Layer 3 switching and VLANs - an epiphany [7:63240]

[Stephen Hoover]

Ok, its 1:29AM CST - and I am setting here chewing on this switching study
guide information about VLANs. I think I see where my confusion has come
from and what the answer is now.

Layer 3 switching does not require VLANs, but what is DOES require is a
physical port connection on the common L3 switch for every IP network that
is connected to the L2 switches. (Hosts on the same L2 switch that are
configured to be in 2 different IP networks.) This is not always possible
nor administratively friendly.

With VLANs, you can create the equivalent of sub interfaces on a single port
on the L3 switch - hence trunking. You cannot trunk multiple IP networks
(without VLANs) on a single port connection the L3 switch, because you
cannot create Ethernet sub-interfaces...

That's where I was missing it.

I think it both Vicki and Jens mentioned something about this.

Of course if I am off-kilter here, someone please slap me about :) Otherwise
I am confident this is where my misunderstanding really occurred.

Thanks to EVERYONE who responded - you are all a great group of people to
stick it out until this was beat into my thick skull!!!

Stephen Hoover
Dallas, Texas




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63240t=63240
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]

[Larry Letterman]

I have a data center on the cisco campus that has well over
80 subnets in it, using L3 routing
and no vlans on the 6509 gateways(routers)..

We also have a production data center that uses 6509's with
vlans that span different areas in
the data center...due to the application structure of the
servers and the fact that a lot of the servers
have a need for redundant nics ...

It works both ways folks...depends on what the need is

Larry Letterman
Network Engineer
Cisco Systems


- Original Message -
From: Priscilla Oppenheimer 
To: 
Sent: Monday, February 17, 2003 10:07 PM
Subject: RE: Does MLS (Layer 3 switching) require VLANs?
[7:63147]


 I'm loath to continue this discussion, but I do have a
question for Kelly.
 Why do you have a VLAN at all in your example?? Isn't a
single VLAN sort of
 like one hand clapping? Seriously, what role is it playing
in your network?

 Of course you don't have to have VLANs to do routing/L3
switching, as you
 probabaly know. But maybe there's some weird configuration
gotcha, specific
 to the 6509? Just curious. Thanks.

 Larry said the majority of the Cisco campus is networked
with L3 switches
 and not using vlans. That says a lot right there!

 Priscilla

 Kelly Cobean wrote:
 
  All,
 I'd like to add to this something that I haven't seen
in
  other posts yet,
  and that is a quick look at layer2 function.  I have a
Catalyst
  6509 with an
  MSFC on it.  There is only *ONE* VLAN configured on the
MSFC,
  however, that
  VLAN has several secondary addresses assigned to it (I
know,
  not a great
  solution, but let's not go there).  If I do a show mls
entry
  on my switch,
  it is full of entries for hosts talking to hosts on the
same
  VLAN.  My
  point?  When a host wants to talk to a host on another
subnet
  (VLAN or not),
  it ANDs the address with it's own mask, determines that
the
  host is in fact
  on a different subnet, then arps (if necessary) for it's
  default gateway
  (the MSFC) and sends the packet on it's way.  The
6509/MSFC
  receive the
  packet and begin the MLS cache setup process (candidate
packet,
  timeout,
  etc).  All this is still done inspite of the fact that
the MSFC
  only has a
  single VLAN.
 
  -Original Message-
  From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On
  Behalf Of
  Stephen Hoover
  Sent: Monday, February 17, 2003 8:33 PM
  To: [EMAIL PROTECTED]
  Subject: Re: Does MLS (Layer 3 switching) require VLANs?
  [7:63147]
 
 
-
actually it is by doing secondaries, but i would
highly
  recommend doing
vlans if possible. keep it clean and simple.
  
  
   one may also configure the physical interfaces as L3
  interfaces - just as
   one might do on a router with several ethernet ports.
 
 
  Oo ok, now THAT statement leads me to believe the L3
  switching IS
  possible without VLANs.
 
 
  -Stephen
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63241t=63147
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

1003 as Internet gateway [7:63242]

[Slobodan Gajic]

Which IOS I need on 1003 to use it as ISDN gateway to Internet? IOS should
support NAT and dynamic IP addressing on WAN port.
Regards.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63242t=63242
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Layer 3 switching and VLANs - an epiphany [7:63240]

[Larry Letterman]

your still a little off target...

Layer 2 interfaces can be access ports or trunks for vlans
Layer 2 or Layer 3 switch interfaces dont need to be
sub-interfaces..
Layer 3 vlan interfaces(svi) require layer 2 trunk
interfaces to interconnect vlans in other switches
Layer 3 interfaces only require an ip address and routing
support to make them function



Larry Letterman
Network Engineer
Cisco Systems


- Original Message -
From: Stephen Hoover 
To: 

 Layer 3 switching does not require VLANs, but what is DOES
require is a
 physical port connection on the common L3 switch for every
IP network that
 is connected to the L2 switches. (Hosts on the same L2
switch that are
 configured to be in 2 different IP networks.) This is not
always possible
 nor administratively friendly.

 With VLANs, you can create the equivalent of sub
interfaces on a single port
 on the L3 switch - hence trunking. You cannot trunk
multiple IP networks
 (without VLANs) on a single port connection the L3 switch,
because you
 cannot create Ethernet sub-interfaces...

 That's where I was missing it.

 I think it both Vicki and Jens mentioned something about
this.

 Of course if I am off-kilter here, someone please slap me
about :) Otherwise
 I am confident this is where my misunderstanding really
occurred.

 Thanks to EVERYONE who responded - you are all a great
group of people to
 stick it out until this was beat into my thick skull!!!

 Stephen Hoover
 Dallas, Texas
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63243t=63240
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

pix + router, design issue [7:63244]

[Skarphedinsson Arni V.]

I have a case with a customer that I am installing a PIX and a border
router for, He want´s to have controle over the border router, but the
Service Provider, is providing their router as the CPE. one interface
on the Service Providers router has an ip address from the customers public
ip address range, so I am thinking about what would be the best way to
config
the customers border router, as it will need to be sending some ip address
that
is on the interface connected to the CPE router back to the pix.


-  --  --  -
-  --  --  -
-  --  --  -

PIX   213.100.1.10  Border RouterCPE Router 213.100.1.1

I am beeing a little slow to day, so I would like to get some input on how
you would handle this secenario.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63244t=63244
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX Questions [7:63226]

[Brian]

Bill,

In reference to your other questions

 2) Conceptual questions on PIX (i am learning pix in a lab
 environment)
  a)will a higher-security interface always be able to initiate
 connections
 to a lower-security interface without configuration of an
 access-list,etc ?
 So, with a pix consisting of 8 interfaces, will e7(dmz with
 security70) be
 able to initiate a connection to e5(dmz with security50) but
 not the other
 way around?

The thing to rememeber about PIX's is that to go from a higher to lower
security level interface you require NAT (whether it is dynamic or static),
and to go from lower to a higher level security interface you need a static
translation and a conduit or access-list allowing the traffic.

So e7 will be able to communicate with e5 if there is NAT, but for hosts on
e5 to communicate with e7 you will need a static and conduits/ACL's.

 
  b)access-list 101 permit tcp any host 175.1.1.254
 access-list 101 deny tcp any host 175.1.1.254 eq www
 What is the effect of the above access list in regards to www
 traffic?

Remember that ACL's work in a sequential way. So in regards to yours.
All TCP traffic will be allowed to pass through with any source IP address
to 175.1.1.254 specifically, the second line is denying any www (port 80) -
however, your previous statement has allowed this traffic already so this
'policy' will never be matched.

So, web traffic to 175.1.1.254 will be allowed. If its not behaving the way
you think it should, remember there is an implicit deny ip  any any at the
end of any access-list, and that you need a static translation to go from
lower to a higher level security interface.

 
  c)access-list 1 deny tcp host 10.0.1.2
 This access-list is applied to interface e1(ip:10.0.1.1) and
 thus i expect
 that 10.0.1.2 cannot initiate any communications. However it
 could reach
 internet websites. When I used the same command but with a 'eq
 www' at the
 end, the access-list worked and denied the host access to the
 web. Why is
 that? I was under the impression that my access-list would
 simply deny all
 traffic which would normally be the case on a router, but this
 seems to be
 working differently on a pix.

Not too sure on this one and no time to investigate... perhaps someone else
can answer.

Adios, Brian




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63245t=63226
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 1003 as Internet gateway [7:63242]

[Marko Milivojevic]

If you have CCO access, you can use feature navigator:
http://www.cisco.com/go/fn/ to quickly find information of this kind. I'm
fairly certain that there is non-cco version, but I can't seem to be able to
find it now.

Regarding your original question, I believe you're fairly safe with
any 12.x version.


Marko.

 -Original Message-
 From: Slobodan Gajic [mailto:[EMAIL PROTECTED]]
 Sent: ~ripjudagur, 18. febrzar 2003. 09:05
 To: [EMAIL PROTECTED]
 Subject: 1003 as Internet gateway [7:63242]


 Which IOS I need on 1003 to use it as ISDN gateway to
 Internet? IOS should
 support NAT and dynamic IP addressing on WAN port.
 Regards.
 Report misconduct
 and Nondisclosure violations to [EMAIL PROTECTED]


Tvlvupsstur ~essi er fra Margmiplun hf., Supurlandsbraut 4, Reykjavmk.
Fyrirvara og leipbeiningar til viptakenda tvlvupssts fra Margmiplun hf. er
ap finna a vefsmpunni http://www.mi.is/fyrirvari




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63246t=63242
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE written exercise question [7:63247]

[lee wooi keat]

All,

I'm preparing CCIE written exam and encounter some tricky questions in 
exercise. Would like to ask for help for those who can solve it:
1) Which one is NOT Well-known attribute for BGP ?
-   local preference
-   origin
-   weight
-   community
-   cluster-id

You can only choose one out of 5.






_
Protect your PC - get McAfee.com VirusScan Online 
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63247t=63247
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Frame relay in Lab [7:63248]

[Kerry Ogedegbe [ MTN - Portharcourt ]]

Hi,
  I want to set up frame relay in a lab, are there any emulation software to
mimic the frame relay cloud?
if not, what's the best was of doing this

___

Kerry 

[GroupStudy removed an attachment of type image/jpeg which had a name of
Clear Day Bkgrd.JPG]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63248t=63248
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Bandwidth limitation [7:63154]

[Dom]

With 12.2 use the police command within a policy map not rate-limit

HTH

Dom Stocqueler

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
[EMAIL PROTECTED]
Sent: 17 February 2003 16:27
To: [EMAIL PROTECTED]
Subject: Re: Bandwidth limitation [7:63154]


Use rate-limit instead.

HTH,
Hamid


 Hi,

 the bandwidth command is for information only. It does not change the 
 interface. It is used by routing protocols like EIGRP to evaluate the 
 metric and to compare different links. For serial links the default is

 1544 kbps (=T1 line) and on other interfaces the default is the link 
 speed (e.g. 10 kbps for FastEthernet).

 Jens Neelsen

 --- Projet AIM  wrote:
 Hi all,

 I am working on a cisco 3620 router and I am trying to limit 
 bandwidth on the FastEthernet interface with the Bandwidth command 
 but I still have a
 superior rate than the one I choose can anyone please help me
 ( I have the IOS version 12.2)

 sincerly
 PIPPOO



 _
 Gagnez 1 appareil photo num. en envoyant KDO par SMS au 61321 (prix 
 dun
 SMS+ 0.35) http://www.msn.fr/jeux/kdo/
 [EMAIL PROTECTED]
 Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63249t=63154
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Frame relay in Lab [7:63248]

[Troy Leliard]

Hi Kerry, 

The easiest way of doing this is just getting a cisco router with numerous
serial interfaces and configure it as a frame relay switch.  I uase a Cisco
4500 with 8 serial ports in my lab.

Cheers
Troy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63250t=63248
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Frame relay in Lab [7:63248]

[Johnny Routin]

The best way is to get a box with multiple serial interfaces such as a 2522
or 2523 and configure it as a frame switch. This seems to be the most common
way, anyway.

--
Johnny Routin

)?)
   -




Kerry Ogedegbe [ MTN - Portharcourt ]  wrote in
message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi,
   I want to set up frame relay in a lab, are there any emulation software
to
 mimic the frame relay cloud?
 if not, what's the best was of doing this

 ___

 Kerry

 [GroupStudy removed an attachment of type image/jpeg which had a name of
 Clear Day Bkgrd.JPG]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63251t=63248
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Connect two offices with dynamic ip [7:63252]

[ccna]

Hi,
I need to connect two offices with VPN. They both can only get an
Internet Connection with dynamic IP addresses, static addressing is not
possible.

Is there a possibility to establish a connection?

Thanks in advance.

Tarry




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63252t=63252
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

modem compression techniques [7:63253]

[Mohamed Elkomy]

Dear all,

If I'd like to enable compression for my analog dial-up customers what
will be the recommended method??

Is it via Layer1 compression (controlling compression via S Register
parameters) or via L2 compression via STAC,Predictor.,??

and plz recommend the necessary configuration for applying the compression
techniques on the tty lines of the AS??

 Regards,
   Mohamed




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63253t=63253
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: pix + router, design issue [7:63244]

[Albert Lu]

Hi,

Normally, the CPE router would be the border router that gives you the
global IP address range to access. However, in this case it looks like you
essentially have 2 border routers.

You can get your border router to route the global ip range to the PIX, so
the PIX outside interface will have a global IP address. But that would mean
you have to break up the subnet the ISP has allocate you. If you have a
large range, it may be ok, but if it's a small range (eg. /28), then you
will waste IP addresses by doing that.

A solution would be to do NAT on your border router, and everything behind
the border router will be private IP address range. That would also mean
your PIX will not be doing any NAT, so use either nat 0 or statics depending
on your purpose.

If I were you, I would get rid of the border router. I'm not sure what
advantages it is going to have in using it.

Regards,

Albert

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 18, 2003 8:42 PM
To: [EMAIL PROTECTED]
Subject: pix + router, design issue [7:63244]


I have a case with a customer that I am installing a PIX and a border
router for, He want4s to have controle over the border router, but the
Service Provider, is providing their router as the CPE. one interface
on the Service Providers router has an ip address from the customers public
ip address range, so I am thinking about what would be the best way to
config
the customers border router, as it will need to be sending some ip address
that
is on the interface connected to the CPE router back to the pix.


-  --  --  -
-  --  --  -
-  --  --  -

PIX   213.100.1.10  Border RouterCPE Router 213.100.1.1

I am beeing a little slow to day, so I would like to get some input on how
you would handle this secenario.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63254t=63244
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Isdn error with PPP - Why always?? [7:63255]

[Cisco Nuts]

Hello, Just set up basic Isdn b/w 2 routers using the default hdlc encap
and was working perfectly fine till I changed the encap to ppp, ppp auth
chap, ppp multilink and ppp chap hostname R7. Then it just stopped
working :-   This has been very frustrating!!  It started spitting
out this msg. on the screen:R8-G#
4d19h: %ISDN-4-INVALID_CALLEDNUMBER: Interface BR0, Ignoring call, LDN
and Called Party Number mismatch I looked to see if the called number had
changed even though I had not touched it. It is still valid and so are
the spids. R8-G#ri b0
Building configuration...Current configuration : 353 bytes
!
interface BRI0
 ip address 9.9.9.1 255.255.255.0
 ip ospf demand-circuit
 dialer idle-timeout 90
 dialer map ip 9.9.9.1 broadcast 5553000
 dialer load-threshold 1 outbound
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 055511 5551000
 isdn spid2 055521 5552000
R8-G#sh is st
TEI
Global ISDN Switchtype = basic-niter  Age Seq#   C
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 123, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
TEI = 124, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
TEI 123, ces = 1, state = 5(init)
spid1 configured, spid1 sent, spid1 valid
Endpoint ID Info: epsf = 0, usid = 1, tid = 1
TEI 124, ces = 2, state = 5(init)
spid2 configured, spid2 sent, spid2 valid
Endpoint ID Info: epsf = 0, usid = 3, tid = 1
Layer 3 Status:
0 Active Layer 3 Call(s)
CCB:callid=801C, sapi=0, ces=1, B-chan=1, calltype=DATA
Active dsl 0 CCBs = 1
The Free Channel Mask:  0x8002
Total Allocated ISDN CCBs = 1 I am beginning to guess that the problem is
a HARDWARE one with the ISDN switch being the culprit. I guess as usual I
need to give it rest for a couple of hours and start it again for this to
work with just HDLC encap.  To think that I was told that the Merge
switch was the Rolls Royce of ISDN switches when I paid a million $$
for it last year :-(But if any one has any suggestions/advice, I would
gratefully appreciate it.Thank you.Sincerely,CN



STOP MORE SPAM with the new MSN 8 and get 2 months FREE*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63255t=63255
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE written exercise question [7:63247]

[bergenpeak]

weight is not an attribute carried in BGP.  It's a cisco
specific mechanism that is local to a router, and when
configured, may impact the BGP path selection on that router.


lee wooi keat wrote:
 
 All,
 
 I'm preparing CCIE written exam and encounter some tricky questions in
 exercise. Would like to ask for help for those who can solve it:
 1) Which one is NOT Well-known attribute for BGP ?
 -   local preference
 -   origin
 -   weight
 -   community
 -   cluster-id
 
 You can only choose one out of 5.
 
 _
 Protect your PC - get McAfee.com VirusScan Online
 http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63256t=63247
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE written exercise question [7:63247]

[Tunde Kalejaiye]

cluster id looks a little out of place for me
- Original Message -
From: lee wooi keat 
To: 
Sent: Tuesday, February 18, 2003 10:50 AM
Subject: CCIE written exercise question [7:63247]


 All,

 I'm preparing CCIE written exam and encounter some tricky questions in
 exercise. Would like to ask for help for those who can solve it:
 1) Which one is NOT Well-known attribute for BGP ?
 - local preference
 - origin
 - weight
 - community
 - cluster-id

 You can only choose one out of 5.






 _
 Protect your PC - get McAfee.com VirusScan Online
 http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63257t=63247
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]

[Howard C. Berkowitz]

Vicky Rode  shaped photons and electrons to say:


see comments in-line:


-Original Message-
From: Stephen Hoover [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 17, 2003 11:20 AM
To: Vicky Rode
Cc: [EMAIL PROTECTED]
Subject: Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]


   Say for instance I have 2 hosts on the same layer 3 switch, but the 
two
  hosts are on 2 different IP subnets (No VLANs are defined).

  That's not possible! if you are talking about 2 IP subnet, than:
  -
  actually it is by doing secondaries, but i would highly recommend doing
  vlans if possible. keep it clean and simple.



Vicki,

 You mention the use of secondary IP's. On a L3 switch (a switch with
the
router engine in it) is it not possible to define Ethernet sub interfaces
instead of using secondary IPs - without VLANs defined?

Yes and no.  Secondaries and VLANs serve different purposes.


Basic IP assumption:1 physical medium[1] = 1 subnet
Secondary assumption:   1 physical medium[2] = multiple subnets
Basic VLAN assumption:  multiple phyical media [3] = 1 subnet
VLAN with secondaries:  multiple physical media = multiple subnets on all

Notes
-

[1] Based on the local versus remote IP assumption:  if a host is on
 your subnet, you have layer 2 connectivity to it.  if a host is on
 a different subnet, you need to reach it through a router.

 This works nicely for broadcast and point-to-point media.  NBMA
 and demand circuits break the local-vs-remote assumption.

 If you do assume a broadcast* medium, then the physical medium =
 1 broadcast domain = 1 subnet

 (* broadcast is used loosely -- multicast is often closer.  Some
stupid NICs don't recognize multicasts and treat all multicasts
as a broadcast.  Broadcasts, indeed, are special cases of
multicasts.)

[2] The medium simultaneously must support a broadcast domain for each
 subnet, unless it is a non-broadcast medium.

[3] The media in different locations are assumed to be linked by L2**
 trunking, typically IEEE 802.1q.  While the trunks do contain
 traffic from multiple subnets, they are effectively tunneled.  The
 only multicasts on the trunk medium are for layer management functions,
 such as 802.1d, 802.1q, VTP, etc.

(** there are exotic variants where you could carry trunking over
 a conventionally routed tunnel, but let's not go there.)


yes you can but when you create sub-interfaces it ask for encapsulation type
and this is where vlans come into play.

Encapsulation type is one reason to use VLANs, because it does create 
different broadcast domains for each encapsulation. This is 
preferred, but Cisco certainly has supported secondaries for 
different encapsulations -- more an IPX than an IP support technique.

whereas with secondaries it will
route between the subnets.



 I'm sorry to be so thick, I'm just not getting it. If a L3 switch (with
a routing module/engine in it) is essentially a wire speed router, then the
VLAN just seems like an additional identifier on top of the L3 address - and
doesn't really serve any purpose.

Not exactly.  It lets you have the _same_ broadcast domain in several 
L2 switches.  That's what gives you the portability of hosts from 
VLAN (same subnet) to same VLAN in different buildings. There need be 
only one router on the subnet, but there can be multiple VLAN 
segments connected by trunking.

In my previous example, 2 hosts on the
same L3 switch, but on 2 different IP subnets - wouldn't a defined Ethernet
subinterface be each clients respective gateway, and thus normal L3 routing
would occur, just at switch speeds
-
well let me you ask this, why not just supernet and put all stations on
the same subnet (don't do this i'm being facetious).

that's because you do not want to create this huge broadcast domain. that's
the whole purpose of having vlans.

if this still doesn't make sense, feel free to ask...would love to help.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63259t=63147
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]

[Howard C. Berkowitz]

At 5:30 AM + 2/18/03, Ken Diliberto wrote:
The nit I'm picking is inline... (I'm feeling like chipping in tonight)

  The Long and Winding Road
02/17/03 06:13PM 

[snip]

if I have a 75xx router with 300 ethernet ports, and I bridge all
those
ports, do I have an L3 switch, or a router?

[KD]
You have a router performing L2 operations (forwarding, switching,
bridging -- whatever).  Would a cheap Linksys switch be faster?

What makes a L3 switch in my mind is where the forwarding happens.  If
the L3 CPU (new way to look at it?) has to handle every packet, that's a
router.  If the first L3 packet is handled by the CPU which then
programs ASICs to handle the rest of the flow without bothering the CPU,
that's an L3 switch.  Is there a difference from a packet/network
perspective?  No.  The L2 headers and L3 headers are all properly
updated in both cases (at least we *hope* they are) and traffic is
delivered most of the time.  (If it was delivered all the time, networks
wouldn't need us to fix them)  :-)

Does that make a 7500 with VIPs a L3 switch?  A 12000 with 
distributed forwarding processors?

Substituting router for L3 switch is a good idea, but go farther than 
that. You can think of a high-performance router as a small hidden 
network, containing one or more (think high availability) path 
determination routing processors/hosts that download FIB 
information to multiple forwarding processors/hosts.  One public and 
vendor-independent discussion of this architecture continues in the 
IETF FORCES Working Group (go to www.ietf.org and navigate to Working 
Groups).


What does this mean to us?  Not much other than for capacity planning.
IMHO, an L3 switch has a longer life than a router.

Not really, as you say in your next paragraph. I could go off into 
the ozone and say all high-speed routers are L3 switches.

Indeed, ASICs aren't a necessity.  I've worked on research router 
designs that used RISC processors in each forwarding and path 
determination engine, which gave lots of power but much more 
flexibility than ASICs. Admittedly, at least one of these was a 
specifically designed processor, but it definitely was software 
loadable and ran a real time OS.  ASIC gets blurry anyway, when you 
start getting into the pure hard-etched IC, field-programmable gate 
arrays, electrically alterable field-programmable gate arrays, 
microcode sequencers, etc.


When I design networks, I don't think L3 switch.  I think about routers
interconnecting L2 segments.  I even draw them that way most of the
time.  :-)

My advice to those having problems with this subject:  Replace every
occurrence of layer 3 switch with router.

[/KD]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63260t=63147
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE written exercise question [7:63247]

[Howard C. Berkowitz]

At 10:50 AM + 2/18/03, lee wooi keat wrote:
All,

I'm preparing CCIE written exam and encounter some tricky questions in
exercise. Would like to ask for help for those who can solve it:
1) Which one is NOT Well-known attribute for BGP ?
-  local preference
-  origin
-  weight
-  community
-  cluster-id

You can only choose one out of 5.


If this isn't a question I've written, it's very close. Hint:  take 
well-known out of the question and see if the answer pops out.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63261t=63247
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Dropped Packet on 6506 switch [7:63053]

[MADMAN]

The Long and Winding Road wrote:
 hey, Dave, request for clarification
 
 
 whenever I run my config tools ( either CCO or NetFormX, which validates
 against Cisco's config server anyway ), the requirement is CAT OS plus IOS.
 I can go CAT OS only, but I cannot get a validation using IOS only.

   I Don't use the config tool, sounds like it is probably just as well:)

 
 So is that an error in the validation engine? or is something else going on
 that I don't understand.

   Send me the URL you use for this tool, I'll take a look at it.

 
 on a 3550, I can configure all ports as routed ports, or I can configure
all
 ports as switched ports, or any combination.

   6500 running native you can do the same.

 
 The 4xxx boxes with sup 3 or better can go IOS only.

   6500 in native mode looks like the 4000 with a supIII except the 4000 
with a supIII, all ports are L2 by default and on a 6500 runing native 
they are L3, go figure.  With the introduction of the 4500 switch the 
6500 is the only platform running catOS that is being produced.

 
 The 65xx seems to be the problem child, as anyone who has stumbled through
 either tool mentioned above can attest to.

   Check out this URL:

http://www.cisco.com/en/US/customer/products/hw/switches/ps700/products_tech_note09186a00801350b8.shtml

   Dave



 
 any clarifications you can offer?
 
 
 
 MADMAN  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 
The Long and Winding Road wrote:


65xx without the MSFC card run Cat OS mode. Add the MSCF card, and you

 have
 
hybrid mode. unless somethng has changed recently, you cannot run a 65xx

 in
 
native IOS mode only - it has to be an L2 box alone, or a hybrid box,
running IOS and Cat OS.

   Actually you can run a 6500 in native only.  In native mode all ports
are layer 3 ports.  In fact in order to run most of the OSM cards you
must run native mode, the inverse is true for most voice modules.

   Dave

Native6506#sh ver
Cisco Internetwork Operating System Software
IOS (tm) c6sup2_rp Software (c6sup2_rp-JS-M), Version 12.1(13)E, EARLY
DEPLOYMEN
T RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Wed 04-Sep-02 18:45 by eaarmas
Image text-base: 0x40008C00, data-base: 0x41A68000

ROM: System Bootstrap, Version 12.1(4r)E, RELEASE SOFTWARE (fc1)
BOOTLDR: c6sup2_rp Software (c6sup2_rp-JS-M), Version 12.1(13)E, EARLY
DEPLOYMEN
T RELEASE SOFTWARE (fc1)

Native6506 uptime is 6 weeks, 3 days, 23 hours, 24 minutes
Time since Native6506 switched to active is 6 weeks, 3 days, 23 hours,
23 minute
s
System returned to ROM by power-on (SP by power-on)
System image file is slot0:c6sup12-js-mz.121-13.E.bin

cisco Catalyst 6000 (R7000) processor with 112640K/18432K bytes of memory.
Processor board ID SAD05020HUX
R7000 CPU at 300Mhz, Implementation 39, Rev 2.1, 256KB L2, 1024KB L3 Cache
Last reset from power-on
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
8 Virtual Ethernet/IEEE 802.3  interface(s)
120 FastEthernet/IEEE 802.3 interface(s)
4 Gigabit Ethernet/IEEE 802.3 interface(s)
381K bytes of non-volatile configuration memory.

16384K bytes of Flash internal SIMM (Sector size 512K).
Standby is up
Standby has 112640K/18432K bytes of memory.

Configuration register is 0x2102

Native6506#

Native6506#sh conf
Using 8122 out of 391160 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Native6506
!
boot system flash slot0:c6sup12-js-mz.121-13.E.bin
boot bootldr bootflash:c6msfc2-boot-mz.121-4.E1
enable password cisco
!
ip subnet-zero
!
!
no ip domain-lookup
!
mls flow ip destination
mls flow ipx destination
!
redundancy
  mode rpr-plus
  main-cpu
   auto-sync running-config
   auto-sync standard
!
!
!
interface GigabitEthernet1/1
  no ip address
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 64
!
interface GigabitEthernet1/2
  no ip address
  shutdown









Priscilla

Sam Sneed wrote:


I'm not sure what you mean by hybrid mode. I have the sh ver,
sh mod, sh ver
for MSFC and  below. I have nothing plugged into at leat 3
ports which still
report dropped packets. 800,000 daily. Whats strange is that
the 800,000 is
almost the same on all 3 ports. I have disabled them since then
but would
like to know why I was getting those numbers. The MSFC does the
layer 3
routing, but the dropped packets were at L2 I believe. Any
ideas?

Console1 sh ver
WS-C6509 Software, Version NmpSW: 7.1(2)
Copyright (c) 1995-2002 by Cisco Systems
NMP S/W compiled on Feb  7 2002, 16:06:00

System Bootstrap Version: 5.3(1)

Hardware Version: 2.0  Model: WS-C6509  Serial #:

PS1  Module: WS-CAC-2500WSerial #:
PS2  Module: WS-CAC-1300WSerial #:

Mod Port Model   Serial #Versions
---  --- --- -
1   2

RE: modem compression techniques [7:63253]

[Chivertison Micheal]

are u stupid man?
it is very very easy
modemcap entry elkomy s27=12s28=12s30=13s43=67
interface group-async 0
ip unnumbered fastethernet x/x 
encapsulation ppp
group-range x/x y/y
compress stac
ip tcp header-compression 



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63263t=63253
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Isdn error with PPP - Why always?? [7:63255]

[MADMAN]

try debug isdn q931, this may give you some more info.

   Dave

Cisco Nuts wrote:
 Hello, Just set up basic Isdn b/w 2 routers using the default hdlc encap
 and was working perfectly fine till I changed the encap to ppp, ppp auth
 chap, ppp multilink and ppp chap hostname R7. Then it just stopped
 working :- out this msg. on the screen:R8-G#
 4d19h: %ISDN-4-INVALID_CALLEDNUMBER: Interface BR0, Ignoring call, LDN
 and Called Party Number mismatch I looked to see if the called number had
 changed even though I had not touched it. It is still valid and so are
 the spids. R8-G#ri b0
 Building configuration...Current configuration : 353 bytes
 !
 interface BRI0
  ip address 9.9.9.1 255.255.255.0
  ip ospf demand-circuit
  dialer idle-timeout 90
  dialer map ip 9.9.9.1 broadcast 5553000
  dialer load-threshold 1 outbound
  dialer-group 1
  isdn switch-type basic-ni
  isdn spid1 055511 5551000
  isdn spid2 055521 5552000
 R8-G#sh is st
 TEI
 Global ISDN Switchtype = basic-niter  Age Seq#   C
 Layer 1 Status:
 ACTIVE
 Layer 2 Status:
 TEI = 123, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
 TEI = 124, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
 TEI 123, ces = 1, state = 5(init)
 spid1 configured, spid1 sent, spid1 valid
 Endpoint ID Info: epsf = 0, usid = 1, tid = 1
 TEI 124, ces = 2, state = 5(init)
 spid2 configured, spid2 sent, spid2 valid
 Endpoint ID Info: epsf = 0, usid = 3, tid = 1
 Layer 3 Status:
 0 Active Layer 3 Call(s)
 CCB:callid=801C, sapi=0, ces=1, B-chan=1, calltype=DATA
 Active dsl 0 CCBs = 1
 The Free Channel Mask:  0x8002
 Total Allocated ISDN CCBs = 1 I am beginning to guess that the problem is
 a HARDWARE one with the ISDN switch being the culprit. I guess as usual I
 need to give it rest for a couple of hours and start it again for this to
 work with just HDLC encap.  To think that I was told that the Merge
 switch was the Rolls Royce of ISDN switches when I paid a million $$
 for it last year :-(But if any one has any suggestions/advice, I would
 gratefully appreciate it.Thank you.Sincerely,CN
 
 
 
 STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

You don't make the poor richer by making the rich poorer. --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63264t=63255
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: modem compression techniques [7:63253]

[Mohamed Elkomy]

Dear wise man,

First of all ,I think there's a more polite way we can discuss such issues
with each other.

Second none of those S register parameters is related to the modem
compression

S27  enable/disable V.25 calling tone
S28-- Guard tone
S30--- Max connect rate
S43--- V.34 carrier frequency

The parameters related to compression are:

S21 - specify permited methods of data compression.

but I need to know the value of S21 to enable compression (S21=??)

   Regards,
   Mohamed


Chivertison Micheal  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 are u stupid man?
 it is very very easy
 modemcap entry elkomy s27=12s28=12s30=13s43=67
 interface group-async 0
 ip unnumbered fastethernet x/x
 encapsulation ppp
 group-range x/x y/y
 compress stac
 ip tcp header-compression




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63265t=63253
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX enable SYN Floodguard by default on outer int? [7:63266]

[Richard Campbell]

Hi..  Group,

May I know whether the SYN Floodguard is enabled on PIX outside interface or 
I have to manually enable by the following command

PIX(config)#nat (outside) 1 0.0.0.0 0.0.0.0 8000 8000

Is the command correct? assuming my nat_id is 1.

Thanks a lot







_
Add photos to your messages with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63266t=63266
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

W1T Interfaces [7:63267]

[DW]

Hi all,

I have a 2620 series running IOS (C2600-I-M), Version 12.2(8)T4. I also have
2 x WIC-1T installed. When I do this both of the interfaces show as down /
down. However when I install either interface on its own (In either slot)
they work fine. Is this a limitation of the 2600, I cannot find anything on
Cisco site regarding this.

Sincerely,

Derek Walsh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63267t=63267
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: FW: Lab workbook? Voice modules? [7:63163]

[edward Huang]

Dear Scott,

Your advise would be great helpful to me!
Thanks a lot!


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63268t=63163
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: modem compression techniques [7:63253]

[Chivertison Micheal]

First man you are so polite so i have to apologize concerning the way we
have to talk with each other, but this Access Server infront of me (Ebn el
Gazma) mosh rady yeping a3mel leomoh eih???

Can u tell me howa mashy rady yeping leih??

BTW what i wrote to you was habal don't ever try to run on your router or
the router will be explode 

Thanks ya m3alem


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63269t=63253
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE written exercise question [7:63247]

[Daniel Cotts]

In line:

 -Original Message-
 From: lee wooi keat [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, February 18, 2003 4:51 AM
 To: [EMAIL PROTECTED]
 Subject: CCIE written exercise question [7:63247]
 
 
 All,
 
 I'm preparing CCIE written exam and encounter some tricky 
 questions in 
 exercise. Would like to ask for help for those who can solve it:
 1) Which one is NOT Well-known attribute for BGP ?
 - local preference = Well-known discretionary attribute
 - origin = Well-known mandatory attribute
 - weight = Cisco proprietary attribute
 - community = Optional Transitive attribute
 - cluster-id = Used in configuring Route Reflectors
 
 You can only choose one out of 5.
Problem is that only two are well-known attributes. If they allow any of the
three then this is an easy question. (grin) Maybe the question should have
asked Which one is not a BGP attribute?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63270t=63247
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Isdn error with PPP - Why always?? [7:63255]

[Stuart Potts]

For more information;

http://www.cisco.com/warp/public/129/bri_invalid_spid.html

regards

/Stuart

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
MADMAN
Sent: 18 February 2003 15:06
To: [EMAIL PROTECTED]
Subject: Re: Isdn error with PPP - Why always?? [7:63255]


try debug isdn q931, this may give you some more info.

   Dave

Cisco Nuts wrote:
 Hello, Just set up basic Isdn b/w 2 routers using the default hdlc encap
 and was working perfectly fine till I changed the encap to ppp, ppp auth
 chap, ppp multilink and ppp chap hostname R7. Then it just stopped
 working :- out this msg. on the screen:R8-G#
 4d19h: %ISDN-4-INVALID_CALLEDNUMBER: Interface BR0, Ignoring call, LDN
 and Called Party Number mismatch I looked to see if the called number had
 changed even though I had not touched it. It is still valid and so are
 the spids. R8-G#ri b0
 Building configuration...Current configuration : 353 bytes
 !
 interface BRI0
  ip address 9.9.9.1 255.255.255.0
  ip ospf demand-circuit
  dialer idle-timeout 90
  dialer map ip 9.9.9.1 broadcast 5553000
  dialer load-threshold 1 outbound
  dialer-group 1
  isdn switch-type basic-ni
  isdn spid1 055511 5551000
  isdn spid2 055521 5552000
 R8-G#sh is st
 TEI
 Global ISDN Switchtype = basic-niter  Age Seq#   C
 Layer 1 Status:
 ACTIVE
 Layer 2 Status:
 TEI = 123, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
 TEI = 124, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
 TEI 123, ces = 1, state = 5(init)
 spid1 configured, spid1 sent, spid1 valid
 Endpoint ID Info: epsf = 0, usid = 1, tid = 1
 TEI 124, ces = 2, state = 5(init)
 spid2 configured, spid2 sent, spid2 valid
 Endpoint ID Info: epsf = 0, usid = 3, tid = 1
 Layer 3 Status:
 0 Active Layer 3 Call(s)
 CCB:callid=801C, sapi=0, ces=1, B-chan=1, calltype=DATA
 Active dsl 0 CCBs = 1
 The Free Channel Mask:  0x8002
 Total Allocated ISDN CCBs = 1 I am beginning to guess that the problem is
 a HARDWARE one with the ISDN switch being the culprit. I guess as usual I
 need to give it rest for a couple of hours and start it again for this to
 work with just HDLC encap.  To think that I was told that the Merge
 switch was the Rolls Royce of ISDN switches when I paid a million $$
 for it last year :-(But if any one has any suggestions/advice, I would
 gratefully appreciate it.Thank you.Sincerely,CN

 

 STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
--
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

You don't make the poor richer by making the rich poorer. --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63271t=63255
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Isdn error with PPP - Why always?? [7:63255]

[Rick Guthier]

I ran into a similar problem. I converted to PPP from HDLC, as well as
to dialer profiles from legacy ddr.  The problem was I forgot to put
ppp authentication chap on the bri interface.  It was there on the
dialer
Interface, but not in both places.  Adding it to the bri interface fixed
it.  I remember the debug and errors did not make it look like a ppp
authentication error.

Rick.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Cisco Nuts
Sent: Tuesday, February 18, 2003 8:13 AM
To: [EMAIL PROTECTED]
Subject: Isdn error with PPP - Why always?? [7:63255]

Hello, Just set up basic Isdn b/w 2 routers using the default hdlc encap
and was working perfectly fine till I changed the encap to ppp, ppp auth
chap, ppp multilink and ppp chap hostname R7. Then it just stopped
working :-   This has been very frustrating!!  It started spitting
out this msg. on the screen:R8-G#
4d19h: %ISDN-4-INVALID_CALLEDNUMBER: Interface BR0, Ignoring call, LDN
and Called Party Number mismatch I looked to see if the called number
had
changed even though I had not touched it. It is still valid and so are
the spids. R8-G#ri b0
Building configuration...Current configuration : 353 bytes
!
interface BRI0
 ip address 9.9.9.1 255.255.255.0
 ip ospf demand-circuit
 dialer idle-timeout 90
 dialer map ip 9.9.9.1 broadcast 5553000
 dialer load-threshold 1 outbound
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 055511 5551000
 isdn spid2 055521 5552000
R8-G#sh is st
TEI
Global ISDN Switchtype = basic-niter  Age Seq#   C
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 123, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
TEI = 124, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
TEI 123, ces = 1, state = 5(init)
spid1 configured, spid1 sent, spid1 valid
Endpoint ID Info: epsf = 0, usid = 1, tid = 1
TEI 124, ces = 2, state = 5(init)
spid2 configured, spid2 sent, spid2 valid
Endpoint ID Info: epsf = 0, usid = 3, tid = 1
Layer 3 Status:
0 Active Layer 3 Call(s)
CCB:callid=801C, sapi=0, ces=1, B-chan=1, calltype=DATA
Active dsl 0 CCBs = 1
The Free Channel Mask:  0x8002
Total Allocated ISDN CCBs = 1 I am beginning to guess that the problem
is
a HARDWARE one with the ISDN switch being the culprit. I guess as usual
I
need to give it rest for a couple of hours and start it again for this
to
work with just HDLC encap.  To think that I was told that the Merge
switch was the Rolls Royce of ISDN switches when I paid a million $$
for it last year :-(But if any one has any suggestions/advice, I would
gratefully appreciate it.Thank you.Sincerely,CN



STOP MORE SPAM with the new MSN 8 and get 2 months FREE*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63272t=63255
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Flow exporter bug? [7:63274]

[[EMAIL PROTECTED]]

Although the destination address 172.2.x.x are showed on the switch mls
entries, it is not exported.  I tested many flows generated by Flow-Tools
and there is no network 172.2.x.x as the destination; there are lots of
data sent to that network

I am wondering if it is a bug on the CATOS version 6.1(1d),  because I do
not have this behavior with version Sw : 6.3(4a).

The configuration is the same on both switches.

Any thought?


   SWITCH (enable) sh mls statistics entry ip destination 10.2.1.76
 LastUsed
   Destination IP   Source IP   Prot  DstPrt SrcPrt Stat-Pkts  Stat-Bytes
    --- - -- -- --
---
172.2.1.76   10.6.9.45   TCP   3343   Telnet 0  0

UNIX$ flow-cat -p -z9 ./ft-v07.2003-02-16.043501-0300 |flow-print  file
  srcIP   dstIP   router_scprot  
srcPort dstPortoctets  packets
  172.2.8.28/0 10.3.1.159/010.4.55.217
32773   44419180 3
  172.7.192.45/0   10.6.9.110/010.4.55.21 
0   060  1
  172.8.128.253/0  10.1.7.192/010.4.55.217
138 138254 1




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63274t=63274
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Isdn error with PPP - Why always?? [7:63255]

[Debbie Westall]

I frequently have trouble when I go from hdlc to ppp. Usually it's
something I didn't configure with the ppp. I take one command out at a
time that I added until things come back up. I start with removing ppp
multilink.

also you may want to turn on some debugs

debug dialer
debug ppp negot
debug ppp authen


Debbie

On Tue, 18 Feb 2003, Cisco Nuts wrote:

 Hello, Just set up basic Isdn b/w 2 routers using the default hdlc encap
 and was working perfectly fine till I changed the encap to ppp, ppp auth
 chap, ppp multilink and ppp chap hostname R7. Then it just stopped
 working :- out this msg. on the screen:R8-G#
 4d19h: %ISDN-4-INVALID_CALLEDNUMBER: Interface BR0, Ignoring call, LDN
 and Called Party Number mismatch I looked to see if the called number had
 changed even though I had not touched it. It is still valid and so are
 the spids. R8-G#ri b0
 Building configuration...Current configuration : 353 bytes
 !
 interface BRI0
  ip address 9.9.9.1 255.255.255.0
  ip ospf demand-circuit
  dialer idle-timeout 90
  dialer map ip 9.9.9.1 broadcast 5553000
  dialer load-threshold 1 outbound
  dialer-group 1
  isdn switch-type basic-ni
  isdn spid1 055511 5551000
  isdn spid2 055521 5552000
 R8-G#sh is st
 TEI
 Global ISDN Switchtype = basic-niter  Age Seq#   C
 Layer 1 Status:
 ACTIVE
 Layer 2 Status:
 TEI = 123, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
 TEI = 124, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
 TEI 123, ces = 1, state = 5(init)
 spid1 configured, spid1 sent, spid1 valid
 Endpoint ID Info: epsf = 0, usid = 1, tid = 1
 TEI 124, ces = 2, state = 5(init)
 spid2 configured, spid2 sent, spid2 valid
 Endpoint ID Info: epsf = 0, usid = 3, tid = 1
 Layer 3 Status:
 0 Active Layer 3 Call(s)
 CCB:callid=801C, sapi=0, ces=1, B-chan=1, calltype=DATA
 Active dsl 0 CCBs = 1
 The Free Channel Mask:  0x8002
 Total Allocated ISDN CCBs = 1 I am beginning to guess that the problem is
 a HARDWARE one with the ISDN switch being the culprit. I guess as usual I
 need to give it rest for a couple of hours and start it again for this to
 work with just HDLC encap.  To think that I was told that the Merge
 switch was the Rolls Royce of ISDN switches when I paid a million $$
 for it last year :-(But if any one has any suggestions/advice, I would
 gratefully appreciate it.Thank you.Sincerely,CN

 

 STOP MORE SPAM with the new MSN 8 and get 2 months FREE*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63273t=63255
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Switch Port [7:63275]

[SamN]

switch1 (enable) set port duplex 6/8 half
Port 6/8 is in auto-sensing mode.

The above switch is a 6500. AS i understand, the ports can be set to
full,half or auto but when i try setting it to half, it doesn't allow me to.

thank you




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63275t=63275
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: modem compression techniques [7:63253]

[Howard C. Berkowitz]

are u stupid man?

How would that be demonstrated? Inability to capitalize, to spell 
you, or to use commas?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63277t=63253
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: modem compression techniques [7:63253]

[Mark W. Odette II]

Very well put Mohamed! Kudos to you for not lowering yourself to his
level in reply.

Unfortunately, I don't have the answer to your S-Register question...
sure wish I did.  I haven't tried it myself, but maybe you can do a
search on S Register or S21 and Modem Compression with Cisco (Via
Google).  That might yield an answer.

Regards,
Mark

-Original Message-
From: Mohamed Elkomy [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, February 18, 2003 9:13 AM
To: [EMAIL PROTECTED]
Subject: Re: modem compression techniques [7:63253]

Dear wise man,

First of all ,I think there's a more polite way we can discuss such
issues
with each other.

Second none of those S register parameters is related to the modem
compression

S27  enable/disable V.25 calling tone
S28-- Guard tone
S30--- Max connect rate
S43--- V.34 carrier frequency

The parameters related to compression are:

S21 - specify permited methods of data compression.

but I need to know the value of S21 to enable compression (S21=??)

   Regards,
   Mohamed


Chivertison Micheal  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 are u stupid man?
 it is very very easy
 modemcap entry elkomy s27=12s28=12s30=13s43=67
 interface group-async 0
 ip unnumbered fastethernet x/x
 encapsulation ppp
 group-range x/x y/y
 compress stac
 ip tcp header-compression




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63276t=63253
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Switch Port [7:63275]

[Sam Sneed]

You need to change the speed first, then you can change the duplex. It has
to be in that order.

SamN  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 switch1 (enable) set port duplex 6/8 half
 Port 6/8 is in auto-sensing mode.

 The above switch is a 6500. AS i understand, the ports can be set to
 full,half or auto but when i try setting it to half, it doesn't allow me
to.

 thank you




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63279t=63275
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Firewall/PIX help.... [7:63167]

[Sam Sneed]

PIX does not have Antivirus, IDS, or content filtering bultin. I don't think
I know of any hardware based firewalls that do. You may have to look into a
software based solution. Maybe computer associates or Symantec make such a
suite.

Gunjan Mathur  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi,

 I'm looking for  firewall solution for my company, we
 have two WAN connections and currently my users are
 connected thru two proxy m/c to Internet.

 Which PIX model would server the needs.
 I also need content filtering, Intrustion detection
 and Anti-virus protection on firewall itself.

 Is all these things are possible on PIX?

 TIA


 __
 Do you Yahoo!?
 Yahoo! Shopping - Send Flowers for Valentine's Day
 http://shopping.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63280t=63167
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

clearing conduit [7:63278]

[Sam Sneed]

Lets say you are administering a PIX remotely. You SSH into a machine on the
PIX's internal network and from there you telnet into the PIX. Security is
via conduits and it might look like this:

conduit permit tcp 192.168.43.0 255.255.255.255 eq 22 any
conduit permit tcp 192.168.43.0 255.255.255.255 eq 80 any
conduit permit tcp 192.168.43.0 255.255.255.255 eq 443 any


No I want to put
conduit permit tcp 192.168.43.0 255.255.255.255 eq 21 any

in between the top 2 statements. Why it needs to be there is not important,
this is a theoreitcal question.
How can I do this without blocking myself out of the PIX?
I imagine I would have to do a clear conduit and then enter the whole new
list in again since you can't add a statement in the middle of a conduit.
Once I do clear conduit I'd suspect I'd be blocked out before I can add the
new conduit.

Is this true? I know I could probably use access-lists to do this but I'm
speaking strictly about conduits when I ask this question.

The main question is if I'm administering the PIX remotely and need to add a
conduit anywhere except the end of the list then how can I do that without
locking myself out.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63278t=63278
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Equipment for sales [7:63258]

[Lili Neal]

I4m selling:

2 Wireless cisco PC Cards PCM350 (For laptops)
1 Wireless cisco PC Cards PCM340 (For laptops)
1 Router 1750 2V, CAB-V35MT, 1 FXS, 8-32


If you are interested just write me!






_
Charla con tus amigos en lmnea mediante MSN Messenger: 
http://messenger.yupimsn.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63258t=63258
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Can this nat be done on a pix?? [7:63281]

[Robert Perez]

Please help, I went with PIX instead of CP and I cannot
find a way to do this now!!!

Setup

PIX 515E-ur
-
|   PIX inside PIX intf2|
| 192.168.25.0/24  10.178.25.25/16  |

  |  |
  | |
  | Inside get nat when  |
  | going to intf2   |
  Network Network

I want the following NAT setup to happen:

If src inside=any, dst intf2=10.178.10.10 then xlate src=10.178.70.20
If src inside=any, dst intf2=10.178.10.11 then xlate src=10.178.80.30
If src inside=any, dst intf2=10.178.10.12 then xlate src=10.178.90.40
otherwise
if src inside=any, dst intf2=any  then no Xlate


I do not want to use statics because there are alot of different boxes
and there is no router in this setup that can perform the nat




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63281t=63281
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE written exercise question [7:63247]

[Howard C. Berkowitz]

At 4:06 PM + 2/18/03, Daniel Cotts wrote:
In line:

  -Original Message-
  From: lee wooi keat [mailto:[EMAIL PROTECTED]]
  Sent: Tuesday, February 18, 2003 4:51 AM
  To: [EMAIL PROTECTED]
  Subject: CCIE written exercise question [7:63247]


  All,

  I'm preparing CCIE written exam and encounter some tricky
  questions in
  exercise. Would like to ask for help for those who can solve it:
  1) Which one is NOT Well-known attribute for BGP ?
  -   local preference = Well-known discretionary attribute
  -   origin = Well-known mandatory attribute
  -   weight = Cisco proprietary attribute
  -   community = Optional Transitive attribute
  -   cluster-id = Used in configuring Route Reflectors

  You can only choose one out of 5.
Problem is that only two are well-known attributes. If they allow any of the
three then this is an easy question. (grin) Maybe the question should have
asked Which one is not a BGP attribute?


Good point, and I have to remember exactly the way I wrote the 
question (if indeed it's mine -- I don't remember including 
cluster-ID in the CertZone question).

The point I was driving at when I wrote a question on this, and was 
not trying to give it away, is that weight is NOT an attribute at 
all.  It is never sent in BGP but is local to the router.  All the 
others can be transmitted in BGP, but, as you point out, not all are 
well-known.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63282t=63247
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Can this nat be done on a pix?? [7:63281]

[mjans001]

Tried 

Nat 0 (inside) access-list_nat0
Nat 1 rest ip traffic to outside(nat id 1 same as global (int)
id 1)

Access-list_nat0 do not nat to ip range 2nd interface


Martijn

-Oorspronkelijk bericht-
Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Robert
Perez
Verzonden: dinsdag 18 februari 2003 19:15
Aan: [EMAIL PROTECTED]
Onderwerp: Can this nat be done on a pix?? [7:63281]


Please help, I went with PIX instead of CP and I cannot
find a way to do this now!!!

Setup

PIX 515E-ur
-
|   PIX inside PIX intf2|
| 192.168.25.0/24  10.178.25.25/16  |

  |  |
  | |
  | Inside get nat when  |
  | going to intf2   |
  Network Network

I want the following NAT setup to happen:

If src inside=any, dst intf2=10.178.10.10 then xlate src=10.178.70.20 If
src inside=any, dst intf2=10.178.10.11 then xlate src=10.178.80.30 If
src inside=any, dst intf2=10.178.10.12 then xlate src=10.178.90.40
otherwise if src inside=any, dst intf2=any  then no Xlate


I do not want to use statics because there are alot of different boxes
and there is no router in this setup that can perform the nat




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63284t=63281
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: clearing conduit [7:63278]

[Daniel Cotts]

Look at the problem from another direction. How about a modem connected to a
terminal server. The TS connects to the PIX console port. That way your
connection is out-of-band. I'd agree that the modem should be powered off
except when needed. Local admin staff would have to hit the big red
switch.

 -Original Message-
 From: Sam Sneed [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, February 18, 2003 11:32 AM
 To: [EMAIL PROTECTED]
 Subject: clearing conduit [7:63278]
 
 
 Lets say you are administering a PIX remotely. You SSH into a 
 machine on the
 PIX's internal network and from there you telnet into the 
 PIX. Security is
 via conduits and it might look like this:
 
 conduit permit tcp 192.168.43.0 255.255.255.255 eq 22 any
 conduit permit tcp 192.168.43.0 255.255.255.255 eq 80 any
 conduit permit tcp 192.168.43.0 255.255.255.255 eq 443 any
 
 
 No I want to put
 conduit permit tcp 192.168.43.0 255.255.255.255 eq 21 any
 
 in between the top 2 statements. Why it needs to be there is 
 not important,
 this is a theoreitcal question.
 How can I do this without blocking myself out of the PIX?
 I imagine I would have to do a clear conduit and then enter 
 the whole new
 list in again since you can't add a statement in the middle 
 of a conduit.
 Once I do clear conduit I'd suspect I'd be blocked out before 
 I can add the
 new conduit.
 
 Is this true? I know I could probably use access-lists to do 
 this but I'm
 speaking strictly about conduits when I ask this question.
 
 The main question is if I'm administering the PIX remotely 
 and need to add a
 conduit anywhere except the end of the list then how can I do 
 that without
 locking myself out.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63285t=63278
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Switch Port [7:63275]

[Bob Sinclair]

Sam,

Speed and Duplex are tied at the hip - if speed is auto, duplex must be
auto.  Try hard-coding the speed, first, then the duplex.



-Bob Sinclair

- Original Message -
From: SamN 
To: 
Sent: Tuesday, February 18, 2003 12:18 PM
Subject: Switch Port [7:63275]


 switch1 (enable) set port duplex 6/8 half
 Port 6/8 is in auto-sensing mode.

 The above switch is a 6500. AS i understand, the ports can be set to
 full,half or auto but when i try setting it to half, it doesn't allow me
to.

 thank you




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63286t=63275
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Eric Greenberg's Latest Book [7:63220]

[Priscilla Oppenheimer]

Looks like he has a nice Web site regarding security too. I purchased the
book. It sounds good and very approachable at a low cost and low page-count.
I have no affiliation with the author, having never met him or even
corresponded with him, except maybe a couple e-mails after he published his
first book, which was very good. This is filler, can you tell? :-)

The URL to his security Web site is here:

http://www.criticalsecurity.com/

Priscilla

Nigel Taylor wrote:
 
 All,
  I'm sure every one is aware of Eric Greenberg's previous
 title - Network
 Application Frameworks which received numerous mentions on this
 list.
 
 I was just out getting my daily nerd-related update from
 another great web
 site /.  and found this link.
 

http://books.slashdot.org/article.pl?sid=03/02/13/1515257mode=nocommenttid=
 172
 
 Apparently, Eric is busy at it again and based on the review
 seems to have
 done another great job.
 
 I was just wondering if anyone on the list has had the
 opportunity to read the
 book, and would like to share their thoughts.  I just placed my
 order on
 bookpool :-)
 
 Nigel
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63287t=63220
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: clearing conduit [7:63278]

[Sam Sneed]

I've thought of this and will have this in place as well. So then I guess
that there is no way to add to middle of conduit without locking yourself
out.

Daniel Cotts  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Look at the problem from another direction. How about a modem connected to
a
 terminal server. The TS connects to the PIX console port. That way your
 connection is out-of-band. I'd agree that the modem should be powered off
 except when needed. Local admin staff would have to hit the big red
 switch.

  -Original Message-
  From: Sam Sneed [mailto:[EMAIL PROTECTED]]
  Sent: Tuesday, February 18, 2003 11:32 AM
  To: [EMAIL PROTECTED]
  Subject: clearing conduit [7:63278]
 
 
  Lets say you are administering a PIX remotely. You SSH into a
  machine on the
  PIX's internal network and from there you telnet into the
  PIX. Security is
  via conduits and it might look like this:
 
  conduit permit tcp 192.168.43.0 255.255.255.255 eq 22 any
  conduit permit tcp 192.168.43.0 255.255.255.255 eq 80 any
  conduit permit tcp 192.168.43.0 255.255.255.255 eq 443 any
 
 
  No I want to put
  conduit permit tcp 192.168.43.0 255.255.255.255 eq 21 any
 
  in between the top 2 statements. Why it needs to be there is
  not important,
  this is a theoreitcal question.
  How can I do this without blocking myself out of the PIX?
  I imagine I would have to do a clear conduit and then enter
  the whole new
  list in again since you can't add a statement in the middle
  of a conduit.
  Once I do clear conduit I'd suspect I'd be blocked out before
  I can add the
  new conduit.
 
  Is this true? I know I could probably use access-lists to do
  this but I'm
  speaking strictly about conduits when I ask this question.
 
  The main question is if I'm administering the PIX remotely
  and need to add a
  conduit anywhere except the end of the list then how can I do
  that without
  locking myself out.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63288t=63278
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco Certification Digest V2 #2446 [7:63289]

[[EMAIL PROTECTED]]

Your message to [EMAIL PROTECTED] sent Tue, 18 Feb 2003 19:48:02
GMT cannot be delivered because the intended recipient has left the Company.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63289t=63289
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]

[Priscilla Oppenheimer]

Stephen Hoover wrote:
 
 Ken,
 
 Thanks for the input on this discussion. I follow and
 understand your
 example without any problems.
 
 Now if taking it back to the original original question -
 Does L3
 switching require VLANs - produces this question for your
 example:
 
 You state 1 fiber feed for both Science and Engineering in
 the Labs
 building. I am then assuming that they are all connected to the
 same set of
 switches (Layer 2) in that building.
 Could you have not just simply assigned the hosts for
 Science to 1 IP
 network and the hosts for Engineering to another IP network -
 then created
 respective gateway interfaces for each network back on the
 common Layer 3
 switch and accomplished the same thing??

It depends on the meaning of thing in your accomplish the same thing
comment. :-)

I think you already figured out your confusion and maybe this message is
old, but I'll reply just in case.

With your design you would accomplish connectivity. However, you would not
accomplish separation of broadcast traffic for the two user communities.
VLANs in the L2-switched part of the network give you that. VLANs have lots
of features, but that's one of their primary ones.

I think Ken's example is one of the cleanest I've seen. I may have to borrow
it for my classes.

Thanks for a good discussion, Stephen. 

THE END (hopefully! :-)

Priscilla

 
 If the answer is yes, I will followup with another
 question. If the
 answer is no, then please explain.
 
 Thanks!!
 
 Stephen
 - Original Message -
 From: Ken Diliberto 
 To: 
 Sent: Tuesday, February 18, 2003 12:24 AM
 Subject: Re: Does MLS (Layer 3 switching) require VLANs?
 [7:63147]
 
 
  Stephen,
 
  You're getting there.  Let me give an example of how VLANs
 are used
  (I'd draw a picture, but it probably wouldn't look good).
 
  For this example, let's use two of the colleges on my
 university
  network:  Science and Engineering.
 
  Each has their own block of IP addresses and want their
 traffic
  separate from the other.  They also want flat addressing (no
  subnetting).
 
  We have three buildings:  Science, Engineering and Labs. 
 Science and
  Engineering both have computer labs in the Labs building. 
 Each want
  their labs on their respective IP address blocks.
 
  If money were no object, this would be fairly easy with
 vanilla
  switches and a router with two ethernet interfaces.  Multiple
 fiber
  feeds and two sets of switches would be everywhere.
 
  With budget limitations (for this example), we only have a
 single fiber
  feed to each location.  That means each fiber feed needs to
 carry
  traffic for both networks.  To keep the traffic separate, we
 partition
  the switch ports into two LANs: LAN 10 and LAN 20.  These two
 LANs in
  one switch are treated as unique.  To do this, the switch
 creates
  Virtual LANs or VLANs.  The fiber feeds are now trunks
 because a header
  is added to each frame to identify the VLAN it belongs to.
 
  So far so good?
 
  Why would we need a router?  To talk between VLANs.
 
  Do routers understand trunks?  Yes.
 
  This brings up one more concept:  the Router on a Stick.
 
  A router on a stick is a router with a single network
 connection.  This
  single connection is configured as a trunk so the router can
 see all the
  different VLANs.  If the router finds a packet on VLAN 10
 with a
  destination on VLAN 20, it rewrites the headers for the
 destination and
  puts it back on the same trunk with VLAN 20 headers.
 
  Remember:  replace layer 3 switch with router every time
 you see
  it.  That might make more sense.
 
  Hope this helps.
 
  Ken
 
   Stephen Hoover  02/17/03
 06:55PM 
  I appreciate everyone's input on this subject to help me
 understand
  this
  concept.
 
  As far as the newbies comment goes - I most definitely am.
 I'm about
  as
  green as they come. I have both my CCNA and my CCDA, but my
 only real
  experience is installing 2 T1s (at different locations) and
 configuring
  NAT
  for them. I have large amount of knowledge, just no
 experience. It has
  been
  my goal and my dream to become a serious network engineer for
 the last
  6
  years, but I just cannot seem to get a job that offers any
 experience.
  Everytime I get a network position, I just seemed to end up
 doing
  desktop
  support.
 
  When I first heard the term Layer 3 switching (some 4 years
 ago now)
  the
  first thing that popped into my mind was a switch that can
 route. I
  never
  even heard of a VLAN until a couple of years ago.
 
  The Cisco Study guide starts off talking about VLANs, and
 moves right
  into
  Inter-VLAN routing without ever really discussing Layer 3
 switching as
  a
  seperate process. This is really where my confusion started.
 The book
  makes
  it sound like L3 switching is directly dependent on VLANs,
 and I just
  didn't
  see it - it wasn't something I was just willing to accept.
 
  Further more, the book states that VLANs allow for physical
 

Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]

[Priscilla Oppenheimer]

Stephen Hoover wrote:
 
 Ken,
 
 Thanks for the input on this discussion. I follow and
 understand your
 example without any problems.
 
 Now if taking it back to the original original question -
 Does L3
 switching require VLANs - produces this question for your
 example:
 
 You state 1 fiber feed for both Science and Engineering in
 the Labs
 building. I am then assuming that they are all connected to the
 same set of
 switches (Layer 2) in that building.
 Could you have not just simply assigned the hosts for
 Science to 1 IP
 network and the hosts for Engineering to another IP network -
 then created
 respective gateway interfaces for each network back on the
 common Layer 3
 switch and accomplished the same thing??

It depends on the meaning of thing in your accomplish the same thing
comment. :-)

I think you already figured out your confusion and maybe this message is
old, but I'll reply just in case.

With your design you would accomplish connectivity. However, you would not
accomplish separation of broadcast traffic for the two user communities.
VLANs in the L2-switched part of the network give you that. VLANs have lots
of features, but that's one of their primary ones.

I think Ken's example is one of the cleanest I've seen. I may have to borrow
it for my classes.

Thanks for a good discussion, Stephen. 

THE END (hopefully! :-)

Priscilla

 
 If the answer is yes, I will followup with another
 question. If the
 answer is no, then please explain.
 
 Thanks!!
 
 Stephen
 - Original Message -
 From: Ken Diliberto 
 To: 
 Sent: Tuesday, February 18, 2003 12:24 AM
 Subject: Re: Does MLS (Layer 3 switching) require VLANs?
 [7:63147]
 
 
  Stephen,
 
  You're getting there.  Let me give an example of how VLANs
 are used
  (I'd draw a picture, but it probably wouldn't look good).
 
  For this example, let's use two of the colleges on my
 university
  network:  Science and Engineering.
 
  Each has their own block of IP addresses and want their
 traffic
  separate from the other.  They also want flat addressing (no
  subnetting).
 
  We have three buildings:  Science, Engineering and Labs. 
 Science and
  Engineering both have computer labs in the Labs building. 
 Each want
  their labs on their respective IP address blocks.
 
  If money were no object, this would be fairly easy with
 vanilla
  switches and a router with two ethernet interfaces.  Multiple
 fiber
  feeds and two sets of switches would be everywhere.
 
  With budget limitations (for this example), we only have a
 single fiber
  feed to each location.  That means each fiber feed needs to
 carry
  traffic for both networks.  To keep the traffic separate, we
 partition
  the switch ports into two LANs: LAN 10 and LAN 20.  These two
 LANs in
  one switch are treated as unique.  To do this, the switch
 creates
  Virtual LANs or VLANs.  The fiber feeds are now trunks
 because a header
  is added to each frame to identify the VLAN it belongs to.
 
  So far so good?
 
  Why would we need a router?  To talk between VLANs.
 
  Do routers understand trunks?  Yes.
 
  This brings up one more concept:  the Router on a Stick.
 
  A router on a stick is a router with a single network
 connection.  This
  single connection is configured as a trunk so the router can
 see all the
  different VLANs.  If the router finds a packet on VLAN 10
 with a
  destination on VLAN 20, it rewrites the headers for the
 destination and
  puts it back on the same trunk with VLAN 20 headers.
 
  Remember:  replace layer 3 switch with router every time
 you see
  it.  That might make more sense.
 
  Hope this helps.
 
  Ken
 
   Stephen Hoover  02/17/03
 06:55PM 
  I appreciate everyone's input on this subject to help me
 understand
  this
  concept.
 
  As far as the newbies comment goes - I most definitely am.
 I'm about
  as
  green as they come. I have both my CCNA and my CCDA, but my
 only real
  experience is installing 2 T1s (at different locations) and
 configuring
  NAT
  for them. I have large amount of knowledge, just no
 experience. It has
  been
  my goal and my dream to become a serious network engineer for
 the last
  6
  years, but I just cannot seem to get a job that offers any
 experience.
  Everytime I get a network position, I just seemed to end up
 doing
  desktop
  support.
 
  When I first heard the term Layer 3 switching (some 4 years
 ago now)
  the
  first thing that popped into my mind was a switch that can
 route. I
  never
  even heard of a VLAN until a couple of years ago.
 
  The Cisco Study guide starts off talking about VLANs, and
 moves right
  into
  Inter-VLAN routing without ever really discussing Layer 3
 switching as
  a
  seperate process. This is really where my confusion started.
 The book
  makes
  it sound like L3 switching is directly dependent on VLANs,
 and I just
  didn't
  see it - it wasn't something I was just willing to accept.
 
  Further more, the book states that VLANs allow for physical
 

Re: Switch Port [7:63275]

[MADMAN]

You first have to set the speed, it currently in auto.

C6509 (enable) set port speed 5/8 auto
Port(s)  5/8 speed set to auto detect.
C6509 (enable) set port duplex 5/8 half
Port 5/8 is in auto-sensing mode.
C6509 (enable) set port speed 5/8 100
Port(s)  5/8 speed set to 100Mbps.
C6509 (enable) set port duplex 5/8 half
Port(s)  5/8 set to half-duplex.
C6509 (enable)

   Dave

SamN wrote:
 switch1 (enable) set port duplex 6/8 half
 Port 6/8 is in auto-sensing mode.
 
 The above switch is a 6500. AS i understand, the ports can be set to
 full,half or auto but when i try setting it to half, it doesn't allow me
to.
 
 thank you
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

You don't make the poor richer by making the rich poorer. --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63292t=63275
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cat 6000 PCMCIA Flash Card Same as 3600? [7:63293]

[Bob Sinclair]

I would like to buy a flash PC card for my Cat 6000 with Sup1A.  I know
there are different file system formats for various devices, but do the 3600
and 6000 cards have the same physical spec?  Can I use the same card in both
devices if I reformat?

Thanks,

-Bob Sinclair




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63293t=63293
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE written exercise question [7:63247]

[Daniel Cotts]

Problem being that Cisco uses the term attribute in the discussion of
weight. Source BSCN ver1.0 Training Materials.
There is a page listing the various types of attributes and which attributes
fall under each type. A kicker line states In addition, Cisco has defined
a weight attribute for BGP.
Following pages explain the various attributes.
Page for Weight has slide Weight Attribute (Cisco Only) with discussion:
The weight attribute is a Cisco-defined attribute used for the path
selection process. The weight is configued locally to a router and is not
propagated to any other routers. ... etc.
So the right answer vs the Cisco answer. Maybe we can say it's an
attribute for CCNP exams and not an attribute at NANOG meetings.

 -Original Message-
 From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, February 18, 2003 12:19 PM
 To: [EMAIL PROTECTED]
 Subject: RE: CCIE written exercise question [7:63247]
 
 
 At 4:06 PM + 2/18/03, Daniel Cotts wrote:
 In line:
 
   -Original Message-
   From: lee wooi keat [mailto:[EMAIL PROTECTED]]
   Sent: Tuesday, February 18, 2003 4:51 AM
   To: [EMAIL PROTECTED]
   Subject: CCIE written exercise question [7:63247]
 
 
   All,
 
   I'm preparing CCIE written exam and encounter some tricky
   questions in
   exercise. Would like to ask for help for those who can solve it:
   1) Which one is NOT Well-known attribute for BGP ?
   - local preference = Well-known discretionary attribute
   - origin = Well-known mandatory attribute
   - weight = Cisco proprietary attribute
   - community = Optional Transitive attribute
   - cluster-id = Used in configuring Route Reflectors
 
   You can only choose one out of 5.
 Problem is that only two are well-known attributes. If they 
 allow any of the
 three then this is an easy question. (grin) Maybe the 
 question should have
 asked Which one is not a BGP attribute?
 
 
 Good point, and I have to remember exactly the way I wrote the 
 question (if indeed it's mine -- I don't remember including 
 cluster-ID in the CertZone question).
 
 The point I was driving at when I wrote a question on this, and was 
 not trying to give it away, is that weight is NOT an attribute at 
 all.  It is never sent in BGP but is local to the router.  All the 
 others can be transmitted in BGP, but, as you point out, not all are 
 well-known.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63294t=63247
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE written exercise question [7:63247]

[Howard C. Berkowitz]

At 3:27 PM -0600 2/18/03, Daniel Cotts wrote:
Problem being that Cisco uses the term attribute in the discussion of
weight. Source BSCN ver1.0 Training Materials.
There is a page listing the various types of attributes and which attributes
fall under each type. A kicker line states In addition, Cisco has defined
a weight attribute for BGP.

If you listen closely, you can hear the sound of my head pounding on 
the desk so it will feel good when I stop. Maybe this should get 
copied to Phil Smith or Barry Greene.

Following pages explain the various attributes.
Page for Weight has slide Weight Attribute (Cisco Only) with discussion:
The weight attribute is a Cisco-defined attribute used for the path
selection process. The weight is configued locally to a router and is not
propagated to any other routers. ... etc.

Of course! It has to be a BGP attribute to be propagated!

So the right answer vs the Cisco answer. Maybe we can say it's an
attribute for CCNP exams and not an attribute at NANOG meetings.

*moan*


  -Original Message-
  From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]]
  Sent: Tuesday, February 18, 2003 12:19 PM
  To: [EMAIL PROTECTED]
  Subject: RE: CCIE written exercise question [7:63247]


  At 4:06 PM + 2/18/03, Daniel Cotts wrote:
  In line:
  
-Original Message-
From: lee wooi keat [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 18, 2003 4:51 AM
To: [EMAIL PROTECTED]
Subject: CCIE written exercise question [7:63247]
  
  
All,
  
I'm preparing CCIE written exam and encounter some tricky
questions in
exercise. Would like to ask for help for those who can solve it:
1) Which one is NOT Well-known attribute for BGP ?
-   local preference = Well-known discretionary attribute
-   origin = Well-known mandatory attribute
-   weight = Cisco proprietary attribute
-   community = Optional Transitive attribute
-   cluster-id = Used in configuring Route Reflectors
  
You can only choose one out of 5.
  Problem is that only two are well-known attributes. If they
  allow any of the
  three then this is an easy question. (grin) Maybe the
  question should have
  asked Which one is not a BGP attribute?
  

  Good point, and I have to remember exactly the way I wrote the
  question (if indeed it's mine -- I don't remember including
  cluster-ID in the CertZone question).

  The point I was driving at when I wrote a question on this, and was
  not trying to give it away, is that weight is NOT an attribute at
  all.  It is never sent in BGP but is local to the router.  All the
  others can be transmitted in BGP, but, as you point out, not all are
   well-known.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63295t=63247
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Firewall/PIX help.... [7:63167]

[BJ Rice]

The PIX does have IDS capabilities, but very rudimentary.  no anti-virus or
content filtering.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63296t=63167
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IP Helper with Netware 5.1 and win 9598 [7:63297]

[Firesox]

I have two ip-helper addresses configured on 2621 which connects to another
2621 at the HUB where DHCP servers reside.
I have 2 Novell Netware 5.1 servers as DHPC servers.  Lease is set to 3 days
Everthing is working as expected except windows 95 and 98 clients are not
renewing the IP after three days.
If you manually release and renew the IP, it works fine, but when users turn
on the pc after the lease has expired, it's not renewing it automatically.

DCHP clients on the hub site are working just fine using same DHCP servers.

Rihgt now the Helper addresses are set to unicast address pointing to those
two servers.
I was wondering if setting the helper address to subnet broadcast address
makes any difference.

Thanks in advance.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63297t=63297
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: access-list acl_out permit ip impact [7:63234]

[Curious]

Here is a correct statment for Access group

access-group acl_out in interface outside


Rest is correct.


--
Curious

MCSE, CCNP
Ismail Al-Shelh  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 10.10.0.0 255.255.0.0---515E PIX FIREWALL--1750
 ROUTER10.15.0.0 255.255.0.0

 10.15.0.0 Is the inside network
 10.10.10.0 Is the outside network

 In CISCO PIX FIREWALL  Version 6.1(4), what is the impact of this command?


 access-list acl_out permit ip 10.10.0.0 255.255.0.0 10.15.0.0 255.255.0.0
 access-group in interface outside

 does it mean that the 10.10 network can reach 10.15 network through any
port
 !
 and if not then how can I let the 10.10 network can reach 10.15 network
 through any port !


 is IP include TCP and UDP ?

 Please help me with the exact impact of this command.



 Ismail Al-Shelh
 Abdulla Fouad Company
 Network Engineer
 CD-Dammam




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63298t=63234
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: clearing conduit [7:63278]

[Keith Campbell]

Not sure if this is possible on PIX, but I've done this with access lists on
routers.
you would need tftp access to the router / pix in question.
copy the running config to the tftp server and modify the copy on the tftp
server.
copy from the tftp server to STARTUP config.
then issue copy start run.

AFAIK this should work, but the safer way is definitely out of band as
Daniel has already mentioned.

Keith
Sam Sneed  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I've thought of this and will have this in place as well. So then I guess
 that there is no way to add to middle of conduit without locking yourself
 out.

 Daniel Cotts  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Look at the problem from another direction. How about a modem connected
to
 a
  terminal server. The TS connects to the PIX console port. That way your
  connection is out-of-band. I'd agree that the modem should be powered
off
  except when needed. Local admin staff would have to hit the big red
  switch.
 
   -Original Message-
   From: Sam Sneed [mailto:[EMAIL PROTECTED]]
   Sent: Tuesday, February 18, 2003 11:32 AM
   To: [EMAIL PROTECTED]
   Subject: clearing conduit [7:63278]
  
  
   Lets say you are administering a PIX remotely. You SSH into a
   machine on the
   PIX's internal network and from there you telnet into the
   PIX. Security is
   via conduits and it might look like this:
  
   conduit permit tcp 192.168.43.0 255.255.255.255 eq 22 any
   conduit permit tcp 192.168.43.0 255.255.255.255 eq 80 any
   conduit permit tcp 192.168.43.0 255.255.255.255 eq 443 any
  
  
   No I want to put
   conduit permit tcp 192.168.43.0 255.255.255.255 eq 21 any
  
   in between the top 2 statements. Why it needs to be there is
   not important,
   this is a theoreitcal question.
   How can I do this without blocking myself out of the PIX?
   I imagine I would have to do a clear conduit and then enter
   the whole new
   list in again since you can't add a statement in the middle
   of a conduit.
   Once I do clear conduit I'd suspect I'd be blocked out before
   I can add the
   new conduit.
  
   Is this true? I know I could probably use access-lists to do
   this but I'm
   speaking strictly about conduits when I ask this question.
  
   The main question is if I'm administering the PIX remotely
   and need to add a
   conduit anywhere except the end of the list then how can I do
   that without
   locking myself out.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63299t=63278
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CS11152 MIB's [7:63300]

[Sam Sneed]

Anyone know where I can download these? I couldn't find them on Cisco site.
I'd like to get CPU stats on my CSS11152 via snmp.

thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63300t=63300
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Aironet Client Adaptor Software with Avaya Wireless Card [7:63302]

[Firesox]

I have :Cisco ACS with Aironet 350 and all clients have Avaya Gold card
installed.
Is it possible to use the EAP in this scenario?  Could I load the newest
version of client adaptor firmware from Cisco on Avaya cards?

I need to secure the authentication using ACS and EAP using Avaya Cards.

Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63302t=63302
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]

[Ken Diliberto]

Priscilla,

All I want is credit.  :-)

Some guy on one of the many mailling lists I frequent put it this
way:   (maybe not)

Ken

 Priscilla Oppenheimer  02/18/03 12:06PM

[snip]

I think Ken's example is one of the cleanest I've seen. I may have to
borrow it for my classes.

[snip]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63303t=63147
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Layer 3 switching [7:63304]

[Han Chuan Alex Ang]

hi, I am trying to have a clearer picture of the layer 3 switching 

concept. 

Assuming that I have a Core Catalyst 6 series switch with layer 3 

switching capabilities, I have a Access layer switch connected to the 

core with two port label Vlan 1 subnet 1 and Vlan 2 subnet 2,

when frames is sent from from Vlan 1 to Vlan 2 on the same Access 

switch, my understanding is that for layer 3 switching , it will 

evoke a route one and switch the rest concept , my question is that,

after the first route , if no Access list has been created, will the 

the Access switch be smart enough to perform internal 

switching, that is , frame direct from Vlan 1 to Vlan 2 internally 

within the Access switch. If the answer is no, Are there switches on 

the market that is routing by this concept, please advice , 

thanks to all the guys who have tried to entertain all my questions






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63304t=63304
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Firewall/PIX help.... [7:63167]

[Albert Lu]

I thought the PIX can do content filtering if hooked up with websense?
Doesn't it use WCCP to do this.

Sonicwall says it can do inbuilt anti-virus, content filtering. But it looks
like its a subscription based service so it's not really your firewall doing
these functions.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 19, 2003 8:42 AM
To: [EMAIL PROTECTED]
Subject: RE: Firewall/PIX help [7:63167]


The PIX does have IDS capabilities, but very rudimentary.  no anti-virus or
content filtering.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63306t=63167
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE written exercise question [7:63247]

[Kazan, Naim]

Mr. Berkowitz


If it wasn't for your humor companied with your experience and knowledge, I
would have went into a coma from reading other postings. Keep up the work
and don't stop rocking the boatDUDE.

-Original Message-
From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, February 18, 2003 4:41 PM
To: [EMAIL PROTECTED]
Subject: RE: CCIE written exercise question [7:63247]


At 3:27 PM -0600 2/18/03, Daniel Cotts wrote:
Problem being that Cisco uses the term attribute in the discussion of 
weight. Source BSCN ver1.0 Training Materials. There is a page listing 
the various types of attributes and which attributes fall under each 
type. A kicker line states In addition, Cisco has defined a weight 
attribute for BGP.

If you listen closely, you can hear the sound of my head pounding on 
the desk so it will feel good when I stop. Maybe this should get 
copied to Phil Smith or Barry Greene.

Following pages explain the various attributes.
Page for Weight has slide Weight Attribute (Cisco Only) with 
discussion: The weight attribute is a Cisco-defined attribute used for 
the path selection process. The weight is configued locally to a router 
and is not
propagated to any other routers. ... etc.

Of course! It has to be a BGP attribute to be propagated!

So the right answer vs the Cisco answer. Maybe we can say it's an 
attribute for CCNP exams and not an attribute at NANOG meetings.

*moan*


  -Original Message-
  From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]]
  Sent: Tuesday, February 18, 2003 12:19 PM
  To: [EMAIL PROTECTED]
  Subject: RE: CCIE written exercise question [7:63247]


  At 4:06 PM + 2/18/03, Daniel Cotts wrote:
  In line:
  
-Original Message-
From: lee wooi keat [mailto:[EMAIL PROTECTED]]Sent: 
 Tuesday, February 18, 2003 4:51 AMTo: [EMAIL PROTECTED]
Subject: CCIE written exercise question [7:63247]
  
  
All,
  
I'm preparing CCIE written exam and encounter some tricky
questions in
exercise. Would like to ask for help for those who can solve it:
1) Which one is NOT Well-known attribute for BGP ?
-   local preference = Well-known discretionary attribute
-   origin = Well-known mandatory attribute
-   weight = Cisco proprietary attribute
-   community = Optional Transitive attribute
-   cluster-id = Used in configuring Route Reflectors
  
You can only choose one out of 5.
  Problem is that only two are well-known attributes. If they
  allow any of the
  three then this is an easy question. (grin) Maybe the
  question should have
  asked Which one is not a BGP attribute?
  

  Good point, and I have to remember exactly the way I wrote the  
 question (if indeed it's mine -- I don't remember including  
 cluster-ID in the CertZone question).

  The point I was driving at when I wrote a question on this, and was  
 not trying to give it away, is that weight is NOT an attribute at  
 all.  It is never sent in BGP but is local to the router.  All the  
 others can be transmitted in BGP, but, as you point out, not all are
   well-known.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63307t=63247
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]

[The Long and Winding Road]

Ken Diliberto  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Priscilla,

 All I want is credit.  :-)


if it makes you feel better, Ken, I always credit you with at least two
cents worth

I'm going to be visiting some of your compadres int the next couple of
weeks. Dare I drop your name? ;-



 Some guy on one of the many mailling lists I frequent put it this
 way:   (maybe not)

 Ken

  Priscilla Oppenheimer  02/18/03 12:06PM
 
 [snip]

 I think Ken's example is one of the cleanest I've seen. I may have to
 borrow it for my classes.

 [snip]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63305t=63147
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Firewall/PIX help.... [7:63167]

[Thomas Larus]

Sonic Wall Firewalls can do some content filtering and there is an antivirus
option you can get.  No IDS, though.  Pix has a rudimentary IDS, as has been
stated.  It has 59 signatures or so.

Tom Larus
Gunjan Mathur  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi,

 I'm looking for  firewall solution for my company, we
 have two WAN connections and currently my users are
 connected thru two proxy m/c to Internet.

 Which PIX model would server the needs.
 I also need content filtering, Intrustion detection
 and Anti-virus protection on firewall itself.

 Is all these things are possible on PIX?

 TIA


 __
 Do you Yahoo!?
 Yahoo! Shopping - Send Flowers for Valentine's Day
 http://shopping.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63308t=63167
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

native vlan, trunking question [7:63309]

[supernet]

I'm confused on native vlan and trunking. Can I assign a port to a trunk
(for all the vlans), then assign that port to a vlan100? Does that port
belong to native vlan100? What means native vlan? Thanks. Yoshi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63309t=63309
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

100 Mbps on Cat3 or Cat4 [7:63310]

[Pat Do]

Are unintelligent 10 Mbps hubs better than unintelligent 10/100 Mbps
switches when the network cables that connect the PCs to the hub or switch
are Cat3 or Cat4?

I provide network services to dozens of non-profits.  Most of the sites have
Cat3 or Cat4 cabling. I have a co-worker who says that 10 Mbps hubs should
be used until the sites are upgraded to Cat5 (which won't be happening any
time soon).

His rational: If the PC NICs are set to auto detect speed and the
unintelligent 10/100 switch is set to auto detect speed, that data will try
to pass through the Cat3 or Cat4 wire at 100 Mbps.  He says that while the
data can pass thru the wire at those rates, it's the signaling that gets
scrambled at that rate on a Cat3 or Cat4 wire.  Consequently, to prevent
signaling problems that may in turn cause data integrity problems, he's
recommending to use 10 Mbps hubs.  Is this a valid argument?

Note: New, unintelligent 10 Mbps hubs appear to be becoming less available
and more costly relative to unintelligent 10/100 Mbps switches as time goes
on.  Consequently, this issue is starting to have financial implications.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63310t=63310
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CS11152 MIB's [7:63300]

[John Neiberger]

I believe the MIBs are on the CSS itself.  Use an FTP client to browse the
box and you'll find them somewhere.  I'm at home at the moment and I can't
remember which directory they're in but it seems like it's fairly clear when
you see it.

John

Sam Sneed  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Anyone know where I can download these? I couldn't find them on Cisco
site.
 I'd like to get CPU stats on my CSS11152 via snmp.

 thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63311t=63300
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Layer 3 switching [7:63304]

[Robert Edmonds]

I'm fairly certain the answer to your first question is no, the switch will
not be intelligent enough to switch it to the appropriate port
automatically.  The reason is that the switch must go through a layer 3
device to get from one VLAN (aka IP subnet) to another.  I don't think this
is a real issue since the rest of the traffic is switched at wire speed,
introducing very little (almost no) latency.  There are however switches on
the market, even by Cisco that will do this.  Any layer 3 switch will do.
For example, the Cisco 2948G-L3 switch.  Check out their website under
Products and Technologies for more information.


Han Chuan Alex Ang  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 hi, I am trying to have a clearer picture of the layer 3 switching

 concept.

 Assuming that I have a Core Catalyst 6 series switch with layer 3

 switching capabilities, I have a Access layer switch connected to the

 core with two port label Vlan 1 subnet 1 and Vlan 2 subnet 2,

 when frames is sent from from Vlan 1 to Vlan 2 on the same Access

 switch, my understanding is that for layer 3 switching , it will

 evoke a route one and switch the rest concept , my question is that,

 after the first route , if no Access list has been created, will the

 the Access switch be smart enough to perform internal

 switching, that is , frame direct from Vlan 1 to Vlan 2 internally

 within the Access switch. If the answer is no, Are there switches on

 the market that is routing by this concept, please advice ,

 thanks to all the guys who have tried to entertain all my questions




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63312t=63304
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ISDN Switch and BRi config [7:63313]

[McHugh Randy]

What command can i use to tell if my ISDN switch is turned on and operating
properly between two bri0 int on routers?
here is what I have configured
r1
interface BRI0
 ip address 150.100.7.1 255.255.255.0
 encapsulation ppp
 ip ospf demand-circuit
 dialer map ip 150.100.7.2 broadcast 2002
 dialer-group 1
 isdn switch-type basic-5ess
dialer-list 1 protocol ip permit
1#sh isdn status 
Global ISDN Switchtype = basic-5ess
ISDN BRI0 interface
dsl 0, interface ISDN Switchtype = basic-5ess
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 64, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Layer 3 Status:
0 Active Layer 3 Call(s)
Active dsl 0 CCBs = 0
The Free Channel Mask:  0x8003
Number of L2 Discards = 0, L2 Session ID = 1
Total Allocated ISDN CCBs 
r2#sh run int bri0
Building configuration...

Current configuration : 166 bytes
!
interface BRI0
 ip address 150.100.7.2 255.255.255.0
 encapsulation ppp
 dialer map ip 150.100.7.1 broadcast 2001
 dialer-group 1
 isdn switch-type basic-5ess
end
r2#sh isdn stat
Global ISDN Switchtype = basic-5ess
ISDN BRI0 interface
dsl 0, interface ISDN Switchtype = basic-5ess
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 64, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Layer 3 Status:
0 Active Layer 3 Call(s)
Active dsl 0 CCBs = 0
The Free Channel Mask:  0x8003
Number of L2 Discards = 0, L2 Session ID = 0
Total Allocated ISDN CCBs = 0
r2#

I have it configured by cant ping from r1 to r2 and not sure why
thx



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63313t=63313
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX enable SYN Floodguard by default on outer int? [7:63314]

[Robert Edmonds]

Check the following link and see if it has the answer to your question:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration
_guide_chapter09186a008008d313.html


Richard Campbell  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi..  Group,

 May I know whether the SYN Floodguard is enabled on PIX outside interface
or
 I have to manually enable by the following command

 PIX(config)#nat (outside) 1 0.0.0.0 0.0.0.0 8000 8000

 Is the command correct? assuming my nat_id is 1.

 Thanks a lot







 _
 Add photos to your messages with MSN 8. Get 2 months FREE*.
 http://join.msn.com/?page=features/featuredemail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63314t=63314
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IP Helper with Netware 5.1 and win 9598 [7:63297]

[Priscilla Oppenheimer]

Firesox wrote:
 
 I have two ip-helper addresses configured on 2621 which
 connects to another
 2621 at the HUB where DHCP servers reside.

Do you have two ip helper addresses on the same interface? Does that really
do any good or does the first one just get used all the time? Or do you mean
two helper addresses, one on one interface and one on another.

 I have 2 Novell Netware 5.1 servers as DHPC servers. 

Are the Novell DHCP servers on the same LAN, IP subnet, broadcast domain?

 Lease is
 set to 3 days
 Everthing is working as expected except windows 95 and 98
 clients are not
 renewing the IP after three days.
 If you manually release and renew the IP, it works fine, but
 when users turn
 on the pc after the lease has expired, it's not renewing it
 automatically.
 
 DCHP clients on the hub site are working just fine using same
 DHCP servers.
 
 Rihgt now the Helper addresses are set to unicast address
 pointing to those
 two servers.
 I was wondering if setting the helper address to subnet
 broadcast address
 makes any difference.

You need to find out why this is happening. Do the clients attempt to renew,
i.e. send the DHCP requests or are they just silent?

If the DHCP clients attempt to renew and their server (i.e. the one that
their helper address points to) doesn't respond, it might help to change the
helper address to broadcast to give the other server a chance to reply,
assuming the servers are on the same LAN. The other router would have to
forward directed broadcasts for the broadcast to end up on the LAN.

But it wouldn't be advisable to make this change without knowing why the
problem is happening and what negative side effects could occur from the
change.

Priscilla


 
 Thanks in advance.
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63315t=63297
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]

[Kelly Cobean]

Priscilla,
Ok, you caught me not telling the whole truth.  There is a second VLAN
on the switch, but my point was that the MLS cache is full of entries for
one host talking to another host off of the same VLAN interface but on a
secondary subnet, indicating that L3 switching (routing) took place for that
data-flow...So now I guess there are two hands clapping ;-)  You sure do
keep us all on our toes!!!  Thanks!

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 18, 2003 1:08 AM
To: [EMAIL PROTECTED]
Subject: RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]


I'm loath to continue this discussion, but I do have a question for Kelly.
Why do you have a VLAN at all in your example?? Isn't a single VLAN sort of
like one hand clapping? Seriously, what role is it playing in your network?

Of course you don't have to have VLANs to do routing/L3 switching, as you
probabaly know. But maybe there's some weird configuration gotcha, specific
to the 6509? Just curious. Thanks.

Larry said the majority of the Cisco campus is networked with L3 switches
and not using vlans. That says a lot right there!

Priscilla

Kelly Cobean wrote:

 All,
I'd like to add to this something that I haven't seen in
 other posts yet,
 and that is a quick look at layer2 function.  I have a Catalyst
 6509 with an
 MSFC on it.  There is only *ONE* VLAN configured on the MSFC,
 however, that
 VLAN has several secondary addresses assigned to it (I know,
 not a great
 solution, but let's not go there).  If I do a show mls entry
 on my switch,
 it is full of entries for hosts talking to hosts on the same
 VLAN.  My
 point?  When a host wants to talk to a host on another subnet
 (VLAN or not),
 it ANDs the address with it's own mask, determines that the
 host is in fact
 on a different subnet, then arps (if necessary) for it's
 default gateway
 (the MSFC) and sends the packet on it's way.  The 6509/MSFC
 receive the
 packet and begin the MLS cache setup process (candidate packet,
 timeout,
 etc).  All this is still done inspite of the fact that the MSFC
 only has a
 single VLAN.

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
 Behalf Of
 Stephen Hoover
 Sent: Monday, February 17, 2003 8:33 PM
 To: [EMAIL PROTECTED]
 Subject: Re: Does MLS (Layer 3 switching) require VLANs?
 [7:63147]


   -
   actually it is by doing secondaries, but i would highly
 recommend doing
   vlans if possible. keep it clean and simple.
 
 
  one may also configure the physical interfaces as L3
 interfaces - just as
  one might do on a router with several ethernet ports.


 Oo ok, now THAT statement leads me to believe the L3
 switching IS
 possible without VLANs.


 -Stephen




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63316t=63147
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Layer 3 switching [7:63304]

[Howard C. Berkowitz]

At 1:57 AM + 2/19/03, Han Chuan Alex Ang wrote:
hi, I am trying to have a clearer picture of the layer 3 switching

concept.

Assuming that I have a Core Catalyst 6 series switch with layer 3

switching capabilities, I have a Access layer switch connected to the

core with two port label Vlan 1 subnet 1 and Vlan 2 subnet 2,

when frames is sent from from Vlan 1 to Vlan 2 on the same Access

switch, my understanding is that for layer 3 switching , it will

evoke a route one and switch the rest concept , my question is that,

after the first route , if no Access list has been created, will the

the Access switch be smart enough to perform internal

switching, that is , frame direct from Vlan 1 to Vlan 2 internally

within the Access switch.

I'm not sure exactly what you are describing, but the first question 
in my mind is what MAC address would be in the source field of the 
frame going to VLAN 2. Could make for some pretty confused ARP 
tables.  Would the IP address have to be rewritten if it now 
corresponds to a different MAC address?


If the answer is no, Are there switches on

the market that is routing by this concept, please advice ,

What problem are you trying to solve? I can't see the difference as 
involving any significant delay, and I still don't quite see what the 
subnet relationships will be.


thanks to all the guys who have tried to entertain all my questions




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63319t=63304
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Layer 3 switching [7:63304]

[Priscilla Oppenheimer]

Han Chuan Alex Ang wrote:
 
 hi, I am trying to have a clearer picture of the layer 3
 switching
 
 concept. 
 
 Assuming that I have a Core Catalyst 6 series switch with layer
 3
 
 switching capabilities, I have a Access layer switch connected
 to the
 
 core with two port label Vlan 1 subnet 1 and Vlan 2 subnet 2,
 
 when frames is sent from from Vlan 1 to Vlan 2 on the same
 Access
 
 switch, my understanding is that for layer 3 switching , it
 will
 
 evoke a route one and switch the rest concept ,

Layer 3 switching just means routing. 

What you're talking about is an advanced feature of some switches whereby
the L3 core switch can tell the L2 access switch how to encapsulate and
forward the packets for this flow on its own in the future. This is
sometimes called distributed switching or multi-layer switching, although
both those terms get used in other ways too.

Many Cisco switches don't support this, but some do. Both the core and the
access switch would have to support this advanced feature for it to work.
The Catalyst 6000 does support it.

The L3 core switch has a route processor in it. It acts as a router. It
talks to the L2 access switch's switching engine with a protocol such as
Cisco's Multilayer Switching Protocol (MLSP) to let the L2 switch know how
to handle the packets in the future.

Architecturally it's no different than a router that has a route processor
and a forwarding engine, except that now the jobs are being done in two boxes.

It's not accurate to equate this behavior with L3 switching. It's more
accuate to say this behavior is one feature of some advanced L3 switches.
Notice that it requires an additional protocol. It also requires quite a few
non-default configuration commands.

Priscilla

 my question is
 that,
 
 after the first route , if no Access list has been created,
 will the
 
 the Access switch be smart enough to perform internal 
 
 switching, that is , frame direct from Vlan 1 to Vlan 2
 internally
 
 within the Access switch. If the answer is no, Are there
 switches on
 
 the market that is routing by this concept, please advice , 
 
 thanks to all the guys who have tried to entertain all my
 questions
 
 
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63317t=63304
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Where physically does NAT take place, VIP or RSP? [7:63318]

[Scott Nelson]

On a 75XX w/ 4-50 cards, where does NAT actually happen at? Does it happen
on the VIPs or on the RSP?
I am hoping that it happens between the VIPs like dCEF

I need to setup a temp link for backup purposes and if the VIPs do the
NATing, If I can get by with an RSP2 with VIP4-50's, I won't have to get an
RSP8.
It will be NATing a DS-3 so, I want make sure I don't run out of resources. 
Can't seem to find out where it happens on Cisco's website.

Anyone know where NAT actually takes place?

Scotty


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63318t=63318
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Isdn error with PPP - Well...NEVER again !!!! [7:63301]

[Cisco Nuts]

Alright!! After many many months of frustration with what I thought was a
problem with ppp encap, it turned out to be something else.
As Stuart correctly pointed me to this url (which I have no idea why I
did not look it up earlier) the problem lies with using LDN along with
the SPID #'s. Thank you Stuart for this one.

I tested it first using just plain HDLC, then with plain PPP, then added
ppp auth chap, then ppp chap hostanme and then with finally what I
presumed to be the culprit, ppp multilink. But lo behold!! all of these
worked with NO problem when the LDN # is not specified along with the
SPID #.

Here is my config:

Current configuration : 455 bytes
!
interface BRI0
 ip address 9.9.9.1 255.255.255.0
 encapsulation ppp
 ip ospf network broadcast
 ip ospf demand-circuit
 dialer map ip 9.9.9.2 broadcast 5553000
 dialer load-threshold 1 either
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 055511
 isdn spid2 055521
 cdapi buffers regular 0
 cdapi buffers raw 0
 cdapi buffers large 0
 ppp authentication chap
 ppp chap hostname backup
 ppp chap password 7 121A061902
 ppp multilink
end

R8#ping 9.9.9.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 9.9.9.2, timeout is 2 seconds:
!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/38/40 ms
R8#

Hope this helps others like me with similiar problems

From: Stuart Potts Reply-To: Stuart Potts To: [EMAIL PROTECTED]
Subject: RE: Isdn error with PPP - Why always?? [7:63255] Date: Tue, 18
Feb 2003 16:34:19 GMT  For more information; 
http://www.cisco.com/warp/public/129/bri_invalid_spid.html  regards 
/Stuart  -Original Message- From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of MADMAN Sent: 18 February
2003 15:06 To: [EMAIL PROTECTED] Subject: Re: Isdn error with PPP -
Why always?? [7:63255]   try debug isdn q931, this may give you some
more info.   Dave  Cisco Nuts wrote:   Hello, Just set up basic
Isdn b/w 2 routers using the default hdlc encap   and was working
perfectly fine till I changed the encap to ppp, ppp auth   chap, ppp
multilink and ppp chap hostname R7. Then it just stopped   working :-
out this msg. on the screen:R8-G#   4d19h:
%ISDN-4-INVALID_CALLEDNUMBER: Interface BR0, Ignoring call, LDN   and
Called Party Number mismatch I looked to see if the called number had  
changed even though I had not touched it. It is still valid and so are 
 the spids. R8-G#ri b0   Building configuration...Current
configuration : 353 bytes   !   interface BRI0   ip address 9.9.9.1
255.255.255.0   ip ospf demand-circuit   dialer idle-timeout 90  
dialer map ip 9.9.9.1 broadcast 5553000   dialer load-threshold 1
outbound   dialer-group 1   isdn switch-type basic-ni   isdn spid1
055511 5551000   isdn spid2 055521 5552000   R8-G#sh is st 
 TEI   Global ISDN Switchtype = basic-niter Age Seq# C   Layer 1
Status:   ACTIVE   Layer 2 Status:   TEI = 123, Ces = 1, SAPI = 0,
State = MULTIPLE_FRAME_ESTABLISHED   TEI = 124, Ces = 2, SAPI = 0,
State = MULTIPLE_FRAME_ESTABLISHED   TEI 123, ces = 1, state = 5(init)
  spid1 configured, spid1 sent, spid1 valid   Endpoint ID Info: epsf
= 0, usid = 1, tid = 1   TEI 124, ces = 2, state = 5(init)   spid2
configured, spid2 sent, spid2 valid   Endpoint ID Info: epsf = 0, usid
= 3, tid = 1   Layer 3 Status:   0 Active Layer 3 Call(s)  
CCB:callid=801C, sapi=0, ces=1, B-chan=1, calltype=DATA   Active dsl 0
CCBs = 1   The Free Channel Mask: 0x8002   Total Allocated ISDN
CCBs = 1 I am beginning to guess that the problem is   a HARDWARE one
with the ISDN switch being the culprit. I guess as usual I   need to
give it rest for a couple of hours and start it again for this to  
work with just HDLC encap. To think that I was told that the Merge  
switch was the Rolls Royce of ISDN switches when I paid a million $$ 
 for it last year :-(But if any one has any suggestions/advice, I would
  gratefully appreciate it.Thank you.Sincerely,CN

STOP MORE SPAM with the new MSN 8 and get 2 months FREE* --
David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications
612-664-3367  You don't make the poor richer by making the rich
misconduct and Nondisclosure violations to [EMAIL PROTECTED]



MSN 8 helps ELIMINATE E-MAIL VIRUSES. Get 2 months FREE*.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63301t=63301
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Does switching on same card use backplane BW? [7:63320]

[Scott Nelson]

Does switching on same card use backplane BW?

If, say, I am doing MLS ( L3 switching ) on a CAT 5000, and I setup two
hosts, one on port 1 and the other one port 2 on the same card ( ws-x5201R
which does the L3 MAC rewrite itself ), does this type of setup use any
backplane bandwidth?

Or does it still have to pass through the SUP?

TIA

Scotty


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63320t=63320
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Isdn error with PPP - Why always?? [7:63255]

[Cisco Nuts]

Now I had definitely heard of the notorios ppp multilink!! Just haven't
nailed it down for now.

Also using peer ip address and no peer neighbor-route.

I will try it later as I am hesitant to use ppp encap right now lest I
get frustrated and lose another hour in my studies. I had to reboot the
switch and the routers and with hdlc encap, dialer profiles, floating
statics, backup intf's. work like a champ along with legacy ddr.

Thank you.

Sincerely,

CN

From: Debbie Westall Reply-To: Debbie Westall To:
[EMAIL PROTECTED] Subject: Re: Isdn error with PPP - Why always??
[7:63255] Date: Tue, 18 Feb 2003 17:02:46 GMT  I frequently have
trouble when I go from hdlc to ppp. Usually it's something I didn't
configure with the ppp. I take one command out at a time that I added
until things come back up. I start with removing ppp multilink.  also
you may want to turn on some debugs  debug dialer debug ppp negot
debug ppp authen   Debbie  On Tue, 18 Feb 2003, Cisco Nuts wrote: 
  Hello, Just set up basic Isdn b/w 2 routers using the default hdlc
encap   and was working perfectly fine till I changed the encap to ppp,
ppp auth   chap, ppp multilink and ppp chap hostname R7. Then it just
stopped   working :- out this msg. on the screen:R8-G#   4d19h:
%ISDN-4-INVALID_CALLEDNUMBER: Interface BR0, Ignoring call, LDN   and
Called Party Number mismatch I looked to see if the called number had  
changed even though I had not touched it. It is still valid and so are 
 the spids. R8-G#ri b0   Building configuration...Current
configuration : 353 bytes   !   interface BRI0   ip address 9.9.9.1
255.255.255.0   ip ospf demand-circuit   dialer idle-timeout 90  
dialer map ip 9.9.9.1 broadcast 5553000   dialer load-threshold 1
outbound   dialer-group 1   isdn switch-type basic-ni   isdn spid1
055511 5551000   isdn spid2 055521 5552000   R8-G#sh is st 
 TEI   Global ISDN Switchtype = basic-niter Age Seq# C   Layer 1
Status:   ACTIVE   Layer 2 Status:   TEI = 123, Ces = 1, SAPI = 0,
State = MULTIPLE_FRAME_ESTABLISHED   TEI = 124, Ces = 2, SAPI = 0,
State = MULTIPLE_FRAME_ESTABLISHED   TEI 123, ces = 1, state = 5(init)
  spid1 configured, spid1 sent, spid1 valid   Endpoint ID Info: epsf
= 0, usid = 1, tid = 1   TEI 124, ces = 2, state = 5(init)   spid2
configured, spid2 sent, spid2 valid   Endpoint ID Info: epsf = 0, usid
= 3, tid = 1   Layer 3 Status:   0 Active Layer 3 Call(s)  
CCB:callid=801C, sapi=0, ces=1, B-chan=1, calltype=DATA   Active dsl 0
CCBs = 1   The Free Channel Mask: 0x8002   Total Allocated ISDN
CCBs = 1 I am beginning to guess that the problem is   a HARDWARE one
with the ISDN switch being the culprit. I guess as usual I   need to
give it rest for a couple of hours and start it again for this to  
work with just HDLC encap. To think that I was told that the Merge  
switch was the Rolls Royce of ISDN switches when I paid a million $$ 
 for it last year :-(But if any one has any suggestions/advice, I would
  gratefully appreciate it.Thank you.Sincerely,CN

STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Help STOP SPAM with the new MSN 8 and get 2 months FREE*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63283t=63255
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]

[Ken Diliberto]

Howard,

It would be so much fun to not understand some of this up close.  :-)

 Howard C. Berkowitz  02/18/03 06:42AM 
[snip]

Does that make a 7500 with VIPs a L3 switch?  A 12000 with 
distributed forwarding processors?

Substituting router for L3 switch is a good idea, but go farther than 
that. You can think of a high-performance router as a small hidden 
network, containing one or more (think high availability) path 
determination routing processors/hosts that download FIB 
information to multiple forwarding processors/hosts.  One public and 
vendor-independent discussion of this architecture continues in the 
IETF FORCES Working Group (go to www.ietf.org and navigate to Working 
Groups).


What does this mean to us?  Not much other than for capacity
planning.
IMHO, an L3 switch has a longer life than a router.

Not really, as you say in your next paragraph. I could go off into 
the ozone and say all high-speed routers are L3 switches.

Indeed, ASICs aren't a necessity.  I've worked on research router 
designs that used RISC processors in each forwarding and path 
determination engine, which gave lots of power but much more 
flexibility than ASICs. Admittedly, at least one of these was a 
specifically designed processor, but it definitely was software 
loadable and ran a real time OS.  ASIC gets blurry anyway, when you 
start getting into the pure hard-etched IC, field-programmable gate 
arrays, electrically alterable field-programmable gate arrays, 
microcode sequencers, etc.

[snip]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63323t=63147
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

QoS 3550 burst size [7:63324]

[Jim Devane]

I am having trouble calculating some real world burst sizes for QoS. My goal
is simply rate limit TCP as closely to 1.0 Mb as possible. I understand the
sawtooth will make this difficult and the fact that packet sizes are ever
changing, but I am basing my caluclation on 1500 byte Ethernet.

the command specifically is:

police 100 burst-size exceed-action drop

It is this burst size that I am not sure how to calculate. Using Cisco's
formula I tend to get very small numbers ( 250 bits etc...the default
minimum is 8KB!) I have played around with a traffic generator and kind
eyeballed that for 1.0 Mb of traffic a burst size of 125000 seems to work.
Is this a reasonable number? What have other poeple used? Are there any
guidelines to what this should be set to?

Below is a config of what I have:
switch# sh class
 Class Map match-all ANY (id 2)
   Match access-group  101 

switch# sh access-li
 Extended IP access list 101
permit ip any any

switch# sh poli
 Policy Map test3
  class  ANY
   police 100 125000 exceed-action drop

switch# sh run int f0/1
Current configuration : 109 bytes
!
interface FastEthernet0/18
 switchport mode access
 no ip address
 service-policy input test3
end



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63324t=63324
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]