IPSec router-to-router [7:63325]

[Viacheslav Lushchinskiy]

There are 2 ways to make a tunnel between two routers. You can make tunnel
interfaces and permit gre traffic or you can permit ip traffic and don't
make tunnel int. I dont quite understand what is real defference in
perfomanse, convinience etc. between them if I whant all ip traffic between
two sites to go through tunnel.

Any pesonal expirience is very welcome.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63325t=63325
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IPSec router-to-router [7:63325]

[Jens von Bülow]

You could for example use the GRE tunnel for ip-in-ip encapsulation, for
example when the remote subnets are using private IP addresses and you are
using the Internet to connect the two networks

private subnet - router - internet  router - private subnet

But IPSEC would be better for this as it includes authentication and
encryption.

HTH
Jens

-Original Message-
From: Viacheslav Lushchinskiy [mailto:[EMAIL PROTECTED]] 
Sent: 19 February 2003 10:05
To: [EMAIL PROTECTED]
Subject: IPSec router-to-router [7:63325]

There are 2 ways to make a tunnel between two routers. You can make tunnel
interfaces and permit gre traffic or you can permit ip traffic and don't
make tunnel int. I dont quite understand what is real defference in
perfomanse, convinience etc. between them if I whant all ip traffic between
two sites to go through tunnel.

Any pesonal expirience is very welcome.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63326t=63325
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IPSec router-to-router [7:63325]

[Viacheslav Lushchinskiy]

I ment that encription is used in both casec. But in first one GRE tunnel is
made first. This config is used in one big company and I want to now if this
is a common aproach to configure ipsec tunnel using GRE first.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63327t=63325
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Congigure the ATM LS 100 ! [7:63328]

[XY HIEN LE]

Hi all,
 
Does anyone know how to configure the LightStream LS 100 switch to work
between 2 7200 routers with  ATM interfaces? I am trying to set up the
ATM lab practice but can't get the switch to pass traffic between 2
routers?
Any help would be much appreciated.
 
Xy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63328t=63328
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 100 Mbps on Cat3 or Cat4 [7:63310]

[Adam Grimes (adgrimes)]

I think the best bet for you would be to start buying the 10/100Mbps
switches and manually setting the PCs to 10Mbps.
That way you havent wasted money on expensive 10Mbps switches which
(when Cat5 cable is eventually installed) will be obselete. Then it's
just a case of going round and doing the (tedious) job of switching the
NIC's back to autosense...
I'll try and test the Cat3/Cat4 problem out in our lab and post an
update.

Adam

Adam Grimes
 
IT Engineer - CCNP/CCDA
Cisco Systems
 


-Original Message-
From: Pat Do [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, February 19, 2003 3:00 AM
To: [EMAIL PROTECTED]
Subject: 100 Mbps on Cat3 or Cat4 [7:63310]


Are unintelligent 10 Mbps hubs better than unintelligent 10/100 Mbps
switches when the network cables that connect the PCs to the hub or
switch are Cat3 or Cat4?

I provide network services to dozens of non-profits.  Most of the sites
have Cat3 or Cat4 cabling. I have a co-worker who says that 10 Mbps hubs
should be used until the sites are upgraded to Cat5 (which won't be
happening any time soon).

His rational: If the PC NICs are set to auto detect speed and the
unintelligent 10/100 switch is set to auto detect speed, that data will
try to pass through the Cat3 or Cat4 wire at 100 Mbps.  He says that
while the data can pass thru the wire at those rates, it's the signaling
that gets scrambled at that rate on a Cat3 or Cat4 wire.  Consequently,
to prevent signaling problems that may in turn cause data integrity
problems, he's recommending to use 10 Mbps hubs.  Is this a valid
argument?

Note: New, unintelligent 10 Mbps hubs appear to be becoming less
available and more costly relative to unintelligent 10/100 Mbps switches
as time goes on.  Consequently, this issue is starting to have financial
implications.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63329t=63310
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 100 Mbps on Cat3 or Cat4 [7:63310]

[M.C. van den Bovenkamp]

Pat Do wrote:

 scrambled at that rate on a Cat3 or Cat4 wire.  Consequently, to prevent
 signaling problems that may in turn cause data integrity problems, he's
 recommending to use 10 Mbps hubs.  Is this a valid argument?

The wording is a bit iffy, but he's correct in principle. Two 100M 
capable stations will negotiate 100 Mbps, even over CAT3 or -4, if left 
to autonegotiate. And that won't work.

So either lock down all stations to 10, if you use unmanaged 10/100 
switches, or use 10 Mbps hubs, as he said.

Regards,

Marco.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63330t=63310
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 100 Mbps on Cat3 or Cat4 [7:63310]

[Symon Thurlow]

How many users at your non-profit orgs?
Myabe just force their NIC's to 10MB/s full?

Mind you, I have a cheap netgear unmanaged 10/100 switch that I am
forced to use occasionally, and performance drops off to sneakernet
levels if I force 100full on any of the range of NIC's I connect to it.

Symon

-Original Message-
From: Pat Do [mailto:[EMAIL PROTECTED]] 
Sent: 19 February 2003 03:00
To: [EMAIL PROTECTED]
Subject: 100 Mbps on Cat3 or Cat4 [7:63310]


Are unintelligent 10 Mbps hubs better than unintelligent 10/100 Mbps
switches when the network cables that connect the PCs to the hub or
switch are Cat3 or Cat4?

I provide network services to dozens of non-profits.  Most of the sites
have Cat3 or Cat4 cabling. I have a co-worker who says that 10 Mbps hubs
should be used until the sites are upgraded to Cat5 (which won't be
happening any time soon).

His rational: If the PC NICs are set to auto detect speed and the
unintelligent 10/100 switch is set to auto detect speed, that data will
try to pass through the Cat3 or Cat4 wire at 100 Mbps.  He says that
while the data can pass thru the wire at those rates, it's the signaling
that gets scrambled at that rate on a Cat3 or Cat4 wire.  Consequently,
to prevent signaling problems that may in turn cause data integrity
problems, he's recommending to use 10 Mbps hubs.  Is this a valid
argument?

Note: New, unintelligent 10 Mbps hubs appear to be becoming less
available and more costly relative to unintelligent 10/100 Mbps switches
as time goes on.  Consequently, this issue is starting to have financial
implications.
=

 This email has been content filtered and
 subject to spam filtering. If you consider
 this email is unsolicited please forward
 the email to [EMAIL PROTECTED] and
 request that the sender's domain be
 blocked from sending any further emails.

=




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63331t=63310
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: pix + router, design issue [7:63244]

[Jay Dunn]

In this design the CPE router IS the border router. Whatever controls
the customer would like to exercise (e.g. packet filters, ACL, etc)
would really be best if placed on the CPE device. Maybe the service
provider will configure their router by request.

How many interfaces in the Pix? If there are only 2, the best solution
is to place the border router on the inside.

LAN  Border Router  Pix  CPE Router

This would allow for a screened subnet (dmz). 

Jay Dunn
IPI*GrammTech, Ltd.
www.ipi-gt.com
Nunquam Facilis Est

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, February 18, 2003 3:42 AM
To: [EMAIL PROTECTED]
Subject: pix + router, design issue [7:63244]

I have a case with a customer that I am installing a PIX and a border
router for, He want4s to have controle over the border router, but the
Service Provider, is providing their router as the CPE. one interface
on the Service Providers router has an ip address from the customers
public
ip address range, so I am thinking about what would be the best way to
config
the customers border router, as it will need to be sending some ip
address
that
is on the interface connected to the CPE router back to the pix.


-  --  --  -
-  --  --  -
-  --  --  -

PIX   213.100.1.10  Border RouterCPE Router 213.100.1.1

I am beeing a little slow to day, so I would like to get some input on
how
you would handle this secenario.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63332t=63244
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

VPN Client help!! [7:63333]

[Antero Vasconcelos]

Hi,
I have a router connected to internet and remote clients with VPN-Client
1.1. They need to browse the networkview some hosts and access to some
network services.

the service don't work until I configure the access-list in the interface

interface Serial0.80 point-to-point
 description  Ligacao para VPNs sobre internet ***
 bandwidth 192
 ip address xxx.xxx.xxx.210 255.255.255.252
 ip access-group 180 in
 no ip route-cache
 no ip mroute-cache
 no cdp enable
 frame-relay interface-dlci 80
  class net-112k
 crypto map mymap

access-list 180 permit ahp any host xxx.xxx.xxx.210
access-list 180 permit esp any host xxx.xxx.xxx.210
access-list 180 permit udp any host xxx.xxx.xxx.210 eq isakmp
access-list 180 permit tcp any host 192.168.0.2 eq 137
access-list 180 permit tcp any host 192.168.0.2 eq 138
access-list 180 permit tcp any host 192.168.0.2 eq 139
access-list 180 permit udp any host 192.168.0.2 eq netbios-ss
access-list 180 permit udp any host 192.168.0.2 eq netbios-dgm
access-list 180 permit udp any host 192.168.0.2 eq netbios-ns
access-list 180 permit tcp any host 192.168.0.4 eq 137
access-list 180 permit tcp any host 192.168.0.4 eq 138
access-list 180 permit tcp any host 192.168.0.4 eq 139
access-list 180 permit udp any host 192.168.0.4 eq netbios-ss
access-list 180 permit udp any host 192.168.0.4 eq netbios-dgm
access-list 180 permit udp any host 192.168.0.4 eq netbios-ns
access-list 180 deny   ip any any log

Isthis necessary, or i miss something



Thx in advance.
Antero Vasconcelos




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=6t=6
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 100 Mbps on Cat3 or Cat4 [7:63310]

[M.C. van den Bovenkamp]

Symon Thurlow wrote:

 Mind you, I have a cheap netgear unmanaged 10/100 switch that I am
 forced to use occasionally, and performance drops off to sneakernet
 levels if I force 100full on any of the range of NIC's I connect to it.

If you *force* 100/Full at one end and leave the other end on auto, you 
get a duplex mismatch. If the autoneg end sees that the other end does 
not autonegotiate, it will fall back to the least common denominator, 
half duplex.

If you must force one end and not the other, use half duplex.

Regards,

Marco.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63334t=63310
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CS11152 MIB's [7:63300]

[Troy Leliard]

John is right, you can get the mibs off the CSS itself, from CSS/mibs
directory.  They are also included in the CSS .GZIP file (when you d/l to do
an upgrade), so you could gunzip that file and pull them out from there too


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63336t=63300
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN Switch and BRi config [7:63313]

[Troy Leliard]

One of the first commands you can use to debug ISDN issues (ie are you
getting anything from the ISDN switch) would to debug isdn q921.  You should
get SAPI's from your ISDN switch...something like below (dont forget to have
term mon if you telnet to your router)


Feb 19 11:21:27 GMT: ISDN Se3/0:15: TX -  RRp sapi = 0  tei = 0 nr = 0
Feb 19 11:21:27 GMT: ISDN Se3/0:15: RX -  RRf sapi = 0  tei = 0  nr = 0


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63337t=63313
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IPSec router-to-router [7:63325]

[Troy Leliard]

The only realy advantage of using an encrypted GRE tunnel, over a normal
IPSec tunnel, is that GRE tunnelws would be able to pass no ip traffic.  
You would use encrypted GRE if you had to pass non-routeable traffic between
the two site (eg Netbios,etc, but also Routing updates).  I have use
encrypte GRE tunnels in the past, to allow EIGRP to pass over the tunnel. 
EIGRP updates wont pass over an IPSec tunnel (as it ia m/cast).

Hope this helps.



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63338t=63325
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IPSec router-to-router [7:63325]

[Troy Leliard]

If you use an Encrypte GRE tunnel, be wary of MTU sizes.  You will need to
drop the MTU size to accomodate both the GRE overhead and the IPSec overhead!



Troy Leliard wrote:
 
 The only realy advantage of using an encrypted GRE tunnel, over
 a normal IPSec tunnel, is that GRE tunnelws would be able to
 pass no ip traffic.   You would use encrypted GRE if you had to
 pass non-routeable traffic between the two site (eg
 Netbios,etc, but also Routing updates).  I have use encrypte
 GRE tunnels in the past, to allow EIGRP to pass over the
 tunnel.  EIGRP updates wont pass over an IPSec tunnel (as it ia


 m/cast).
 
 Hope this helps.
 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63339t=63325
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Novell SAP question [7:63340]

[lee wooi keat]

All,
I have a question on Novell SAP and need your help:
A cisco router is receiving a specific SAP advertisement but the server 
isnt showing up in the server table. Why are the possible reason for that?

Thanks in advance.

Cheers,
Lee




_
Add photos to your e-mail with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63340t=63340
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Strange problem with new flash memory and old Cisco 3640 router [7:63341]

[Andrew Larkins]

Hi all, 

I have a strange one for you guys and would appreciate any ideas you may
have.

I have a Cisco 3640 router that is operating normally. It is however using
IOS 11.1 and we have bought memory to upgrade this (sho ver below) . We
install the DRAM and all is great. Install the flash and the router fails to
boot. I don't have any log messages, but the remote support guy says that it
(router console) says there is no flash installed in the router. Since this
happened previously, we tried another 2 separate 3640 chassis', and this
flash memory worked great. Now this leads me to believe there is something
wrong with the motherboard on the router. Strangely enough another reboot of
the router and everything comes up with the exception of the Token Ring
interface - a further look here reports an error about wrong ring number.
Nothing has changed at all here. Another reload and the flash vanishes.
Reinstall the old flash memory and router is operational again. 

I know this memory works - used other routers. The ring number error has me
totally confused. Upgrades to all other exactly configure sites worked
perfectly

New flash module is 16MB and old is 4MB

Remotesho ver
Cisco Internetwork Operating System Software 
IOS (tm) 3600 Software (C3640-INR-M), Version 11.1(16)AA, EARLY DEPLOYMENT
RELEASE SOFTWARE (fc1) 
Copyright (c) 1986-1997 by cisco Systems, Inc.
Compiled Wed 17-Dec-97 03:25 by krunyan
Image text-base: 0x600088A0, data-base: 0x60512000

ROM: System Bootstrap, Version 11.1(7)AX [kuong (7)AX], EARLY DEPLOYMENT
RELEASE SOFTWARE (fc2)

DURBAN uptime is 6 minutes
System restarted by power-on at 13:55:24 UTC Wed Feb 19 2003
System image file is flash:c3640-inr-mz.111-16.AA.bin, booted via flash

cisco 3640 (R4700) processor (revision 0x00) with 49152K/16384K bytes of
memory.
Processor board ID 04920558
R4700 processor, Implementation 33, Revision 1.0 
Bridging software.
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
Basic Rate ISDN software, Version 1.0.
1 Ethernet/IEEE 802.3 interface.
1 Token Ring/IEEE 802.5 interface.
1 Serial network interface.
8 Low-speed serial(sync/async) network interfaces.
9 ISDN Basic Rate interfaces.
DRAM configuration is 64 bits wide with parity disabled.
125K bytes of non-volatile configuration memory.
4096K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

Any idea's - I am just about to RMA the chassis.

Thanks
Andrew Larkins
BCom, CCNP, CCDP, CSS1
Bytes Technology Networks
A Division of Bytes Technology Group : Registration No: 1911/003874/06
A Member of the Altron Group
P O Box 748, Rivonia, 2128
3 Eglin Rd, The Crescent, Sunninghill, South Africa


Tel  :  +27 11 800 9336
Fax  :  +27 11 800 9496
Mobile   :  +27 83 656 7214
Email:  [EMAIL PROTECTED]
[EMAIL PROTECTED]
   
DISCLAIMER: This e-mail and its attachments may contain information that is
confidential and that may be subject to legal privilege and copyright.  If
you are not the intended recipient you may not peruse, use, disclose,
distribute, copy or retain this message.  If you have received this message
in error, please notify the sender immediately by e-mail, facsimile or
telephone and return and thereafter destroy the original message. Please
note that e-mails are subject to viruses, data corruption, delay,
interception and unauthorised amendment, and that the sender does not accept
liability for any damages that may be incurred as a result of communication
by e-mail. No employee or intermediary is authorised to conclude a binding
agreement on behalf of the sender by e-mail without express written
confirmation by a duly authorised representative of the sender. By
transmitting this e-mail message over the Internet the sender does not
intend to allow the contents hereof to become part of the public domain, and
the confidential nature of the contents shall not be altered or diminished
from by such transmission.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63341t=63341
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Load balancing / Backup Links with OSPF [7:63342]

[Kerry Ogedegbe [ MTN - Portharcourt ]]

Hello People,
  We are deploying additional links as backups, and Load Balancing in my
organization.
  One of the links is on our SDH backbone, and the second link is via
Frame-Relay through a service provider
  We are running OSPF routing protocol.  We are looking at 2 scenarios: 
1 ) SDH Link as primary link, and the frame-relay link as a backup
2) Use both links for load balancing
From my investigations, in other to achieve Load balancing, with OSPF
running, the bandwidth on both links
has to be the same.
 
And for Backup links, the OSPF cost has to be lower on the primary link, in
order to force traffic over the
primary link
 
Any suggestions on how to solve this
Cheers

___

Kerry Ogedegbe 

(Network Group)

MTN-Nigeria

Mobile: 0803 200 2399

Email: [EMAIL PROTECTED]

[GroupStudy removed an attachment of type image/jpeg which had a name of
Clear Day Bkgrd.JPG]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63342t=63342
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IP Helper with Netware 5.1 and win 9598 [7:63297]

[Firesox]

Thanks for the comments
My answers below.

Yes both DHCP  servers are on the same broadcast domain at the hub site.
I have two helper addresses on the same interface(remote site, thinking
redundancy, but it may not be as effective as I thought it would from your
comment).
What's weird is that when I manually release/renew the lease from win95/98
machines, it works just fine.  It's just not automatic.
The machines at hub site does this automatically without any problems.

Thanks

Priscilla Oppenheimer  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Firesox wrote:
 
  I have two ip-helper addresses configured on 2621 which
  connects to another
  2621 at the HUB where DHCP servers reside.

 Do you have two ip helper addresses on the same interface? Does that
really
 do any good or does the first one just get used all the time? Or do you
mean
 two helper addresses, one on one interface and one on another.

  I have 2 Novell Netware 5.1 servers as DHPC servers.

 Are the Novell DHCP servers on the same LAN, IP subnet, broadcast domain?

  Lease is
  set to 3 days
  Everthing is working as expected except windows 95 and 98
  clients are not
  renewing the IP after three days.
  If you manually release and renew the IP, it works fine, but
  when users turn
  on the pc after the lease has expired, it's not renewing it
  automatically.
 
  DCHP clients on the hub site are working just fine using same
  DHCP servers.
 
  Rihgt now the Helper addresses are set to unicast address
  pointing to those
  two servers.
  I was wondering if setting the helper address to subnet
  broadcast address
  makes any difference.

 You need to find out why this is happening. Do the clients attempt to
renew,
 i.e. send the DHCP requests or are they just silent?

 If the DHCP clients attempt to renew and their server (i.e. the one that
 their helper address points to) doesn't respond, it might help to change
the
 helper address to broadcast to give the other server a chance to reply,
 assuming the servers are on the same LAN. The other router would have to
 forward directed broadcasts for the broadcast to end up on the LAN.

 But it wouldn't be advisable to make this change without knowing why the
 problem is happening and what negative side effects could occur from the
 change.

 Priscilla


 
  Thanks in advance.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63343t=63297
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco Certification Digest V2 #2447 [7:63344]

[[EMAIL PROTECTED]]

Your message to [EMAIL PROTECTED] sent Wed, 19 Feb 2003 13:03:15
GMT cannot be delivered because the intended recipient has left the Company.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63344t=63344
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Load balancing / Backup Links with OSPF [7:63342]

[Troy Leliard]

Hi Kerry, 

You are right, OSPF only supports 4 equal cost paths, and doesn't support
unequal load balancing.  The easiest way for you to address either of your
options is to manually alter the ospf interface cost.
Under the interface, add
ip ospf cost xxx

Mkae this the same as the other interface if you want load balancing, or
different (more on the FR interface) if you wanted active / backup
configuration



Kerry Ogedegbe [ MTN - Portharcourt ] wrote:
 
 Hello People,
   We are deploying additional links as backups, and Load
 Balancing in my
 organization.
   One of the links is on our SDH backbone, and the second link
 is via
 Frame-Relay through a service provider
   We are running OSPF routing protocol.  We are looking at 2
 scenarios:
 1 ) SDH Link as primary link, and the frame-relay link as a
 backup
 2) Use both links for load balancing
 From my investigations, in other to achieve Load balancing,
 with OSPF
 running, the bandwidth on both links
 has to be the same.
  
 And for Backup links, the OSPF cost has to be lower on the
 primary link, in
 order to force traffic over the
 primary link
  
 Any suggestions on how to solve this
 Cheers
 
 ___
 
 Kerry Ogedegbe  urn:schemas-microsoft-com:office:office /
 
 (Network Group)
 
 MTN-Nigeria
 
 Mobile: 0803 200 2399
 
 Email: [EMAIL PROTECTED]
 
 [GroupStudy removed an attachment of type image/jpeg which had
 a name of Clear Day Bkgrd.JPG]
 
 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63346t=63342
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OSPF - 2 subnets on the routing table when actually using just [7:63348]

[[EMAIL PROTECTED]]

When using multipoint interface between R1 and R2, R3 receive these routes:

192.168.255.0/32 is subnetted, 2 subnets
O IA192.168.255.6 [110/64] via 192.168.23.1, 00:15:30, Serial0.132
O IA192.168.255.5 [110/128] via 192.168.23.1, 00:12:43, Serial0.132

When using point-to-point interface between R1 and R2, R3 receive these
routes:

 192.168.255.0/30 is subnetted, 1 subnets
O IA192.168.255.4 [110/128] via 192.168.23.1, 00:29:11, Serial0.132

It seems that the frame-relay route map on R1 and R2 causes the first result.

Any thoughts?


R1 (192.168.255.5/30)  (192.168.255.6/30) R3 (192.168.23.1/30 ---R3
(192.168.23.2/30)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63348t=63348
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE written exercise question-Voice Quality [7:63349]

[lee wooi keat]

All,

I was searching through internet (include Ciso website)and I can't really 
find a good source in Padding-Gain terminology for managing voice call 
quality. Can anyone recommend a good website?

I have a question regarding Voice quality...
Question: Site B and site C are connected to Site A. Site A complains B and 
C is too loud. Where as, site C compains the received signal is too 
low/soft.
Option: (Pick 2)
a) padding input A, output B,
b) gain on C
c) padding output at A

Thanks,
Lee




_
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63349t=63349
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Congigure the ATM LS 100 ! [7:63328]

[MADMAN]

Here is a basic PVC config:

interface ATM4/1/0
  no ip address
  no ip directed-broadcast
  logging event subif-link-status
  no atm ilmi-keepalive
  atm pvc 1 32  interface  ATM4/0/0 1 32

   Dave

XY HIEN LE wrote:
 Hi all,
  
 Does anyone know how to configure the LightStream LS 100 switch to work
 between 2 7200 routers with  ATM interfaces? I am trying to set up the
 ATM lab practice but can't get the switch to pass traffic between 2
 routers?
 Any help would be much appreciated.
  
 Xy
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

You don't make the poor richer by making the rich poorer. --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63350t=63328
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Congigure the ATM LS 100 ! [7:63328]

[[EMAIL PROTECTED]]

Maybe you could send us what you got until now. (result of show run,  show
atm vc on the routers and show atm vc interfac x/y/z on the LS1010).







XY HIEN LE @groupstudy.com em 19/02/2003 06:05:36

Favor responder a XY HIEN LE 

Enviado Por:  [EMAIL PROTECTED]


Para:  [EMAIL PROTECTED]
cc:

Assunto:Congigure the ATM LS 100 ! [7:63328]


Hi all,

Does anyone know how to configure the LightStream LS 100 switch to work
between 2 7200 routers with  ATM interfaces? I am trying to set up the
ATM lab practice but can't get the switch to pass traffic between 2
routers?
Any help would be much appreciated.

Xy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63351t=63328
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cat 6000 PCMCIA Flash Card Same as 3600? [7:63293]

[MADMAN]

If you are asking can you use the same PCMCIA card in a 3600 or 6500 
the answer is yes.

   Dave

Bob Sinclair wrote:
 I would like to buy a flash PC card for my Cat 6000 with Sup1A.  I know
 there are different file system formats for various devices, but do the
3600
 and 6000 cards have the same physical spec?  Can I use the same card in
both
 devices if I reformat?
 
 Thanks,
 
 -Bob Sinclair
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

You don't make the poor richer by making the rich poorer. --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63352t=63293
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN Client help!! [7:63333]

[Robert Edmonds]

Don't quote me, but I do believe the access list is necessary as it actually
tells the router which traffic to encrypt.  PERMIT =ENCRYPT and DENY=DON'T
ENCRYPT.

I think the following Cisco link may help answer your question best.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secu
r_c/scprt4/scdipsec.htm#37434

Antero Vasconcelos  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi,
 I have a router connected to internet and remote clients with VPN-Client
 1.1. They need to browse the networkview some hosts and access to some
 network services.

 the service don't work until I configure the access-list in the interface

 interface Serial0.80 point-to-point
  description  Ligacao para VPNs sobre internet ***
  bandwidth 192
  ip address xxx.xxx.xxx.210 255.255.255.252
  ip access-group 180 in
  no ip route-cache
  no ip mroute-cache
  no cdp enable
  frame-relay interface-dlci 80
   class net-112k
  crypto map mymap

 access-list 180 permit ahp any host xxx.xxx.xxx.210
 access-list 180 permit esp any host xxx.xxx.xxx.210
 access-list 180 permit udp any host xxx.xxx.xxx.210 eq isakmp
 access-list 180 permit tcp any host 192.168.0.2 eq 137
 access-list 180 permit tcp any host 192.168.0.2 eq 138
 access-list 180 permit tcp any host 192.168.0.2 eq 139
 access-list 180 permit udp any host 192.168.0.2 eq netbios-ss
 access-list 180 permit udp any host 192.168.0.2 eq netbios-dgm
 access-list 180 permit udp any host 192.168.0.2 eq netbios-ns
 access-list 180 permit tcp any host 192.168.0.4 eq 137
 access-list 180 permit tcp any host 192.168.0.4 eq 138
 access-list 180 permit tcp any host 192.168.0.4 eq 139
 access-list 180 permit udp any host 192.168.0.4 eq netbios-ss
 access-list 180 permit udp any host 192.168.0.4 eq netbios-dgm
 access-list 180 permit udp any host 192.168.0.4 eq netbios-ns
 access-list 180 deny   ip any any log

 Isthis necessary, or i miss something



 Thx in advance.
 Antero Vasconcelos




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63353t=6
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCNP Done, finaly [7:63355]

[Skarphedinsson Arni V.]

Just finished BSCI today, and also my CCNP.

boy the BSCI was realy hard, I think it was harder then all the other
combined.
But thats probably beacuse I dont have that much experince with Routing
Protocols, used the Sybex book, and hands on with my router lab to prepair.

I got a lot on BGP and EIGRP, and some easy stuff on OSPF and IS-IS.

Best regards,
Arni 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63355t=63355
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: native vlan, trunking question [7:63309]

[Tangled Up in Blue]

Native VLAN is the vlan which is is untagged with VLAN information or
tags. IE, by default, VLAN 1 is untagged, meaning other devices which do not
understand vlan's, can understand traffic from a vlan 1 port (for example).


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63354t=63309
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco courseware for CVOICE, CIPT, DQOS, and IPTT [7:63356]

[David Blair]

I am looking at buy Cisco courseware for CVOICE, CIPT, DQOS, and IPTT. I
have the CiscoPress books, but those do not have any labs. I am really
looking to find labs for the previously mentioned courses.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63356t=63356
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cat 6000 PCMCIA Flash Card Same as 3600? [7:63293]

[[EMAIL PROTECTED]]

I used the same Flash Card on 6000, 7507 and 4700.  Not sure about 3600.





Bob Sinclair @groupstudy.com em 18/02/2003 18:06:02

Favor responder a Bob Sinclair 

Enviado Por:  [EMAIL PROTECTED]


Para:  [EMAIL PROTECTED]
cc:

Assunto:Cat 6000 PCMCIA Flash Card Same as 3600? [7:63293]


I would like to buy a flash PC card for my Cat 6000 with Sup1A.  I know
there are different file system formats for various devices, but do the
3600
and 6000 cards have the same physical spec?  Can I use the same card in
both
devices if I reformat?

Thanks,

-Bob Sinclair




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63357t=63293
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Catalyst 6509 Switch access control [7:63358]

[Berman Andrew]

I'm trying to put access controls on who can telnet into a Catalyst 6509
switch, but I'm stuck. The supervisor engine is 1A running 5.5(1) software.

In IOS I do this with a standard access list giving the permitted IP
addresses. I then apply the access list on line vty 0 15.

What's the equivalent in the world of Catalyst 6500 ?

And what's a good book for learning the 6509?

Thanks!

Andrew


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63358t=63358
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Firewall/PIX help.... [7:63167]

[Elijah Savage]

I think your better of just setting up something like snort as and IDS,
I know you want it all integrated. The IDS on the pix though not totally
worthless I have not found much use for it and with only 59 signatures
well it is sort of half baked in my opinion.

-Original Message-
From: Thomas Larus [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, February 18, 2003 9:27 PM
To: [EMAIL PROTECTED]
Subject: Re: Firewall/PIX help [7:63167]

Sonic Wall Firewalls can do some content filtering and there is an
antivirus
option you can get.  No IDS, though.  Pix has a rudimentary IDS, as has
been
stated.  It has 59 signatures or so.

Tom Larus
Gunjan Mathur  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi,

 I'm looking for  firewall solution for my company, we
 have two WAN connections and currently my users are
 connected thru two proxy m/c to Internet.

 Which PIX model would server the needs.
 I also need content filtering, Intrustion detection
 and Anti-virus protection on firewall itself.

 Is all these things are possible on PIX?

 TIA


 __
 Do you Yahoo!?
 Yahoo! Shopping - Send Flowers for Valentine's Day
 http://shopping.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63360t=63167
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Strange problem with new flash memory and old Cisco 3640 [7:63362]

[Daniel Cotts]

Have you compared the Bootstrap versions between the box in question vs
those that successfully use the new flash?

 -Original Message-
 From: Andrew Larkins [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, February 19, 2003 6:15 AM
 To: [EMAIL PROTECTED]
 Subject: Strange problem with new flash memory and old Cisco 
 3640 router
 [7:63341]
 
 
 Hi all, 
 
 I have a strange one for you guys and would appreciate any 
 ideas you may
 have.
 
 I have a Cisco 3640 router that is operating normally. It is 
 however using
 IOS 11.1 and we have bought memory to upgrade this (sho ver 
 below) . We
 install the DRAM and all is great. Install the flash and the 
 router fails to
 boot. I don't have any log messages, but the remote support 
 guy says that it
 (router console) says there is no flash installed in the 
 router. Since this
 happened previously, we tried another 2 separate 3640 
 chassis', and this
 flash memory worked great. Now this leads me to believe there 
 is something
 wrong with the motherboard on the router. Strangely enough 
 another reboot of
 the router and everything comes up with the exception of the 
 Token Ring
 interface - a further look here reports an error about wrong 
 ring number.
 Nothing has changed at all here. Another reload and the flash 
 vanishes.
 Reinstall the old flash memory and router is operational again. 
 
 I know this memory works - used other routers. The ring 
 number error has me
 totally confused. Upgrades to all other exactly configure sites worked
 perfectly
 
 New flash module is 16MB and old is 4MB
 
 Remotesho ver
 Cisco Internetwork Operating System Software 
 IOS (tm) 3600 Software (C3640-INR-M), Version 11.1(16)AA, 
 EARLY DEPLOYMENT
 RELEASE SOFTWARE (fc1) 
 Copyright (c) 1986-1997 by cisco Systems, Inc.
 Compiled Wed 17-Dec-97 03:25 by krunyan
 Image text-base: 0x600088A0, data-base: 0x60512000
 
 ROM: System Bootstrap, Version 11.1(7)AX [kuong (7)AX], EARLY 
 DEPLOYMENT
 RELEASE SOFTWARE (fc2)
 
 DURBAN uptime is 6 minutes
 System restarted by power-on at 13:55:24 UTC Wed Feb 19 2003
 System image file is flash:c3640-inr-mz.111-16.AA.bin, 
 booted via flash
 
 cisco 3640 (R4700) processor (revision 0x00) with 
 49152K/16384K bytes of
 memory.
 Processor board ID 04920558
 R4700 processor, Implementation 33, Revision 1.0 
 Bridging software.
 X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
 Basic Rate ISDN software, Version 1.0.
 1 Ethernet/IEEE 802.3 interface.
 1 Token Ring/IEEE 802.5 interface.
 1 Serial network interface.
 8 Low-speed serial(sync/async) network interfaces.
 9 ISDN Basic Rate interfaces.
 DRAM configuration is 64 bits wide with parity disabled.
 125K bytes of non-volatile configuration memory.
 4096K bytes of processor board System flash (Read/Write)
 
 Configuration register is 0x2102
 
 Any idea's - I am just about to RMA the chassis.
 
 Thanks
 Andrew Larkins
 BCom, CCNP, CCDP, CSS1
 Bytes Technology Networks
 A Division of Bytes Technology Group : Registration No: 1911/003874/06
 A Member of the Altron Group
 P O Box 748, Rivonia, 2128
 3 Eglin Rd, The Crescent, Sunninghill, South Africa
 
 
 Tel:  +27 11 800 9336
 Fax:  +27 11 800 9496
 Mobile :  +27 83 656 7214
 Email  :  [EMAIL PROTECTED]
   [EMAIL PROTECTED]

 DISCLAIMER: This e-mail and its attachments may contain 
 information that is
 confidential and that may be subject to legal privilege and 
 copyright.  If
 you are not the intended recipient you may not peruse, use, disclose,
 distribute, copy or retain this message.  If you have 
 received this message
 in error, please notify the sender immediately by e-mail, facsimile or
 telephone and return and thereafter destroy the original 
 message. Please
 note that e-mails are subject to viruses, data corruption, delay,
 interception and unauthorised amendment, and that the sender 
 does not accept
 liability for any damages that may be incurred as a result of 
 communication
 by e-mail. No employee or intermediary is authorised to 
 conclude a binding
 agreement on behalf of the sender by e-mail without express written
 confirmation by a duly authorised representative of the sender. By
 transmitting this e-mail message over the Internet the sender does not
 intend to allow the contents hereof to become part of the 
 public domain, and
 the confidential nature of the contents shall not be altered 
 or diminished
 from by such transmission.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63362t=63362
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Load balancing / Backup Links with OSPF [7:63342]

[Lupi, Guy]

Like you said, if both circuits are the same bandwidth then load balancing
will work.  If they are not the same bandwidth, you can still load balance
by manipulating the cost so that it is the same for both circuits, but once
you reach the maximum bandwidth on the lower bandwidth circuit, the router
is still going to try to load balance accross them even though one of the
circuits is at maximum utilization.
If the circuits are not the same bandwidth, then the primary/backup, with
the primary being the higher bandwidth circuit, is your best bet.


-Original Message-
From: Kerry Ogedegbe [ MTN - Portharcourt ]
[mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 19, 2003 7:53 AM
To: [EMAIL PROTECTED]
Subject: Load balancing / Backup Links with OSPF [7:63342]


Hello People,
  We are deploying additional links as backups, and Load Balancing in my
organization.
  One of the links is on our SDH backbone, and the second link is via
Frame-Relay through a service provider
  We are running OSPF routing protocol.  We are looking at 2 scenarios: 
1 ) SDH Link as primary link, and the frame-relay link as a backup
2) Use both links for load balancing
From my investigations, in other to achieve Load balancing, with OSPF
running, the bandwidth on both links
has to be the same.
 
And for Backup links, the OSPF cost has to be lower on the primary link, in
order to force traffic over the
primary link
 
Any suggestions on how to solve this
Cheers

___

Kerry Ogedegbe 

(Network Group)

MTN-Nigeria

Mobile: 0803 200 2399

Email: [EMAIL PROTECTED]

[GroupStudy removed an attachment of type image/jpeg which had a name of
Clear Day Bkgrd.JPG]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63363t=63342
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Catalyst 6509 Switch access control [7:63358]

[Troy Leliard]

Hi Andrew .. 

I presume that your cat is running CAT0S.

What you need to do is basically the following, say for example you only
wanted to allow 192.168.0.0/24 telnet access to your Cat

set ip permint 192.168.0.0 255.255.255.0 telnet

You can also add specific host
set ip permit 192.168.1.5 255.255.255.255 telnet

You can also uses these lists to restrict ssh and snmp access to your
catallyst.

Once you have created your permit list, enter the command 
set ip permit enable | disable to enable and disable access.#

Hope this helps.




Berman Andrew wrote:
 
 I'm trying to put access controls on who can telnet into a
 Catalyst 6509 switch, but I'm stuck. The supervisor engine is
 1A running 5.5(1) software.
 
 In IOS I do this with a standard access list giving the
 permitted IP addresses. I then apply the access list on line
 vty 0 15.
 
 What's the equivalent in the world of Catalyst 6500 ?
 
 And what's a good book for learning the 6509?
 
 Thanks!
 
 Andrew


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63361t=63358
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

WIC-1T [7:63364]

[DW]

Hi all,

I have a 2620 series running IOS (C2600-I-M), Version 12.2(8)T4. I also have
2 x WIC-1T installed. When I do this both of the interfaces show as
interface down / line protocol down. However when I install either interface
on its own (In either slot) they work fine. Is this a limitation of the
2600, I cannot find anything on Cisco site regarding this.

Sincerely,

Derek Walsh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63364t=63364
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

can u summarize area 0 [7:63365]

[neil K.]

Folks,

Can area 0 be summarized in OSPF ?

Thanks,

Neil




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63365t=63365
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: WIC-1T [7:63364]

[Steve Wilson]

Derek,
12.2(8)T4 has got bugs, CCO recommends upgrading to T5. When I built your
kit I could see both interfaces as being up when connected to a DTE device.

Cheers,
Steve Wilson

-Original Message-
From: DW [mailto:[EMAIL PROTECTED]] 
Sent: 19 February 2003 16:43
To: [EMAIL PROTECTED]
Subject: WIC-1T [7:63364]

Hi all,

I have a 2620 series running IOS (C2600-I-M), Version 12.2(8)T4. I also have
2 x WIC-1T installed. When I do this both of the interfaces show as
interface down / line protocol down. However when I install either interface
on its own (In either slot) they work fine. Is this a limitation of the
2600, I cannot find anything on Cisco site regarding this.

Sincerely,

Derek Walsh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63366t=63364
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Looking for Northern MA or Southern NH Study Partner or Group [7:63367]

[Walker, James - Is]

Hi,

I'm looking for a study partner for CCIE RS lab.
I leave in NH but work in Boston.

Please contact me off line.

Thanks,
Jim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63367t=63367
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSPF - 2 subnets on the routing table when actually using [7:63368]

[The Long and Winding Road]

wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 When using multipoint interface between R1 and R2, R3 receive these
routes:

 192.168.255.0/32 is subnetted, 2 subnets
 O IA192.168.255.6 [110/64] via 192.168.23.1, 00:15:30, Serial0.132
 O IA192.168.255.5 [110/128] via 192.168.23.1, 00:12:43, Serial0.132

 When using point-to-point interface between R1 and R2, R3 receive these
 routes:

  192.168.255.0/30 is subnetted, 1 subnets
 O IA192.168.255.4 [110/128] via 192.168.23.1, 00:29:11, Serial0.132

 It seems that the frame-relay route map on R1 and R2 causes the first
result.

 Any thoughts?

yes. this is the way it works. refer to the RFC for specifics.




 R1 (192.168.255.5/30)  (192.168.255.6/30) R3
(192.168.23.1/30 ---R3
 (192.168.23.2/30)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63368t=63368
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Congigure the ATM LS 100 ! [7:63328]

[Larry Letterman]

I have this on the lab at work..

Current configuration:
!
version 11.1
no service pad
service udp-small-servers
service tcp-small-servers
!
hostname LS-1010
!
!
atm address
47.0091.8100..0010.11bd.f901.0010.11bd.f901.00
atm router pnni
 node 1 level 56 lowest
  redistribute atm-static
!
!
interface ATM0/0/0
 no keepalive
 no atm auto-configuration
!
interface ATM0/0/1
 no keepalive
!
interface ATM0/0/2
 no keepalive
!
interface ATM0/0/3
 no keepalive
 no atm auto-configuration
 atm pvc 2 200  interface  ATM0/0/0 1 100
!
interface ATM0/1/0
 no keepalive
!
interface ATM0/1/1
 no keepalive
!
interface ATM0/1/2
 no keepalive
!
interface ATM0/1/3
 no keepalive
!
interface ATM1/0/0
 no keepalive
!
interface ATM1/1/0
 no keepalive
!
interface ATM2/0/0
 no ip address
 no keepalive
 atm maxvp-number 0
!
interface Ethernet2/0/0
 no ip address
!
no ip classless
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
 login
!
end


Larry Letterman
Network Engineer
Cisco Systems


- Original Message -
From: XY HIEN LE 
To: 
Sent: Wednesday, February 19, 2003 1:05 AM
Subject: Congigure the ATM LS 100 ! [7:63328]


 Hi all,

 Does anyone know how to configure the LightStream LS 100
switch to work
 between 2 7200 routers with  ATM interfaces? I am trying
to set up the
 ATM lab practice but can't get the switch to pass traffic
between 2
 routers?
 Any help would be much appreciated.

 Xy
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63369t=63328
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: can u summarize area 0 [7:63365]

[The Long and Winding Road]

neil K.  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Folks,

 Can area 0 be summarized in OSPF ?

yes - on the ABR, with the summary advertised out to non zero areas.

within area 0 itself, one cannot summarize area 0 subnets to other area 0
routers.



 Thanks,

 Neil




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63370t=63365
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]

[Vicky Rode]

comments in-line:


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Kelly Cobean
Sent: Tuesday, February 18, 2003 7:54 PM
To: [EMAIL PROTECTED]
Subject: RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]


Priscilla,
Ok, you caught me not telling the whole truth.  There is a second VLAN
on the switch, but my point was that the MLS cache is full of entries for
one host talking to another host off of the same VLAN interface but on a
secondary subnet, indicating that L3 switching (routing) took place for that
data-flow...So now I guess there are two hands clapping ;-)  You sure do
keep us all on our toes!!!  Thanks!
-
that's because packet switching between subnets using secondaries are
process-switched.



regards,
/vicky


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 18, 2003 1:08 AM
To: [EMAIL PROTECTED]
Subject: RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]


I'm loath to continue this discussion, but I do have a question for Kelly.
Why do you have a VLAN at all in your example?? Isn't a single VLAN sort of
like one hand clapping? Seriously, what role is it playing in your network?

Of course you don't have to have VLANs to do routing/L3 switching, as you
probabaly know. But maybe there's some weird configuration gotcha, specific
to the 6509? Just curious. Thanks.

Larry said the majority of the Cisco campus is networked with L3 switches
and not using vlans. That says a lot right there!

Priscilla

Kelly Cobean wrote:

 All,
I'd like to add to this something that I haven't seen in
 other posts yet,
 and that is a quick look at layer2 function.  I have a Catalyst
 6509 with an
 MSFC on it.  There is only *ONE* VLAN configured on the MSFC,
 however, that
 VLAN has several secondary addresses assigned to it (I know,
 not a great
 solution, but let's not go there).  If I do a show mls entry
 on my switch,
 it is full of entries for hosts talking to hosts on the same
 VLAN.  My
 point?  When a host wants to talk to a host on another subnet
 (VLAN or not),
 it ANDs the address with it's own mask, determines that the
 host is in fact
 on a different subnet, then arps (if necessary) for it's
 default gateway
 (the MSFC) and sends the packet on it's way.  The 6509/MSFC
 receive the
 packet and begin the MLS cache setup process (candidate packet,
 timeout,
 etc).  All this is still done inspite of the fact that the MSFC
 only has a
 single VLAN.

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
 Behalf Of
 Stephen Hoover
 Sent: Monday, February 17, 2003 8:33 PM
 To: [EMAIL PROTECTED]
 Subject: Re: Does MLS (Layer 3 switching) require VLANs?
 [7:63147]


   -
   actually it is by doing secondaries, but i would highly
 recommend doing
   vlans if possible. keep it clean and simple.
 
 
  one may also configure the physical interfaces as L3
 interfaces - just as
  one might do on a router with several ethernet ports.


 Oo ok, now THAT statement leads me to believe the L3
 switching IS
 possible without VLANs.


 -Stephen




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63371t=63147
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]

[Vicky Rode]

comments in-line:


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Howard C. Berkowitz
Sent: Tuesday, February 18, 2003 6:42 AM
To: [EMAIL PROTECTED]
Subject: Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]


At 5:30 AM + 2/18/03, Ken Diliberto wrote:
The nit I'm picking is inline... (I'm feeling like chipping in tonight)

  The Long and Winding Road
02/17/03 06:13PM 

[snip]

if I have a 75xx router with 300 ethernet ports, and I bridge all
those
ports, do I have an L3 switch, or a router?

[KD]
You have a router performing L2 operations (forwarding, switching,
bridging -- whatever).  Would a cheap Linksys switch be faster?

What makes a L3 switch in my mind is where the forwarding happens.  If
the L3 CPU (new way to look at it?) has to handle every packet, that's a
router.  If the first L3 packet is handled by the CPU which then
programs ASICs to handle the rest of the flow without bothering the CPU,
that's an L3 switch.  Is there a difference from a packet/network
perspective?  No.  The L2 headers and L3 headers are all properly
updated in both cases (at least we *hope* they are) and traffic is
delivered most of the time.  (If it was delivered all the time, networks
wouldn't need us to fix them)  :-)

Does that make a 7500 with VIPs a L3 switch?  A 12000 with
distributed forwarding processors?
--
it dependscall it (d)cef switching router if you want but i have to
kinda agree with ken's comments. in my opinion the major difference between
a tradition router and a l3 switch is the way packet switching takes place.
in a tradition router the packet switching are done in software
(microprocessor based), whereas in l3 switch it is done by asic in hw and
mls is used to increase routing performance by doing packet switching and
rewrites in hw (asics).

that's all.


regards,
/vicky


Substituting router for L3 switch is a good idea, but go farther than
that. You can think of a high-performance router as a small hidden
network, containing one or more (think high availability) path
determination routing processors/hosts that download FIB
information to multiple forwarding processors/hosts.  One public and
vendor-independent discussion of this architecture continues in the
IETF FORCES Working Group (go to www.ietf.org and navigate to Working
Groups).


What does this mean to us?  Not much other than for capacity planning.
IMHO, an L3 switch has a longer life than a router.

Not really, as you say in your next paragraph. I could go off into
the ozone and say all high-speed routers are L3 switches.

Indeed, ASICs aren't a necessity.  I've worked on research router
designs that used RISC processors in each forwarding and path
determination engine, which gave lots of power but much more
flexibility than ASICs. Admittedly, at least one of these was a
specifically designed processor, but it definitely was software
loadable and ran a real time OS.  ASIC gets blurry anyway, when you
start getting into the pure hard-etched IC, field-programmable gate
arrays, electrically alterable field-programmable gate arrays,
microcode sequencers, etc.


When I design networks, I don't think L3 switch.  I think about routers
interconnecting L2 segments.  I even draw them that way most of the
time.  :-)

My advice to those having problems with this subject:  Replace every
occurrence of layer 3 switch with router.

[/KD]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63372t=63147
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cat 6000 PCMCIA Flash Card Same as 3600? [7:63293]

[Vicky Rode]

i believe you will have to (re)format the flash.



regards,
/vicky


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, February 19, 2003 7:36 AM
To: [EMAIL PROTECTED]
Subject: Re: Cat 6000 PCMCIA Flash Card Same as 3600? [7:63293]


I used the same Flash Card on 6000, 7507 and 4700.  Not sure about 3600.





Bob Sinclair @groupstudy.com em 18/02/2003 18:06:02

Favor responder a Bob Sinclair

Enviado Por:  [EMAIL PROTECTED]


Para:  [EMAIL PROTECTED]
cc:

Assunto:Cat 6000 PCMCIA Flash Card Same as 3600? [7:63293]


I would like to buy a flash PC card for my Cat 6000 with Sup1A.  I know
there are different file system formats for various devices, but do the
3600
and 6000 cards have the same physical spec?  Can I use the same card in
both
devices if I reformat?

Thanks,

-Bob Sinclair




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63373t=63293
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Upgrading from Token Ring to Fast Ethernet [7:63374]

[Marakalas]

Hi All,
I'm in the process of upgrading from Token Ring to
Fast Ethernet at one of our client's sites. This
upgrade won't be fork-lifted overnight and my concern
is that that the client is not keen on doing the IP
readdressing. I'll be deploying a Cisco 2513 router
during the migration period and my question is as
follows:-

How do I leave the IP subnets configured on the Token
Ring interface and have users connect to the Ethernet
interface, and still be on the same IP subnet, if
possible.

Your assistance will be highly appreciated.

__
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63374t=63374
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNP Done, finaly [7:63355]

[Joseph R. Taylor]

Hi Arni,
   Congratulations. Good Job.
   JoeT


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63375t=63355
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 3550 config guide...Any out there yet?? [7:63359]

[Cisco Nuts]

Actually, I got tons of it now.
I would start with CCO - this is the best.
Then the freebies from ipexpert.net, ccbootcamp.com, bradshawlabs.com and  
netmasterclass.net.
These should be ample.
Use the doc cd online to get to the 3550 url:

http://www.cisco.com/univercd/home/home.htm

Once you get here, click under Catalyst switches - Catalyst 3550 and click 
on the first one for Release 12.1 (12c).








From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: 3550 config guide...Any out there yet??
Date: Wed, 19 Feb 2003 12:24:06 -0300

Could you tell me were you got the link about 3550?

  I am asking it because I am using the BluePrint to study and there is not
that link.

The link I am using is
http://www.cisco.com/warp/public/625/ccie/certifications/rsblueprint.html

Thanks in Advance

=

Hello,Since the 3550's are going to kill us in the new Lab, has anyone
come out with a config. guide book or a cd-simulator, similiarly to the
Cat5 from Cisco? Also, on CCO, I see this one link for the 3550:
http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_book09186a008007f368.html
 
Is
this sufficient for the Lab? Please advise.Thank you.Sincerely,CN


_
MSN 8 with e-mail virus protection service: 2 months FREE*  
http://join.msn.com/?page=features/virus




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63359t=63359
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Congigure the ATM LS 100 ! [7:63328]

[Daniel Cotts]

The original question was about a LS100 not a LS1010. Much different box.
Possibly the manual for the LS100 is on CCO.

 -Original Message-
 From: Larry Letterman [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, February 19, 2003 12:17 PM
 To: [EMAIL PROTECTED]
 Subject: Re: Congigure the ATM LS 100 ! [7:63328]
 
 
 I have this on the lab at work..
 
 Current configuration:
 !
 version 11.1
 no service pad
 service udp-small-servers
 service tcp-small-servers
 !
 hostname LS-1010
 !
 !
 atm address
 47.0091.8100..0010.11bd.f901.0010.11bd.f901.00
 atm router pnni
  node 1 level 56 lowest
   redistribute atm-static
 !
 !
 interface ATM0/0/0
  no keepalive
  no atm auto-configuration
 !
 interface ATM0/0/1
  no keepalive
 !
 interface ATM0/0/2
  no keepalive
 !
 interface ATM0/0/3
  no keepalive
  no atm auto-configuration
  atm pvc 2 200  interface  ATM0/0/0 1 100
 !
 interface ATM0/1/0
  no keepalive
 !
 interface ATM0/1/1
  no keepalive
 !
 interface ATM0/1/2
  no keepalive
 !
 interface ATM0/1/3
  no keepalive
 !
 interface ATM1/0/0
  no keepalive
 !
 interface ATM1/1/0
  no keepalive
 !
 interface ATM2/0/0
  no ip address
  no keepalive
  atm maxvp-number 0
 !
 interface Ethernet2/0/0
  no ip address
 !
 no ip classless
 !
 line con 0
  exec-timeout 0 0
  logging synchronous
 line aux 0
 line vty 0 4
  login
 !
 end
 
 
 Larry Letterman
 Network Engineer
 Cisco Systems
 
 
 - Original Message -
 From: XY HIEN LE 
 To: 
 Sent: Wednesday, February 19, 2003 1:05 AM
 Subject: Congigure the ATM LS 100 ! [7:63328]
 
 
  Hi all,
 
  Does anyone know how to configure the LightStream LS 100
 switch to work
  between 2 7200 routers with  ATM interfaces? I am trying
 to set up the
  ATM lab practice but can't get the switch to pass traffic
 between 2
  routers?
  Any help would be much appreciated.
 
  Xy
 [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63376t=63328
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Upgrading from Token Ring to Fast Ethernet [7:63374]

[DeVoe, Charles (PKI)]

Just a thought.  Could you create a VLAN and put both ports in the same
VLAN?

-Original Message-
From: Marakalas [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 19, 2003 2:34 PM
To: [EMAIL PROTECTED]
Subject: Upgrading from Token Ring to Fast Ethernet [7:63374]


Hi All,
I'm in the process of upgrading from Token Ring to
Fast Ethernet at one of our client's sites. This
upgrade won't be fork-lifted overnight and my concern
is that that the client is not keen on doing the IP
readdressing. I'll be deploying a Cisco 2513 router
during the migration period and my question is as
follows:-

How do I leave the IP subnets configured on the Token
Ring interface and have users connect to the Ethernet
interface, and still be on the same IP subnet, if
possible.

Your assistance will be highly appreciated.

__
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63377t=63374
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Snort versus Cisco IDS [7:62939]

[DeVoe, Charles (PKI)]

I do believe it is in the best interest of the Cisco engineers to also push
their products.  

-Original Message-
From: Kent Hundley [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 14, 2003 10:35 AM
To: [EMAIL PROTECTED]
Subject: RE: Snort versus Cisco IDS [7:62939]


The term team was meant to by inclusive of engineers as well as
sales.  I can assure you I have talked to many competent Cisco
engineers, some of them who specialize in security, who do in fact
recommend the Cisco IDS to their large clients.  

And yes, salespeople will obviously always push their product.

Regards,
Kent

On Fri, 2003-02-14 at 07:15, DeVoe, Charles (PKI) wrote:
 2) Has never talked to any of the Cisco teams that manage large global
 accounts
 
 Of course these are sales people.  Sales people make their livelihood off
of
 the sales.  So obviously, they will push the product.  
 
 Rule 1.  Never trust a salesperson.
 Rule 2.  Never Believe a salesperson.
 Rule 3.  Never forget Rules 1  2.
 
 -Original Message-
 From: Kent Hundley [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, February 13, 2003 4:39 PM
 To: [EMAIL PROTECTED]
 Subject: Re: Snort versus Cisco IDS [7:62939]
 
 
 On Thu, 2003-02-13 at 00:06, Priscilla Oppenheimer wrote:
  Someone told me in an authoritative voice today that Cisco doesn't
 recommend
  their IDS. They recommend Snort. Is this really true? Isn't Cisco's IDS
a
  big part of SAFE?
  
 
 Whomever told you this:
 
 1) Is extremely naiive (one Cisco engineer told them something and they
 took it as gospel)
 
 2) Has never talked to any of the Cisco teams that manage large global
 accounts
 
 I can tell you for a 100% fact that Cisco recommends their IDS very
 actively to their large global customers, I'm working on a Fortune 5
 account right now and the Cisco team is heavily pushing a Cisco IDS
 deployment.  If one of their engineers recommended snort, the AM would
 have them bound and gagged and thrown in a very dark basement. ;-)
 
 
  Of course, the person who said this doesn't understand that Cisco is a
 huge,
  chaotic organism, and that saying Cisco does something based on what one
  person does, doesn't make sense.
  
  But I'm just curious, what do you all recommend for intrusion detection?
 How
  do Snort and Cisco IDS compare? I guess Cisco's solution is a bit more
  complicated, requiring appliances or IDS cards in a switch and a
console:
  
 
 Cisco IDS is a commercial, fully baked product in the sense that it has
 a lot of bells and whistles for the end-user market.  Cisco is also
 developing custom hardware such as blades that slide into a Cat 6500,
 making for easy deployment and the ability to capture and process
 traffic at Gigabit speeds.
 
 Snort is much more of a tech geeks solution, although there are a lot of
 talented people writing code to increase its ease of use such. (things
 like ACID and Demarc)
 
 The bottom line is that snort will do the job in a lot of environments,
 but your going to need to have some very technical people to handle the
 care and feeding of the system.  It is an open source solution and
 doesn't come with built-in support other than what you get through
 mailing lists.  The Cisco IDS comes with TAC behind it.  You pay more
 for more support baked into the process and a large amount of dedicated
 resources working on your issues. (it's the same old open source vs
 commercial product argument)
 
 For small environments where funds are very limited or for environments
 with highly technical but cheap labor (such as universities), snort is
 probably the better solution.  For large enterprises, Cisco would
 probably be the better choice.  
 
 Of course, YMMV, a lot depends on the environment, , that's my opinion,
 take it with a grain of salt, yada, yada, yada, etc. etc. disclaimer,
 disclaimer...
 
 Regards,
 Kent




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63378t=62939
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Alternate password recovery procedures? [7:62541]

[Mossburg, Geoff (MAN-Corporate)]

Thank you, but I knew about the normal password recovery procedures; I was
trying to find out if there are other ways to remotely recover a password,
other than the SNMP method I mentioned below. I agree that the normal
recovery procedures are common knowledge and wouldn't be worth a reply.
Geoff

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 19, 2003 10:47 AM
To: Mossburg, Geoff (MAN-Corporate)
Subject: Re: Alternate password recovery procedures? [7:62541]


hi

you can find www.cisco.com.

search from www.google.com
cisco password recovery.

i think this is so simple question therefore nobody answer you

Selcuk


- Original Message -
From: Mossburg, Geoff (MAN-Corporate) 
To: 
Sent: Wednesday, February 05, 2003 11:23 PM
Subject: Alternate password recovery procedures? [7:62541]


 All,
 I was looking for a way to recover an enable password on a
 misconfigured router, and I came across the SNMP method of password
 recovery, which I was able to use to change the enable password remotely
on
 the router. I was wondering: Does anyone knows of even more alternate
 password recovery procedures?
 Thanks!
 Geoff Mossburg
Virus taramasi Vexira AV programi kullanilarak Is Net tarafindan
yapilmistir.
This e-mail is checked by Is Net against all known types of viruses using
Vexira AV.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63379t=62541
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

VPN question [7:63380]

[Marshal Schoener]

Hi guys,
 
I have a question that I hope somebody can help me out with...
 
I have a Cisco 3000 series VPN concentrator in one of our offices.  Call it
office 'A'.
I have a Cisco 3002 VPN hardware client in office 'B'.  The VPN between both
office works fantastic.
I also have a 3rd office with a Cisco 3002 VPN client, office 'C'.  This VPN
to office 'A' works great also.
 
Now, office 'A' and office 'B' both have their domains trusted, and
everything works great.
Same with office 'A' and office 'C'.
 
My question is, would it be possible to route VPN packets using this setup
from office 'B' to office 'C'?
This way, I can trust the domains in the offices that only have 3002
hardware clients, maybe through routing at the office with the concentrator?
 
'A' -concentrator
  / \ 
/ \ 
  / \   
'B'---'C'
  client  client
 
 
Thanks a million for any help you guys can give!
Regards,




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63380t=63380
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Help with Route-Maps [7:63381]

[CiscoNewbie]

Hi all.  Here is a scneario that I need your help on:

I have a RAS server that has 2 ethernet interfaces for egress traffic.  The
IP addressing on each interface are on separate networks.  In addition, the
dialin pools configured on the RAS are in separate networks from each other
as well as from those defined on the ethernet interfaces of the RAS.  Each
Ethernet interface gateway points to a Cisco 2620 router which each of the
routers have their own connection to the internet via 2 separate providers. 
No BGP being done.  The IP Pool addressing on the RAS server are from each
of the providers.  So Pool A IPs are from Sprint and Pool B are from Choice1.

So in the event that one dialin user gets an IP from Pool B but gets routed
to Router A, the user will not go any where because each provider will not
route the other provider IPs.  My goal was to be able to say on the RAS that
 pool A goes out of ethernet port 1 and Pool B goes out ethernet port 2
but the RAS solution that I am using will not allow this to be done.  So I
thought about creating a route-map on the Cisco's to be applied to the
ethernet interface (ingress) as an inbound policy.  The route-map on Router
A would need to say something like:  If Pool B which belongs to Router B,
then set IP next-hop to Router B ethernet interface.  Both routers know
about each other.  I would like to know if all I would need to do is the
following or if I need something else or maybe I cant do it.  Thanks.

Here is what I come up with:

ROUTER A:

route-map from-RAS permit 10
 match ip address 1
 set ip next-hop 192.168.1.2

interface Ethernet 0/0
 description Traffic from Pool A
 ip address 192.168.1.1 255.255.255.0
 no ip directed-broadcast
 ip policy route-map from-RAS

access-list 1 permit  

 

The same will be done on the ROUTER B but with the appropriate IPs.

Thanks in advance.

 

 

  

 

 



-
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63381t=63381
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCNP Done, finaly [7:63355]

[Alejandro Quemada]

well done! i have just done bsci.. i am happy if you say that the other
exams combined are easy ;)
regards

Joseph R. Taylor  escribis en el mensaje
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi Arni,
Congratulations. Good Job.
JoeT




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63382t=63355
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CS11152 MIB's [7:63300]

[Sam Sneed]

got em.

thanks alot
John Neiberger  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I believe the MIBs are on the CSS itself.  Use an FTP client to browse the
 box and you'll find them somewhere.  I'm at home at the moment and I can't
 remember which directory they're in but it seems like it's fairly clear
when
 you see it.

 John

 Sam Sneed  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Anyone know where I can download these? I couldn't find them on Cisco
 site.
  I'd like to get CPU stats on my CSS11152 via snmp.
 
  thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63383t=63300
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Windows Domain Access across WAN [7:63384]

[Joseph R. Taylor]

Hi All,
   I'm looking to setup Windows Domain access across a TCP/IP WAN. I'm
concerned with all the protocols that need to be allowed.
   Thank you,
  JoeT


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63384t=63384
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]

[Howard C. Berkowitz]

At 6:19 PM + 2/19/03, Vicky Rode wrote:
comments in-line:


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Kelly Cobean
Sent: Tuesday, February 18, 2003 7:54 PM
To: [EMAIL PROTECTED]
Subject: RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]


Priscilla,
 Ok, you caught me not telling the whole truth.  There is a second VLAN
on the switch, but my point was that the MLS cache is full of entries for
one host talking to another host off of the same VLAN interface but on a
secondary subnet, indicating that L3 switching (routing) took place for that
data-flow...So now I guess there are two hands clapping ;-)  You sure do
keep us all on our toes!!!  Thanks!
-
that's because packet switching between subnets using secondaries are
process-switched.

On general IOS -- can't speak to the switch implementations -- you can code

 ip route-cache same-interface
 ipx route-cache same-interface

and get fast switching for secondaries.  Don't know if there is a way 
for CEF to figure this out.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63385t=63147
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Upgrading from Token Ring to Fast Ethernet [7:63374]

[MADMAN]

Yes try looking at this

http://www.cisco.com/en/US/customer/tech/tk331/tk660/technologies_tech_note09186a00800a997d.shtml

   Dave

Marakalas wrote:
 Hi All,
 I'm in the process of upgrading from Token Ring to
 Fast Ethernet at one of our client's sites. This
 upgrade won't be fork-lifted overnight and my concern
 is that that the client is not keen on doing the IP
 readdressing. I'll be deploying a Cisco 2513 router
 during the migration period and my question is as
 follows:-
 
 How do I leave the IP subnets configured on the Token
 Ring interface and have users connect to the Ethernet
 interface, and still be on the same IP subnet, if
 possible.
 
 Your assistance will be highly appreciated.
 
 __
 Do you Yahoo!?
 Yahoo! Shopping - Send Flowers for Valentine's Day
 http://shopping.yahoo.com
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

You don't make the poor richer by making the rich poorer. --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63386t=63374
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]

[Howard C. Berkowitz]

At 6:51 PM + 2/19/03, Vicky Rode wrote:
comments in-line:


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Howard C. Berkowitz
Sent: Tuesday, February 18, 2003 6:42 AM
To: [EMAIL PROTECTED]
Subject: Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]


At 5:30 AM + 2/18/03, Ken Diliberto wrote:
The nit I'm picking is inline... (I'm feeling like chipping in tonight)

   The Long and Winding Road
02/17/03 06:13PM 

[snip]

if I have a 75xx router with 300 ethernet ports, and I bridge all
those
ports, do I have an L3 switch, or a router?

[KD]
You have a router performing L2 operations (forwarding, switching,
bridging -- whatever).  Would a cheap Linksys switch be faster?

What makes a L3 switch in my mind is where the forwarding happens.  If
the L3 CPU (new way to look at it?) has to handle every packet, that's a
router.  If the first L3 packet is handled by the CPU which then
programs ASICs to handle the rest of the flow without bothering the CPU,
that's an L3 switch.  Is there a difference from a packet/network
perspective?  No.  The L2 headers and L3 headers are all properly
updated in both cases (at least we *hope* they are) and traffic is
delivered most of the time.  (If it was delivered all the time, networks
wouldn't need us to fix them)  :-)

Does that make a 7500 with VIPs a L3 switch?  A 12000 with
distributed forwarding processors?
--
it dependscall it (d)cef switching router if you want but i have to
kinda agree with ken's comments. in my opinion the major difference between
a tradition router and a l3 switch is the way packet switching takes place.
in a tradition router the packet switching are done in software
(microprocessor based),

Big difference if the microprocessors (note plural) aren't doing 
anything except forwarding, and run a real time OS. The key thing is 
that you don't want forwarding going through the processor that runs 
routing protocols, system management, etc.

A real challenge is where to implement QoS, because it tends to get 
beyond the complexity of a true ASIC and really has to be done in a 
microcode-loaded processor.

whereas in l3 switch it is done by asic in hw and
mls is used to increase routing performance by doing packet switching and
rewrites in hw (asics).


There's a bit of Cisco marketing-speak here, which was actually a 
reaction to competitors who brought up the concept switch if you 
can, route when you must. Hardware and software technology have 
moved on since then, and the line is much more blurred between the 
two.  It's more important to think of separating the forwarding, 
control, and upper layer services path (and being sure there's no 
mutual interference) than it is to consider the actual hardware 
processing elements (ASICs, microcoded or RISC processors, etc.)

This emphasis on ASICs also ignores a couple of common bottlenecks: 
memory and fabric. To some extent, you can get around memory 
limitations by having distributed memories for distributed 
processors.  For the fabric, you can move from shared bus, to shared 
memory, and eventually to crossbar (ignoring optical trends).

As I mentioned in a previous post that's partially below, you don't 
necessarily need ASICs if you have enough distributed processors, 
using the term processor to include microcode sequencers, FPGAs and 
EA-FPGAs, etc.  In research prototypes, I've been involved in routers 
that had true processors, running on the forwarding boards, that ran 
a real-time OS.  These processors did have certain functions 
custom-built in hardware.  Also, the processors can have coprocessors 
-- the Nortel Shasta products, for example, have an encryption chip 
more or less next to general board-level processors, with a 
high-speed path between them.

Even with ASICs, the L2 and L3 decisions, rewrite, etc. often are in 
separate chips. Remember a processor can be implemented as bit slices 
operating in a set of ICs.



Substituting router for L3 switch is a good idea, but go farther than
that. You can think of a high-performance router as a small hidden
network, containing one or more (think high availability) path
determination routing processors/hosts that download FIB
information to multiple forwarding processors/hosts.  One public and
vendor-independent discussion of this architecture continues in the
IETF FORCES Working Group (go to www.ietf.org and navigate to Working
Groups).


What does this mean to us?  Not much other than for capacity planning.
IMHO, an L3 switch has a longer life than a router.

Not really, as you say in your next paragraph. I could go off into
the ozone and say all high-speed routers are L3 switches.

Indeed, ASICs aren't a necessity.  I've worked on research router
designs that used RISC processors in each forwarding and path
determination engine, which gave lots of power but much more
flexibility than ASICs. Admittedly, at least one of these was a
specifically designed 

RE: Novell SAP question [7:63340]

[Priscilla Oppenheimer]

lee wooi keat wrote:
 
 All,
 I have a question on Novell SAP and need your help:
 A cisco router is receiving a specific SAP advertisement but
 the server

How do you know that the router is receving a specific SAP advertisement?
Please share with us the troubleshooting you have done and any output from
show or debug commands. Good commands to use include show ipx traffic,
debug ipx sap activity, and debug ipx sap events. As usual, be careful
with debug commands on operational routers. SAP debug commands are
especially problematic if there are tons of services being advertised.

 isnt showing up in the server table. 

Do you mean that the server doesn't show up on the router when you do a
show ipx server or do you mean that it doesn't show up in server lists on
clients or servers downstream from the router.

In the first case, use show ipx route to check that the router has a route
to the server. If it doesn't, I suspect that it wouldn't put it in its list
(and wouldn't advertise it either.)

In the second case, check for SAP output filters.

___

Priscilla Oppenheimer
www.troubleshootingnetworks.com
www.priscilla.com


 Why are the possible
 reason for that?
 
 Thanks in advance.
 
 Cheers,
 Lee
 
 
 
 
 _
 Add photos to your e-mail with MSN 8. Get 2 months FREE*. 
 http://join.msn.com/?page=features/featuredemail
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63389t=63340
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN question [7:63380]

[Joseph Brunner]

the office 3000 concentrator will route packets between each spoke
client (3002). Its sort of like a hub  spoke frame relay network in a
routing sense.

For implementation, just make sure the 3002 are passed routes
via their split tunneling network list on the the 3000 concentrator.

Or if your not using split tunneling, the 3002's should be picking up all
routes anyway, as reachable via the 3000 (except their default gateway, or
course!)

You will run network extension mode on with the 3002's (NOT PAT OVER TUNNEL).

The 3002 can't terminate any tunnels, so you can't ipsec connect B  C


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63390t=63380
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 100 Mbps on Cat3 or Cat4 [7:63310]

[Priscilla Oppenheimer]

Pat Do wrote:
 Are unintelligent 10 Mbps hubs better than unintelligent 10/100
 Mbps switches when the network cables that connect the PCs to
 the hub or switch are Cat3 or Cat4?
 
 I provide network services to dozens of non-profits.  Most of
 the sites have Cat3 or Cat4 cabling. I have a co-worker who
 says that 10 Mbps hubs should be used until the sites are
 upgraded to Cat5 (which won't be happening any time soon).
 
 His rational: If the PC NICs are set to auto detect speed and
 the unintelligent 10/100 switch is set to auto detect speed,
 that data will try to pass through the Cat3 or Cat4 wire at 100
 Mbps.  He says that while the data can pass thru the wire at
 those rates, it's the signaling that gets scrambled at that
 rate on a Cat3 or Cat4 wire.  Consequently, to prevent
 signaling problems that may in turn cause data integrity
 problems, he's recommending to use 10 Mbps hubs.  Is this a
 valid argument?

Yes, it is a valid argument. 

If he's saying that autonegotiation will fail to negotiate because of the
presence of Cat-3 cable, then he's wrong. The autonegotiation link pulses
are simply bursts of the same Normal Link Pulses that have been used in
10Base-T for years. The pulses will travel over Cat-3 cable without any
problems and the negotiation process will occur. However if he's saying that
auto-negotiation will negotiate, but then you'll have problems, he's right.

The problem is that the two devices will probably decide to use 100 Mbps.
Auto-negotiation rules say that the devices should select the highest
performance mode that they share in common. The result would be the NIC and
switch port attempting so use 100 Mbps on Cat 3 cabling, which doesn't work.

When we went from 10 Mbps to 100 Mbps we went from Manchester signal
encoding to MLT-3 signal encoding to avoid the sorts of problems he is
referring to. We also went to a requirement for Cat-5 cabling because of the
increased frequency associated with the new signal encoding.

 
 Note: New, unintelligent 10 Mbps hubs appear to be becoming
 less available and more costly relative to unintelligent 10/100
 Mbps switches as time goes on.  Consequently, this issue is
 starting to have financial implications.

I know, isn't that annoying!? I like hubs. :-) Hubs have quite a few
advantages for certain applications.

As others have recommended, perhaps to avoid buying old equipment (hubs)
that are getting harder to find (and more expensive), you could go with
switches and hard code everything to 10 Mbps for now.

But perhaps your point was that an _unintelligent_ switch might not let you
configure hard-coded 10 Mbps instead of auto-detect. In that case, buy up a
bunch of hubs, but don't beat me to it. ;-)

___

Priscilla Oppenheimer
www.troubleshootingnetworks.com
www.priscilla.com





Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63391t=63310
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IP Helper with Netware 5.1 and win 9598 [7:63297]

[Priscilla Oppenheimer]

To be honest, I don't know the effect of using two helper addresses on one
interface. It may not provide any redundancy, if that's your hope, but I'm
not sure. Anyone know?

However, I do have one other quick suggestion. Make sure the switches that
connect the problematic PCs are using portfast. This sound like  a portfast
problem. You say the PCs don't renew their lease when they reboot.
Unfortunately they can't if the switch is not yet forwarding their DHCP
requests because it's doing its ridiculously long state-changes for spanning
tree. It doesn't start forwarding for many seconds. If you set it to
portfast, you avoid this problem. (Only do that if you know the switch ports
just connect PCs and no other switches perhaps in a redundant fashion,
resulting in spanning tree havoc.)

Priscilla

Firesox wrote:
 
 Thanks for the comments
 My answers below.
 
 Yes both DHCP  servers are on the same broadcast domain at the
 hub site.
 I have two helper addresses on the same interface(remote site,
 thinking
 redundancy, but it may not be as effective as I thought it
 would from your
 comment).
 What's weird is that when I manually release/renew the lease
 from win95/98
 machines, it works just fine.  It's just not automatic.
 The machines at hub site does this automatically without any
 problems.
 
 Thanks
 
 Priscilla Oppenheimer  wrote in
 message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Firesox wrote:
  
   I have two ip-helper addresses configured on 2621 which
   connects to another
   2621 at the HUB where DHCP servers reside.
 
  Do you have two ip helper addresses on the same interface?
 Does that
 really
  do any good or does the first one just get used all the time?
 Or do you
 mean
  two helper addresses, one on one interface and one on another.
 
   I have 2 Novell Netware 5.1 servers as DHPC servers.
 
  Are the Novell DHCP servers on the same LAN, IP subnet,
 broadcast domain?
 
   Lease is
   set to 3 days
   Everthing is working as expected except windows 95 and 98
   clients are not
   renewing the IP after three days.
   If you manually release and renew the IP, it works fine, but
   when users turn
   on the pc after the lease has expired, it's not renewing it
   automatically.
  
   DCHP clients on the hub site are working just fine using
 same
   DHCP servers.
  
   Rihgt now the Helper addresses are set to unicast address
   pointing to those
   two servers.
   I was wondering if setting the helper address to subnet
   broadcast address
   makes any difference.
 
  You need to find out why this is happening. Do the clients
 attempt to
 renew,
  i.e. send the DHCP requests or are they just silent?
 
  If the DHCP clients attempt to renew and their server (i.e.
 the one that
  their helper address points to) doesn't respond, it might
 help to change
 the
  helper address to broadcast to give the other server a chance
 to reply,
  assuming the servers are on the same LAN. The other router
 would have to
  forward directed broadcasts for the broadcast to end up on
 the LAN.
 
  But it wouldn't be advisable to make this change without
 knowing why the
  problem is happening and what negative side effects could
 occur from the
  change.
 
  Priscilla
 
 
  
   Thanks in advance.
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63392t=63297
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Can't ping with Dialer Map Command [7:63393]

[Azhar Teza]

I have set up a simple ISDN dial up between two routers, and I don't see any
wrong with the configs may be.  The funny thing is when I use dialer string
command on both routers then I can successfully ping each other, but if I
replace Dialer String with Dialer Map which is a preferred way I am not able
to ping.  The Bri channel 1 will be connected, but my ping times out.  Here
is the configs for both routers:r1#wr tBuilding configuration...Current
configuration:!version 11.3service timestamps debug uptimeservice timestamps
log uptimeno service password-encryption!hostname r1!enable secret 5
$1$oix0$jjbU/t1qjJlHT1zYajIeG/!no ip domain-lookupisdn switch-type
basic-ni1!!interface Ethernet0 ip address 170.10.22.1 255.255.255.0 no
keepalive media-type 10BaseT!interface Ethernet1 no ip address shutdown
media-type 10BaseT!interface Serial0 no ip address encapsulation
frame-relay!interface Serial0.1 point-to-point ip address 170.10.29.1
255.255.255.252 frame-relay interface-dlci 102!interface Serial1 ip address
170.10.23.1 255.255.255.252!interface Serial2 no ip address
shutdown!interface Serial3 no ip address shutdown!interface BRI0 ip address
170.10.129.1 255.255.255.252 encapsulation ppp dialer map ip 170.10.129.2
name r2 broadcast 9636000 dialer-group 1 isdn spid1 2569635101 isdn
spid2 25696350010101!interface BRI1 no ip address shutdown!interface BRI2 no
ip address shutdown!interface BRI3 no ip address shutdown!router ospf 1
passive-interface BRI0 network 170.10.22.1 0.0.0.0 area 1 network
170.10.23.1 0.0.0.0 area 1 network 170.10.29.1 0.0.0.0 area 0 network
170.10.129.1 0.0.0.0 area 0!ip classless!dialer-list 1 protocol ip
permit!line con 0 logging synchronousline aux 0line vty 0 4 no
login!endr1#r2#wr tBuilding configuration...Current configuration:!version
11.3service timestamps debug uptimeservice timestamps log uptimeno service
password-encryption!hostname r2!enable secret 5
$1$D58d$cmNsq25bGd02XGPfZSUY9/!no ip domain-lookupisdn switch-type
basic-ni1!!interface Ethernet0 no ip address shutdown media-type
10BaseT!interface Ethernet1 no ip address shutdown media-type
10BaseT!interface Serial0 no ip address encapsulation frame-relay no ip
mroute-cache!interface Serial0.1 point-to-point ip address 170.10.29.2
255.255.255.252 frame-relay interface-dlci 201!interface Serial1 ip address
170.10.49.2 255.255.255.252!interface Serial2 no ip address
shutdown!interface Serial3 no ip address shutdown!interface BRI0 ip address
170.10.129.2 255.255.255.252 encapsulation ppp dialer map ip 170.10.129.1
name r1 broadcast 9635000 dialer-group 1 isdn spid1 2569636101 isdn
spid2 25696360010101!interface BRI1 no ip address shutdown!interface BRI2 no
ip address shutdown!interface BRI3 no ip address shutdown!router ospf 1
passive-interface BRI0 network 170.10.0.0 0.0.255.255 area 0!ip
classless!dialer-list 1 protocol ip permit!line con 0 logging
synchronousline aux 0line vty 0 4 no login!endr2#

___
Join Excite! - http://www.excite.com
The most personalized portal on the Web!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63393t=63393
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCNP Done, finaly [7:63355]

[Kenan Ahmed Siddiqi]

Hi there,
Congratulations! All the best for the future...

Cheers,

Kenan


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63394t=63355
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Question about CCIE written [7:63396]

[Symon Thurlow]

Hi guys,

This may seem a dumb q, but I'll ask it anyway.

How hard is the CCIE written. How much value do you think it adds (if
you don't intend to do the lab for a some time).

Symon




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63396t=63396
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Help with Route-Maps [7:63381]

[Darrell Newcomb]

Yes this can work.  I have a couple suggestions:
1)Make your access-list in the route map an extended ACL since you need to
base this forwarding on source address.
2)Consider applying this type of policy on the RAS server.  If Cisco it can
be defined in the virtual interface template specific to this single RAS
device.  Though with the simple topology that appears to exist doing the
policy routing on the RAS device may be less efficient than the 2600's.
3)Make sure the RAS device either handles asymmetric routing for packets
inbound to it.  Or that both 2600's have routes to the proper Ethernet
interfaces of this RAS device.

You might consider using virtual routers on the RAS server to achieve the
same effects.

Also you might consider solving your root problem of not announcing your
address space out both available servicesor are you using el-cheapo xDSL
service for this?

Good Luck,
Darrell Newcomb
http://www.hayaitacos.net/mpeer/

CiscoNewbie  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi all.  Here is a scneario that I need your help on:

 I have a RAS server that has 2 ethernet interfaces for egress traffic.
The
 IP addressing on each interface are on separate networks.  In addition,
the
 dialin pools configured on the RAS are in separate networks from each
other
 as well as from those defined on the ethernet interfaces of the RAS.  Each
 Ethernet interface gateway points to a Cisco 2620 router which each of the
 routers have their own connection to the internet via 2 separate
providers.
 No BGP being done.  The IP Pool addressing on the RAS server are from each
 of the providers.  So Pool A IPs are from Sprint and Pool B are from
Choice1.

 So in the event that one dialin user gets an IP from Pool B but gets
routed
 to Router A, the user will not go any where because each provider will not
 route the other provider IPs.  My goal was to be able to say on the RAS
that
  pool A goes out of ethernet port 1 and Pool B goes out ethernet port
2
 but the RAS solution that I am using will not allow this to be done.  So I
 thought about creating a route-map on the Cisco's to be applied to the
 ethernet interface (ingress) as an inbound policy.  The route-map on
Router
 A would need to say something like:  If Pool B which belongs to Router B,
 then set IP next-hop to Router B ethernet interface.  Both routers know
 about each other.  I would like to know if all I would need to do is the
 following or if I need something else or maybe I cant do it.  Thanks.

 Here is what I come up with:

 ROUTER A:

 route-map from-RAS permit 10
  match ip address 1
  set ip next-hop 192.168.1.2

 interface Ethernet 0/0
  description Traffic from Pool A
  ip address 192.168.1.1 255.255.255.0
  no ip directed-broadcast
  ip policy route-map from-RAS

 access-list 1 permit



 The same will be done on the ROUTER B but with the appropriate IPs.

 Thanks in advance.













 -
 Do you Yahoo!?
 Yahoo! Shopping - Send Flowers for Valentine's Day




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63397t=63381
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCNP Done, finaly [7:63355]

[Thomas Larus]

I just passed it recently, as part of the Routing and Switching partner
specialization for my company.  It is challenging, as all Cisco exams are
these days.

I am dying to get a chance to teach BSCI.

Tom Larus, CCIE #10,014



Skarphedinsson Arni V.  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Just finished BSCI today, and also my CCNP.

 boy the BSCI was realy hard, I think it was harder then all the other
 combined.
 But thats probably beacuse I dont have that much experince with Routing
 Protocols, used the Sybex book, and hands on with my router lab to
prepair.

 I got a lot on BGP and EIGRP, and some easy stuff on OSPF and IS-IS.

 Best regards,
 Arni




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63398t=63355
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Access-List questions [7:63399]

[Jason Steig]

Hello all.  I'am stumped on an access-list that i need to create.  What i
did was i set up two routers using rip and put loopbacks on one of them and
advertised them in rip.  I then attempted to build an access-list allowing
just these networks to pass into the other router.  The router with the
loopbacks is A the destination is B.  so I know this will be a standard
access list (direction in) on router B's interface to router A.

The requirements are 

allow any packet originating from 182.17.77.0 /24
allow any packet originating from 182.17.73.0 /24
allow any packet originating from 182.81.77.0 /24
allow any packet originating from 182.81.73.0 /24
allow any packet originating from 190.17.77.0 /24
allow any packet originating from 190.17.73.0 /24
allow any packet originating from 190.81.77.0 /24
allow any packet originating from 190.81.73.0 /24

Hers what i think i can do

with the 182 address i can do
permit ip 182.17.73.0 0.64.4.0

because the 64 will increase the second octet to 81 then the 4 in the third
bit will increase the network to 77.  Is this how i would impliment this
filtering policy in just two statements? The same way with the 190 networks?



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63399t=63399
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: native vlan, trunking question [7:63309]

[Karen E Young]

A native VLAN is the VLAN that that port uses when trunking breaks down.
Thats it. If you don't set it to a specific VLAN in the config, then the
native VLAN will be the default vlan. On cisco, this is VLAN 1.

Normally, the trunk is up and running and the native vlan doesn't come into
play. However, if the trunking goes down for any reason, the port reverts to
the native vlan. At that point, only traffic on that vlan/subnet will get
through the port. Typicxally, I will set the native vlan of trunking ports
to the vlan that I'm using for network management so that I can get to the
switch remotely if something goes wrong.

Hope this helps,

Karen


*** REPLY SEPARATOR  ***

On 2/19/2003 at 2:38 AM supernet wrote:

I'm confused on native vlan and trunking. Can I assign a port to a trunk
(for all the vlans), then assign that port to a vlan100? Does that port
belong to native vlan100? What means native vlan? Thanks. Yoshi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63400t=63309
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 100 Mbps on Cat3 or Cat4 [7:63310]

[Pat Do]

Thanks folks for your technical info as well as advice!

Buying cheaper 10/100 switches and configuring NICs on the PCs to 10 Mbps,
half duplex may be the way to go.  Most sites have 10 - 20 PCs on average.

Pat


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63401t=63310
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Congigure the ATM LS 100 ! [7:63328]

[Daniel Cotts]

Try this out.
Configuring the Software section should help.
http://www.cisco.com/univercd/cc/td/doc/product/atm/a100/ls100_ug/index.htm 

 -Original Message-
 From: XY HIEN LE [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, February 19, 2003 6:02 PM
 To: 'Daniel Cotts'
 Subject: RE: Congigure the ATM LS 100 ! [7:63328]
 
 
 I have search but with no luck!
 Xy
 
 
 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On 
 Behalf Of
 Daniel Cotts
 Sent: Wednesday, February 19, 2003 10:11 AM
 To: [EMAIL PROTECTED]
 Subject: RE: Congigure the ATM LS 100 ! [7:63328]
 
 The original question was about a LS100 not a LS1010. Much different
 box.
 Possibly the manual for the LS100 is on CCO.
 
  -Original Message-
  From: Larry Letterman [mailto:[EMAIL PROTECTED]]
  Sent: Wednesday, February 19, 2003 12:17 PM
  To: [EMAIL PROTECTED]
  Subject: Re: Congigure the ATM LS 100 ! [7:63328]
  
  
  I have this on the lab at work..
  
  Current configuration:
  !
  version 11.1
  no service pad
  service udp-small-servers
  service tcp-small-servers
  !
  hostname LS-1010
  !
  !
  atm address
  47.0091.8100..0010.11bd.f901.0010.11bd.f901.00
  atm router pnni
   node 1 level 56 lowest
redistribute atm-static
  !
  !
  interface ATM0/0/0
   no keepalive
   no atm auto-configuration
  !
  interface ATM0/0/1
   no keepalive
  !
  interface ATM0/0/2
   no keepalive
  !
  interface ATM0/0/3
   no keepalive
   no atm auto-configuration
   atm pvc 2 200  interface  ATM0/0/0 1 100
  !
  interface ATM0/1/0
   no keepalive
  !
  interface ATM0/1/1
   no keepalive
  !
  interface ATM0/1/2
   no keepalive
  !
  interface ATM0/1/3
   no keepalive
  !
  interface ATM1/0/0
   no keepalive
  !
  interface ATM1/1/0
   no keepalive
  !
  interface ATM2/0/0
   no ip address
   no keepalive
   atm maxvp-number 0
  !
  interface Ethernet2/0/0
   no ip address
  !
  no ip classless
  !
  line con 0
   exec-timeout 0 0
   logging synchronous
  line aux 0
  line vty 0 4
   login
  !
  end
  
  
  Larry Letterman
  Network Engineer
  Cisco Systems
  
  
  - Original Message -
  From: XY HIEN LE 
  To: 
  Sent: Wednesday, February 19, 2003 1:05 AM
  Subject: Congigure the ATM LS 100 ! [7:63328]
  
  
   Hi all,
  
   Does anyone know how to configure the LightStream LS 100
  switch to work
   between 2 7200 routers with  ATM interfaces? I am trying
  to set up the
   ATM lab practice but can't get the switch to pass traffic
  between 2
   routers?
   Any help would be much appreciated.
  
   Xy
  [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63403t=63328
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Help with Route-Maps [7:63381]

[CiscoNewbie]

Thanks Darrell for your response and sufggestions.  To respond to your
suggestions:
The RAS server that I am using is a non Cisco.  The options they have
available to do this is through Radius and the Radius server is owned by
someone else.  So this Radius solution they have is not feasible.  So my
only option is doing it on the Cisco's.  Both Cisco's have routes back to
the ethernet interface of the RAS.  The WAN links on the routers are T1's. 
Thanks fr your help.



-
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, and more




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63405t=63381
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN Switch and BRi config [7:63313]

[kk kuma]

Hi, 
 
   Layer3 is not active in isdn status. suggest you try with the following.  
1.add usernamepw in both the routers and map them in dialer map command.
username r2 password    (in R1 router)
username r1 password    (in R2 router)

2.Dialer map command

dialer map ip 150.100.7.2 name r2 broadcast 2002 (in R1 router)
dialer map ip 150.100.7.1 name r1 broadcast  (in R2 router)

3.add ppp chap auth command
ppp authentication chap (in both routers)

HTH

Regards,
Kum



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63321t=63313
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Traffic thru PIX [7:63347]

[Tunji Suleiman]

Hello All,

Can someone pls tell me how I can allow pings and other traffic thru the 
PIX? I've added both access-list and conduits for testing. Can ping from pix 
to a test PC on LAN, to Internet router and to UUNet DNS but not from test 
PC thru PIX as per below:

PIX# wr t
Building configuration...
: Saved
:
PIX Version 6.1(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password J470/UhJVN.5DRKT encrypted
passwd J470/UhJVN.5DRKT encrypted
hostname PIX
domain-name pixdomain.com
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
name 10.250.77.3 testpc
name 66.120.182.121 gateway
access-list nat0 permit ip 10.250.77.0 255.255.255.0 10.250.0.0 255.255.0.0
access-list nat0 permit ip 10.250.77.0 255.255.255.0 10.249.0.0 255.255.0.0
access-list oxfordhub permit ip 10.250.77.0 255.255.255.0 10.250.4.0 
255.255.255
.0
access-list oxfordhub permit ip 10.250.77.0 255.255.255.0 10.249.48.0 
255.255.24
0.0
access-list ipalcohub permit ip 10.250.77.0 255.255.255.0 10.250.3.0 
255.255.255
.0
access-list ipalcohub permit ip 10.250.77.0 255.255.255.0 10.249.32.0 
255.255.24
0.0
access-list arlhub permit ip 10.250.77.0 255.255.255.0 10.250.0.0 
255.255.255.0
access-list arlhub permit ip 10.250.77.0 255.255.255.0 10.249.64.0 
255.255.240.0

access-list arlington permit ip 10.250.77.0 255.255.255.0 10.250.2.0 
255.255.255
.0
access-list arlington permit ip 10.250.77.0 255.255.255.0 10.249.16.0 
255.255.24
0.0
access-list richmond permit ip 10.250.77.0 255.255.255.0 10.250.75.0 
255.255.255
.0
access-list aclout permit icmp any any
pager lines 24
logging console debugging
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside 66.120.182.122 255.255.255.248
ip address inside 10.250.77.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
global (outside) 1 66.120.182.123 netmask 255.255.255.248
nat (inside) 0 access-list nat0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group aclout in interface outside
conduit permit icmp any any
conduit permit tcp any any
route outside 0.0.0.0 0.0.0.0 gateway 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 
0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http 10.250.78.3 255.255.255.255 inside
http 10.250.77.2 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set strong3 esp-3des esp-sha-hmac
crypto map cmap 1 ipsec-isakmp
crypto map cmap 1 match address oxfordhub
crypto map cmap 1 set peer 217.33.153.3
crypto map cmap 1 set transform-set strong3
crypto map cmap 2 ipsec-isakmp
crypto map cmap 2 match address ipalcohub
crypto map cmap 2 set peer 216.37.39.66
crypto map cmap 2 set transform-set strong3
crypto map cmap 3 ipsec-isakmp
crypto map cmap 3 match address arlhub
crypto map cmap 3 set peer 206.154.225.2
crypto map cmap 3 set transform-set strong3
crypto map cmap 4 ipsec-isakmp
crypto map cmap 4 match address arlington
crypto map cmap 4 set peer 65.204.31.2
crypto map cmap 4 set transform-set strong3
crypto map cmap 5 ipsec-isakmp
crypto map cmap 5 match address richmond
crypto map cmap 5 set peer 195.172.96.66
crypto map cmap 5 set transform-set strong3
crypto map cmap interface outside
isakmp enable outside
isakmp key  address 217.33.153.3 netmask 255.255.255.255
isakmp key  address 216.37.39.66 netmask 255.255.255.255
isakmp key  address 208.171.213.2 netmask 255.255.255.255
isakmp key  address 65.204.31.2 netmask 255.255.255.255
isakmp key  address 195.172.96.66 netmask 255.255.255.255
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 1
isakmp policy 10 lifetime 3600
telnet 10.250.77.0 255.255.255.0 inside
telnet timeout 60
ssh timeout 5
terminal width 80
Cryptochecksum:91a83ee76d6bfefd0155f5f7f2181f6c
: end
[OK]
PIX#
PIX# ping gateway
 gateway response received -- 0ms
 gateway response received -- 0ms
 gateway response received -- 0ms
PIX# ping 198.6.1.1
 198.6.1.1 response received -- 650ms
 198.6.1.1 response received -- 660ms
 198.6.1.1 response received -- 640ms
PIX# ping 198.6.1.1
 198.6.1.1 response received -- 700ms
 198.6.1.1 response received -- 640ms
 198.6.1.1 response received -- 640ms
PIX# ping testpc
 testpc response received -- 0ms
 testpc response received -- 0ms
 testpc response received -- 0ms
PIX#

TIA.








_

Boson Router Simulator [7:63395]

[Kenan Ahmed Siddiqi]

Hi there,
I had heard about Boson Router Simulator for a long time now. Having not
much to do, I decided to give it a try. The evaluation version seems to be
much slower than the actual thing.
What I need to know is that is the software worth the investment? Or should
I just go for proper hands-on only? Any feedback is appreciated.

Cheers,

Kenan


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63395t=63395
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCNP books for sale [7:63345]

[Chang John]

Anyone interested in buying my Exam Cram paperback books?  They are in
excellent condition.  No markings and looks almost new.  It has the cheat
sheets.  Let me know.  Thank you

Exam Cram CCNP 640-503 Routing
Exam Cram CCNP 640-504 Switching
Exam Cram CCNP 640-505 Remote access
Exam Cram CCNP 640-506 Support


e-mail: [EMAIL PROTECTED]



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63345t=63345
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 100 Mbps on Cat3 or Cat4 [7:63310]

[Jens Neelsen]

Hi,
do not buy old 10 Mbps Hubs or switches unless they are very
cheap (Cisco 1924 switches are cheap on Ebay). 
I suggest to test the following version if you use 10/100
switches: Set the switch to 10Mbps full duplex and leave the PC
at AUTO. This could make the upgrade easier because you have
just to configure the switch.
Jens Neelsen

--- Adam Grimes (adgrimes)  wrote:
 I think the best bet for you would be to start buying the
 10/100Mbps
 switches and manually setting the PCs to 10Mbps.
 That way you havent wasted money on expensive 10Mbps switches
 which
 (when Cat5 cable is eventually installed) will be obselete.
 Then it's
 just a case of going round and doing the (tedious) job of
 switching the
 NIC's back to autosense...
 I'll try and test the Cat3/Cat4 problem out in our lab and
 post an
 update.
 
 Adam
 
 Adam Grimes
  
 IT Engineer - CCNP/CCDA
 Cisco Systems
  
 
 
 -Original Message-
 From: Pat Do [mailto:[EMAIL PROTECTED]] 
 Sent: Wednesday, February 19, 2003 3:00 AM
 To: [EMAIL PROTECTED]
 Subject: 100 Mbps on Cat3 or Cat4 [7:63310]
 
 
 Are unintelligent 10 Mbps hubs better than unintelligent
 10/100 Mbps
 switches when the network cables that connect the PCs to the
 hub or
 switch are Cat3 or Cat4?
 
 I provide network services to dozens of non-profits.  Most of
 the sites
 have Cat3 or Cat4 cabling. I have a co-worker who says that 10
 Mbps hubs
 should be used until the sites are upgraded to Cat5 (which
 won't be
 happening any time soon).
 
 His rational: If the PC NICs are set to auto detect speed and
 the
 unintelligent 10/100 switch is set to auto detect speed, that
 data will
 try to pass through the Cat3 or Cat4 wire at 100 Mbps.  He
 says that
 while the data can pass thru the wire at those rates, it's the
 signaling
 that gets scrambled at that rate on a Cat3 or Cat4 wire. 
 Consequently,
 to prevent signaling problems that may in turn cause data
 integrity
 problems, he's recommending to use 10 Mbps hubs.  Is this a
 valid
 argument?
 
 Note: New, unintelligent 10 Mbps hubs appear to be becoming
 less
 available and more costly relative to unintelligent 10/100
 Mbps switches
 as time goes on.  Consequently, this issue is starting to have
 financial
 implications.
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63388t=63310
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]

[Vicky Rode]

hi,


comments in-line:


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Howard C. Berkowitz
Sent: Wednesday, February 19, 2003 2:17 PM
To: [EMAIL PROTECTED]
Subject: RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]


At 6:51 PM + 2/19/03, Vicky Rode wrote:
comments in-line:


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Howard C. Berkowitz
Sent: Tuesday, February 18, 2003 6:42 AM
To: [EMAIL PROTECTED]
Subject: Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]


At 5:30 AM + 2/18/03, Ken Diliberto wrote:
The nit I'm picking is inline... (I'm feeling like chipping in tonight)

   The Long and Winding Road
02/17/03 06:13PM 

[snip]

if I have a 75xx router with 300 ethernet ports, and I bridge all
those
ports, do I have an L3 switch, or a router?

[KD]
You have a router performing L2 operations (forwarding, switching,
bridging -- whatever).  Would a cheap Linksys switch be faster?

What makes a L3 switch in my mind is where the forwarding happens.  If
the L3 CPU (new way to look at it?) has to handle every packet, that's a
router.  If the first L3 packet is handled by the CPU which then
programs ASICs to handle the rest of the flow without bothering the CPU,
that's an L3 switch.  Is there a difference from a packet/network
perspective?  No.  The L2 headers and L3 headers are all properly
updated in both cases (at least we *hope* they are) and traffic is
delivered most of the time.  (If it was delivered all the time, networks
wouldn't need us to fix them)  :-)

Does that make a 7500 with VIPs a L3 switch?  A 12000 with
distributed forwarding processors?
--
it dependscall it (d)cef switching router if you want but i have to
kinda agree with ken's comments. in my opinion the major difference between
a tradition router and a l3 switch is the way packet switching takes place.
in a tradition router the packet switching are done in software
(microprocessor based),

Big difference if the microprocessors (note plural) aren't doing
anything except forwarding, and run a real time OS. The key thing is
that you don't want forwarding going through the processor that runs
routing protocols, system management, etc.
-vicky
true enough. but in my opinion it depends on what hw you have in play and
for what purpose. whether it is going to be classic line cards, switch
fabric cards or distributed forwarding cards and whether the packet
switching is going to be flow based or cef based. i guess one should have a
good understanding for what their network traffic looks like and a good
baseline before retrofitting to high powered hw which can be a big waste of
money and resources.



A real challenge is where to implement QoS, because it tends to get
beyond the complexity of a true ASIC and really has to be done in a
microcode-loaded processor.
--vicky
for me polling and gathering different qos snmp data variables has been a
challenge rather than hw issue, so i can't really comment on that.




whereas in l3 switch it is done by asic in hw and
mls is used to increase routing performance by doing packet switching and
rewrites in hw (asics).


There's a bit of Cisco marketing-speak here, which was actually a
reaction to competitors who brought up the concept switch if you
can, route when you must. Hardware and software technology have
moved on since then, and the line is much more blurred between the
two.  It's more important to think of separating the forwarding,
control, and upper layer services path (and being sure there's no
mutual interference) than it is to consider the actual hardware
processing elements (ASICs, microcoded or RISC processors, etc.)
---vicky
in my opinion, what's important and necessary is control/forward plane
inter-relation.



that's all.



regards,
/vicky


This emphasis on ASICs also ignores a couple of common bottlenecks:
memory and fabric. To some extent, you can get around memory
limitations by having distributed memories for distributed
processors.  For the fabric, you can move from shared bus, to shared
memory, and eventually to crossbar (ignoring optical trends).

As I mentioned in a previous post that's partially below, you don't
necessarily need ASICs if you have enough distributed processors,
using the term processor to include microcode sequencers, FPGAs and
EA-FPGAs, etc.  In research prototypes, I've been involved in routers
that had true processors, running on the forwarding boards, that ran
a real-time OS.  These processors did have certain functions
custom-built in hardware.  Also, the processors can have coprocessors
-- the Nortel Shasta products, for example, have an encryption chip
more or less next to general board-level processors, with a
high-speed path between them.

Even with ASICs, the L2 and L3 decisions, rewrite, etc. often are in
separate chips. Remember a processor can be