it can do inbuilt anti-virus, content filtering. But it looks like its a subscription based service so it's not really your firewall doing these functions. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 19, 2003 8:42 AM To: [EMAIL PROTECTED] Subject: RE: Firewall/PIX help [7:63167] The PIX does have IDS capabilities, but very rudimentary. no anti-virus or content filtering. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63306t=63167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE written exercise question [7:63247]
Mr. Berkowitz If it wasn't for your humor companied with your experience and knowledge, I would have went into a coma from reading other postings. Keep up the work and don't stop rocking the boatDUDE. -Original Message- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 4:41 PM To: [EMAIL PROTECTED] Subject: RE: CCIE written exercise question [7:63247] At 3:27 PM -0600 2/18/03, Daniel Cotts wrote: Problem being that Cisco uses the term attribute in the discussion of weight. Source BSCN ver1.0 Training Materials. There is a page listing the various types of attributes and which attributes fall under each type. A kicker line states In addition, Cisco has defined a weight attribute for BGP. If you listen closely, you can hear the sound of my head pounding on the desk so it will feel good when I stop. Maybe this should get copied to Phil Smith or Barry Greene. Following pages explain the various attributes. Page for Weight has slide Weight Attribute (Cisco Only) with discussion: The weight attribute is a Cisco-defined attribute used for the path selection process. The weight is configued locally to a router and is not propagated to any other routers. ... etc. Of course! It has to be a BGP attribute to be propagated! So the right answer vs the Cisco answer. Maybe we can say it's an attribute for CCNP exams and not an attribute at NANOG meetings. *moan* -Original Message- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 12:19 PM To: [EMAIL PROTECTED] Subject: RE: CCIE written exercise question [7:63247] At 4:06 PM + 2/18/03, Daniel Cotts wrote: In line: -Original Message- From: lee wooi keat [mailto:[EMAIL PROTECTED]]Sent: Tuesday, February 18, 2003 4:51 AMTo: [EMAIL PROTECTED] Subject: CCIE written exercise question [7:63247] All, I'm preparing CCIE written exam and encounter some tricky questions in exercise. Would like to ask for help for those who can solve it: 1) Which one is NOT Well-known attribute for BGP ? - local preference = Well-known discretionary attribute - origin = Well-known mandatory attribute - weight = Cisco proprietary attribute - community = Optional Transitive attribute - cluster-id = Used in configuring Route Reflectors You can only choose one out of 5. Problem is that only two are well-known attributes. If they allow any of the three then this is an easy question. (grin) Maybe the question should have asked Which one is not a BGP attribute? Good point, and I have to remember exactly the way I wrote the question (if indeed it's mine -- I don't remember including cluster-ID in the CertZone question). The point I was driving at when I wrote a question on this, and was not trying to give it away, is that weight is NOT an attribute at all. It is never sent in BGP but is local to the router. All the others can be transmitted in BGP, but, as you point out, not all are well-known. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63307t=63247 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]
Ken Diliberto wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Priscilla, All I want is credit. :-) if it makes you feel better, Ken, I always credit you with at least two cents worth I'm going to be visiting some of your compadres int the next couple of weeks. Dare I drop your name? ;- Some guy on one of the many mailling lists I frequent put it this way: (maybe not) Ken Priscilla Oppenheimer 02/18/03 12:06PM [snip] I think Ken's example is one of the cleanest I've seen. I may have to borrow it for my classes. [snip] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63305t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Firewall/PIX help.... [7:63167]
Sonic Wall Firewalls can do some content filtering and there is an antivirus option you can get. No IDS, though. Pix has a rudimentary IDS, as has been stated. It has 59 signatures or so. Tom Larus Gunjan Mathur wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, I'm looking for firewall solution for my company, we have two WAN connections and currently my users are connected thru two proxy m/c to Internet. Which PIX model would server the needs. I also need content filtering, Intrustion detection and Anti-virus protection on firewall itself. Is all these things are possible on PIX? TIA __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63308t=63167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
native vlan, trunking question [7:63309]
I'm confused on native vlan and trunking. Can I assign a port to a trunk (for all the vlans), then assign that port to a vlan100? Does that port belong to native vlan100? What means native vlan? Thanks. Yoshi Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63309t=63309 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
100 Mbps on Cat3 or Cat4 [7:63310]
Are unintelligent 10 Mbps hubs better than unintelligent 10/100 Mbps switches when the network cables that connect the PCs to the hub or switch are Cat3 or Cat4? I provide network services to dozens of non-profits. Most of the sites have Cat3 or Cat4 cabling. I have a co-worker who says that 10 Mbps hubs should be used until the sites are upgraded to Cat5 (which won't be happening any time soon). His rational: If the PC NICs are set to auto detect speed and the unintelligent 10/100 switch is set to auto detect speed, that data will try to pass through the Cat3 or Cat4 wire at 100 Mbps. He says that while the data can pass thru the wire at those rates, it's the signaling that gets scrambled at that rate on a Cat3 or Cat4 wire. Consequently, to prevent signaling problems that may in turn cause data integrity problems, he's recommending to use 10 Mbps hubs. Is this a valid argument? Note: New, unintelligent 10 Mbps hubs appear to be becoming less available and more costly relative to unintelligent 10/100 Mbps switches as time goes on. Consequently, this issue is starting to have financial implications. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63310t=63310 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CS11152 MIB's [7:63300]
I believe the MIBs are on the CSS itself. Use an FTP client to browse the box and you'll find them somewhere. I'm at home at the moment and I can't remember which directory they're in but it seems like it's fairly clear when you see it. John Sam Sneed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Anyone know where I can download these? I couldn't find them on Cisco site. I'd like to get CPU stats on my CSS11152 via snmp. thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63311t=63300 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Layer 3 switching [7:63304]
I'm fairly certain the answer to your first question is no, the switch will not be intelligent enough to switch it to the appropriate port automatically. The reason is that the switch must go through a layer 3 device to get from one VLAN (aka IP subnet) to another. I don't think this is a real issue since the rest of the traffic is switched at wire speed, introducing very little (almost no) latency. There are however switches on the market, even by Cisco that will do this. Any layer 3 switch will do. For example, the Cisco 2948G-L3 switch. Check out their website under Products and Technologies for more information. Han Chuan Alex Ang wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... hi, I am trying to have a clearer picture of the layer 3 switching concept. Assuming that I have a Core Catalyst 6 series switch with layer 3 switching capabilities, I have a Access layer switch connected to the core with two port label Vlan 1 subnet 1 and Vlan 2 subnet 2, when frames is sent from from Vlan 1 to Vlan 2 on the same Access switch, my understanding is that for layer 3 switching , it will evoke a route one and switch the rest concept , my question is that, after the first route , if no Access list has been created, will the the Access switch be smart enough to perform internal switching, that is , frame direct from Vlan 1 to Vlan 2 internally within the Access switch. If the answer is no, Are there switches on the market that is routing by this concept, please advice , thanks to all the guys who have tried to entertain all my questions Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63312t=63304 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN Switch and BRi config [7:63313]
What command can i use to tell if my ISDN switch is turned on and operating properly between two bri0 int on routers? here is what I have configured r1 interface BRI0 ip address 150.100.7.1 255.255.255.0 encapsulation ppp ip ospf demand-circuit dialer map ip 150.100.7.2 broadcast 2002 dialer-group 1 isdn switch-type basic-5ess dialer-list 1 protocol ip permit 1#sh isdn status Global ISDN Switchtype = basic-5ess ISDN BRI0 interface dsl 0, interface ISDN Switchtype = basic-5ess Layer 1 Status: ACTIVE Layer 2 Status: TEI = 64, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED Layer 3 Status: 0 Active Layer 3 Call(s) Active dsl 0 CCBs = 0 The Free Channel Mask: 0x8003 Number of L2 Discards = 0, L2 Session ID = 1 Total Allocated ISDN CCBs r2#sh run int bri0 Building configuration... Current configuration : 166 bytes ! interface BRI0 ip address 150.100.7.2 255.255.255.0 encapsulation ppp dialer map ip 150.100.7.1 broadcast 2001 dialer-group 1 isdn switch-type basic-5ess end r2#sh isdn stat Global ISDN Switchtype = basic-5ess ISDN BRI0 interface dsl 0, interface ISDN Switchtype = basic-5ess Layer 1 Status: ACTIVE Layer 2 Status: TEI = 64, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED Layer 3 Status: 0 Active Layer 3 Call(s) Active dsl 0 CCBs = 0 The Free Channel Mask: 0x8003 Number of L2 Discards = 0, L2 Session ID = 0 Total Allocated ISDN CCBs = 0 r2# I have it configured by cant ping from r1 to r2 and not sure why thx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63313t=63313 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX enable SYN Floodguard by default on outer int? [7:63314]
Check the following link and see if it has the answer to your question: http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration _guide_chapter09186a008008d313.html Richard Campbell wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi.. Group, May I know whether the SYN Floodguard is enabled on PIX outside interface or I have to manually enable by the following command PIX(config)#nat (outside) 1 0.0.0.0 0.0.0.0 8000 8000 Is the command correct? assuming my nat_id is 1. Thanks a lot _ Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63314t=63314 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP Helper with Netware 5.1 and win 9598 [7:63297]
Firesox wrote: I have two ip-helper addresses configured on 2621 which connects to another 2621 at the HUB where DHCP servers reside. Do you have two ip helper addresses on the same interface? Does that really do any good or does the first one just get used all the time? Or do you mean two helper addresses, one on one interface and one on another. I have 2 Novell Netware 5.1 servers as DHPC servers. Are the Novell DHCP servers on the same LAN, IP subnet, broadcast domain? Lease is set to 3 days Everthing is working as expected except windows 95 and 98 clients are not renewing the IP after three days. If you manually release and renew the IP, it works fine, but when users turn on the pc after the lease has expired, it's not renewing it automatically. DCHP clients on the hub site are working just fine using same DHCP servers. Rihgt now the Helper addresses are set to unicast address pointing to those two servers. I was wondering if setting the helper address to subnet broadcast address makes any difference. You need to find out why this is happening. Do the clients attempt to renew, i.e. send the DHCP requests or are they just silent? If the DHCP clients attempt to renew and their server (i.e. the one that their helper address points to) doesn't respond, it might help to change the helper address to broadcast to give the other server a chance to reply, assuming the servers are on the same LAN. The other router would have to forward directed broadcasts for the broadcast to end up on the LAN. But it wouldn't be advisable to make this change without knowing why the problem is happening and what negative side effects could occur from the change. Priscilla Thanks in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63315t=63297 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]
Priscilla, Ok, you caught me not telling the whole truth. There is a second VLAN on the switch, but my point was that the MLS cache is full of entries for one host talking to another host off of the same VLAN interface but on a secondary subnet, indicating that L3 switching (routing) took place for that data-flow...So now I guess there are two hands clapping ;-) You sure do keep us all on our toes!!! Thanks! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 1:08 AM To: [EMAIL PROTECTED] Subject: RE: Does MLS (Layer 3 switching) require VLANs? [7:63147] I'm loath to continue this discussion, but I do have a question for Kelly. Why do you have a VLAN at all in your example?? Isn't a single VLAN sort of like one hand clapping? Seriously, what role is it playing in your network? Of course you don't have to have VLANs to do routing/L3 switching, as you probabaly know. But maybe there's some weird configuration gotcha, specific to the 6509? Just curious. Thanks. Larry said the majority of the Cisco campus is networked with L3 switches and not using vlans. That says a lot right there! Priscilla Kelly Cobean wrote: All, I'd like to add to this something that I haven't seen in other posts yet, and that is a quick look at layer2 function. I have a Catalyst 6509 with an MSFC on it. There is only *ONE* VLAN configured on the MSFC, however, that VLAN has several secondary addresses assigned to it (I know, not a great solution, but let's not go there). If I do a show mls entry on my switch, it is full of entries for hosts talking to hosts on the same VLAN. My point? When a host wants to talk to a host on another subnet (VLAN or not), it ANDs the address with it's own mask, determines that the host is in fact on a different subnet, then arps (if necessary) for it's default gateway (the MSFC) and sends the packet on it's way. The 6509/MSFC receive the packet and begin the MLS cache setup process (candidate packet, timeout, etc). All this is still done inspite of the fact that the MSFC only has a single VLAN. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Stephen Hoover Sent: Monday, February 17, 2003 8:33 PM To: [EMAIL PROTECTED] Subject: Re: Does MLS (Layer 3 switching) require VLANs? [7:63147] - actually it is by doing secondaries, but i would highly recommend doing vlans if possible. keep it clean and simple. one may also configure the physical interfaces as L3 interfaces - just as one might do on a router with several ethernet ports. Oo ok, now THAT statement leads me to believe the L3 switching IS possible without VLANs. -Stephen Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63316t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Layer 3 switching [7:63304]
At 1:57 AM + 2/19/03, Han Chuan Alex Ang wrote: hi, I am trying to have a clearer picture of the layer 3 switching concept. Assuming that I have a Core Catalyst 6 series switch with layer 3 switching capabilities, I have a Access layer switch connected to the core with two port label Vlan 1 subnet 1 and Vlan 2 subnet 2, when frames is sent from from Vlan 1 to Vlan 2 on the same Access switch, my understanding is that for layer 3 switching , it will evoke a route one and switch the rest concept , my question is that, after the first route , if no Access list has been created, will the the Access switch be smart enough to perform internal switching, that is , frame direct from Vlan 1 to Vlan 2 internally within the Access switch. I'm not sure exactly what you are describing, but the first question in my mind is what MAC address would be in the source field of the frame going to VLAN 2. Could make for some pretty confused ARP tables. Would the IP address have to be rewritten if it now corresponds to a different MAC address? If the answer is no, Are there switches on the market that is routing by this concept, please advice , What problem are you trying to solve? I can't see the difference as involving any significant delay, and I still don't quite see what the subnet relationships will be. thanks to all the guys who have tried to entertain all my questions Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63319t=63304 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Layer 3 switching [7:63304]
Han Chuan Alex Ang wrote: hi, I am trying to have a clearer picture of the layer 3 switching concept. Assuming that I have a Core Catalyst 6 series switch with layer 3 switching capabilities, I have a Access layer switch connected to the core with two port label Vlan 1 subnet 1 and Vlan 2 subnet 2, when frames is sent from from Vlan 1 to Vlan 2 on the same Access switch, my understanding is that for layer 3 switching , it will evoke a route one and switch the rest concept , Layer 3 switching just means routing. What you're talking about is an advanced feature of some switches whereby the L3 core switch can tell the L2 access switch how to encapsulate and forward the packets for this flow on its own in the future. This is sometimes called distributed switching or multi-layer switching, although both those terms get used in other ways too. Many Cisco switches don't support this, but some do. Both the core and the access switch would have to support this advanced feature for it to work. The Catalyst 6000 does support it. The L3 core switch has a route processor in it. It acts as a router. It talks to the L2 access switch's switching engine with a protocol such as Cisco's Multilayer Switching Protocol (MLSP) to let the L2 switch know how to handle the packets in the future. Architecturally it's no different than a router that has a route processor and a forwarding engine, except that now the jobs are being done in two boxes. It's not accurate to equate this behavior with L3 switching. It's more accuate to say this behavior is one feature of some advanced L3 switches. Notice that it requires an additional protocol. It also requires quite a few non-default configuration commands. Priscilla my question is that, after the first route , if no Access list has been created, will the the Access switch be smart enough to perform internal switching, that is , frame direct from Vlan 1 to Vlan 2 internally within the Access switch. If the answer is no, Are there switches on the market that is routing by this concept, please advice , thanks to all the guys who have tried to entertain all my questions Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63317t=63304 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Where physically does NAT take place, VIP or RSP? [7:63318]
On a 75XX w/ 4-50 cards, where does NAT actually happen at? Does it happen on the VIPs or on the RSP? I am hoping that it happens between the VIPs like dCEF I need to setup a temp link for backup purposes and if the VIPs do the NATing, If I can get by with an RSP2 with VIP4-50's, I won't have to get an RSP8. It will be NATing a DS-3 so, I want make sure I don't run out of resources. Can't seem to find out where it happens on Cisco's website. Anyone know where NAT actually takes place? Scotty Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63318t=63318 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Isdn error with PPP - Well...NEVER again !!!! [7:63301]
Alright!! After many many months of frustration with what I thought was a problem with ppp encap, it turned out to be something else. As Stuart correctly pointed me to this url (which I have no idea why I did not look it up earlier) the problem lies with using LDN along with the SPID #'s. Thank you Stuart for this one. I tested it first using just plain HDLC, then with plain PPP, then added ppp auth chap, then ppp chap hostanme and then with finally what I presumed to be the culprit, ppp multilink. But lo behold!! all of these worked with NO problem when the LDN # is not specified along with the SPID #. Here is my config: Current configuration : 455 bytes ! interface BRI0 ip address 9.9.9.1 255.255.255.0 encapsulation ppp ip ospf network broadcast ip ospf demand-circuit dialer map ip 9.9.9.2 broadcast 5553000 dialer load-threshold 1 either dialer-group 1 isdn switch-type basic-ni isdn spid1 055511 isdn spid2 055521 cdapi buffers regular 0 cdapi buffers raw 0 cdapi buffers large 0 ppp authentication chap ppp chap hostname backup ppp chap password 7 121A061902 ppp multilink end R8#ping 9.9.9.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 9.9.9.2, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 36/38/40 ms R8# Hope this helps others like me with similiar problems From: Stuart Potts Reply-To: Stuart Potts To: [EMAIL PROTECTED] Subject: RE: Isdn error with PPP - Why always?? [7:63255] Date: Tue, 18 Feb 2003 16:34:19 GMT For more information; http://www.cisco.com/warp/public/129/bri_invalid_spid.html regards /Stuart -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of MADMAN Sent: 18 February 2003 15:06 To: [EMAIL PROTECTED] Subject: Re: Isdn error with PPP - Why always?? [7:63255] try debug isdn q931, this may give you some more info. Dave Cisco Nuts wrote: Hello, Just set up basic Isdn b/w 2 routers using the default hdlc encap and was working perfectly fine till I changed the encap to ppp, ppp auth chap, ppp multilink and ppp chap hostname R7. Then it just stopped working :- out this msg. on the screen:R8-G# 4d19h: %ISDN-4-INVALID_CALLEDNUMBER: Interface BR0, Ignoring call, LDN and Called Party Number mismatch I looked to see if the called number had changed even though I had not touched it. It is still valid and so are the spids. R8-G#ri b0 Building configuration...Current configuration : 353 bytes ! interface BRI0 ip address 9.9.9.1 255.255.255.0 ip ospf demand-circuit dialer idle-timeout 90 dialer map ip 9.9.9.1 broadcast 5553000 dialer load-threshold 1 outbound dialer-group 1 isdn switch-type basic-ni isdn spid1 055511 5551000 isdn spid2 055521 5552000 R8-G#sh is st TEI Global ISDN Switchtype = basic-niter Age Seq# C Layer 1 Status: ACTIVE Layer 2 Status: TEI = 123, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED TEI = 124, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED TEI 123, ces = 1, state = 5(init) spid1 configured, spid1 sent, spid1 valid Endpoint ID Info: epsf = 0, usid = 1, tid = 1 TEI 124, ces = 2, state = 5(init) spid2 configured, spid2 sent, spid2 valid Endpoint ID Info: epsf = 0, usid = 3, tid = 1 Layer 3 Status: 0 Active Layer 3 Call(s) CCB:callid=801C, sapi=0, ces=1, B-chan=1, calltype=DATA Active dsl 0 CCBs = 1 The Free Channel Mask: 0x8002 Total Allocated ISDN CCBs = 1 I am beginning to guess that the problem is a HARDWARE one with the ISDN switch being the culprit. I guess as usual I need to give it rest for a couple of hours and start it again for this to work with just HDLC encap. To think that I was told that the Merge switch was the Rolls Royce of ISDN switches when I paid a million $$ for it last year :-(But if any one has any suggestions/advice, I would gratefully appreciate it.Thank you.Sincerely,CN STOP MORE SPAM with the new MSN 8 and get 2 months FREE* -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich misconduct and Nondisclosure violations to [EMAIL PROTECTED] MSN 8 helps ELIMINATE E-MAIL VIRUSES. Get 2 months FREE*. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63301t=63301 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Does switching on same card use backplane BW? [7:63320]
Does switching on same card use backplane BW? If, say, I am doing MLS ( L3 switching ) on a CAT 5000, and I setup two hosts, one on port 1 and the other one port 2 on the same card ( ws-x5201R which does the L3 MAC rewrite itself ), does this type of setup use any backplane bandwidth? Or does it still have to pass through the SUP? TIA Scotty Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63320t=63320 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Isdn error with PPP - Why always?? [7:63255]
Now I had definitely heard of the notorios ppp multilink!! Just haven't nailed it down for now. Also using peer ip address and no peer neighbor-route. I will try it later as I am hesitant to use ppp encap right now lest I get frustrated and lose another hour in my studies. I had to reboot the switch and the routers and with hdlc encap, dialer profiles, floating statics, backup intf's. work like a champ along with legacy ddr. Thank you. Sincerely, CN From: Debbie Westall Reply-To: Debbie Westall To: [EMAIL PROTECTED] Subject: Re: Isdn error with PPP - Why always?? [7:63255] Date: Tue, 18 Feb 2003 17:02:46 GMT I frequently have trouble when I go from hdlc to ppp. Usually it's something I didn't configure with the ppp. I take one command out at a time that I added until things come back up. I start with removing ppp multilink. also you may want to turn on some debugs debug dialer debug ppp negot debug ppp authen Debbie On Tue, 18 Feb 2003, Cisco Nuts wrote: Hello, Just set up basic Isdn b/w 2 routers using the default hdlc encap and was working perfectly fine till I changed the encap to ppp, ppp auth chap, ppp multilink and ppp chap hostname R7. Then it just stopped working :- out this msg. on the screen:R8-G# 4d19h: %ISDN-4-INVALID_CALLEDNUMBER: Interface BR0, Ignoring call, LDN and Called Party Number mismatch I looked to see if the called number had changed even though I had not touched it. It is still valid and so are the spids. R8-G#ri b0 Building configuration...Current configuration : 353 bytes ! interface BRI0 ip address 9.9.9.1 255.255.255.0 ip ospf demand-circuit dialer idle-timeout 90 dialer map ip 9.9.9.1 broadcast 5553000 dialer load-threshold 1 outbound dialer-group 1 isdn switch-type basic-ni isdn spid1 055511 5551000 isdn spid2 055521 5552000 R8-G#sh is st TEI Global ISDN Switchtype = basic-niter Age Seq# C Layer 1 Status: ACTIVE Layer 2 Status: TEI = 123, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED TEI = 124, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED TEI 123, ces = 1, state = 5(init) spid1 configured, spid1 sent, spid1 valid Endpoint ID Info: epsf = 0, usid = 1, tid = 1 TEI 124, ces = 2, state = 5(init) spid2 configured, spid2 sent, spid2 valid Endpoint ID Info: epsf = 0, usid = 3, tid = 1 Layer 3 Status: 0 Active Layer 3 Call(s) CCB:callid=801C, sapi=0, ces=1, B-chan=1, calltype=DATA Active dsl 0 CCBs = 1 The Free Channel Mask: 0x8002 Total Allocated ISDN CCBs = 1 I am beginning to guess that the problem is a HARDWARE one with the ISDN switch being the culprit. I guess as usual I need to give it rest for a couple of hours and start it again for this to work with just HDLC encap. To think that I was told that the Merge switch was the Rolls Royce of ISDN switches when I paid a million $$ for it last year :-(But if any one has any suggestions/advice, I would gratefully appreciate it.Thank you.Sincerely,CN STOP MORE SPAM with the new MSN 8 and get 2 months FREE* misconduct and Nondisclosure violations to [EMAIL PROTECTED] Help STOP SPAM with the new MSN 8 and get 2 months FREE* Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63283t=63255 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]
Howard, It would be so much fun to not understand some of this up close. :-) Howard C. Berkowitz 02/18/03 06:42AM [snip] Does that make a 7500 with VIPs a L3 switch? A 12000 with distributed forwarding processors? Substituting router for L3 switch is a good idea, but go farther than that. You can think of a high-performance router as a small hidden network, containing one or more (think high availability) path determination routing processors/hosts that download FIB information to multiple forwarding processors/hosts. One public and vendor-independent discussion of this architecture continues in the IETF FORCES Working Group (go to www.ietf.org and navigate to Working Groups). What does this mean to us? Not much other than for capacity planning. IMHO, an L3 switch has a longer life than a router. Not really, as you say in your next paragraph. I could go off into the ozone and say all high-speed routers are L3 switches. Indeed, ASICs aren't a necessity. I've worked on research router designs that used RISC processors in each forwarding and path determination engine, which gave lots of power but much more flexibility than ASICs. Admittedly, at least one of these was a specifically designed processor, but it definitely was software loadable and ran a real time OS. ASIC gets blurry anyway, when you start getting into the pure hard-etched IC, field-programmable gate arrays, electrically alterable field-programmable gate arrays, microcode sequencers, etc. [snip] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63323t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
QoS 3550 burst size [7:63324]
I am having trouble calculating some real world burst sizes for QoS. My goal is simply rate limit TCP as closely to 1.0 Mb as possible. I understand the sawtooth will make this difficult and the fact that packet sizes are ever changing, but I am basing my caluclation on 1500 byte Ethernet. the command specifically is: police 100 burst-size exceed-action drop It is this burst size that I am not sure how to calculate. Using Cisco's formula I tend to get very small numbers ( 250 bits etc...the default minimum is 8KB!) I have played around with a traffic generator and kind eyeballed that for 1.0 Mb of traffic a burst size of 125000 seems to work. Is this a reasonable number? What have other poeple used? Are there any guidelines to what this should be set to? Below is a config of what I have: switch# sh class Class Map match-all ANY (id 2) Match access-group 101 switch# sh access-li Extended IP access list 101 permit ip any any switch# sh poli Policy Map test3 class ANY police 100 125000 exceed-action drop switch# sh run int f0/1 Current configuration : 109 bytes ! interface FastEthernet0/18 switchport mode access no ip address service-policy input test3 end Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63324t=63324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]