IPSec router-to-router [7:63325]
There are 2 ways to make a tunnel between two routers. You can make tunnel interfaces and permit gre traffic or you can permit ip traffic and don't make tunnel int. I dont quite understand what is real defference in perfomanse, convinience etc. between them if I whant all ip traffic between two sites to go through tunnel. Any pesonal expirience is very welcome. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63325t=63325 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPSec router-to-router [7:63325]
You could for example use the GRE tunnel for ip-in-ip encapsulation, for example when the remote subnets are using private IP addresses and you are using the Internet to connect the two networks private subnet - router - internet router - private subnet But IPSEC would be better for this as it includes authentication and encryption. HTH Jens -Original Message- From: Viacheslav Lushchinskiy [mailto:[EMAIL PROTECTED]] Sent: 19 February 2003 10:05 To: [EMAIL PROTECTED] Subject: IPSec router-to-router [7:63325] There are 2 ways to make a tunnel between two routers. You can make tunnel interfaces and permit gre traffic or you can permit ip traffic and don't make tunnel int. I dont quite understand what is real defference in perfomanse, convinience etc. between them if I whant all ip traffic between two sites to go through tunnel. Any pesonal expirience is very welcome. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63326t=63325 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPSec router-to-router [7:63325]
I ment that encription is used in both casec. But in first one GRE tunnel is made first. This config is used in one big company and I want to now if this is a common aproach to configure ipsec tunnel using GRE first. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63327t=63325 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Congigure the ATM LS 100 ! [7:63328]
Hi all, Does anyone know how to configure the LightStream LS 100 switch to work between 2 7200 routers with ATM interfaces? I am trying to set up the ATM lab practice but can't get the switch to pass traffic between 2 routers? Any help would be much appreciated. Xy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63328t=63328 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 100 Mbps on Cat3 or Cat4 [7:63310]
I think the best bet for you would be to start buying the 10/100Mbps switches and manually setting the PCs to 10Mbps. That way you havent wasted money on expensive 10Mbps switches which (when Cat5 cable is eventually installed) will be obselete. Then it's just a case of going round and doing the (tedious) job of switching the NIC's back to autosense... I'll try and test the Cat3/Cat4 problem out in our lab and post an update. Adam Adam Grimes IT Engineer - CCNP/CCDA Cisco Systems -Original Message- From: Pat Do [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 19, 2003 3:00 AM To: [EMAIL PROTECTED] Subject: 100 Mbps on Cat3 or Cat4 [7:63310] Are unintelligent 10 Mbps hubs better than unintelligent 10/100 Mbps switches when the network cables that connect the PCs to the hub or switch are Cat3 or Cat4? I provide network services to dozens of non-profits. Most of the sites have Cat3 or Cat4 cabling. I have a co-worker who says that 10 Mbps hubs should be used until the sites are upgraded to Cat5 (which won't be happening any time soon). His rational: If the PC NICs are set to auto detect speed and the unintelligent 10/100 switch is set to auto detect speed, that data will try to pass through the Cat3 or Cat4 wire at 100 Mbps. He says that while the data can pass thru the wire at those rates, it's the signaling that gets scrambled at that rate on a Cat3 or Cat4 wire. Consequently, to prevent signaling problems that may in turn cause data integrity problems, he's recommending to use 10 Mbps hubs. Is this a valid argument? Note: New, unintelligent 10 Mbps hubs appear to be becoming less available and more costly relative to unintelligent 10/100 Mbps switches as time goes on. Consequently, this issue is starting to have financial implications. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63329t=63310 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 100 Mbps on Cat3 or Cat4 [7:63310]
Pat Do wrote: scrambled at that rate on a Cat3 or Cat4 wire. Consequently, to prevent signaling problems that may in turn cause data integrity problems, he's recommending to use 10 Mbps hubs. Is this a valid argument? The wording is a bit iffy, but he's correct in principle. Two 100M capable stations will negotiate 100 Mbps, even over CAT3 or -4, if left to autonegotiate. And that won't work. So either lock down all stations to 10, if you use unmanaged 10/100 switches, or use 10 Mbps hubs, as he said. Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63330t=63310 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 100 Mbps on Cat3 or Cat4 [7:63310]
How many users at your non-profit orgs? Myabe just force their NIC's to 10MB/s full? Mind you, I have a cheap netgear unmanaged 10/100 switch that I am forced to use occasionally, and performance drops off to sneakernet levels if I force 100full on any of the range of NIC's I connect to it. Symon -Original Message- From: Pat Do [mailto:[EMAIL PROTECTED]] Sent: 19 February 2003 03:00 To: [EMAIL PROTECTED] Subject: 100 Mbps on Cat3 or Cat4 [7:63310] Are unintelligent 10 Mbps hubs better than unintelligent 10/100 Mbps switches when the network cables that connect the PCs to the hub or switch are Cat3 or Cat4? I provide network services to dozens of non-profits. Most of the sites have Cat3 or Cat4 cabling. I have a co-worker who says that 10 Mbps hubs should be used until the sites are upgraded to Cat5 (which won't be happening any time soon). His rational: If the PC NICs are set to auto detect speed and the unintelligent 10/100 switch is set to auto detect speed, that data will try to pass through the Cat3 or Cat4 wire at 100 Mbps. He says that while the data can pass thru the wire at those rates, it's the signaling that gets scrambled at that rate on a Cat3 or Cat4 wire. Consequently, to prevent signaling problems that may in turn cause data integrity problems, he's recommending to use 10 Mbps hubs. Is this a valid argument? Note: New, unintelligent 10 Mbps hubs appear to be becoming less available and more costly relative to unintelligent 10/100 Mbps switches as time goes on. Consequently, this issue is starting to have financial implications. = This email has been content filtered and subject to spam filtering. If you consider this email is unsolicited please forward the email to [EMAIL PROTECTED] and request that the sender's domain be blocked from sending any further emails. = Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63331t=63310 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: pix + router, design issue [7:63244]
In this design the CPE router IS the border router. Whatever controls the customer would like to exercise (e.g. packet filters, ACL, etc) would really be best if placed on the CPE device. Maybe the service provider will configure their router by request. How many interfaces in the Pix? If there are only 2, the best solution is to place the border router on the inside. LAN Border Router Pix CPE Router This would allow for a screened subnet (dmz). Jay Dunn IPI*GrammTech, Ltd. www.ipi-gt.com Nunquam Facilis Est -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 3:42 AM To: [EMAIL PROTECTED] Subject: pix + router, design issue [7:63244] I have a case with a customer that I am installing a PIX and a border router for, He want4s to have controle over the border router, but the Service Provider, is providing their router as the CPE. one interface on the Service Providers router has an ip address from the customers public ip address range, so I am thinking about what would be the best way to config the customers border router, as it will need to be sending some ip address that is on the interface connected to the CPE router back to the pix. - -- -- - - -- -- - - -- -- - PIX 213.100.1.10 Border RouterCPE Router 213.100.1.1 I am beeing a little slow to day, so I would like to get some input on how you would handle this secenario. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63332t=63244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN Client help!! [7:63333]
Hi, I have a router connected to internet and remote clients with VPN-Client 1.1. They need to browse the networkview some hosts and access to some network services. the service don't work until I configure the access-list in the interface interface Serial0.80 point-to-point description Ligacao para VPNs sobre internet *** bandwidth 192 ip address xxx.xxx.xxx.210 255.255.255.252 ip access-group 180 in no ip route-cache no ip mroute-cache no cdp enable frame-relay interface-dlci 80 class net-112k crypto map mymap access-list 180 permit ahp any host xxx.xxx.xxx.210 access-list 180 permit esp any host xxx.xxx.xxx.210 access-list 180 permit udp any host xxx.xxx.xxx.210 eq isakmp access-list 180 permit tcp any host 192.168.0.2 eq 137 access-list 180 permit tcp any host 192.168.0.2 eq 138 access-list 180 permit tcp any host 192.168.0.2 eq 139 access-list 180 permit udp any host 192.168.0.2 eq netbios-ss access-list 180 permit udp any host 192.168.0.2 eq netbios-dgm access-list 180 permit udp any host 192.168.0.2 eq netbios-ns access-list 180 permit tcp any host 192.168.0.4 eq 137 access-list 180 permit tcp any host 192.168.0.4 eq 138 access-list 180 permit tcp any host 192.168.0.4 eq 139 access-list 180 permit udp any host 192.168.0.4 eq netbios-ss access-list 180 permit udp any host 192.168.0.4 eq netbios-dgm access-list 180 permit udp any host 192.168.0.4 eq netbios-ns access-list 180 deny ip any any log Isthis necessary, or i miss something Thx in advance. Antero Vasconcelos Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6t=6 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 100 Mbps on Cat3 or Cat4 [7:63310]
Symon Thurlow wrote: Mind you, I have a cheap netgear unmanaged 10/100 switch that I am forced to use occasionally, and performance drops off to sneakernet levels if I force 100full on any of the range of NIC's I connect to it. If you *force* 100/Full at one end and leave the other end on auto, you get a duplex mismatch. If the autoneg end sees that the other end does not autonegotiate, it will fall back to the least common denominator, half duplex. If you must force one end and not the other, use half duplex. Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63334t=63310 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CS11152 MIB's [7:63300]
John is right, you can get the mibs off the CSS itself, from CSS/mibs directory. They are also included in the CSS .GZIP file (when you d/l to do an upgrade), so you could gunzip that file and pull them out from there too Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63336t=63300 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN Switch and BRi config [7:63313]
One of the first commands you can use to debug ISDN issues (ie are you getting anything from the ISDN switch) would to debug isdn q921. You should get SAPI's from your ISDN switch...something like below (dont forget to have term mon if you telnet to your router) Feb 19 11:21:27 GMT: ISDN Se3/0:15: TX - RRp sapi = 0 tei = 0 nr = 0 Feb 19 11:21:27 GMT: ISDN Se3/0:15: RX - RRf sapi = 0 tei = 0 nr = 0 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63337t=63313 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPSec router-to-router [7:63325]
The only realy advantage of using an encrypted GRE tunnel, over a normal IPSec tunnel, is that GRE tunnelws would be able to pass no ip traffic. You would use encrypted GRE if you had to pass non-routeable traffic between the two site (eg Netbios,etc, but also Routing updates). I have use encrypte GRE tunnels in the past, to allow EIGRP to pass over the tunnel. EIGRP updates wont pass over an IPSec tunnel (as it ia m/cast). Hope this helps. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63338t=63325 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPSec router-to-router [7:63325]
If you use an Encrypte GRE tunnel, be wary of MTU sizes. You will need to drop the MTU size to accomodate both the GRE overhead and the IPSec overhead! Troy Leliard wrote: The only realy advantage of using an encrypted GRE tunnel, over a normal IPSec tunnel, is that GRE tunnelws would be able to pass no ip traffic. You would use encrypted GRE if you had to pass non-routeable traffic between the two site (eg Netbios,etc, but also Routing updates). I have use encrypte GRE tunnels in the past, to allow EIGRP to pass over the tunnel. EIGRP updates wont pass over an IPSec tunnel (as it ia m/cast). Hope this helps. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63339t=63325 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Novell SAP question [7:63340]
All, I have a question on Novell SAP and need your help: A cisco router is receiving a specific SAP advertisement but the server isnt showing up in the server table. Why are the possible reason for that? Thanks in advance. Cheers, Lee _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63340t=63340 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Strange problem with new flash memory and old Cisco 3640 router [7:63341]
Hi all, I have a strange one for you guys and would appreciate any ideas you may have. I have a Cisco 3640 router that is operating normally. It is however using IOS 11.1 and we have bought memory to upgrade this (sho ver below) . We install the DRAM and all is great. Install the flash and the router fails to boot. I don't have any log messages, but the remote support guy says that it (router console) says there is no flash installed in the router. Since this happened previously, we tried another 2 separate 3640 chassis', and this flash memory worked great. Now this leads me to believe there is something wrong with the motherboard on the router. Strangely enough another reboot of the router and everything comes up with the exception of the Token Ring interface - a further look here reports an error about wrong ring number. Nothing has changed at all here. Another reload and the flash vanishes. Reinstall the old flash memory and router is operational again. I know this memory works - used other routers. The ring number error has me totally confused. Upgrades to all other exactly configure sites worked perfectly New flash module is 16MB and old is 4MB Remotesho ver Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3640-INR-M), Version 11.1(16)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) Copyright (c) 1986-1997 by cisco Systems, Inc. Compiled Wed 17-Dec-97 03:25 by krunyan Image text-base: 0x600088A0, data-base: 0x60512000 ROM: System Bootstrap, Version 11.1(7)AX [kuong (7)AX], EARLY DEPLOYMENT RELEASE SOFTWARE (fc2) DURBAN uptime is 6 minutes System restarted by power-on at 13:55:24 UTC Wed Feb 19 2003 System image file is flash:c3640-inr-mz.111-16.AA.bin, booted via flash cisco 3640 (R4700) processor (revision 0x00) with 49152K/16384K bytes of memory. Processor board ID 04920558 R4700 processor, Implementation 33, Revision 1.0 Bridging software. X.25 software, Version 2.0, NET2, BFE and GOSIP compliant. Basic Rate ISDN software, Version 1.0. 1 Ethernet/IEEE 802.3 interface. 1 Token Ring/IEEE 802.5 interface. 1 Serial network interface. 8 Low-speed serial(sync/async) network interfaces. 9 ISDN Basic Rate interfaces. DRAM configuration is 64 bits wide with parity disabled. 125K bytes of non-volatile configuration memory. 4096K bytes of processor board System flash (Read/Write) Configuration register is 0x2102 Any idea's - I am just about to RMA the chassis. Thanks Andrew Larkins BCom, CCNP, CCDP, CSS1 Bytes Technology Networks A Division of Bytes Technology Group : Registration No: 1911/003874/06 A Member of the Altron Group P O Box 748, Rivonia, 2128 3 Eglin Rd, The Crescent, Sunninghill, South Africa Tel : +27 11 800 9336 Fax : +27 11 800 9496 Mobile : +27 83 656 7214 Email: [EMAIL PROTECTED] [EMAIL PROTECTED] DISCLAIMER: This e-mail and its attachments may contain information that is confidential and that may be subject to legal privilege and copyright. If you are not the intended recipient you may not peruse, use, disclose, distribute, copy or retain this message. If you have received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and return and thereafter destroy the original message. Please note that e-mails are subject to viruses, data corruption, delay, interception and unauthorised amendment, and that the sender does not accept liability for any damages that may be incurred as a result of communication by e-mail. No employee or intermediary is authorised to conclude a binding agreement on behalf of the sender by e-mail without express written confirmation by a duly authorised representative of the sender. By transmitting this e-mail message over the Internet the sender does not intend to allow the contents hereof to become part of the public domain, and the confidential nature of the contents shall not be altered or diminished from by such transmission. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63341t=63341 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Load balancing / Backup Links with OSPF [7:63342]
Hello People, We are deploying additional links as backups, and Load Balancing in my organization. One of the links is on our SDH backbone, and the second link is via Frame-Relay through a service provider We are running OSPF routing protocol. We are looking at 2 scenarios: 1 ) SDH Link as primary link, and the frame-relay link as a backup 2) Use both links for load balancing From my investigations, in other to achieve Load balancing, with OSPF running, the bandwidth on both links has to be the same. And for Backup links, the OSPF cost has to be lower on the primary link, in order to force traffic over the primary link Any suggestions on how to solve this Cheers ___ Kerry Ogedegbe (Network Group) MTN-Nigeria Mobile: 0803 200 2399 Email: [EMAIL PROTECTED] [GroupStudy removed an attachment of type image/jpeg which had a name of Clear Day Bkgrd.JPG] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63342t=63342 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP Helper with Netware 5.1 and win 9598 [7:63297]
Thanks for the comments My answers below. Yes both DHCP servers are on the same broadcast domain at the hub site. I have two helper addresses on the same interface(remote site, thinking redundancy, but it may not be as effective as I thought it would from your comment). What's weird is that when I manually release/renew the lease from win95/98 machines, it works just fine. It's just not automatic. The machines at hub site does this automatically without any problems. Thanks Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Firesox wrote: I have two ip-helper addresses configured on 2621 which connects to another 2621 at the HUB where DHCP servers reside. Do you have two ip helper addresses on the same interface? Does that really do any good or does the first one just get used all the time? Or do you mean two helper addresses, one on one interface and one on another. I have 2 Novell Netware 5.1 servers as DHPC servers. Are the Novell DHCP servers on the same LAN, IP subnet, broadcast domain? Lease is set to 3 days Everthing is working as expected except windows 95 and 98 clients are not renewing the IP after three days. If you manually release and renew the IP, it works fine, but when users turn on the pc after the lease has expired, it's not renewing it automatically. DCHP clients on the hub site are working just fine using same DHCP servers. Rihgt now the Helper addresses are set to unicast address pointing to those two servers. I was wondering if setting the helper address to subnet broadcast address makes any difference. You need to find out why this is happening. Do the clients attempt to renew, i.e. send the DHCP requests or are they just silent? If the DHCP clients attempt to renew and their server (i.e. the one that their helper address points to) doesn't respond, it might help to change the helper address to broadcast to give the other server a chance to reply, assuming the servers are on the same LAN. The other router would have to forward directed broadcasts for the broadcast to end up on the LAN. But it wouldn't be advisable to make this change without knowing why the problem is happening and what negative side effects could occur from the change. Priscilla Thanks in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63343t=63297 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Certification Digest V2 #2447 [7:63344]
Your message to [EMAIL PROTECTED] sent Wed, 19 Feb 2003 13:03:15 GMT cannot be delivered because the intended recipient has left the Company. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63344t=63344 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Load balancing / Backup Links with OSPF [7:63342]
Hi Kerry, You are right, OSPF only supports 4 equal cost paths, and doesn't support unequal load balancing. The easiest way for you to address either of your options is to manually alter the ospf interface cost. Under the interface, add ip ospf cost xxx Mkae this the same as the other interface if you want load balancing, or different (more on the FR interface) if you wanted active / backup configuration Kerry Ogedegbe [ MTN - Portharcourt ] wrote: Hello People, We are deploying additional links as backups, and Load Balancing in my organization. One of the links is on our SDH backbone, and the second link is via Frame-Relay through a service provider We are running OSPF routing protocol. We are looking at 2 scenarios: 1 ) SDH Link as primary link, and the frame-relay link as a backup 2) Use both links for load balancing From my investigations, in other to achieve Load balancing, with OSPF running, the bandwidth on both links has to be the same. And for Backup links, the OSPF cost has to be lower on the primary link, in order to force traffic over the primary link Any suggestions on how to solve this Cheers ___ Kerry Ogedegbe urn:schemas-microsoft-com:office:office / (Network Group) MTN-Nigeria Mobile: 0803 200 2399 Email: [EMAIL PROTECTED] [GroupStudy removed an attachment of type image/jpeg which had a name of Clear Day Bkgrd.JPG] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63346t=63342 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF - 2 subnets on the routing table when actually using just [7:63348]
When using multipoint interface between R1 and R2, R3 receive these routes: 192.168.255.0/32 is subnetted, 2 subnets O IA192.168.255.6 [110/64] via 192.168.23.1, 00:15:30, Serial0.132 O IA192.168.255.5 [110/128] via 192.168.23.1, 00:12:43, Serial0.132 When using point-to-point interface between R1 and R2, R3 receive these routes: 192.168.255.0/30 is subnetted, 1 subnets O IA192.168.255.4 [110/128] via 192.168.23.1, 00:29:11, Serial0.132 It seems that the frame-relay route map on R1 and R2 causes the first result. Any thoughts? R1 (192.168.255.5/30) (192.168.255.6/30) R3 (192.168.23.1/30 ---R3 (192.168.23.2/30) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63348t=63348 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE written exercise question-Voice Quality [7:63349]
All, I was searching through internet (include Ciso website)and I can't really find a good source in Padding-Gain terminology for managing voice call quality. Can anyone recommend a good website? I have a question regarding Voice quality... Question: Site B and site C are connected to Site A. Site A complains B and C is too loud. Where as, site C compains the received signal is too low/soft. Option: (Pick 2) a) padding input A, output B, b) gain on C c) padding output at A Thanks, Lee _ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63349t=63349 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Congigure the ATM LS 100 ! [7:63328]
Here is a basic PVC config: interface ATM4/1/0 no ip address no ip directed-broadcast logging event subif-link-status no atm ilmi-keepalive atm pvc 1 32 interface ATM4/0/0 1 32 Dave XY HIEN LE wrote: Hi all, Does anyone know how to configure the LightStream LS 100 switch to work between 2 7200 routers with ATM interfaces? I am trying to set up the ATM lab practice but can't get the switch to pass traffic between 2 routers? Any help would be much appreciated. Xy -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63350t=63328 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Congigure the ATM LS 100 ! [7:63328]
Maybe you could send us what you got until now. (result of show run, show atm vc on the routers and show atm vc interfac x/y/z on the LS1010). XY HIEN LE @groupstudy.com em 19/02/2003 06:05:36 Favor responder a XY HIEN LE Enviado Por: [EMAIL PROTECTED] Para: [EMAIL PROTECTED] cc: Assunto:Congigure the ATM LS 100 ! [7:63328] Hi all, Does anyone know how to configure the LightStream LS 100 switch to work between 2 7200 routers with ATM interfaces? I am trying to set up the ATM lab practice but can't get the switch to pass traffic between 2 routers? Any help would be much appreciated. Xy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63351t=63328 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cat 6000 PCMCIA Flash Card Same as 3600? [7:63293]
If you are asking can you use the same PCMCIA card in a 3600 or 6500 the answer is yes. Dave Bob Sinclair wrote: I would like to buy a flash PC card for my Cat 6000 with Sup1A. I know there are different file system formats for various devices, but do the 3600 and 6000 cards have the same physical spec? Can I use the same card in both devices if I reformat? Thanks, -Bob Sinclair -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63352t=63293 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN Client help!! [7:63333]
Don't quote me, but I do believe the access list is necessary as it actually tells the router which traffic to encrypt. PERMIT =ENCRYPT and DENY=DON'T ENCRYPT. I think the following Cisco link may help answer your question best. http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secu r_c/scprt4/scdipsec.htm#37434 Antero Vasconcelos wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, I have a router connected to internet and remote clients with VPN-Client 1.1. They need to browse the networkview some hosts and access to some network services. the service don't work until I configure the access-list in the interface interface Serial0.80 point-to-point description Ligacao para VPNs sobre internet *** bandwidth 192 ip address xxx.xxx.xxx.210 255.255.255.252 ip access-group 180 in no ip route-cache no ip mroute-cache no cdp enable frame-relay interface-dlci 80 class net-112k crypto map mymap access-list 180 permit ahp any host xxx.xxx.xxx.210 access-list 180 permit esp any host xxx.xxx.xxx.210 access-list 180 permit udp any host xxx.xxx.xxx.210 eq isakmp access-list 180 permit tcp any host 192.168.0.2 eq 137 access-list 180 permit tcp any host 192.168.0.2 eq 138 access-list 180 permit tcp any host 192.168.0.2 eq 139 access-list 180 permit udp any host 192.168.0.2 eq netbios-ss access-list 180 permit udp any host 192.168.0.2 eq netbios-dgm access-list 180 permit udp any host 192.168.0.2 eq netbios-ns access-list 180 permit tcp any host 192.168.0.4 eq 137 access-list 180 permit tcp any host 192.168.0.4 eq 138 access-list 180 permit tcp any host 192.168.0.4 eq 139 access-list 180 permit udp any host 192.168.0.4 eq netbios-ss access-list 180 permit udp any host 192.168.0.4 eq netbios-dgm access-list 180 permit udp any host 192.168.0.4 eq netbios-ns access-list 180 deny ip any any log Isthis necessary, or i miss something Thx in advance. Antero Vasconcelos Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63353t=6 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP Done, finaly [7:63355]
Just finished BSCI today, and also my CCNP. boy the BSCI was realy hard, I think it was harder then all the other combined. But thats probably beacuse I dont have that much experince with Routing Protocols, used the Sybex book, and hands on with my router lab to prepair. I got a lot on BGP and EIGRP, and some easy stuff on OSPF and IS-IS. Best regards, Arni Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63355t=63355 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: native vlan, trunking question [7:63309]
Native VLAN is the vlan which is is untagged with VLAN information or tags. IE, by default, VLAN 1 is untagged, meaning other devices which do not understand vlan's, can understand traffic from a vlan 1 port (for example). Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63354t=63309 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco courseware for CVOICE, CIPT, DQOS, and IPTT [7:63356]
I am looking at buy Cisco courseware for CVOICE, CIPT, DQOS, and IPTT. I have the CiscoPress books, but those do not have any labs. I am really looking to find labs for the previously mentioned courses. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63356t=63356 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cat 6000 PCMCIA Flash Card Same as 3600? [7:63293]
I used the same Flash Card on 6000, 7507 and 4700. Not sure about 3600. Bob Sinclair @groupstudy.com em 18/02/2003 18:06:02 Favor responder a Bob Sinclair Enviado Por: [EMAIL PROTECTED] Para: [EMAIL PROTECTED] cc: Assunto:Cat 6000 PCMCIA Flash Card Same as 3600? [7:63293] I would like to buy a flash PC card for my Cat 6000 with Sup1A. I know there are different file system formats for various devices, but do the 3600 and 6000 cards have the same physical spec? Can I use the same card in both devices if I reformat? Thanks, -Bob Sinclair Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63357t=63293 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Catalyst 6509 Switch access control [7:63358]
I'm trying to put access controls on who can telnet into a Catalyst 6509 switch, but I'm stuck. The supervisor engine is 1A running 5.5(1) software. In IOS I do this with a standard access list giving the permitted IP addresses. I then apply the access list on line vty 0 15. What's the equivalent in the world of Catalyst 6500 ? And what's a good book for learning the 6509? Thanks! Andrew Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63358t=63358 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Firewall/PIX help.... [7:63167]
I think your better of just setting up something like snort as and IDS, I know you want it all integrated. The IDS on the pix though not totally worthless I have not found much use for it and with only 59 signatures well it is sort of half baked in my opinion. -Original Message- From: Thomas Larus [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 9:27 PM To: [EMAIL PROTECTED] Subject: Re: Firewall/PIX help [7:63167] Sonic Wall Firewalls can do some content filtering and there is an antivirus option you can get. No IDS, though. Pix has a rudimentary IDS, as has been stated. It has 59 signatures or so. Tom Larus Gunjan Mathur wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, I'm looking for firewall solution for my company, we have two WAN connections and currently my users are connected thru two proxy m/c to Internet. Which PIX model would server the needs. I also need content filtering, Intrustion detection and Anti-virus protection on firewall itself. Is all these things are possible on PIX? TIA __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63360t=63167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Strange problem with new flash memory and old Cisco 3640 [7:63362]
Have you compared the Bootstrap versions between the box in question vs those that successfully use the new flash? -Original Message- From: Andrew Larkins [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 19, 2003 6:15 AM To: [EMAIL PROTECTED] Subject: Strange problem with new flash memory and old Cisco 3640 router [7:63341] Hi all, I have a strange one for you guys and would appreciate any ideas you may have. I have a Cisco 3640 router that is operating normally. It is however using IOS 11.1 and we have bought memory to upgrade this (sho ver below) . We install the DRAM and all is great. Install the flash and the router fails to boot. I don't have any log messages, but the remote support guy says that it (router console) says there is no flash installed in the router. Since this happened previously, we tried another 2 separate 3640 chassis', and this flash memory worked great. Now this leads me to believe there is something wrong with the motherboard on the router. Strangely enough another reboot of the router and everything comes up with the exception of the Token Ring interface - a further look here reports an error about wrong ring number. Nothing has changed at all here. Another reload and the flash vanishes. Reinstall the old flash memory and router is operational again. I know this memory works - used other routers. The ring number error has me totally confused. Upgrades to all other exactly configure sites worked perfectly New flash module is 16MB and old is 4MB Remotesho ver Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3640-INR-M), Version 11.1(16)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) Copyright (c) 1986-1997 by cisco Systems, Inc. Compiled Wed 17-Dec-97 03:25 by krunyan Image text-base: 0x600088A0, data-base: 0x60512000 ROM: System Bootstrap, Version 11.1(7)AX [kuong (7)AX], EARLY DEPLOYMENT RELEASE SOFTWARE (fc2) DURBAN uptime is 6 minutes System restarted by power-on at 13:55:24 UTC Wed Feb 19 2003 System image file is flash:c3640-inr-mz.111-16.AA.bin, booted via flash cisco 3640 (R4700) processor (revision 0x00) with 49152K/16384K bytes of memory. Processor board ID 04920558 R4700 processor, Implementation 33, Revision 1.0 Bridging software. X.25 software, Version 2.0, NET2, BFE and GOSIP compliant. Basic Rate ISDN software, Version 1.0. 1 Ethernet/IEEE 802.3 interface. 1 Token Ring/IEEE 802.5 interface. 1 Serial network interface. 8 Low-speed serial(sync/async) network interfaces. 9 ISDN Basic Rate interfaces. DRAM configuration is 64 bits wide with parity disabled. 125K bytes of non-volatile configuration memory. 4096K bytes of processor board System flash (Read/Write) Configuration register is 0x2102 Any idea's - I am just about to RMA the chassis. Thanks Andrew Larkins BCom, CCNP, CCDP, CSS1 Bytes Technology Networks A Division of Bytes Technology Group : Registration No: 1911/003874/06 A Member of the Altron Group P O Box 748, Rivonia, 2128 3 Eglin Rd, The Crescent, Sunninghill, South Africa Tel: +27 11 800 9336 Fax: +27 11 800 9496 Mobile : +27 83 656 7214 Email : [EMAIL PROTECTED] [EMAIL PROTECTED] DISCLAIMER: This e-mail and its attachments may contain information that is confidential and that may be subject to legal privilege and copyright. If you are not the intended recipient you may not peruse, use, disclose, distribute, copy or retain this message. If you have received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and return and thereafter destroy the original message. Please note that e-mails are subject to viruses, data corruption, delay, interception and unauthorised amendment, and that the sender does not accept liability for any damages that may be incurred as a result of communication by e-mail. No employee or intermediary is authorised to conclude a binding agreement on behalf of the sender by e-mail without express written confirmation by a duly authorised representative of the sender. By transmitting this e-mail message over the Internet the sender does not intend to allow the contents hereof to become part of the public domain, and the confidential nature of the contents shall not be altered or diminished from by such transmission. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63362t=63362 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Load balancing / Backup Links with OSPF [7:63342]
Like you said, if both circuits are the same bandwidth then load balancing will work. If they are not the same bandwidth, you can still load balance by manipulating the cost so that it is the same for both circuits, but once you reach the maximum bandwidth on the lower bandwidth circuit, the router is still going to try to load balance accross them even though one of the circuits is at maximum utilization. If the circuits are not the same bandwidth, then the primary/backup, with the primary being the higher bandwidth circuit, is your best bet. -Original Message- From: Kerry Ogedegbe [ MTN - Portharcourt ] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 19, 2003 7:53 AM To: [EMAIL PROTECTED] Subject: Load balancing / Backup Links with OSPF [7:63342] Hello People, We are deploying additional links as backups, and Load Balancing in my organization. One of the links is on our SDH backbone, and the second link is via Frame-Relay through a service provider We are running OSPF routing protocol. We are looking at 2 scenarios: 1 ) SDH Link as primary link, and the frame-relay link as a backup 2) Use both links for load balancing From my investigations, in other to achieve Load balancing, with OSPF running, the bandwidth on both links has to be the same. And for Backup links, the OSPF cost has to be lower on the primary link, in order to force traffic over the primary link Any suggestions on how to solve this Cheers ___ Kerry Ogedegbe (Network Group) MTN-Nigeria Mobile: 0803 200 2399 Email: [EMAIL PROTECTED] [GroupStudy removed an attachment of type image/jpeg which had a name of Clear Day Bkgrd.JPG] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63363t=63342 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Catalyst 6509 Switch access control [7:63358]
Hi Andrew .. I presume that your cat is running CAT0S. What you need to do is basically the following, say for example you only wanted to allow 192.168.0.0/24 telnet access to your Cat set ip permint 192.168.0.0 255.255.255.0 telnet You can also add specific host set ip permit 192.168.1.5 255.255.255.255 telnet You can also uses these lists to restrict ssh and snmp access to your catallyst. Once you have created your permit list, enter the command set ip permit enable | disable to enable and disable access.# Hope this helps. Berman Andrew wrote: I'm trying to put access controls on who can telnet into a Catalyst 6509 switch, but I'm stuck. The supervisor engine is 1A running 5.5(1) software. In IOS I do this with a standard access list giving the permitted IP addresses. I then apply the access list on line vty 0 15. What's the equivalent in the world of Catalyst 6500 ? And what's a good book for learning the 6509? Thanks! Andrew Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63361t=63358 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
WIC-1T [7:63364]
Hi all, I have a 2620 series running IOS (C2600-I-M), Version 12.2(8)T4. I also have 2 x WIC-1T installed. When I do this both of the interfaces show as interface down / line protocol down. However when I install either interface on its own (In either slot) they work fine. Is this a limitation of the 2600, I cannot find anything on Cisco site regarding this. Sincerely, Derek Walsh Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63364t=63364 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
can u summarize area 0 [7:63365]
Folks, Can area 0 be summarized in OSPF ? Thanks, Neil Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63365t=63365 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: WIC-1T [7:63364]
Derek, 12.2(8)T4 has got bugs, CCO recommends upgrading to T5. When I built your kit I could see both interfaces as being up when connected to a DTE device. Cheers, Steve Wilson -Original Message- From: DW [mailto:[EMAIL PROTECTED]] Sent: 19 February 2003 16:43 To: [EMAIL PROTECTED] Subject: WIC-1T [7:63364] Hi all, I have a 2620 series running IOS (C2600-I-M), Version 12.2(8)T4. I also have 2 x WIC-1T installed. When I do this both of the interfaces show as interface down / line protocol down. However when I install either interface on its own (In either slot) they work fine. Is this a limitation of the 2600, I cannot find anything on Cisco site regarding this. Sincerely, Derek Walsh Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63366t=63364 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Looking for Northern MA or Southern NH Study Partner or Group [7:63367]
Hi, I'm looking for a study partner for CCIE RS lab. I leave in NH but work in Boston. Please contact me off line. Thanks, Jim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63367t=63367 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF - 2 subnets on the routing table when actually using [7:63368]
wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... When using multipoint interface between R1 and R2, R3 receive these routes: 192.168.255.0/32 is subnetted, 2 subnets O IA192.168.255.6 [110/64] via 192.168.23.1, 00:15:30, Serial0.132 O IA192.168.255.5 [110/128] via 192.168.23.1, 00:12:43, Serial0.132 When using point-to-point interface between R1 and R2, R3 receive these routes: 192.168.255.0/30 is subnetted, 1 subnets O IA192.168.255.4 [110/128] via 192.168.23.1, 00:29:11, Serial0.132 It seems that the frame-relay route map on R1 and R2 causes the first result. Any thoughts? yes. this is the way it works. refer to the RFC for specifics. R1 (192.168.255.5/30) (192.168.255.6/30) R3 (192.168.23.1/30 ---R3 (192.168.23.2/30) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63368t=63368 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Congigure the ATM LS 100 ! [7:63328]
I have this on the lab at work.. Current configuration: ! version 11.1 no service pad service udp-small-servers service tcp-small-servers ! hostname LS-1010 ! ! atm address 47.0091.8100..0010.11bd.f901.0010.11bd.f901.00 atm router pnni node 1 level 56 lowest redistribute atm-static ! ! interface ATM0/0/0 no keepalive no atm auto-configuration ! interface ATM0/0/1 no keepalive ! interface ATM0/0/2 no keepalive ! interface ATM0/0/3 no keepalive no atm auto-configuration atm pvc 2 200 interface ATM0/0/0 1 100 ! interface ATM0/1/0 no keepalive ! interface ATM0/1/1 no keepalive ! interface ATM0/1/2 no keepalive ! interface ATM0/1/3 no keepalive ! interface ATM1/0/0 no keepalive ! interface ATM1/1/0 no keepalive ! interface ATM2/0/0 no ip address no keepalive atm maxvp-number 0 ! interface Ethernet2/0/0 no ip address ! no ip classless ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 login ! end Larry Letterman Network Engineer Cisco Systems - Original Message - From: XY HIEN LE To: Sent: Wednesday, February 19, 2003 1:05 AM Subject: Congigure the ATM LS 100 ! [7:63328] Hi all, Does anyone know how to configure the LightStream LS 100 switch to work between 2 7200 routers with ATM interfaces? I am trying to set up the ATM lab practice but can't get the switch to pass traffic between 2 routers? Any help would be much appreciated. Xy [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63369t=63328 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: can u summarize area 0 [7:63365]
neil K. wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Folks, Can area 0 be summarized in OSPF ? yes - on the ABR, with the summary advertised out to non zero areas. within area 0 itself, one cannot summarize area 0 subnets to other area 0 routers. Thanks, Neil Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63370t=63365 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]
comments in-line: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kelly Cobean Sent: Tuesday, February 18, 2003 7:54 PM To: [EMAIL PROTECTED] Subject: RE: Does MLS (Layer 3 switching) require VLANs? [7:63147] Priscilla, Ok, you caught me not telling the whole truth. There is a second VLAN on the switch, but my point was that the MLS cache is full of entries for one host talking to another host off of the same VLAN interface but on a secondary subnet, indicating that L3 switching (routing) took place for that data-flow...So now I guess there are two hands clapping ;-) You sure do keep us all on our toes!!! Thanks! - that's because packet switching between subnets using secondaries are process-switched. regards, /vicky -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 1:08 AM To: [EMAIL PROTECTED] Subject: RE: Does MLS (Layer 3 switching) require VLANs? [7:63147] I'm loath to continue this discussion, but I do have a question for Kelly. Why do you have a VLAN at all in your example?? Isn't a single VLAN sort of like one hand clapping? Seriously, what role is it playing in your network? Of course you don't have to have VLANs to do routing/L3 switching, as you probabaly know. But maybe there's some weird configuration gotcha, specific to the 6509? Just curious. Thanks. Larry said the majority of the Cisco campus is networked with L3 switches and not using vlans. That says a lot right there! Priscilla Kelly Cobean wrote: All, I'd like to add to this something that I haven't seen in other posts yet, and that is a quick look at layer2 function. I have a Catalyst 6509 with an MSFC on it. There is only *ONE* VLAN configured on the MSFC, however, that VLAN has several secondary addresses assigned to it (I know, not a great solution, but let's not go there). If I do a show mls entry on my switch, it is full of entries for hosts talking to hosts on the same VLAN. My point? When a host wants to talk to a host on another subnet (VLAN or not), it ANDs the address with it's own mask, determines that the host is in fact on a different subnet, then arps (if necessary) for it's default gateway (the MSFC) and sends the packet on it's way. The 6509/MSFC receive the packet and begin the MLS cache setup process (candidate packet, timeout, etc). All this is still done inspite of the fact that the MSFC only has a single VLAN. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Stephen Hoover Sent: Monday, February 17, 2003 8:33 PM To: [EMAIL PROTECTED] Subject: Re: Does MLS (Layer 3 switching) require VLANs? [7:63147] - actually it is by doing secondaries, but i would highly recommend doing vlans if possible. keep it clean and simple. one may also configure the physical interfaces as L3 interfaces - just as one might do on a router with several ethernet ports. Oo ok, now THAT statement leads me to believe the L3 switching IS possible without VLANs. -Stephen Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63371t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]
comments in-line: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Howard C. Berkowitz Sent: Tuesday, February 18, 2003 6:42 AM To: [EMAIL PROTECTED] Subject: Re: Does MLS (Layer 3 switching) require VLANs? [7:63147] At 5:30 AM + 2/18/03, Ken Diliberto wrote: The nit I'm picking is inline... (I'm feeling like chipping in tonight) The Long and Winding Road 02/17/03 06:13PM [snip] if I have a 75xx router with 300 ethernet ports, and I bridge all those ports, do I have an L3 switch, or a router? [KD] You have a router performing L2 operations (forwarding, switching, bridging -- whatever). Would a cheap Linksys switch be faster? What makes a L3 switch in my mind is where the forwarding happens. If the L3 CPU (new way to look at it?) has to handle every packet, that's a router. If the first L3 packet is handled by the CPU which then programs ASICs to handle the rest of the flow without bothering the CPU, that's an L3 switch. Is there a difference from a packet/network perspective? No. The L2 headers and L3 headers are all properly updated in both cases (at least we *hope* they are) and traffic is delivered most of the time. (If it was delivered all the time, networks wouldn't need us to fix them) :-) Does that make a 7500 with VIPs a L3 switch? A 12000 with distributed forwarding processors? -- it dependscall it (d)cef switching router if you want but i have to kinda agree with ken's comments. in my opinion the major difference between a tradition router and a l3 switch is the way packet switching takes place. in a tradition router the packet switching are done in software (microprocessor based), whereas in l3 switch it is done by asic in hw and mls is used to increase routing performance by doing packet switching and rewrites in hw (asics). that's all. regards, /vicky Substituting router for L3 switch is a good idea, but go farther than that. You can think of a high-performance router as a small hidden network, containing one or more (think high availability) path determination routing processors/hosts that download FIB information to multiple forwarding processors/hosts. One public and vendor-independent discussion of this architecture continues in the IETF FORCES Working Group (go to www.ietf.org and navigate to Working Groups). What does this mean to us? Not much other than for capacity planning. IMHO, an L3 switch has a longer life than a router. Not really, as you say in your next paragraph. I could go off into the ozone and say all high-speed routers are L3 switches. Indeed, ASICs aren't a necessity. I've worked on research router designs that used RISC processors in each forwarding and path determination engine, which gave lots of power but much more flexibility than ASICs. Admittedly, at least one of these was a specifically designed processor, but it definitely was software loadable and ran a real time OS. ASIC gets blurry anyway, when you start getting into the pure hard-etched IC, field-programmable gate arrays, electrically alterable field-programmable gate arrays, microcode sequencers, etc. When I design networks, I don't think L3 switch. I think about routers interconnecting L2 segments. I even draw them that way most of the time. :-) My advice to those having problems with this subject: Replace every occurrence of layer 3 switch with router. [/KD] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63372t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cat 6000 PCMCIA Flash Card Same as 3600? [7:63293]
i believe you will have to (re)format the flash. regards, /vicky -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, February 19, 2003 7:36 AM To: [EMAIL PROTECTED] Subject: Re: Cat 6000 PCMCIA Flash Card Same as 3600? [7:63293] I used the same Flash Card on 6000, 7507 and 4700. Not sure about 3600. Bob Sinclair @groupstudy.com em 18/02/2003 18:06:02 Favor responder a Bob Sinclair Enviado Por: [EMAIL PROTECTED] Para: [EMAIL PROTECTED] cc: Assunto:Cat 6000 PCMCIA Flash Card Same as 3600? [7:63293] I would like to buy a flash PC card for my Cat 6000 with Sup1A. I know there are different file system formats for various devices, but do the 3600 and 6000 cards have the same physical spec? Can I use the same card in both devices if I reformat? Thanks, -Bob Sinclair Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63373t=63293 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Upgrading from Token Ring to Fast Ethernet [7:63374]
Hi All, I'm in the process of upgrading from Token Ring to Fast Ethernet at one of our client's sites. This upgrade won't be fork-lifted overnight and my concern is that that the client is not keen on doing the IP readdressing. I'll be deploying a Cisco 2513 router during the migration period and my question is as follows:- How do I leave the IP subnets configured on the Token Ring interface and have users connect to the Ethernet interface, and still be on the same IP subnet, if possible. Your assistance will be highly appreciated. __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63374t=63374 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP Done, finaly [7:63355]
Hi Arni, Congratulations. Good Job. JoeT Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63375t=63355 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 3550 config guide...Any out there yet?? [7:63359]
Actually, I got tons of it now. I would start with CCO - this is the best. Then the freebies from ipexpert.net, ccbootcamp.com, bradshawlabs.com and netmasterclass.net. These should be ample. Use the doc cd online to get to the 3550 url: http://www.cisco.com/univercd/home/home.htm Once you get here, click under Catalyst switches - Catalyst 3550 and click on the first one for Release 12.1 (12c). From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: 3550 config guide...Any out there yet?? Date: Wed, 19 Feb 2003 12:24:06 -0300 Could you tell me were you got the link about 3550? I am asking it because I am using the BluePrint to study and there is not that link. The link I am using is http://www.cisco.com/warp/public/625/ccie/certifications/rsblueprint.html Thanks in Advance = Hello,Since the 3550's are going to kill us in the new Lab, has anyone come out with a config. guide book or a cd-simulator, similiarly to the Cat5 from Cisco? Also, on CCO, I see this one link for the 3550: http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_book09186a008007f368.html Is this sufficient for the Lab? Please advise.Thank you.Sincerely,CN _ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63359t=63359 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Congigure the ATM LS 100 ! [7:63328]
The original question was about a LS100 not a LS1010. Much different box. Possibly the manual for the LS100 is on CCO. -Original Message- From: Larry Letterman [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 19, 2003 12:17 PM To: [EMAIL PROTECTED] Subject: Re: Congigure the ATM LS 100 ! [7:63328] I have this on the lab at work.. Current configuration: ! version 11.1 no service pad service udp-small-servers service tcp-small-servers ! hostname LS-1010 ! ! atm address 47.0091.8100..0010.11bd.f901.0010.11bd.f901.00 atm router pnni node 1 level 56 lowest redistribute atm-static ! ! interface ATM0/0/0 no keepalive no atm auto-configuration ! interface ATM0/0/1 no keepalive ! interface ATM0/0/2 no keepalive ! interface ATM0/0/3 no keepalive no atm auto-configuration atm pvc 2 200 interface ATM0/0/0 1 100 ! interface ATM0/1/0 no keepalive ! interface ATM0/1/1 no keepalive ! interface ATM0/1/2 no keepalive ! interface ATM0/1/3 no keepalive ! interface ATM1/0/0 no keepalive ! interface ATM1/1/0 no keepalive ! interface ATM2/0/0 no ip address no keepalive atm maxvp-number 0 ! interface Ethernet2/0/0 no ip address ! no ip classless ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 login ! end Larry Letterman Network Engineer Cisco Systems - Original Message - From: XY HIEN LE To: Sent: Wednesday, February 19, 2003 1:05 AM Subject: Congigure the ATM LS 100 ! [7:63328] Hi all, Does anyone know how to configure the LightStream LS 100 switch to work between 2 7200 routers with ATM interfaces? I am trying to set up the ATM lab practice but can't get the switch to pass traffic between 2 routers? Any help would be much appreciated. Xy [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63376t=63328 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Upgrading from Token Ring to Fast Ethernet [7:63374]
Just a thought. Could you create a VLAN and put both ports in the same VLAN? -Original Message- From: Marakalas [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 19, 2003 2:34 PM To: [EMAIL PROTECTED] Subject: Upgrading from Token Ring to Fast Ethernet [7:63374] Hi All, I'm in the process of upgrading from Token Ring to Fast Ethernet at one of our client's sites. This upgrade won't be fork-lifted overnight and my concern is that that the client is not keen on doing the IP readdressing. I'll be deploying a Cisco 2513 router during the migration period and my question is as follows:- How do I leave the IP subnets configured on the Token Ring interface and have users connect to the Ethernet interface, and still be on the same IP subnet, if possible. Your assistance will be highly appreciated. __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63377t=63374 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Snort versus Cisco IDS [7:62939]
I do believe it is in the best interest of the Cisco engineers to also push their products. -Original Message- From: Kent Hundley [mailto:[EMAIL PROTECTED]] Sent: Friday, February 14, 2003 10:35 AM To: [EMAIL PROTECTED] Subject: RE: Snort versus Cisco IDS [7:62939] The term team was meant to by inclusive of engineers as well as sales. I can assure you I have talked to many competent Cisco engineers, some of them who specialize in security, who do in fact recommend the Cisco IDS to their large clients. And yes, salespeople will obviously always push their product. Regards, Kent On Fri, 2003-02-14 at 07:15, DeVoe, Charles (PKI) wrote: 2) Has never talked to any of the Cisco teams that manage large global accounts Of course these are sales people. Sales people make their livelihood off of the sales. So obviously, they will push the product. Rule 1. Never trust a salesperson. Rule 2. Never Believe a salesperson. Rule 3. Never forget Rules 1 2. -Original Message- From: Kent Hundley [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 13, 2003 4:39 PM To: [EMAIL PROTECTED] Subject: Re: Snort versus Cisco IDS [7:62939] On Thu, 2003-02-13 at 00:06, Priscilla Oppenheimer wrote: Someone told me in an authoritative voice today that Cisco doesn't recommend their IDS. They recommend Snort. Is this really true? Isn't Cisco's IDS a big part of SAFE? Whomever told you this: 1) Is extremely naiive (one Cisco engineer told them something and they took it as gospel) 2) Has never talked to any of the Cisco teams that manage large global accounts I can tell you for a 100% fact that Cisco recommends their IDS very actively to their large global customers, I'm working on a Fortune 5 account right now and the Cisco team is heavily pushing a Cisco IDS deployment. If one of their engineers recommended snort, the AM would have them bound and gagged and thrown in a very dark basement. ;-) Of course, the person who said this doesn't understand that Cisco is a huge, chaotic organism, and that saying Cisco does something based on what one person does, doesn't make sense. But I'm just curious, what do you all recommend for intrusion detection? How do Snort and Cisco IDS compare? I guess Cisco's solution is a bit more complicated, requiring appliances or IDS cards in a switch and a console: Cisco IDS is a commercial, fully baked product in the sense that it has a lot of bells and whistles for the end-user market. Cisco is also developing custom hardware such as blades that slide into a Cat 6500, making for easy deployment and the ability to capture and process traffic at Gigabit speeds. Snort is much more of a tech geeks solution, although there are a lot of talented people writing code to increase its ease of use such. (things like ACID and Demarc) The bottom line is that snort will do the job in a lot of environments, but your going to need to have some very technical people to handle the care and feeding of the system. It is an open source solution and doesn't come with built-in support other than what you get through mailing lists. The Cisco IDS comes with TAC behind it. You pay more for more support baked into the process and a large amount of dedicated resources working on your issues. (it's the same old open source vs commercial product argument) For small environments where funds are very limited or for environments with highly technical but cheap labor (such as universities), snort is probably the better solution. For large enterprises, Cisco would probably be the better choice. Of course, YMMV, a lot depends on the environment, , that's my opinion, take it with a grain of salt, yada, yada, yada, etc. etc. disclaimer, disclaimer... Regards, Kent Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63378t=62939 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Alternate password recovery procedures? [7:62541]
Thank you, but I knew about the normal password recovery procedures; I was trying to find out if there are other ways to remotely recover a password, other than the SNMP method I mentioned below. I agree that the normal recovery procedures are common knowledge and wouldn't be worth a reply. Geoff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 19, 2003 10:47 AM To: Mossburg, Geoff (MAN-Corporate) Subject: Re: Alternate password recovery procedures? [7:62541] hi you can find www.cisco.com. search from www.google.com cisco password recovery. i think this is so simple question therefore nobody answer you Selcuk - Original Message - From: Mossburg, Geoff (MAN-Corporate) To: Sent: Wednesday, February 05, 2003 11:23 PM Subject: Alternate password recovery procedures? [7:62541] All, I was looking for a way to recover an enable password on a misconfigured router, and I came across the SNMP method of password recovery, which I was able to use to change the enable password remotely on the router. I was wondering: Does anyone knows of even more alternate password recovery procedures? Thanks! Geoff Mossburg Virus taramasi Vexira AV programi kullanilarak Is Net tarafindan yapilmistir. This e-mail is checked by Is Net against all known types of viruses using Vexira AV. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63379t=62541 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN question [7:63380]
Hi guys, I have a question that I hope somebody can help me out with... I have a Cisco 3000 series VPN concentrator in one of our offices. Call it office 'A'. I have a Cisco 3002 VPN hardware client in office 'B'. The VPN between both office works fantastic. I also have a 3rd office with a Cisco 3002 VPN client, office 'C'. This VPN to office 'A' works great also. Now, office 'A' and office 'B' both have their domains trusted, and everything works great. Same with office 'A' and office 'C'. My question is, would it be possible to route VPN packets using this setup from office 'B' to office 'C'? This way, I can trust the domains in the offices that only have 3002 hardware clients, maybe through routing at the office with the concentrator? 'A' -concentrator / \ / \ / \ 'B'---'C' client client Thanks a million for any help you guys can give! Regards, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63380t=63380 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Help with Route-Maps [7:63381]
Hi all. Here is a scneario that I need your help on: I have a RAS server that has 2 ethernet interfaces for egress traffic. The IP addressing on each interface are on separate networks. In addition, the dialin pools configured on the RAS are in separate networks from each other as well as from those defined on the ethernet interfaces of the RAS. Each Ethernet interface gateway points to a Cisco 2620 router which each of the routers have their own connection to the internet via 2 separate providers. No BGP being done. The IP Pool addressing on the RAS server are from each of the providers. So Pool A IPs are from Sprint and Pool B are from Choice1. So in the event that one dialin user gets an IP from Pool B but gets routed to Router A, the user will not go any where because each provider will not route the other provider IPs. My goal was to be able to say on the RAS that pool A goes out of ethernet port 1 and Pool B goes out ethernet port 2 but the RAS solution that I am using will not allow this to be done. So I thought about creating a route-map on the Cisco's to be applied to the ethernet interface (ingress) as an inbound policy. The route-map on Router A would need to say something like: If Pool B which belongs to Router B, then set IP next-hop to Router B ethernet interface. Both routers know about each other. I would like to know if all I would need to do is the following or if I need something else or maybe I cant do it. Thanks. Here is what I come up with: ROUTER A: route-map from-RAS permit 10 match ip address 1 set ip next-hop 192.168.1.2 interface Ethernet 0/0 description Traffic from Pool A ip address 192.168.1.1 255.255.255.0 no ip directed-broadcast ip policy route-map from-RAS access-list 1 permit The same will be done on the ROUTER B but with the appropriate IPs. Thanks in advance. - Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63381t=63381 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP Done, finaly [7:63355]
well done! i have just done bsci.. i am happy if you say that the other exams combined are easy ;) regards Joseph R. Taylor escribis en el mensaje [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Arni, Congratulations. Good Job. JoeT Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63382t=63355 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CS11152 MIB's [7:63300]
got em. thanks alot John Neiberger wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I believe the MIBs are on the CSS itself. Use an FTP client to browse the box and you'll find them somewhere. I'm at home at the moment and I can't remember which directory they're in but it seems like it's fairly clear when you see it. John Sam Sneed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Anyone know where I can download these? I couldn't find them on Cisco site. I'd like to get CPU stats on my CSS11152 via snmp. thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63383t=63300 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Windows Domain Access across WAN [7:63384]
Hi All, I'm looking to setup Windows Domain access across a TCP/IP WAN. I'm concerned with all the protocols that need to be allowed. Thank you, JoeT Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63384t=63384 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]
At 6:19 PM + 2/19/03, Vicky Rode wrote: comments in-line: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kelly Cobean Sent: Tuesday, February 18, 2003 7:54 PM To: [EMAIL PROTECTED] Subject: RE: Does MLS (Layer 3 switching) require VLANs? [7:63147] Priscilla, Ok, you caught me not telling the whole truth. There is a second VLAN on the switch, but my point was that the MLS cache is full of entries for one host talking to another host off of the same VLAN interface but on a secondary subnet, indicating that L3 switching (routing) took place for that data-flow...So now I guess there are two hands clapping ;-) You sure do keep us all on our toes!!! Thanks! - that's because packet switching between subnets using secondaries are process-switched. On general IOS -- can't speak to the switch implementations -- you can code ip route-cache same-interface ipx route-cache same-interface and get fast switching for secondaries. Don't know if there is a way for CEF to figure this out. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63385t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Upgrading from Token Ring to Fast Ethernet [7:63374]
Yes try looking at this http://www.cisco.com/en/US/customer/tech/tk331/tk660/technologies_tech_note09186a00800a997d.shtml Dave Marakalas wrote: Hi All, I'm in the process of upgrading from Token Ring to Fast Ethernet at one of our client's sites. This upgrade won't be fork-lifted overnight and my concern is that that the client is not keen on doing the IP readdressing. I'll be deploying a Cisco 2513 router during the migration period and my question is as follows:- How do I leave the IP subnets configured on the Token Ring interface and have users connect to the Ethernet interface, and still be on the same IP subnet, if possible. Your assistance will be highly appreciated. __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63386t=63374 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]
At 6:51 PM + 2/19/03, Vicky Rode wrote: comments in-line: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Howard C. Berkowitz Sent: Tuesday, February 18, 2003 6:42 AM To: [EMAIL PROTECTED] Subject: Re: Does MLS (Layer 3 switching) require VLANs? [7:63147] At 5:30 AM + 2/18/03, Ken Diliberto wrote: The nit I'm picking is inline... (I'm feeling like chipping in tonight) The Long and Winding Road 02/17/03 06:13PM [snip] if I have a 75xx router with 300 ethernet ports, and I bridge all those ports, do I have an L3 switch, or a router? [KD] You have a router performing L2 operations (forwarding, switching, bridging -- whatever). Would a cheap Linksys switch be faster? What makes a L3 switch in my mind is where the forwarding happens. If the L3 CPU (new way to look at it?) has to handle every packet, that's a router. If the first L3 packet is handled by the CPU which then programs ASICs to handle the rest of the flow without bothering the CPU, that's an L3 switch. Is there a difference from a packet/network perspective? No. The L2 headers and L3 headers are all properly updated in both cases (at least we *hope* they are) and traffic is delivered most of the time. (If it was delivered all the time, networks wouldn't need us to fix them) :-) Does that make a 7500 with VIPs a L3 switch? A 12000 with distributed forwarding processors? -- it dependscall it (d)cef switching router if you want but i have to kinda agree with ken's comments. in my opinion the major difference between a tradition router and a l3 switch is the way packet switching takes place. in a tradition router the packet switching are done in software (microprocessor based), Big difference if the microprocessors (note plural) aren't doing anything except forwarding, and run a real time OS. The key thing is that you don't want forwarding going through the processor that runs routing protocols, system management, etc. A real challenge is where to implement QoS, because it tends to get beyond the complexity of a true ASIC and really has to be done in a microcode-loaded processor. whereas in l3 switch it is done by asic in hw and mls is used to increase routing performance by doing packet switching and rewrites in hw (asics). There's a bit of Cisco marketing-speak here, which was actually a reaction to competitors who brought up the concept switch if you can, route when you must. Hardware and software technology have moved on since then, and the line is much more blurred between the two. It's more important to think of separating the forwarding, control, and upper layer services path (and being sure there's no mutual interference) than it is to consider the actual hardware processing elements (ASICs, microcoded or RISC processors, etc.) This emphasis on ASICs also ignores a couple of common bottlenecks: memory and fabric. To some extent, you can get around memory limitations by having distributed memories for distributed processors. For the fabric, you can move from shared bus, to shared memory, and eventually to crossbar (ignoring optical trends). As I mentioned in a previous post that's partially below, you don't necessarily need ASICs if you have enough distributed processors, using the term processor to include microcode sequencers, FPGAs and EA-FPGAs, etc. In research prototypes, I've been involved in routers that had true processors, running on the forwarding boards, that ran a real-time OS. These processors did have certain functions custom-built in hardware. Also, the processors can have coprocessors -- the Nortel Shasta products, for example, have an encryption chip more or less next to general board-level processors, with a high-speed path between them. Even with ASICs, the L2 and L3 decisions, rewrite, etc. often are in separate chips. Remember a processor can be implemented as bit slices operating in a set of ICs. Substituting router for L3 switch is a good idea, but go farther than that. You can think of a high-performance router as a small hidden network, containing one or more (think high availability) path determination routing processors/hosts that download FIB information to multiple forwarding processors/hosts. One public and vendor-independent discussion of this architecture continues in the IETF FORCES Working Group (go to www.ietf.org and navigate to Working Groups). What does this mean to us? Not much other than for capacity planning. IMHO, an L3 switch has a longer life than a router. Not really, as you say in your next paragraph. I could go off into the ozone and say all high-speed routers are L3 switches. Indeed, ASICs aren't a necessity. I've worked on research router designs that used RISC processors in each forwarding and path determination engine, which gave lots of power but much more flexibility than ASICs. Admittedly, at least one of these was a specifically designed
RE: Novell SAP question [7:63340]
lee wooi keat wrote: All, I have a question on Novell SAP and need your help: A cisco router is receiving a specific SAP advertisement but the server How do you know that the router is receving a specific SAP advertisement? Please share with us the troubleshooting you have done and any output from show or debug commands. Good commands to use include show ipx traffic, debug ipx sap activity, and debug ipx sap events. As usual, be careful with debug commands on operational routers. SAP debug commands are especially problematic if there are tons of services being advertised. isnt showing up in the server table. Do you mean that the server doesn't show up on the router when you do a show ipx server or do you mean that it doesn't show up in server lists on clients or servers downstream from the router. In the first case, use show ipx route to check that the router has a route to the server. If it doesn't, I suspect that it wouldn't put it in its list (and wouldn't advertise it either.) In the second case, check for SAP output filters. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Why are the possible reason for that? Thanks in advance. Cheers, Lee _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63389t=63340 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN question [7:63380]
the office 3000 concentrator will route packets between each spoke client (3002). Its sort of like a hub spoke frame relay network in a routing sense. For implementation, just make sure the 3002 are passed routes via their split tunneling network list on the the 3000 concentrator. Or if your not using split tunneling, the 3002's should be picking up all routes anyway, as reachable via the 3000 (except their default gateway, or course!) You will run network extension mode on with the 3002's (NOT PAT OVER TUNNEL). The 3002 can't terminate any tunnels, so you can't ipsec connect B C Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63390t=63380 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 100 Mbps on Cat3 or Cat4 [7:63310]
Pat Do wrote: Are unintelligent 10 Mbps hubs better than unintelligent 10/100 Mbps switches when the network cables that connect the PCs to the hub or switch are Cat3 or Cat4? I provide network services to dozens of non-profits. Most of the sites have Cat3 or Cat4 cabling. I have a co-worker who says that 10 Mbps hubs should be used until the sites are upgraded to Cat5 (which won't be happening any time soon). His rational: If the PC NICs are set to auto detect speed and the unintelligent 10/100 switch is set to auto detect speed, that data will try to pass through the Cat3 or Cat4 wire at 100 Mbps. He says that while the data can pass thru the wire at those rates, it's the signaling that gets scrambled at that rate on a Cat3 or Cat4 wire. Consequently, to prevent signaling problems that may in turn cause data integrity problems, he's recommending to use 10 Mbps hubs. Is this a valid argument? Yes, it is a valid argument. If he's saying that autonegotiation will fail to negotiate because of the presence of Cat-3 cable, then he's wrong. The autonegotiation link pulses are simply bursts of the same Normal Link Pulses that have been used in 10Base-T for years. The pulses will travel over Cat-3 cable without any problems and the negotiation process will occur. However if he's saying that auto-negotiation will negotiate, but then you'll have problems, he's right. The problem is that the two devices will probably decide to use 100 Mbps. Auto-negotiation rules say that the devices should select the highest performance mode that they share in common. The result would be the NIC and switch port attempting so use 100 Mbps on Cat 3 cabling, which doesn't work. When we went from 10 Mbps to 100 Mbps we went from Manchester signal encoding to MLT-3 signal encoding to avoid the sorts of problems he is referring to. We also went to a requirement for Cat-5 cabling because of the increased frequency associated with the new signal encoding. Note: New, unintelligent 10 Mbps hubs appear to be becoming less available and more costly relative to unintelligent 10/100 Mbps switches as time goes on. Consequently, this issue is starting to have financial implications. I know, isn't that annoying!? I like hubs. :-) Hubs have quite a few advantages for certain applications. As others have recommended, perhaps to avoid buying old equipment (hubs) that are getting harder to find (and more expensive), you could go with switches and hard code everything to 10 Mbps for now. But perhaps your point was that an _unintelligent_ switch might not let you configure hard-coded 10 Mbps instead of auto-detect. In that case, buy up a bunch of hubs, but don't beat me to it. ;-) ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63391t=63310 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP Helper with Netware 5.1 and win 9598 [7:63297]
To be honest, I don't know the effect of using two helper addresses on one interface. It may not provide any redundancy, if that's your hope, but I'm not sure. Anyone know? However, I do have one other quick suggestion. Make sure the switches that connect the problematic PCs are using portfast. This sound like a portfast problem. You say the PCs don't renew their lease when they reboot. Unfortunately they can't if the switch is not yet forwarding their DHCP requests because it's doing its ridiculously long state-changes for spanning tree. It doesn't start forwarding for many seconds. If you set it to portfast, you avoid this problem. (Only do that if you know the switch ports just connect PCs and no other switches perhaps in a redundant fashion, resulting in spanning tree havoc.) Priscilla Firesox wrote: Thanks for the comments My answers below. Yes both DHCP servers are on the same broadcast domain at the hub site. I have two helper addresses on the same interface(remote site, thinking redundancy, but it may not be as effective as I thought it would from your comment). What's weird is that when I manually release/renew the lease from win95/98 machines, it works just fine. It's just not automatic. The machines at hub site does this automatically without any problems. Thanks Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Firesox wrote: I have two ip-helper addresses configured on 2621 which connects to another 2621 at the HUB where DHCP servers reside. Do you have two ip helper addresses on the same interface? Does that really do any good or does the first one just get used all the time? Or do you mean two helper addresses, one on one interface and one on another. I have 2 Novell Netware 5.1 servers as DHPC servers. Are the Novell DHCP servers on the same LAN, IP subnet, broadcast domain? Lease is set to 3 days Everthing is working as expected except windows 95 and 98 clients are not renewing the IP after three days. If you manually release and renew the IP, it works fine, but when users turn on the pc after the lease has expired, it's not renewing it automatically. DCHP clients on the hub site are working just fine using same DHCP servers. Rihgt now the Helper addresses are set to unicast address pointing to those two servers. I was wondering if setting the helper address to subnet broadcast address makes any difference. You need to find out why this is happening. Do the clients attempt to renew, i.e. send the DHCP requests or are they just silent? If the DHCP clients attempt to renew and their server (i.e. the one that their helper address points to) doesn't respond, it might help to change the helper address to broadcast to give the other server a chance to reply, assuming the servers are on the same LAN. The other router would have to forward directed broadcasts for the broadcast to end up on the LAN. But it wouldn't be advisable to make this change without knowing why the problem is happening and what negative side effects could occur from the change. Priscilla Thanks in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63392t=63297 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Can't ping with Dialer Map Command [7:63393]
I have set up a simple ISDN dial up between two routers, and I don't see any wrong with the configs may be. The funny thing is when I use dialer string command on both routers then I can successfully ping each other, but if I replace Dialer String with Dialer Map which is a preferred way I am not able to ping. The Bri channel 1 will be connected, but my ping times out. Here is the configs for both routers:r1#wr tBuilding configuration...Current configuration:!version 11.3service timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname r1!enable secret 5 $1$oix0$jjbU/t1qjJlHT1zYajIeG/!no ip domain-lookupisdn switch-type basic-ni1!!interface Ethernet0 ip address 170.10.22.1 255.255.255.0 no keepalive media-type 10BaseT!interface Ethernet1 no ip address shutdown media-type 10BaseT!interface Serial0 no ip address encapsulation frame-relay!interface Serial0.1 point-to-point ip address 170.10.29.1 255.255.255.252 frame-relay interface-dlci 102!interface Serial1 ip address 170.10.23.1 255.255.255.252!interface Serial2 no ip address shutdown!interface Serial3 no ip address shutdown!interface BRI0 ip address 170.10.129.1 255.255.255.252 encapsulation ppp dialer map ip 170.10.129.2 name r2 broadcast 9636000 dialer-group 1 isdn spid1 2569635101 isdn spid2 25696350010101!interface BRI1 no ip address shutdown!interface BRI2 no ip address shutdown!interface BRI3 no ip address shutdown!router ospf 1 passive-interface BRI0 network 170.10.22.1 0.0.0.0 area 1 network 170.10.23.1 0.0.0.0 area 1 network 170.10.29.1 0.0.0.0 area 0 network 170.10.129.1 0.0.0.0 area 0!ip classless!dialer-list 1 protocol ip permit!line con 0 logging synchronousline aux 0line vty 0 4 no login!endr1#r2#wr tBuilding configuration...Current configuration:!version 11.3service timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname r2!enable secret 5 $1$D58d$cmNsq25bGd02XGPfZSUY9/!no ip domain-lookupisdn switch-type basic-ni1!!interface Ethernet0 no ip address shutdown media-type 10BaseT!interface Ethernet1 no ip address shutdown media-type 10BaseT!interface Serial0 no ip address encapsulation frame-relay no ip mroute-cache!interface Serial0.1 point-to-point ip address 170.10.29.2 255.255.255.252 frame-relay interface-dlci 201!interface Serial1 ip address 170.10.49.2 255.255.255.252!interface Serial2 no ip address shutdown!interface Serial3 no ip address shutdown!interface BRI0 ip address 170.10.129.2 255.255.255.252 encapsulation ppp dialer map ip 170.10.129.1 name r1 broadcast 9635000 dialer-group 1 isdn spid1 2569636101 isdn spid2 25696360010101!interface BRI1 no ip address shutdown!interface BRI2 no ip address shutdown!interface BRI3 no ip address shutdown!router ospf 1 passive-interface BRI0 network 170.10.0.0 0.0.255.255 area 0!ip classless!dialer-list 1 protocol ip permit!line con 0 logging synchronousline aux 0line vty 0 4 no login!endr2# ___ Join Excite! - http://www.excite.com The most personalized portal on the Web! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63393t=63393 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP Done, finaly [7:63355]
Hi there, Congratulations! All the best for the future... Cheers, Kenan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63394t=63355 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Question about CCIE written [7:63396]
Hi guys, This may seem a dumb q, but I'll ask it anyway. How hard is the CCIE written. How much value do you think it adds (if you don't intend to do the lab for a some time). Symon Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63396t=63396 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help with Route-Maps [7:63381]
Yes this can work. I have a couple suggestions: 1)Make your access-list in the route map an extended ACL since you need to base this forwarding on source address. 2)Consider applying this type of policy on the RAS server. If Cisco it can be defined in the virtual interface template specific to this single RAS device. Though with the simple topology that appears to exist doing the policy routing on the RAS device may be less efficient than the 2600's. 3)Make sure the RAS device either handles asymmetric routing for packets inbound to it. Or that both 2600's have routes to the proper Ethernet interfaces of this RAS device. You might consider using virtual routers on the RAS server to achieve the same effects. Also you might consider solving your root problem of not announcing your address space out both available servicesor are you using el-cheapo xDSL service for this? Good Luck, Darrell Newcomb http://www.hayaitacos.net/mpeer/ CiscoNewbie wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all. Here is a scneario that I need your help on: I have a RAS server that has 2 ethernet interfaces for egress traffic. The IP addressing on each interface are on separate networks. In addition, the dialin pools configured on the RAS are in separate networks from each other as well as from those defined on the ethernet interfaces of the RAS. Each Ethernet interface gateway points to a Cisco 2620 router which each of the routers have their own connection to the internet via 2 separate providers. No BGP being done. The IP Pool addressing on the RAS server are from each of the providers. So Pool A IPs are from Sprint and Pool B are from Choice1. So in the event that one dialin user gets an IP from Pool B but gets routed to Router A, the user will not go any where because each provider will not route the other provider IPs. My goal was to be able to say on the RAS that pool A goes out of ethernet port 1 and Pool B goes out ethernet port 2 but the RAS solution that I am using will not allow this to be done. So I thought about creating a route-map on the Cisco's to be applied to the ethernet interface (ingress) as an inbound policy. The route-map on Router A would need to say something like: If Pool B which belongs to Router B, then set IP next-hop to Router B ethernet interface. Both routers know about each other. I would like to know if all I would need to do is the following or if I need something else or maybe I cant do it. Thanks. Here is what I come up with: ROUTER A: route-map from-RAS permit 10 match ip address 1 set ip next-hop 192.168.1.2 interface Ethernet 0/0 description Traffic from Pool A ip address 192.168.1.1 255.255.255.0 no ip directed-broadcast ip policy route-map from-RAS access-list 1 permit The same will be done on the ROUTER B but with the appropriate IPs. Thanks in advance. - Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63397t=63381 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP Done, finaly [7:63355]
I just passed it recently, as part of the Routing and Switching partner specialization for my company. It is challenging, as all Cisco exams are these days. I am dying to get a chance to teach BSCI. Tom Larus, CCIE #10,014 Skarphedinsson Arni V. wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Just finished BSCI today, and also my CCNP. boy the BSCI was realy hard, I think it was harder then all the other combined. But thats probably beacuse I dont have that much experince with Routing Protocols, used the Sybex book, and hands on with my router lab to prepair. I got a lot on BGP and EIGRP, and some easy stuff on OSPF and IS-IS. Best regards, Arni Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63398t=63355 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Access-List questions [7:63399]
Hello all. I'am stumped on an access-list that i need to create. What i did was i set up two routers using rip and put loopbacks on one of them and advertised them in rip. I then attempted to build an access-list allowing just these networks to pass into the other router. The router with the loopbacks is A the destination is B. so I know this will be a standard access list (direction in) on router B's interface to router A. The requirements are allow any packet originating from 182.17.77.0 /24 allow any packet originating from 182.17.73.0 /24 allow any packet originating from 182.81.77.0 /24 allow any packet originating from 182.81.73.0 /24 allow any packet originating from 190.17.77.0 /24 allow any packet originating from 190.17.73.0 /24 allow any packet originating from 190.81.77.0 /24 allow any packet originating from 190.81.73.0 /24 Hers what i think i can do with the 182 address i can do permit ip 182.17.73.0 0.64.4.0 because the 64 will increase the second octet to 81 then the 4 in the third bit will increase the network to 77. Is this how i would impliment this filtering policy in just two statements? The same way with the 190 networks? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63399t=63399 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: native vlan, trunking question [7:63309]
A native VLAN is the VLAN that that port uses when trunking breaks down. Thats it. If you don't set it to a specific VLAN in the config, then the native VLAN will be the default vlan. On cisco, this is VLAN 1. Normally, the trunk is up and running and the native vlan doesn't come into play. However, if the trunking goes down for any reason, the port reverts to the native vlan. At that point, only traffic on that vlan/subnet will get through the port. Typicxally, I will set the native vlan of trunking ports to the vlan that I'm using for network management so that I can get to the switch remotely if something goes wrong. Hope this helps, Karen *** REPLY SEPARATOR *** On 2/19/2003 at 2:38 AM supernet wrote: I'm confused on native vlan and trunking. Can I assign a port to a trunk (for all the vlans), then assign that port to a vlan100? Does that port belong to native vlan100? What means native vlan? Thanks. Yoshi Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63400t=63309 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 100 Mbps on Cat3 or Cat4 [7:63310]
Thanks folks for your technical info as well as advice! Buying cheaper 10/100 switches and configuring NICs on the PCs to 10 Mbps, half duplex may be the way to go. Most sites have 10 - 20 PCs on average. Pat Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63401t=63310 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Congigure the ATM LS 100 ! [7:63328]
Try this out. Configuring the Software section should help. http://www.cisco.com/univercd/cc/td/doc/product/atm/a100/ls100_ug/index.htm -Original Message- From: XY HIEN LE [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 19, 2003 6:02 PM To: 'Daniel Cotts' Subject: RE: Congigure the ATM LS 100 ! [7:63328] I have search but with no luck! Xy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Daniel Cotts Sent: Wednesday, February 19, 2003 10:11 AM To: [EMAIL PROTECTED] Subject: RE: Congigure the ATM LS 100 ! [7:63328] The original question was about a LS100 not a LS1010. Much different box. Possibly the manual for the LS100 is on CCO. -Original Message- From: Larry Letterman [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 19, 2003 12:17 PM To: [EMAIL PROTECTED] Subject: Re: Congigure the ATM LS 100 ! [7:63328] I have this on the lab at work.. Current configuration: ! version 11.1 no service pad service udp-small-servers service tcp-small-servers ! hostname LS-1010 ! ! atm address 47.0091.8100..0010.11bd.f901.0010.11bd.f901.00 atm router pnni node 1 level 56 lowest redistribute atm-static ! ! interface ATM0/0/0 no keepalive no atm auto-configuration ! interface ATM0/0/1 no keepalive ! interface ATM0/0/2 no keepalive ! interface ATM0/0/3 no keepalive no atm auto-configuration atm pvc 2 200 interface ATM0/0/0 1 100 ! interface ATM0/1/0 no keepalive ! interface ATM0/1/1 no keepalive ! interface ATM0/1/2 no keepalive ! interface ATM0/1/3 no keepalive ! interface ATM1/0/0 no keepalive ! interface ATM1/1/0 no keepalive ! interface ATM2/0/0 no ip address no keepalive atm maxvp-number 0 ! interface Ethernet2/0/0 no ip address ! no ip classless ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 login ! end Larry Letterman Network Engineer Cisco Systems - Original Message - From: XY HIEN LE To: Sent: Wednesday, February 19, 2003 1:05 AM Subject: Congigure the ATM LS 100 ! [7:63328] Hi all, Does anyone know how to configure the LightStream LS 100 switch to work between 2 7200 routers with ATM interfaces? I am trying to set up the ATM lab practice but can't get the switch to pass traffic between 2 routers? Any help would be much appreciated. Xy [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63403t=63328 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Help with Route-Maps [7:63381]
Thanks Darrell for your response and sufggestions. To respond to your suggestions: The RAS server that I am using is a non Cisco. The options they have available to do this is through Radius and the Radius server is owned by someone else. So this Radius solution they have is not feasible. So my only option is doing it on the Cisco's. Both Cisco's have routes back to the ethernet interface of the RAS. The WAN links on the routers are T1's. Thanks fr your help. - Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, and more Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63405t=63381 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN Switch and BRi config [7:63313]
Hi, Layer3 is not active in isdn status. suggest you try with the following. 1.add usernamepw in both the routers and map them in dialer map command. username r2 password (in R1 router) username r1 password (in R2 router) 2.Dialer map command dialer map ip 150.100.7.2 name r2 broadcast 2002 (in R1 router) dialer map ip 150.100.7.1 name r1 broadcast (in R2 router) 3.add ppp chap auth command ppp authentication chap (in both routers) HTH Regards, Kum Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63321t=63313 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Traffic thru PIX [7:63347]
Hello All, Can someone pls tell me how I can allow pings and other traffic thru the PIX? I've added both access-list and conduits for testing. Can ping from pix to a test PC on LAN, to Internet router and to UUNet DNS but not from test PC thru PIX as per below: PIX# wr t Building configuration... : Saved : PIX Version 6.1(2) nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password J470/UhJVN.5DRKT encrypted passwd J470/UhJVN.5DRKT encrypted hostname PIX domain-name pixdomain.com fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names name 10.250.77.3 testpc name 66.120.182.121 gateway access-list nat0 permit ip 10.250.77.0 255.255.255.0 10.250.0.0 255.255.0.0 access-list nat0 permit ip 10.250.77.0 255.255.255.0 10.249.0.0 255.255.0.0 access-list oxfordhub permit ip 10.250.77.0 255.255.255.0 10.250.4.0 255.255.255 .0 access-list oxfordhub permit ip 10.250.77.0 255.255.255.0 10.249.48.0 255.255.24 0.0 access-list ipalcohub permit ip 10.250.77.0 255.255.255.0 10.250.3.0 255.255.255 .0 access-list ipalcohub permit ip 10.250.77.0 255.255.255.0 10.249.32.0 255.255.24 0.0 access-list arlhub permit ip 10.250.77.0 255.255.255.0 10.250.0.0 255.255.255.0 access-list arlhub permit ip 10.250.77.0 255.255.255.0 10.249.64.0 255.255.240.0 access-list arlington permit ip 10.250.77.0 255.255.255.0 10.250.2.0 255.255.255 .0 access-list arlington permit ip 10.250.77.0 255.255.255.0 10.249.16.0 255.255.24 0.0 access-list richmond permit ip 10.250.77.0 255.255.255.0 10.250.75.0 255.255.255 .0 access-list aclout permit icmp any any pager lines 24 logging console debugging interface ethernet0 auto interface ethernet1 auto mtu outside 1500 mtu inside 1500 ip address outside 66.120.182.122 255.255.255.248 ip address inside 10.250.77.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm history enable arp timeout 14400 global (outside) 1 66.120.182.123 netmask 255.255.255.248 nat (inside) 0 access-list nat0 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 access-group aclout in interface outside conduit permit icmp any any conduit permit tcp any any route outside 0.0.0.0 0.0.0.0 gateway 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si p 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius http server enable http 10.250.78.3 255.255.255.255 inside http 10.250.77.2 255.255.255.255 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec no sysopt route dnat crypto ipsec transform-set strong3 esp-3des esp-sha-hmac crypto map cmap 1 ipsec-isakmp crypto map cmap 1 match address oxfordhub crypto map cmap 1 set peer 217.33.153.3 crypto map cmap 1 set transform-set strong3 crypto map cmap 2 ipsec-isakmp crypto map cmap 2 match address ipalcohub crypto map cmap 2 set peer 216.37.39.66 crypto map cmap 2 set transform-set strong3 crypto map cmap 3 ipsec-isakmp crypto map cmap 3 match address arlhub crypto map cmap 3 set peer 206.154.225.2 crypto map cmap 3 set transform-set strong3 crypto map cmap 4 ipsec-isakmp crypto map cmap 4 match address arlington crypto map cmap 4 set peer 65.204.31.2 crypto map cmap 4 set transform-set strong3 crypto map cmap 5 ipsec-isakmp crypto map cmap 5 match address richmond crypto map cmap 5 set peer 195.172.96.66 crypto map cmap 5 set transform-set strong3 crypto map cmap interface outside isakmp enable outside isakmp key address 217.33.153.3 netmask 255.255.255.255 isakmp key address 216.37.39.66 netmask 255.255.255.255 isakmp key address 208.171.213.2 netmask 255.255.255.255 isakmp key address 65.204.31.2 netmask 255.255.255.255 isakmp key address 195.172.96.66 netmask 255.255.255.255 isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des isakmp policy 10 hash sha isakmp policy 10 group 1 isakmp policy 10 lifetime 3600 telnet 10.250.77.0 255.255.255.0 inside telnet timeout 60 ssh timeout 5 terminal width 80 Cryptochecksum:91a83ee76d6bfefd0155f5f7f2181f6c : end [OK] PIX# PIX# ping gateway gateway response received -- 0ms gateway response received -- 0ms gateway response received -- 0ms PIX# ping 198.6.1.1 198.6.1.1 response received -- 650ms 198.6.1.1 response received -- 660ms 198.6.1.1 response received -- 640ms PIX# ping 198.6.1.1 198.6.1.1 response received -- 700ms 198.6.1.1 response received -- 640ms 198.6.1.1 response received -- 640ms PIX# ping testpc testpc response received -- 0ms testpc response received -- 0ms testpc response received -- 0ms PIX# TIA. _
Boson Router Simulator [7:63395]
Hi there, I had heard about Boson Router Simulator for a long time now. Having not much to do, I decided to give it a try. The evaluation version seems to be much slower than the actual thing. What I need to know is that is the software worth the investment? Or should I just go for proper hands-on only? Any feedback is appreciated. Cheers, Kenan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63395t=63395 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP books for sale [7:63345]
Anyone interested in buying my Exam Cram paperback books? They are in excellent condition. No markings and looks almost new. It has the cheat sheets. Let me know. Thank you Exam Cram CCNP 640-503 Routing Exam Cram CCNP 640-504 Switching Exam Cram CCNP 640-505 Remote access Exam Cram CCNP 640-506 Support e-mail: [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63345t=63345 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 100 Mbps on Cat3 or Cat4 [7:63310]
Hi, do not buy old 10 Mbps Hubs or switches unless they are very cheap (Cisco 1924 switches are cheap on Ebay). I suggest to test the following version if you use 10/100 switches: Set the switch to 10Mbps full duplex and leave the PC at AUTO. This could make the upgrade easier because you have just to configure the switch. Jens Neelsen --- Adam Grimes (adgrimes) wrote: I think the best bet for you would be to start buying the 10/100Mbps switches and manually setting the PCs to 10Mbps. That way you havent wasted money on expensive 10Mbps switches which (when Cat5 cable is eventually installed) will be obselete. Then it's just a case of going round and doing the (tedious) job of switching the NIC's back to autosense... I'll try and test the Cat3/Cat4 problem out in our lab and post an update. Adam Adam Grimes IT Engineer - CCNP/CCDA Cisco Systems -Original Message- From: Pat Do [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 19, 2003 3:00 AM To: [EMAIL PROTECTED] Subject: 100 Mbps on Cat3 or Cat4 [7:63310] Are unintelligent 10 Mbps hubs better than unintelligent 10/100 Mbps switches when the network cables that connect the PCs to the hub or switch are Cat3 or Cat4? I provide network services to dozens of non-profits. Most of the sites have Cat3 or Cat4 cabling. I have a co-worker who says that 10 Mbps hubs should be used until the sites are upgraded to Cat5 (which won't be happening any time soon). His rational: If the PC NICs are set to auto detect speed and the unintelligent 10/100 switch is set to auto detect speed, that data will try to pass through the Cat3 or Cat4 wire at 100 Mbps. He says that while the data can pass thru the wire at those rates, it's the signaling that gets scrambled at that rate on a Cat3 or Cat4 wire. Consequently, to prevent signaling problems that may in turn cause data integrity problems, he's recommending to use 10 Mbps hubs. Is this a valid argument? Note: New, unintelligent 10 Mbps hubs appear to be becoming less available and more costly relative to unintelligent 10/100 Mbps switches as time goes on. Consequently, this issue is starting to have financial implications. [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63388t=63310 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]
hi, comments in-line: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Howard C. Berkowitz Sent: Wednesday, February 19, 2003 2:17 PM To: [EMAIL PROTECTED] Subject: RE: Does MLS (Layer 3 switching) require VLANs? [7:63147] At 6:51 PM + 2/19/03, Vicky Rode wrote: comments in-line: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Howard C. Berkowitz Sent: Tuesday, February 18, 2003 6:42 AM To: [EMAIL PROTECTED] Subject: Re: Does MLS (Layer 3 switching) require VLANs? [7:63147] At 5:30 AM + 2/18/03, Ken Diliberto wrote: The nit I'm picking is inline... (I'm feeling like chipping in tonight) The Long and Winding Road 02/17/03 06:13PM [snip] if I have a 75xx router with 300 ethernet ports, and I bridge all those ports, do I have an L3 switch, or a router? [KD] You have a router performing L2 operations (forwarding, switching, bridging -- whatever). Would a cheap Linksys switch be faster? What makes a L3 switch in my mind is where the forwarding happens. If the L3 CPU (new way to look at it?) has to handle every packet, that's a router. If the first L3 packet is handled by the CPU which then programs ASICs to handle the rest of the flow without bothering the CPU, that's an L3 switch. Is there a difference from a packet/network perspective? No. The L2 headers and L3 headers are all properly updated in both cases (at least we *hope* they are) and traffic is delivered most of the time. (If it was delivered all the time, networks wouldn't need us to fix them) :-) Does that make a 7500 with VIPs a L3 switch? A 12000 with distributed forwarding processors? -- it dependscall it (d)cef switching router if you want but i have to kinda agree with ken's comments. in my opinion the major difference between a tradition router and a l3 switch is the way packet switching takes place. in a tradition router the packet switching are done in software (microprocessor based), Big difference if the microprocessors (note plural) aren't doing anything except forwarding, and run a real time OS. The key thing is that you don't want forwarding going through the processor that runs routing protocols, system management, etc. -vicky true enough. but in my opinion it depends on what hw you have in play and for what purpose. whether it is going to be classic line cards, switch fabric cards or distributed forwarding cards and whether the packet switching is going to be flow based or cef based. i guess one should have a good understanding for what their network traffic looks like and a good baseline before retrofitting to high powered hw which can be a big waste of money and resources. A real challenge is where to implement QoS, because it tends to get beyond the complexity of a true ASIC and really has to be done in a microcode-loaded processor. --vicky for me polling and gathering different qos snmp data variables has been a challenge rather than hw issue, so i can't really comment on that. whereas in l3 switch it is done by asic in hw and mls is used to increase routing performance by doing packet switching and rewrites in hw (asics). There's a bit of Cisco marketing-speak here, which was actually a reaction to competitors who brought up the concept switch if you can, route when you must. Hardware and software technology have moved on since then, and the line is much more blurred between the two. It's more important to think of separating the forwarding, control, and upper layer services path (and being sure there's no mutual interference) than it is to consider the actual hardware processing elements (ASICs, microcoded or RISC processors, etc.) ---vicky in my opinion, what's important and necessary is control/forward plane inter-relation. that's all. regards, /vicky This emphasis on ASICs also ignores a couple of common bottlenecks: memory and fabric. To some extent, you can get around memory limitations by having distributed memories for distributed processors. For the fabric, you can move from shared bus, to shared memory, and eventually to crossbar (ignoring optical trends). As I mentioned in a previous post that's partially below, you don't necessarily need ASICs if you have enough distributed processors, using the term processor to include microcode sequencers, FPGAs and EA-FPGAs, etc. In research prototypes, I've been involved in routers that had true processors, running on the forwarding boards, that ran a real-time OS. These processors did have certain functions custom-built in hardware. Also, the processors can have coprocessors -- the Nortel Shasta products, for example, have an encryption chip more or less next to general board-level processors, with a high-speed path between them. Even with ASICs, the L2 and L3 decisions, rewrite, etc. often are in separate chips. Remember a processor can be