two 1900 catalyst switches cannot exchange VLAN info even [7:63613]
all, I have 2 cisco catalyst 1900 switches with VLANS configured on it when I tried to enable trunking on both of the trunk ports and make the two catalyst 1900 switched run VTP vlans information just can't travel across the switches, appreciate if anyone with similar problems tell me what to do suaveguru __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63613&t=63613 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
passed CID [7:63614]
Hi All, Just passed CID. Thank's for all exam related info. Regards, Chris A. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63614&t=63614 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Unable to ping ethrnet of f/w from router.Why ? [7:63615]
hello all I have cisco router,router A with multiple WAN links connected to it. on this LAN we have checkpoint f/w having default route pointing to internet router . The default route on router A points to ethernet ip add of f/w. However I cannot ping from router tofirewall (the ethernet of f/w) I am able to ping the f/w ip add. from other pcs on LAN. Why is it so ? I have given the network diagram below FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: SNIFFER SOFTWARE [7:63586]
I have had problems getting it to install too, search NAI I think there is an article about it Symon -Original Message- From: PacketEXPERTS [mailto:[EMAIL PROTECTED] Sent: 24 February 2003 03:25 To: [EMAIL PROTECTED] Subject: Re: SNIFFER SOFTWARE [7:63586] Really, both of my installs stopped me dead in my tracks, Hummm I wounder if I am the only one, maybe it's just me, sure hope that I get more feed back on this matter. Mike Mandulak wrote:It works fine for me, but I did do an uninstall/reinstall after upgrading to XP. - Original Message - From: "PacketEXPERTS" To: Sent: Sunday, February 23, 2003 12:42 PM Subject: SNIFFER SOFTWARE [7:63586] > Sniffer Pro 4.5 and NetXRay 3.0 work fine with Windows 98, but is > there a patch, or a way to upgrade Sniffer Pro 4.5 or NetXRay 3.0 to > be compatable with Windows XP? > > > = = = = = = = = = = = = = = = = = = > Please send replys to: > > [EMAIL PROTECTED] > = = = = = = = = = = = = = = = = = = > > > - > Do you Yahoo!? > Yahoo! Tax Center - forms, calculators, tips, and more = = = = = = = = = = = = = = = = = = Please send replys to: [EMAIL PROTECTED] = = = = = = = = = = = = = = = = = = - Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, and more = This email has been content filtered and subject to spam filtering. If you consider this email is unsolicited please forward the email to [EMAIL PROTECTED] and request that the sender's domain be blocked from sending any further emails. = Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63616&t=63586 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Different usename n pwd for PAP and CHAP [7:63442]
Hi Deepak, I'm not sure if I follow. Say for example you wanted userA to connect via CHAP and userB to connect via PAP, this would indeed be possible, but usera and userb, could not have the same username. Most of the ISP's that i have worked for only accept CHAP since the password is no passed in clear txt, and most dialup clients now support CHAP. Similarly DDR scenarios, when y ou have your router connecting to anotehr router (or ISP), you would also want to implement CHAP, for obvious security reasons. The only time I have use pa is when use legacy dialup clients that don't support CHAP. Hope this helps. Cheers Troy Deepak N wrote: > > Hi Troy > Thanks for the reply > >So, this would mean, there is no possibility of using one > set of username/password for CHAP and another set for PAP, i > guess. > The same set of username/password for eg: cisco/cisco would be > used for both CHAP and PAP. > > Regards > Deepak > > > Troy Leliard wrote: > > > > Normally you would only get one username / password., and the > > ISP would configure CHAP, then PAP authentication, ie if the > > cllent (user) tries to authenticate, and CHAP fails, it will > > then authenticate using PAP. (CHAP Should always come first > as > > it is the more secure authentication method). > > > > Hope this helps > > > > > > Deepak N wrote: > > > > > > Hi > > > I am having this question. > > > When configuring the username and password for PAP n CHAP, i > > am > > > giving different username n password. > > > Is there any customer scenario where this kind of situation > is > > > there? > > > Also does the ISP provide different username n password for > > > different authentication types i.e, one set of username n > > > password for CHAP and another set of username and password > for > > > PAP. > > > i assume that ISP gives only one authentication type either > > > CHAP or PAP not both. > > > I need inputs from all of you > > > > > > Thanks in advance > > > > > > Deepak > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63617&t=63442 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
self originated LSA [7:63619]
I HOPE YOU CAN SEE THIS PICTURE Thank you for your reply See attached documents Network configuration is attached as an image and Cisco config maker File The event for the following ip addresses: : Received more recent self-originated >LSA. Type LS-ASE LSID (172.16.142.144) router (172.16.140.1) neighbor (172.16.255.1) : Received more recent self-originated >LSA. Type LS-ASE LSID (172.16.142.152) router (172.16.140.1) neighbor (172.16.255.1) : Received more recent self-originated >LSA. Type LS-ASE LSID 0.0.0.0 router (172.16.140.1) neighbor (172.16.255.1) Thank you again for your help Hanan [GroupStudy removed an attachment of type image/png which had a name of image001.png] [GroupStudy removed an attachment of type image/jpeg which had a name of image002.jpg] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63619&t=63619 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Network Blackholes. [7:63620]
Hi All, Have a question for all the networking guru's. Can somebody explain me the concept of network blackholes. Any idea how to block these on the router using access-lists ? Regards Manoj Ghorpade. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63620&t=63620 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Wireless Help.... [7:63621]
Team, Finally I am able to have access to an AP1200, I want to thank Jim Brown for his kindness of making this device available to me behind the DMZ. I have full access to it, I am able to connect to it via my browser or via telnet without problem, very easy to configure but my dilemma is the following: According to Cisco documentation I should be able to have access to a CLI and do all my configuration this way as well but I don't see to be able to do this any ideas what I have to do in order for me to have full access to the CLI Thanks, Juan Juan Blanco The greatest glory in living lies not in never falling, but in rising every time we fall ." -- Nelson Mandela Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63621&t=63621 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Flooding Problem [7:63622]
Every 1 minute and 30 seconds the switches (6509 and 5500) are flooding traffic. The CAM agingtime content is changing more than the expected. The Spanning Tree are stable. There is minimum TCNs on the network. We are looking at some of the MAC addresses to see if they are valid stations. Other point that we are working on is asymetric routing. Any thoughts on that? SWITCH> (enable) sh time Mon Feb 24 2003, 09:31:01 GMT-3 SWITCH> (enable) sh time Mon Feb 24 2003, 09:31:16 GMT-3 SWITCH> (enable) sh cam count dy Total Matching CAM Entries = 2855 SWITCH> (enable) sh cam count dy Total Matching CAM Entries = 2879 SWITCH> (enable) sh cam count dy Total Matching CAM Entries = 3617 SWITCH> (enable) sh cam count dy Total Matching CAM Entries = 3637 SWITCH> (enable) SWITCH> (enable) sh time Mon Feb 24 2003, 09:33:37 GMT-3 SWITCH> (enable) sh time Mon Feb 24 2003, 09:33:41 GMT-3 SWITCH> (enable) sh cam count dy Total Matching CAM Entries = 3670 SWITCH> (enable) sh cam count dy Total Matching CAM Entries = 3674 SWITCH> (enable) sh cam count dy Total Matching CAM Entries = 3679 SWITCH> (enable) sh cam count dy Total Matching CAM Entries = 3683 SWITCH> (enable) sh cam count dy Total Matching CAM Entries = 3686 SWITCH> (enable) sh cam count dy Total Matching CAM Entries = 3694 SWITCH> (enable) sh cam count dy Total Matching CAM Entries = 1286 SWITCH> (enable) sh time Mon Feb 24 2003, 09:34:47 GMT-3 SWITCH> (enable) sh time Mon Feb 24 2003, 09:34:48 GMT-3 SWITCH> (enable) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63622&t=63622 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NAT definition [7:63624]
R1---WAN-R2 || PC1 PC2 PC1:10.1.1.1/24 PC2:152.1.1.1/24 ip nat inside source static 10.1.1.1 195.1.1.1 ! int e0 ip add 10.1.1.2 255.255.255.0 ip nat inside ! int s0 ip add 195.1.1.2 255.255.255.0 ip nat outside ! ip route 152.1.1.0 255.255.255.0 Serial0 int e0 ip add 152.1.1.254 255.255.255.0 ! int s0 ip add 195.1.1.3 255.255.255.0 ! ip route 10.1.1.0 255.255.255.0 Serial0 When I configured ip nat outside in e0 and ip nat inside in s0 above configuration, how should I configure the ip nat definition ? For example, I configured below. But it failed. ip nat outside source static 10.1.1.1 195.1.1.1 I don't understand how to configure 'ip nat inside' and 'ip nat outside','ip nat inside/ouside source static x.x.x.x y.y.y.y'. Please tell me easily ! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63624&t=63624 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Network Blackholes. [7:63620]
AFAIK blackholes in networking have to do with reachability or more accurately lack thereof not something you block via access-lists. I suppose you could create blackholes with access-lists though;) Dave Manoj Ghorpade wrote: > Hi All, > Have a question for all the networking guru's. > Can somebody explain me the concept of network blackholes. > Any idea how to block these on the router using access-lists ? > > Regards > > Manoj Ghorpade. -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "You don't make the poor richer by making the rich poorer." --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63623&t=63620 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
DHCP Relay [7:63625]
Hi all, A simple DHCP question for you. How do I configure the router (Cisco 1720) at our remote site to forward DHCP requests back to our Windows 2000 DHCP server at the head office? IOS Version is 12.0(3)T & both routers are identical Cheers Stu Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63625&t=63625 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Written Traning [7:63494]
I used Caslow, found it really good, also used the new Cisco Press book (both the R&S,l and the lab). Even if you are studying for your written exam, it sometimes really helps to go through what you are learning in a lab environment The Long and Winding Road wrote: > > a couple of comments in-line, like the skates: > > > ""Howard C. Berkowitz"" wrote in message > news:[EMAIL PROTECTED] > > At 10:21 PM + 2/22/03, Kaminski, Shawn G wrote: > > >You're talking about the old exam. While the Caslow book > probably still > > >covers some of the material on the new exam, the new exam is > much more in > > >depth on goofy stuff. Follow the blueprint for the best > results. > > > > > >Shawn K. > > > > Different books have different objectives. Caslow, I believe, > > remains the best book giving a general strategy for analyzing > lab > > scenarios and planning the lab effort, although it may be > dated on > > some of the specific technologies. > > > > Caslow most definitely is a CCIE Lab strategy guide, and yes > some specifics > are maybe a bit dated. For example, Caslow suggests confgiuring > your Lab in > latyers, starting by doing the physical cabling, then adding > the L2 > protocols all the way around, prior to any L3 addressing. > Obviously, since > the candidate does no cabling in the one day scenario ( and > eventually in > the all remore rack scenario that no doubt is in the pipeline ) > this > strategy is obsolete. > > Even the 2nd edition was released two years ago, so yeah, it > still talks > about IPX, but many of the other topics covered are well worth > considering. > And yeah, Caslow doesn't cover certain topics which are seeing > more point > value in the recent spate of CCIE Labs. > > > > > Given the time lag of books -- often a year or more between > first > > contract and commercial availability -- you simply may not be > able to > > depend on a single review book for the written. There > certainly can > > be valid review books for specific new technologies, but they > need to > > be supplemented by reading in current online sources ranging > from > > CCO, to RFCs and I-D's, to reliable websites. > > > > There certainly are both free and commercial sources of > scenarios > > that explore the new technologies, but those won't teach the > > underlying principles[1] -- which is more the focus of the > CCIE > > Written. Shawn gives a good starting point of printing the > > blueprints and CCO material, although that isn't always > enough. > > > > Don't rule out looking at the documentation of similar > features from > > other vendors. Long before I worked for Nortel (and I don't > any > > longer), I'd occasionally be baffled by something in the Cisco > > documentation. Sometimes, I'd find the downloadable Nortel > > documentation for the equivalent feature easier to read. > "Match > > template" , for example, is much more intuitive to me than > > "access-list", especially considering "access control list" > already > > has well-defined meaning in security, a meaning somewhat > different > > than Cisco's. > > > I'm fascinated by the access-list, which is Cisco's structure > for initiating > a lot of different things, including route-maps, security > structures, > filtering, and the like. It's as if the access-list is central > to > understanding Cisco in much the same way that certain kinds of > structures > are central to C programming. > > > > > > I'm comfortable with RFCs and reading IETF mailing lists, but > I > > recognize not everyone else is. Sort of an aside on > that--with one > > more conference call, I _think_ our BMWG draft on BGP > convergence > > terminology will be ready to go to RFC. Ironically, the most > > controversial parts are in definitions that we needed to > clean up > > ambiguities in the current BGP standard, RFC 1771. The > current draft > > of the new BGP standard, which you can find by going to > www.ietf.org > > and navigating to "working groups" and then "IDR", is MUCH > closer to > > real-world practice than is 1771. For example, contrary to > general > > belief, AS path length as a BGP route selection criterion is > not in > > 1771, but is in the new draft. > > > > Howard > > > > [1] I recommend the term "principles" rather than "theory" > for most > > discussions > > in certification. In my mind, "theory" is much more > what protocol > > designers consider in creating protocol specifications, > while > > "principles" > > detail the implementation requirements and options -- > and how they > work > > _within_ the protocol specifications. > > > > > > > >-Original Message- > > >From: Larry Letterman [mailto:[EMAIL PROTECTED] > > >Sent: Friday, February 21, 2003 2:34 PM > > >To: [EMAIL PROTECTED] > > >Subject: Re: CCIE Written Traning [7:63494] > > > > > >I studied the caslow book and did the paper by Dennis L. on > > >the sna token ring stuff. > > >The Boson test by the same Dennis was the icing on the cake > > >f
Re: DHCP Relay [7:63625]
Stuart Pittwood wrote: > How do I configure the router (Cisco 1720) at our remote site to forward > DHCP requests back to our Windows 2000 DHCP server at the head office? Look at 'ip helper-address'. Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63626&t=63625 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Telnet Hole [7:63627]
I was told that there was a telnet security hole in Cisco's IOS. I was told there was a way where you could specify a level to telnet into and doing so could over ride passwords set on the VTY term. Does any one know if this is true? Second has it been patched in IOS 12.x? and lastly how is this attack performed Thank you, Steven Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63627&t=63627 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISS Real Secure Vs Cisco IDS [7:63461]
A good, relevant quote from one of the SANS instructors: (Eric Cole, IIRC) "Prevention is ideal, but detection is a must" I.e. - stopping the attack altogether is the best possible outcome, but failing that you must be able to know that something -has- happened or -is- happening. Otherwise, you have nothing ... (quite literally) Thanks! TJ [EMAIL PROTECTED] -Original Message- From: Jim Brown [mailto:[EMAIL PROTECTED] Sent: Friday, February 21, 2003 11:27 PM To: [EMAIL PROTECTED] Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] Come on now, the slammer worm? If you are security conscious this shouldn't have had any effect on you. Microsoft released a patch last summer. Security is a best effort solution. It is about layers and maintenance. You cannot eliminate risk, you can only reduce risk. An IDSs responsibility is to pick up attacks on the wire, not prevent them. I personally don't believe in allowing my IDS to respond to an attack. -Original Message- From: cebuano [mailto:[EMAIL PROTECTED] Sent: Friday, February 21, 2003 8:22 PM To: [EMAIL PROTECTED] Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] Hi Albert, Very good point. Which brings me to this question - how can one measure the security of a network? It almost always is an after-the-fact response whichever vendor you choose. As you pointed out in your example regarding the slammer virus, have you heard any vendor claiming immunity from this? Is "detecting" synonymous with "preventing"? I'm also interested in this topic due to the fact that the pricing structure from almost ALL the major players in the IDS/Firewall market is astronomical. Elmer -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Albert Lu Sent: Friday, February 21, 2003 9:19 AM To: [EMAIL PROTECTED] Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] Hi Troy, Must be some secure site, reason I was interested is that I had a discussion with someone else before in regards to multi-vendor IDS solutions and how effective they might be. So if you mostly rely on manual action, and an attack came in after hours, how quickly can you respond to your alerts? Since for some attacks, a half hour response time could cause your site to be down (eg. slammer virus). If that was the case, even if you had all the vendor's IDS, it will be useless. Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, February 21, 2003 10:57 PM To: [EMAIL PROTECTED] Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] As with most things, you need to way up costs againts your requirements. IN our case, security is absolutely essential, so having a multivendor security solutions (and indeed fully redundant) is costly, but we see it as justified. With regards to action during attacks etc. We mostly rely on manual actions as we dont want to inadvertently block legitimate traffic (for example if an attack came from a spoofed IP). For automatic action, you can make use of Ciso Policy manage, which has the ability to dynamically rewrite ACL's, on Pix's, Routers, and indeed Cat's. according to data from IDS. So for example, if you where really paraniod (like we are),. you could have pix's as the first firewall, with IDS on the inside / dmz etc (using IDSM or standalone IDS), tie these together with Policy manager .. then taking a further step into your network, a set of Nokia Fw1 NG, along with further Nokia IDS solutions on the inside, and tied together using the enterprisef software! Albert Lu wrote: > > Hi, > > I'm just curious about your multi-vendor solution. It must cost > quite alot > in order to have 3 IDS running. What about redundancy, if you > are using dual > switch/router/fw/ids, you would have a total of 6 IDS. > > Being able to detect attacks with multiple IDS is one thing. > What action can > it take once the IDS detects an attack? Logging it into the > syslog server is > not enough. > > Albert > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Friday, February 21, 2003 7:53 PM > To: [EMAIL PROTECTED] > Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] > > > Hi Sean, > > I currently use Cisco IDSM (IDS module for the Cat6500), Nokia > IDS, and > Snort on the server themselves. You can never be paranoid > enough about > these sort of things. Each vendor has different exploits etc, > so by > implementing a multi vendor path to your critical servers, you > protect > yourself from any signle vendor specific exploit! > > > > > Sean Kim wrote: > > > > Hello all, > > > > My company is thinking about installing an IDS (dedicated > > appliance type) for our network. > > As far as I know, the Real Secure and the Cisco IDS are two > > biggest names out there. So I checked out the documents and > > white papers provided by the each company, but I couldn't > > really come up with what the differences are between them, and > > w
Re: Network Blackholes. [7:63620]
My understanding is that there are some IP addresses that will never be reachable so you route those to null to prevent them being used in DoS attacks etc. These are called "blackhole routes" I dont know if thats what you were thinking of? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63629&t=63620 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Where to Start for CCNP [7:63630]
I recently passed my CCNA, and I am interested in starting on my CCNP. I am taking classes at a local college that offers 10 week classes based around each of the 4 tests. Basically the CCNP path lasts 40 weeks. I start in the fall and I wanted to get a jump start on my learning as I have been told the skill level between the 2 certs is great. I have a few low end routers as home, and 1 5000 switch. Can any one point me in the right direction as far where I should start? Should I just buy a book on OSPF or BGP for the routing section? Or is there a better way. Thanks all, Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63630&t=63630 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ospf network self originated LSA [7:63631]
hanan [GroupStudy removed an attachment of type application/ms-tnef which had a name of winmail.dat] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63631&t=63631 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Telnet Hole [7:63627]
There is an SSH telnet issue in the IOS. An attack can made with SSH, but it is supposed to be fixed in later versions of ios. We have switched to SSH on the cisco campus using the new version that fixed the bug. Larry Letterman Network Engineer Cisco Systems - Original Message - From: "Steven Aiello" To: Sent: Monday, February 24, 2003 8:29 AM Subject: Telnet Hole [7:63627] > I was told that there was a telnet security hole in Cisco's IOS. I was > told there was a way where you could specify a level to telnet into and > doing so could over ride passwords set on the VTY term. Does any one > know if this is true? Second has it been patched in IOS 12.x? and > lastly how is this attack performed > > Thank you, > Steven [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63632&t=63627 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
QoS difficult (?) question [7:63633]
hallo Qos ! I have 5 types of traffic: A, B, C, D, and E. I want to reserve 20% of bandw for each type. If I have no traffic (or less than the reserved 20%)for some of the types, I want that this remaining bandw to be allocated to the other types of traffic, but in a priority way : Ahttp://taxes.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63633&t=63633 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Network Blackholes. [7:63620]
Blackholing is frequently used to block traffic to known 'bad' addresses, or to alleviate a (D)DoS attack victim's woes. Using ACL's is not the preferred way however - just route traffic to nul0 (use no icmp unreachables too ... ) Google can be your friend! Thanks! TJ -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED] Sent: Monday, February 24, 2003 10:19 AM To: [EMAIL PROTECTED] Subject: Re: Network Blackholes. [7:63620] AFAIK blackholes in networking have to do with reachability or more accurately lack thereof not something you block via access-lists. I suppose you could create blackholes with access-lists though;) Dave Manoj Ghorpade wrote: > Hi All, > Have a question for all the networking guru's. > Can somebody explain me the concept of network blackholes. > Any idea how to block these on the router using access-lists ? > > Regards > > Manoj Ghorpade. -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "You don't make the poor richer by making the rich poorer." --Winston Churchill ** The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63634&t=63620 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Telnet Hole [7:63627]
Larry, Thank you for your reply, however what I was speaking of did not involve SSL. I know this may seem strange I know I am not mistaking. I checked with my Cisco instructor and he also remembered the exploit. The instructor even verified the passwords and config on the router. I am assuming he knows what he is doing because he is certified by Cisco to teach. He however could not recall how to preform the attack. This attack involed straight Telnet. I know in our labs at school we use IOS 11.2, and the attack was successful. Any one else know of this? Thank you, Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63635&t=63627 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Flooding Problem [7:63622]
What is the timer for the CAM table? Is it still set to 5 minutes, the default? If so and you really do have asymmetric routing, then unicast packets might indeed get flooded. With asymmetric routing a switch can lose track of which port to use for a MAC address. This happens when replies come back in via a router interface but requests have the ability to go out a switch interface. One fix is to simply make the CAM table age less often. Some of the white papers that discuss this situation on Cisco's Web site are incomprehensible, but some of them are good. Did you find this one already? http://www.cisco.com/en/US/tech/tk648/tk365/technologies_tech_note09186a0080094afd.shtml#t8 My first reaction to your e-mail wasn't to worry about asymmetric routing, though. My first reaction was that you might be under attack. How good is your security? How about protection from Trojan horses. An nice little hack would be a Trojan horse that sends huge amounts of traffic with different MAC addresses, causing the CAM table to fill up, which will result in some flooding. I guess that's why you mentioned that you are looking at the MAC addresses to see if they are valid. Port security could solve this problem, though it's a hassle. But you could make sure that only the legitimate MAC address is allowed into each port (or at least suspect ports). By the way, how do you know flooding is happening? The information below doesn't tell us anything other than that the number of entries in the CAM table is changing which is normal, especially with a default 5-minute timer for how long an entry remains in the table. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com [EMAIL PROTECTED] wrote: > > Every 1 minute and 30 seconds the switches (6509 and 5500) are > flooding > traffic. > > The CAM agingtime content is changing more than the expected. > > The Spanning Tree are stable. There is minimum TCNs on the > network. > > We are looking at some of the MAC addresses to see if they are > valid > stations. > > Other point that we are working on is asymetric routing. > > Any thoughts on that? > > SWITCH> (enable) sh time > Mon Feb 24 2003, 09:31:01 GMT-3 > SWITCH> (enable) sh time > Mon Feb 24 2003, 09:31:16 GMT-3 > SWITCH> (enable) sh cam count dy > Total Matching CAM Entries = 2855 > SWITCH> (enable) sh cam count dy > Total Matching CAM Entries = 2879 > SWITCH> (enable) sh cam count dy > Total Matching CAM Entries = 3617 > SWITCH> (enable) sh cam count dy > Total Matching CAM Entries = 3637 > SWITCH> (enable) > SWITCH> (enable) sh time > Mon Feb 24 2003, 09:33:37 GMT-3 > SWITCH> (enable) sh time > Mon Feb 24 2003, 09:33:41 GMT-3 > SWITCH> (enable) sh cam count dy > Total Matching CAM Entries = 3670 > SWITCH> (enable) sh cam count dy > Total Matching CAM Entries = 3674 > SWITCH> (enable) sh cam count dy > Total Matching CAM Entries = 3679 > SWITCH> (enable) sh cam count dy > Total Matching CAM Entries = 3683 > SWITCH> (enable) sh cam count dy > Total Matching CAM Entries = 3686 > SWITCH> (enable) sh cam count dy > Total Matching CAM Entries = 3694 > SWITCH> (enable) sh cam count dy > Total Matching CAM Entries = 1286 > SWITCH> (enable) sh time > Mon Feb 24 2003, 09:34:47 GMT-3 > SWITCH> (enable) sh time > Mon Feb 24 2003, 09:34:48 GMT-3 > SWITCH> (enable) > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63636&t=63622 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Network Blackholes. [7:63620]
I believe you can also route to a 20.x.x.x ... not sure though - Original Message - From: "Lauren Child" To: Sent: Monday, February 24, 2003 12:40 PM Subject: Re: Network Blackholes. [7:63620] > My understanding is that there are some IP addresses that will never be > reachable so you route those to null to prevent them being used in DoS > attacks etc. These are called "blackhole routes" > > I dont know if thats what you were thinking of? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63637&t=63620 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Static Xlates on PIX [7:63638]
I have a PIX sitting behind a DSL router with a public DHCP address. I would like to do the following: 1) If a www request comes in send to host A (10.0.0.111) 2) If a PCanywhere request comes in send to host A (10.0.0.111) 3) If a AH request(authentication header - needed for my VPN tunnel establishment from behind the PIX), send to host B (10.0.0.5) Here is how my PIX is setup now: static (inside,outside) tcp interface pcanywhere-data 10.0.0.111 www static (inside,outside) tcp interface pcanywhere-data 10.0.0.111 pcanywhere-data static (inside,outside) udp interface pcanywhere-status 10.0.0.111 pcanywhere-status This covers 1 & 2 fine. However, I can't make number three work without creating a plain static to 10.0.0.5, because the VPN tunnel establishment does not use TCP or UDP therefore, I can't do a port redirect. It uses AH. It seems to me that if I did the following setup, it would work because the PIX should evaluate statics sequentially. But is does not work, it sends all requests to 10.0.0.5, totally ignoring the port redirected statics to 10.0.0.111 static (inside,outside) tcp interface pcanywhere-data 10.0.0.111 www static (inside,outside) tcp interface pcanywhere-data 10.0.0.111 pcanywhere-data static (inside,outside) udp interface pcanywhere-status 10.0.0.111 pcanywhere-status static (inside,outside) interface 10.0.0.5 Does anyone have an idea of how I could get this to work? Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63638&t=63638 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: FW: Ethernet Slot Time and Delay [7:63581]
Newell Ryan D SrA 18 CS/SCBT wrote: > > > A collision could happen at the other end of the network > segment. > > I thought on 10BaseT net a NIC was notified of a collision by > its RX pin > getting data. So if Station A was transmitting and it was on > bit 27 and > station B > started TX and by the time it got Station As first bit and was > on bit 2. Is > the collision said to happen at the location the data crossed > on the 'bus' > or at the NIC? Technically, the collision happens where the data crossed, which on old coax cables caused a signal reflection and resulted in extra voltage that the sender could sense. The theory and numbers come from these old networks and thinking of it that way might help you understand it. In a hubbed network, I don't think the signal reflection is really relevant, though. Plus the collision could happen on the backplane of a hub. You are right that on 10Base-T the NIC decides that there is a collision when it receives data while sending. > Back to exampleNow that Station B knows of > the collision > it will finish its preamble and will send a jam signal. So will > Station A. I > can see how round trip would make sense. > > > News of the collision has to travel back to the senders. > > Would it be one of the senders sending jam signals? No. The jam signal just extends the length of the time that they are both sending. It extends the length of the time that the collision event occurs so that nobody else jumps in. > > >The signal travels outwards; the collision news travels back. > > Not really sure what you mean. My wording was old-fashioned. For 10Base-T, it should say "news of the other transmitter travels back to the sender." > > I have been reading your book and the Ethernet book. I have > been trying to > figure this out all weekend. If a bit is 17.7 meters long and > the max of a > distance of a 10BaseT net is 500 meters 500 Meters?? It's 2500 meters. In one example of such a network, there can be 5 segments, 4 repeaters (hubs), but only 3 segments can have end systems. That's the infamous 5-4-3 "rule." It makes a lot of assumptions. Really, the size of the network depends on round-trip propagation delay for the particular equipment, cables, and cable lengths. > with 4 hubs (20 bit > times) that > gives a grand total of 105 bit times. Is this the propagation > delay of the > cable? I've been trying to compare this to the definitive > guides method and > it is just not making sense in my mind. Seems like I'm over > complicating a > simple process. No, it's really not simple. I admire you for working it out. Most people just ingore the details! :-) Good luck with it. Let me know if you have any further questions. It's hard to explain it without spending huge amounts of time on the answers, but I'll try! ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com > > > -Original Message- > From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] > Sent: Monday, February 24, 2003 4:51 AM > To: [EMAIL PROTECTED] > Subject: RE: Ethernet Slot Time and Delay [7:63581] > > > Some descriptions of Ethernet refer to a segment as one side of > a hub, i.e. > just one link. The propagation delay information for a hubbed > networks takes > into account the small amount of time for a repeater to repeat. > The repeater > doesn't do much, but it does regenerate the preamble and > signal. A set of > link "segments" connected via hubs is all one collision domain. > > Anyway, read my book! Please! :-) It covers all of this in gory > detail. > > An earlier version of the Ethernet chapter is also available at > http://www.certificationzone.com/. > > ___ > > Priscilla Oppenheimer > www.troubleshootingnetworks.com > www.priscilla.com > > > Priscilla Oppenheimer wrote: > > > > Newell Ryan D SrA 18 CS/SCBT wrote: > > > > > > If two 10 Base T Ethernet stations transmit at the same they > > > receive data on > > > their receive pins. Will both stations send out a 32 bit jam > > > sequence? > > > > Yes. > > > > > If both stations do send a jam signal, why is the slot time > > > closely related > > > to round trip propagation delay? I would think it would be > one > > > way. > > > > A collision could happen at the other end of the network > > segment. News of the collision has to travel back to the > > senders. The signal travels outwards; the collision news > > travels back. > > > > The goal is to make sure that the sender is still sending when > > the news travels back, even if the news had to come from the > > far end of the network segment. If the sender weren't still > > sending, it wouldn't know that its transmission got damaged > and > > wouldn't back off and retransmit. You would lose the feature > of > > the NIC ensuring succussful transmission, which happens in a > > microsecond time span, and have to depend on an upper layer > > figuring out that there's a missing ACK
Re: QoS difficult (?) question [7:63633]
How are you prioritizing traffic? LLQ, priority queueing ect...? Are yor prioritizing over frame, point to point, lan ect...? ""ira"" wrote in message news:[EMAIL PROTECTED] > hallo Qos ! > > I have 5 types of traffic: A, B, C, D, and E. > I want to reserve 20% of bandw for each type. > If I have no traffic (or less than the reserved > 20%)for some of the types, I want that this remaining > bandw to be allocated to the other types of traffic, > but in a priority way : A > Any suggestions ? > > Thanks! > > __ > Do you Yahoo!? > Yahoo! Tax Center - forms, calculators, tips, more > http://taxes.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63640&t=63633 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Static Xlates on PIX [7:63638]
To clarify, my PIX sits behind a DSL modem, not router. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63641&t=63638 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: two 1900 catalyst switches cannot exchange VLAN in [7:63613]
suaveguru wrote: > > all, > > I have 2 cisco catalyst 1900 switches with VLANS > configured on it when I tried to enable trunking on > both of the trunk ports and make the two catalyst 1900 > switched run VTP vlans information just can't travel > across the switches, appreciate if anyone with similar > problems tell me what to do Yes, I'll tell you what to do. :-) Check your configs. Also send us your configs. How can we help without your configs? It sounds like the two switches aren't in the same VTP domain maybe? They must be. Check the spelling and case for the domain name. It is case sensitive. Check for invisible spaces and other weird non-printable characters if there's no obvious typo. Tell us more about the VTP modes in use on the swithces. Are they VTP servers or clients or in transparent mode? Check the version of VTP. There are two versions. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com > > suaveguru > > __ > Do you Yahoo!? > Yahoo! Tax Center - forms, calculators, tips, more > http://taxes.yahoo.com/ > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63642&t=63613 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Network Blackholes. [7:63620]
Rob Thomas has a great site with sample configs. He uses the term "Bogon" to refer to ip addresses that are not allocated. Best that you send incoming packets with those addresses to Null0. Also good to filter those addresses should they be coming from your network. -- Which means that someone inside is up to no good or one of your machines has been hijacked. http://www.cymru.com/Documents/secure-ios-template.html > -Original Message- > From: Evans, TJ (BearingPoint) [mailto:[EMAIL PROTECTED] > Sent: Monday, February 24, 2003 12:07 PM > To: [EMAIL PROTECTED] > Subject: RE: Network Blackholes. [7:63620] > > > Blackholing is frequently used to block traffic to known > 'bad' addresses, or > to alleviate a (D)DoS attack victim's woes. > > Using ACL's is not the preferred way however - just route > traffic to nul0 > (use no icmp unreachables too ... ) > > > Google can be your friend! > Thanks! > TJ > -Original Message- > From: MADMAN [mailto:[EMAIL PROTECTED] > Sent: Monday, February 24, 2003 10:19 AM > To: [EMAIL PROTECTED] > Subject: Re: Network Blackholes. [7:63620] > > AFAIK blackholes in networking have to do with reachability or more > accurately lack thereof not something you block via access-lists. I > suppose you could create blackholes with access-lists though;) > >Dave > > Manoj Ghorpade wrote: > > Hi All, > > Have a question for all the networking guru's. > > Can somebody explain me the concept of network blackholes. > > Any idea how to block these on the router using access-lists ? > > > > Regards > > > > Manoj Ghorpade. > -- > David Madland > CCIE# 2016 > Sr. Network Engineer > Qwest Communications > 612-664-3367 > > "You don't make the poor richer by making the rich poorer." --Winston > Churchill > ** > > The information in this email is confidential and may be legally > privileged. Access to this email by anyone other than the > intended addressee is unauthorized. If you are not the intended > recipient of this message, any review, disclosure, copying, > distribution, retention, or any action taken or omitted to be taken > in reliance on it is prohibited and may be unlawful. If you are not > the intended recipient, please reply to or forward a copy of this > message to the sender and delete the message, any attachments, > and any copies thereof from your system. > ** > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63643&t=63620 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Access List help!! [7:63644]
Hello all. I'am stumped on an access-list that i need to create. What i did was i set up two routers using rip and put loopbacks on one of them and advertised them in rip. I then attempted to build an access-list allowing just these networks to pass into the other router. The router with the loopbacks is A the destination is B. so I know this will be a standard access list (direction in) on router B's interface to router A. The requirements are allow any packet originating from 192.17.77.0 /24 allow any packet originating from 192.17.73.0 /24 allow any packet originating from 192.81.77.0 /24 allow any packet originating from 192.81.73.0 /24 allow any packet originating from 176.17.77.0 /24 allow any packet originating from 176.17.73.0 /24 allow any packet originating from 176.81.77.0 /24 allow any packet originating from 176.81.73.0 /24 Hers what i think i can do with the 182 address i can do permit ip 192.17.73.0 0.64.4.0 because the 64 will increase the second octet to 81 then the 4 in the third bit will increase the network to 77. Is this how i would impliment this filtering policy in just two statements? The same way with the 176 networks? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63644&t=63644 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco 2691 [7:63645]
Hello, anybody knows where can I get informations about cisco2691? WAN/LAN integrated... slots for WAN expansions... princing... I have to connect 12 point... does this equipment support that number of connections? thanks Pedro - Original Message - From: "hanan" To: Sent: Monday, February 24, 2003 1:57 PM Subject: ospf network self originated LSA [7:63631] > hanan > > [GroupStudy removed an attachment of type application/ms-tnef which had a > name of winmail.dat] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63645&t=63645 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Log files Pix & Chkpnt [7:63646]
Does anyone know of a product that will merge log files from multiple sources Snort, PIX, Checkpoint, etc...? I'm trying to centralize much of our security management responsibilities. Thanx, Mike J. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63646&t=63646 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ospf - rip redistribution issue, [7:63647]
Hello, I have ospf in to rip redistribution on a /24 classfull boundary, I Summarized/ area range(d) all the networks in ospf domain to /24 to get them to show up in rip.domain. No real problems here, though I haved one network in ospf 200.200.0.0/16 which is not showing up in rip router. What can I do to make this /16 route cross the classfull boundary, as its prefix is shorter that the /24 network it need to cross thus cant be summarised. Or should this route be capable of traversing the /24 classful boundary, automatically,. Any help greatly appreciated. Kind regard. Paul. This E-mail is from O2. The E-mail and any files transmitted with it are confidential and may also be privileged and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised direct or indirect dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received the E-mail in error please notify [EMAIL PROTECTED] or telephone ++ 353 1 6095000. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63647&t=63647 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ospf - rip redistribution issue, [7:63647]
""Casey, Paul (6822)"" wrote in message news:[EMAIL PROTECTED] > Hello, > > > I have ospf in to rip redistribution on a /24 classfull boundary, I > Summarized/ area range(d) all the networks in ospf domain to /24 to get them > to show up in rip.domain. > > No real problems here, though I haved one network in ospf 200.200.0.0/16 > which is not showing up in rip router. > What can I do to make this /16 route cross the classfull boundary, as its > prefix is shorter that the /24 network it need to cross thus cant be > summarised. > Or should this route be capable of traversing the /24 classful boundary, > automatically,. > Any help greatly appreciated. depending upon your other restrictions ( is this a practice lab or a production network? ) you can make make the receiveing router a RIPv2. Then the process will accesspt the 200.200.0.0/16 CIDR prefix. In the Cisco world, the RIPv1 routers will accept this prefix, *I think* because Cisco rip1 routers can receive rip2 routes. in a mixed vendor environment, this might not work at all. > > Kind regard. > Paul. > > > > > This E-mail is from O2. The E-mail and any files > transmitted with it are confidential and may also be privileged and intended > solely for the use of the individual or entity to whom they are addressed. > Any unauthorised direct or indirect dissemination, distribution or copying > of this message and any attachments is strictly prohibited. If you have > received the E-mail in error please notify [EMAIL PROTECTED] or > telephone ++ 353 1 6095000. > > * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63648&t=63647 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Log files Pix & Chkpnt [7:63646]
Try www.micromuse.com or logboss at http://www.securityprofiling.com/logboss.htm. HTH, Charles wrote in message news:[EMAIL PROTECTED] > Does anyone know of a product that will merge log files from multiple > sources Snort, PIX, Checkpoint, etc...? > > I'm trying to centralize much of our security management responsibilities. > > Thanx, > Mike J. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63649&t=63646 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Telnet Hole [7:63627]
Haven't heard of that one but here is one I am aware of: http://www.cisco.com/en/US/customer/products/hw/routers/ps274/products_security_advisory09186a00800b1699.shtml Dave Steven Aiello wrote: > I was told that there was a telnet security hole in Cisco's IOS. I was > told there was a way where you could specify a level to telnet into and > doing so could over ride passwords set on the VTY term. Does any one > know if this is true? Second has it been patched in IOS 12.x? and > lastly how is this attack performed > > Thank you, > Steven -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "You don't make the poor richer by making the rich poorer." --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63650&t=63627 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Where to Start for CCNP [7:63630]
buy the course books from the cisco press series..thats what the test come from... you can compliment the books with most of the hands on that the books describe on your equipment Larry Letterman Network Engineer Cisco Systems - Original Message - From: "Steven Aiello" To: Sent: Monday, February 24, 2003 9:49 AM Subject: Where to Start for CCNP [7:63630] > I recently passed my CCNA, and I am interested in starting on my CCNP. > I am taking classes at a local college that offers 10 week classes based > around each of the 4 tests. Basically the CCNP path lasts 40 weeks. I > start in the fall and I wanted to get a jump start on my learning as I > have been told the skill level between the 2 certs is great. I have a > few low end routers as home, and 1 5000 switch. Can any one point me in > the right direction as far where I should start? Should I just buy a > book on OSPF or BGP for the routing section? Or is there a better way. > > Thanks all, > Steve [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63651&t=63630 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Telnet Hole [7:63627]
I tried searching Google about this, but I'm not sure if I located the info you requested. This link talks about a Cisco telnet exploit, but it is on Catalyst switches with the CAT-OS: http://www.theregister.co.uk/content/55/23900.html This link is about the same thing, but from Cisco's site: http://www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml Hope this helps! Geoff Mossburg -Original Message- From: Steven Aiello [mailto:[EMAIL PROTECTED] Sent: Monday, February 24, 2003 1:19 PM To: [EMAIL PROTECTED] Subject: Re: Telnet Hole [7:63627] Larry, Thank you for your reply, however what I was speaking of did not involve SSL. I know this may seem strange I know I am not mistaking. I checked with my Cisco instructor and he also remembered the exploit. The instructor even verified the passwords and config on the router. I am assuming he knows what he is doing because he is certified by Cisco to teach. He however could not recall how to preform the attack. This attack involed straight Telnet. I know in our labs at school we use IOS 11.2, and the attack was successful. Any one else know of this? Thank you, Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63652&t=63627 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Trunk question [7:63653]
Hello, I'm not a Cisco expert and Ionly have some field experience with configuring switches. So please forgive me for my questions. Today I've been busy configuring a trunk on some Cisco 2950c/2924c switches. Could somebody explain the difference between these two configurations: Config 1: interface FastEthernet0/25 switchport mode trunk no ip address Config 2: interface FastEthernet0/25 switchport access vlan 204 switchport mode trunk no ip address With the first configuration, clients on the VLAN 204 did not get an IP address from the DHCP server. Even clients with a static IP-address could not establish IP contact with other hosts. The switch however could see other switches via the "show cdp" commando. It could also "ping" other switches. (all switches are in a separate management VLAN). When I made the change resulting in configuration two everything worked fine. Note that the trunk is a FX link to a Cisco 2924c switch. This switch has two FX ports. Both ports are configured to be trunk ports. I configured one of those FX ports with the "switchport access vlan 204" aswell. The other FX trunk port has a configuration as shown in config 1. This trunk port has a FX link to a third Cisco 2924c switch. This switch operates in VLAN 107. Everything works fine in this switch. I did not have to specify the "switchport access vlan 107" on either of these ports. Is there some incompatibility issue between 2950c and 2924c? Why didn't it work with config 1 on the Cisco 2950c switch? Can a Cisco 2924c switch have its two FX ports configured as a trunk like in config 1? Even when those two FX ports have physical links to different switches? A lot of questions, but I'm just very curious. To make this a bit more clear I've attached a .txt file with a simple drawing and configurations of the current situation. Thanks in advance, Rutger Sweden [demime removed a uuencoded section named site.txt which was 30 lines] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63653&t=63653 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
adding new switch to VTP domain [7:63654]
Hi All, Tommorrow I will be adding a new 2950 to my switch fabric. I will add another GBIC copper module to my 4006. Does any one know if I can just insert it whilst on ? I remember last time I done this under the old IOS for the 4006 with the supIII, it had a cow and just died. I have the latest IOS on the cat 4006 supIII now and I wonder if it will be an issue ? Also, a gotcha I came across because I do things sometimes to quick (lesson for learners, dont do stupid things) I added a new switch to my VTP domain, and lost info such as VLAns and the like. What I tend to do these days, is the make the switch a client on the VTP domain, before inserting it, change the vtp domain, add it with the cables, then change the vtp domain info back but keeping it a a client. Is this good practice ? Any one know about my first issue ? John ** visit http://www.solution6.com UK Customers - http://www.solution6.co.uk ** The Solution 6 Head Office and NSW Branch has moved premises. Please make sure you have updated your records with our new details. Level 14, 383 Kent Street, Sydney NSW 2000. General Phone: 61 2 9278 0666 General Fax: 61 2 9278 0555 ** This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63654&t=63654 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
GRE tunneling in multicast [7:63655]
Because I use multicast,I'm considering to use GRE tunneling. The equipments are all cisco. Network diagram is like below. Multicast-R1-passport--LL--passport-R2-LAN-R3--FR--R4--LL--R5--Client Server GRE tunneling LL:leased line Passport:Nortel Passport Do I have to need configuring GRE tunneling only between R1 and R2? Or should I configure GRE tunneling between R2 and R5 ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63655&t=63655 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EIGRP & load balancing between ISDN & leased line [7:24630]
Sounds like you need to look into the varience command. Variance is how you tell eigrp to load ballance across unequal bandwidth links. Keep in mind that when both ISDN ports fire up you are talking about a link that is twice as fast as the 64 Kbps Leased Line. Here is a link to the cisco documentation on variance and traffic sharing. http://www.cisco.com/en/US/tech/tk648/tk365/technologies_tech_note09186a008009437d.shtm Hope this helps.. Geoff Kuchera ashish verma wrote: > A branch is connected to two hub locations, one with 64 Kbps Leased line > other with ISDN. Server is at hub location connected by 64Kbps LL. Two hub > locations are connected using multiple 2 Mbps links. EIGRP is implemented. > If ISDN is fired to 2nd location the load balancing does not happen on both > link (64Kbps & ISDN link). If both the channels of ISDN is fired, traffic > goes through ISDN, not through 64Kbps LL. > Load balancing happens if the 64Kbps Leased line & ISDN is connecting to > same hub location. > > We need to share the load when it crosses above 64 Kbps on LL..Any solution ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63656&t=24630 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Security Lab [7:17848]
Actually in the case of 9-11 if your internet was still working it was because your data connection went through a Central office that was not affected by the 9-11 incident. Keep in mind that data and traditional voice still ride for the most part the same carrier services. Our company lost several customers data connectivity due to the 9-11 incident. Incidentally the connectivity loss occured about a week after the buildings dropped when Sprints backup generators at the Manahtten CO failes due to the long term load. We also lost a major connection to one of our service providers that just happened to run out of the WTC. Fortunatly in that case we had two redundant connections in other parts of the country. So saying that the internet was up when the voice channels weren't would be a big over statement. Voice was up for the whole rest of the country and so was the internet. Unless you happened to live on Manhatten and didn't have backup power and a satellite connection. -Geoff nrf wrote: > Buggy/unreliable software is indeed the same anywhere. But when combined > with buggy/unreliable OS's, now we're talking about a solution that is > REALLY buggy and unreliable. For example, if your software is only > guaranteed to run at 3 9's, and your OS is also only guaranteed to run at 3 > 9's, then overall we're talking about a less-than-3-9's of a solution. > > You can actually run packetized voice very reliably, and not just for toll > bypass (although it is definitely true that toll-bypass is the easiest and > most mature kind of packetized voice to do). The key is that you have to > design things in a certain way to maximize your reliability. Many carriers > like SBC use packetized voice with soft-switch signalling in certain parts > of their network, and then you have packetized voice wholesalers like Ibasis > that have massive available voice capacity and a good reputation for > reliability. There was a huge amount of serious talk after 9-11 for Verizon > and other carriers to contract for backup voice capacity through somebody > like Ibasis in case their voice switches got destroyed again - as during > 9-11, people saw that while traditional voice service was severely affected, > packet networks like the Internet were still functioning, so in these kinds > of circumstances, you could say that packetized voice might actually be more > reliable than regular voice.But again, it takes very careful design to > achieve this kind of reliability. > > > ""Chuck"" wrote in message > news:[EMAIL PROTECTED] > >>sure. ok. agreed. >> >>OTOH, buggy / unreliable software is the same, no matter whose platform it >>runs on. A long time ago in a galaxy far away I was able to successfully >>crash Sun Unix boxes several times through sheer ignorance. one was in the >>Sun Sys Admin training class I was taking, the rest were Sun boxes that > > Big > >>Brokerage Firm had installed in the office where I worked. Proof that > > there > >>ain't no such thing as "foolproof" because this here fool can break just >>about anything ;-> >> >>BTW, you have just ht on the major reason for NOT doing packetized voice. > > Or > >>maybe just limiting it to toll bypass, while keeping your PBX. Sometimes I >>think the only real selling point for AVVID is that is "kewl" The biggest >>selling points for Windows way back when were the screen savers and the >>games. MCSE = Microsoft Certified Solitaire Expert >> >> >>""nrf"" wrote in message >>news:[EMAIL PROTECTED] >> >>>Well, this kind of thing cuts both ways. A reseller I know is trying to >>>sell AVVID and is on dangerous ground precisely because CM is on Windows >> >>and >> >>>the potential customer has had some very bad experiences with Windows >>>servers due to reliability issues and so forth. The customer is > > deciding > >>>whether to go with AVVID or a traditional PBX, and the fact that AVVID > > is > >>so >> >>>Windows-centric is a significant minus, and in fact could be the whole >> >>basis >> >>>for losing the deal, because the customer has to know that his phone >> >>system >> >>>is going to always be up without any dithering around. Yes, yes, you > > can > >>do >> >>>things like clustering to improve the reliability of CM, but the simple >> >>fact >> >>>of the matter is that Windows has a well-founded reputation for >>>unreliability when compared to UNIX, and when you're talking about phone >>>systems, unreliability is definitely something that a potential customer >>>does not want to hear. Not at all. This is why you rarely see any >> >>vendors >> >>>of enterprise software (like DB's, ERP, CRM, SCM, etc. etc.) that don't >>>offer a UNIX version - because just like a phone system, these are > > crucial > >>>applications that just have to reliable. >>> >>>""Chuck"" wrote in message >>>news:[EMAIL PROTECTED] >>> for whatever reason, Cisco and Microsoft are partnered for a lot of >>> >>>things. >>> Call Manager for *nix???
Re: Log files Pix & Chkpnt [7:63646]
www.opensystems.com They make a product called Private-I.. It's bar-none the best info-correlation product out there. -- Scott M. Trieste Information Security Consultant p: 201.618.8977 [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] > Does anyone know of a product that will merge log files from multiple > sources Snort, PIX, Checkpoint, etc...? > > I'm trying to centralize much of our security management responsibilities. > > Thanx, > Mike J. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63658&t=63646 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: Ethernet Slot Time and Delay [7:63659]
> 500 Meters?? It's 2500 meters. In one example of such a network, there can > be 5 segments, 4 repeaters (hubs), but only 3 segments can have end > systems. That's the infamous 5-4-3 "rule." It makes a lot of > assumptions. Really, the > size of the network depends on round-trip propagation delay for the > particular equipment, cables, and cable lengths. Maybe I was wrong for thinking that. If my net was all 10 Base T, then with max 5 segments...500 meters. That's were I got that number from. Measuring the size of the collision domain is well under slot time. So I could technically extend the size of the network. One of the things I ran into was the formula to use to calculate the round trip delay. With the formula in your book I came up with 210 bit times round trip for 500 meter 4 hub network. But with the definitive guide's method I got 362 bit times. When I was going back and forth between books I think I got lost somewhere. For a 100 meter cable they suggest 11.3 bit times. While you suggest 5 one-way or 10 round trip...very close. But they start with a base value. Example First segment would be 26.55 bit times instead of 11.3. The base value is 15.25. 15.25+11.3=26.55 bit times for the first segment. I think I understand the theory behind slot time. It takes a station 51.2 micro seconds to transmit the smallest frame. So station a needs to be notified by any other station if a collision was to happen while it was still transmitting. So when the first bit of station a's preamble hits station z (at the other side of the network) rx pins while station z was transmitting, it's first bit hits the repeater. The repeater is going to use collision enforcement to make all stations including station a is aware of the collision. This must happen before station a finishes transmitting the smallest Ethernet frame. I think that is it. So should bit time be the time it takes to transmit the preamble and 512 bits? One more thing... A proper preamble should look like 10101010 or AA. I'm sure I read somewhere that a collision would appear with all 5's or C's. How would that be possible if as soon as the repeater detects a collision it sends out a jam signal out all its ports? Also a frame with a bad CRC is suspect of a collision. How? If you know where I could get more reading on this that would be great! Thanks for answering my questions! "We are what we repeatedly do. Excellence, then, is not an act, but a habit."--Aristotle Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63659&t=63659 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cant establish reverse telnet [7:63660]
It appears that I cannot establish a telnet session to my routers from the term server. How can I clear the line TS#sh ses % No connections open TS#r1 Translating "r1" Trying r1 (1.1.1.1, 2097)... % Connection refused by remote host TS#r2 Translating "r2" Trying r2 (1.1.1.1, 2098)... % Connection refused by remote host TS#clear line ? Line number aux Auxiliary line console Primary terminal line tty Terminal controller vty Virtual terminal TS#clear line thanks Randy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63660&t=63660 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cant establish reverse telnet [7:63660]
I figured it out but dont really understand it. This is what I did line con 0 exec-timeout 0 0 logging synchronous line 97 112 no exec transport input all line aux 0 line vty 0 4 exec-timeout 0 0 password 7 060506324F41 login ! end TS#clear line 97 [confirm] [OK] Was it just the line 97 that was stuck? thx Randy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63661&t=63660 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Security Lab [7:17848]
Actually that is not what I was talking about at all. I was not looking at things from the enterprise standpoint, but rather from a provider standpoint - and specifically from Verizon's standpoint. Verizon lost a lot of voice-switching capacity during 9-11, and while they admittedly and heroically rebuilt most of it quickly, they could have also recovered much of their functionality if they had relationships with an IP wholesaler like Ibasis. My analysis had nothing to do with what enterprises could do about 9-11 (for it is indeed true that enterprise voice and data circuits tend to terminate at the same CO) to utilize of wholesalers but rather what a provider could have done to utilize wholesalers Also, perhaps this was just an oversight on your part, but few if any of the wholesalers actually use the Internet for any of their capacity. IP is not the same as the Internet. The Internet will probably always suffer from problems related to security and/or reliability, because of the cherished anonymity of users (including those who would wreak havoc by creating viruses or DoS attacks) and because of the lack of a true central authority which is good because it allows for innovation, but you must admit is detrimental to reliability.Private IP networks can be properly secured and engineered in a way that the public Internet never can be. ""Geoff Kuchera"" wrote in message news:[EMAIL PROTECTED] > Actually in the case of 9-11 if your internet was still working it was > because your data connection went through a Central office that was not > affected by the 9-11 incident. Keep in mind that data and traditional > voice still ride for the most part the same carrier services. Our > company lost several customers data connectivity due to the 9-11 > incident. Incidentally the connectivity loss occured about a week after > the buildings dropped when Sprints backup generators at the Manahtten CO > failes due to the long term load. We also lost a major connection to > one of our service providers that just happened to run out of the WTC. > Fortunatly in that case we had two redundant connections in other parts > of the country. > > So saying that the internet was up when the voice channels weren't would > be a big over statement. Voice was up for the whole rest of the country > and so was the internet. Unless you happened to live on Manhatten and > didn't have backup power and a satellite connection. > > -Geoff > > nrf wrote: > > Buggy/unreliable software is indeed the same anywhere. But when combined > > with buggy/unreliable OS's, now we're talking about a solution that is > > REALLY buggy and unreliable. For example, if your software is only > > guaranteed to run at 3 9's, and your OS is also only guaranteed to run at 3 > > 9's, then overall we're talking about a less-than-3-9's of a solution. > > > > You can actually run packetized voice very reliably, and not just for toll > > bypass (although it is definitely true that toll-bypass is the easiest and > > most mature kind of packetized voice to do). The key is that you have to > > design things in a certain way to maximize your reliability. Many > carriers > > like SBC use packetized voice with soft-switch signalling in certain parts > > of their network, and then you have packetized voice wholesalers like > Ibasis > > that have massive available voice capacity and a good reputation for > > reliability. There was a huge amount of serious talk after 9-11 for > Verizon > > and other carriers to contract for backup voice capacity through somebody > > like Ibasis in case their voice switches got destroyed again - as during > > 9-11, people saw that while traditional voice service was severely > affected, > > packet networks like the Internet were still functioning, so in these kinds > > of circumstances, you could say that packetized voice might actually be > more > > reliable than regular voice.But again, it takes very careful design to > > achieve this kind of reliability. > > > > > > ""Chuck"" wrote in message > > news:[EMAIL PROTECTED] > > > >>sure. ok. agreed. > >> > >>OTOH, buggy / unreliable software is the same, no matter whose platform it > >>runs on. A long time ago in a galaxy far away I was able to successfully > >>crash Sun Unix boxes several times through sheer ignorance. one was in the > >>Sun Sys Admin training class I was taking, the rest were Sun boxes that > > > > Big > > > >>Brokerage Firm had installed in the office where I worked. Proof that > > > > there > > > >>ain't no such thing as "foolproof" because this here fool can break just > >>about anything ;-> > >> > >>BTW, you have just ht on the major reason for NOT doing packetized voice. > > > > Or > > > >>maybe just limiting it to toll bypass, while keeping your PBX. Sometimes I > >>think the only real selling point for AVVID is that is "kewl" The biggest > >>selling points for Windows way back when were the screen savers and the > >>games. MCSE = Microsoft Certif
DNS and DHCP question [7:63663]
Hi all, A quick question. 803 router, 12.0(4) IOS. Is it possible to acquire DNS server addresses dynamically from an ISP and then distribute them via DHCP to a NATted LAN? I can't seem to work out how to do this. John McGinn Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63663&t=63663 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: adding new switch to VTP domain [7:63654]
For the second practice do the following. 1 Clear config all 2 Power cycle the switch 3 If server mode is used make sure the configuration revision number is 0 Daniel Ladrach CCNP, CCNA WorldCom -Original Message- From: John Brandis [mailto:[EMAIL PROTECTED] Sent: Monday, February 24, 2003 4:33 PM To: [EMAIL PROTECTED] Subject: adding new switch to VTP domain [7:63654] Hi All, Tommorrow I will be adding a new 2950 to my switch fabric. I will add another GBIC copper module to my 4006. Does any one know if I can just insert it whilst on ? I remember last time I done this under the old IOS for the 4006 with the supIII, it had a cow and just died. I have the latest IOS on the cat 4006 supIII now and I wonder if it will be an issue ? Also, a gotcha I came across because I do things sometimes to quick (lesson for learners, dont do stupid things) I added a new switch to my VTP domain, and lost info such as VLAns and the like. What I tend to do these days, is the make the switch a client on the VTP domain, before inserting it, change the vtp domain, add it with the cables, then change the vtp domain info back but keeping it a a client. Is this good practice ? Any one know about my first issue ? John ** visit http://www.solution6.com UK Customers - http://www.solution6.co.uk ** The Solution 6 Head Office and NSW Branch has moved premises. Please make sure you have updated your records with our new details. Level 14, 383 Kent Street, Sydney NSW 2000. General Phone: 61 2 9278 0666 General Fax: 61 2 9278 0555 ** This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63664&t=63654 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: Cant establish reverse telnet [7:63660]
Are you reverse telneting to the line the routers are connected to? -Original Message- From: McHugh Randy [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 25, 2003 7:55 AM To: [EMAIL PROTECTED] Subject: Cant establish reverse telnet [7:63660] It appears that I cannot establish a telnet session to my routers from the term server. How can I clear the line TS#sh ses % No connections open TS#r1 Translating "r1" Trying r1 (1.1.1.1, 2097)... % Connection refused by remote host TS#r2 Translating "r2" Trying r2 (1.1.1.1, 2098)... % Connection refused by remote host TS#clear line ? Line number aux Auxiliary line console Primary terminal line tty Terminal controller vty Virtual terminal TS#clear line thanks Randy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63665&t=63660 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cant establish reverse telnet [7:63660]
Show users would have displayed the line. I think you piped in 'show session'. I think show session shows outgoing telnet connections. And show user shows connections on the lines...vty,aux,con and tty. -Original Message- From: McHugh Randy [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 25, 2003 7:59 AM To: [EMAIL PROTECTED] Subject: RE: Cant establish reverse telnet [7:63660] I figured it out but dont really understand it. This is what I did line con 0 exec-timeout 0 0 logging synchronous line 97 112 no exec transport input all line aux 0 line vty 0 4 exec-timeout 0 0 password 7 060506324F41 login ! end TS#clear line 97 [confirm] [OK] Was it just the line 97 that was stuck? thx Randy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63666&t=63660 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cant establish reverse telnet [7:63660]
At the line level in your config make sure you have 'no exec' configured on the lines leading to your 'remote' devices or this sort of thing will happen all the time. HTH, John >>> "McHugh Randy" 2/24/03 3:55:19 PM >>> It appears that I cannot establish a telnet session to my routers from the term server. How can I clear the line TS#sh ses % No connections open TS#r1 Translating "r1" Trying r1 (1.1.1.1, 2097)... % Connection refused by remote host TS#r2 Translating "r2" Trying r2 (1.1.1.1, 2098)... % Connection refused by remote host TS#clear line ? Line number aux Auxiliary line console Primary terminal line tty Terminal controller vty Virtual terminal TS#clear line thanks Randy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63667&t=63660 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ATM and lastest ccie number [7:63668]
Does any configured atm back to back on 4500 and have a sample config, whats the latest ccie number and have folks seen new tests or are they cycling the same garbage through thanks in advance Dave _ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63668&t=63668 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: FW: Ethernet Slot Time and Delay [7:63659]
Newell Ryan D SrA 18 CS/SCBT wrote: > > > 500 Meters?? It's 2500 meters. In one example of such a > network, there can > > be 5 segments, 4 repeaters (hubs), but only 3 segments can > have end > > systems. That's the infamous 5-4-3 "rule." It makes a lot of > > assumptions. Really, the > > size of the network depends on round-trip propagation delay > for the > > particular equipment, cables, and cable lengths. > > Maybe I was wrong for thinking that. If my net was all 10 Base > T, then with > max 5 segments...500 meters. That's were I got that number > from. Measuring > the size of the collision domain is well under slot time. So I > could > technically extend the size of the network. The segment from the hub to the end station might be 100 meters, as that's how structured cabling is usually done. Between hubs probably isn't 100 meters, for what it's worth. In fact, it might be fiber-optic cabling. > > One of the things I ran into was the formula to use to > calculate the round > trip delay. With the formula in your book I came up with 210 > bit times round > trip for 500 meter 4 hub network. But with the definitive > guide's method I > got 362 bit times. When I was going back and forth between > books I think I > got lost somewhere. For a 100 meter cable they suggest 11.3 bit > times. While > you suggest 5 one-way or 10 round trip...very close. But they > start with a > base value. > Example First segment would be 26.55 bit times instead of 11.3. > The base > value is 15.25. 15.25+11.3=26.55 bit times for the first > segment. Technically, IEEE does say to add some DTE delay time, i.e. time at the stations themselves, both the sender and receiver. This is all documented in IEEE 802.3 documents, which are available for free from IEEE. It's not worth reading though (for this purpose I mean.) > > I think I understand the theory behind slot time. It takes a > station 51.2 > micro seconds to transmit the smallest frame. So station a > needs to be > notified by any other station if a collision was to happen > while it was > still transmitting. That's it. > So when the first bit of station a's > preamble hits > station z (at the other side of the network) rx pins while > station z was > transmitting, it's first bit hits the repeater. The repeater is > going to use > collision enforcement to make all stations including station a > is aware of > the collision. This must happen before station a finishes > transmitting the > smallest Ethernet frame. I think that is it. > > So should bit time be the time it takes to transmit the > preamble and 512 > bits? The preamble doesn't count. It's used to recover timing. A station or repeater might not catch all of the preamble. It just has to see the pattern and the start of frame delimiter. A repeater regenerates the preamble, by the way. > > One more thing... > > A proper preamble should look like 10101010 or AA. I'm sure I > read somewhere > that a collision would appear with all 5's or C's. We used to see 55s on old coax networks. Never saw Cs though. > How would > that be > possible if as soon as the repeater detects a collision it > sends out a jam > signal out all its ports? Then you would see alternating ones and zeros on the end of a frame. I have seen this, but not recently. My current NIC won't give me bad frames so even a sniffer doesn't give them to me. > Also a frame with a bad CRC is > suspect of a > collision. The frame got damaged when the collision occured. > How? If you know where I could get more reading on > this that > would be great! IEEE 802.3. > > Thanks for answering my questions! > > > > "We are what we repeatedly do. Excellence, then, is not an act, > but a > habit."--Aristotle > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63669&t=63659 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access List help!! [7:63644]
Jason Steig wrote: > > Hello all. I'am stumped on an access-list that i need to > create. What i did was i set up two routers using rip and put > loopbacks on one of them and advertised them in rip. I then > attempted to build an access-list allowing just these networks > to pass into the other router. The router with the loopbacks is > A the destination is B. so I know this will be a standard > access list (direction in) on router B's interface to router A. > > The requirements are > > allow any packet originating from 192.17.77.0 /24 > allow any packet originating from 192.17.73.0 /24 > allow any packet originating from 192.81.77.0 /24 > allow any packet originating from 192.81.73.0 /24 > allow any packet originating from 176.17.77.0 /24 > allow any packet originating from 176.17.73.0 /24 > allow any packet originating from 176.81.77.0 /24 > allow any packet originating from 176.81.73.0 /24 > > Hers what i think i can do > > with the 182 address i can do > permit ip 192.17.73.0 0.64.4.0 17 is 0001 0001 in binary 81 is 0011 0001 in binary The one place they DON'T agree is the bit in the 2^6 place, or 64. So you don't want 64, you want the opposite. Reverse all the bits from the answer you came up with. Remember 0 means must match. 1 means don't care. Then put that result in decimal. It looks like you need to reverse the bits from the answer you got for the next octet too. Priscilla > > because the 64 will increase the second octet to 81 then the 4 > in the third bit will increase the network to 77. Is this how i > would impliment this filtering policy in just two statements? > The same way with the 176 networks? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63670&t=63644 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access List help!! [7:63644]
Priscilla Oppenheimer wrote: > > Jason Steig wrote: > > > > Hello all. I'am stumped on an access-list that i need to > > create. What i did was i set up two routers using rip and put > > loopbacks on one of them and advertised them in rip. I then > > attempted to build an access-list allowing just these networks > > to pass into the other router. The router with the loopbacks > is > > A the destination is B. so I know this will be a standard > > access list (direction in) on router B's interface to router > A. > > > > The requirements are > > > > allow any packet originating from 192.17.77.0 /24 > > allow any packet originating from 192.17.73.0 /24 > > allow any packet originating from 192.81.77.0 /24 > > allow any packet originating from 192.81.73.0 /24 > > allow any packet originating from 176.17.77.0 /24 > > allow any packet originating from 176.17.73.0 /24 > > allow any packet originating from 176.81.77.0 /24 > > allow any packet originating from 176.81.73.0 /24 > > > > Hers what i think i can do > > > > with the 182 address i can do > > permit ip 192.17.73.0 0.64.4.0 > > 17 is 0001 0001 in binary > 81 is 0011 0001 in binary > > The one place they DON'T agree is the bit in the 2^6 place, or > 64. > > So you don't want 64, you want the opposite. Reverse all the > bits from the answer you came up with. Remember 0 means must > match. 1 means don't care. Then put that result in decimal. Oops. It looks like I didn't take my own advice, that 0 means must match and 1 means don't care. So you do want 64. Sorry. You had it right. Priscilla > > It looks like you need to reverse the bits from the answer you > got for the next octet too. > > Priscilla > > > > > because the 64 will increase the second octet to 81 then the 4 > > in the third bit will increase the network to 77. Is this how > i > > would impliment this filtering policy in just two statements? > > The same way with the 176 networks? > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63671&t=63644 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Trunk question [7:63653]
The below are my 3524xl uplinks to my other switches, I dont have to put switch access commands in...I assume you are running default isl/dot1q encapsulation for the trunking...I dont see any commands for the ISL or Dot1Q trunks listed. interface GigabitEthernet0/1 description to sjc5-00-gw1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,152,155,1002-1005 switchport mode trunk ! interface GigabitEthernet0/2 description to sjc5-00-gw2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,152,155,1002-1005 switchport mode trunk Larry Letterman Network Engineer Cisco Systems - Original Message - From: "Rutger Blom" To: Sent: Monday, February 24, 2003 1:22 PM Subject: Trunk question [7:63653] > Today I've been busy configuring a trunk on some Cisco 2950c/2924c switches. > Could somebody explain the difference between these two configurations: > > Config 1: > interface FastEthernet0/25 > switchport mode trunk > no ip address > > Config 2: > interface FastEthernet0/25 > switchport access vlan 204 > switchport mode trunk > no ip address > > With the first configuration, clients on the VLAN 204 did not get an IP > address from the DHCP server. Even clients with a static IP-address could > not establish IP contact with other hosts. The switch however could see > other switches via the "show cdp" commando. It could also "ping" other > switches. (all switches are in a separate management VLAN). > When I made the change resulting in configuration two everything worked > fine. > Note that the trunk is a FX link to a Cisco 2924c switch. This switch has > two FX ports. Both ports are configured to be trunk ports. I configured one > of those FX ports with the "switchport access vlan 204" aswell. The other FX > trunk port has a configuration as shown in config 1. This trunk port has a > FX link to a third Cisco 2924c switch. This switch operates in VLAN 107. > Everything works fine in this switch. I did not have to specify the > "switchport access vlan 107" on either of these ports. > > Is there some incompatibility issue between 2950c and 2924c? Why didn't it > work with config 1 on the Cisco 2950c switch? Can a Cisco 2924c switch have > its two FX ports configured as a trunk like in config 1? Even when those two > FX ports have physical links to different switches? > > A lot of questions, but I'm just very curious. > To make this a bit more clear I've attached a .txt file with a simple > drawing and configurations of the current situation. > > Thanks in advance, > > Rutger > Sweden > > > > > [demime removed a uuencoded section named site.txt which was 30 lines] [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63672&t=63653 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
7206 adding VIP cards [7:63673]
I have a couple of VIP cards from an old 7010 that are (according to Cisco) compatible with a new 7206. One is a single, copper 100Mb card and the other is a 4 port 10Bt card. I am supposed to be able to add them "hot" to the new 7206, but when I tried this I got the message on the console that all interfaces are being disabledand they were! I didn't wait very long to see if they would come back upon their own, but this does not seem like the expected behavior. Can anyone comment on this? I plan to try again and try to administratively bring the interfaces back up. Thanks in advance. Jamie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63673&t=63673 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access List help!! [7:63644]
so your saying that my statement ip access-list 1 permit ip 192.17.73.0 0.191.251.0 will permit all hosts from network 192.17.73.0 and 192.81.73.0?? 17 is 00010001 81 is 01010001 so the bit it doesn't match on is the 64 bit. so i just have to switch it around if your saying the ones don't count so it would be 0.191.251.0 ?? becuase if the zeros must match and ones don't count then that would be it then?? or is is 0.192.252.255 becuase the last octet is 255 so it allows all hosts? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63674&t=63644 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Trunk question [7:63653]
Rutger, Cisco s2witches allow you tyo specify which VLANS will be allowed to traverse a trunk link. Your first example simply identifies the port as a trunk link without any limitations as to which VLANs can use it. Your second example sets up the port as a trunk link but limits the traffic to VLAN 204. This just gives you a little more control over the paths that your traaffic takes. You can think of it as kind of an access-list for the trunk. HTH, Karen *** REPLY SEPARATOR *** On 2/24/2003 at 9:22 PM Rutger Blom wrote: >Hello, > >I'm not a Cisco expert and Ionly have some field experience with >configuring >switches. So please forgive me for my questions. > >Today I've been busy configuring a trunk on some Cisco 2950c/2924c >switches. >Could somebody explain the difference between these two configurations: > >Config 1: >interface FastEthernet0/25 > switchport mode trunk > no ip address > >Config 2: >interface FastEthernet0/25 > switchport access vlan 204 > switchport mode trunk > no ip address > >With the first configuration, clients on the VLAN 204 did not get an IP >address from the DHCP server. Even clients with a static IP-address could >not establish IP contact with other hosts. The switch however could see >other switches via the "show cdp" commando. It could also "ping" other >switches. (all switches are in a separate management VLAN). >When I made the change resulting in configuration two everything worked >fine. >Note that the trunk is a FX link to a Cisco 2924c switch. This switch has >two FX ports. Both ports are configured to be trunk ports. I configured one >of those FX ports with the "switchport access vlan 204" aswell. The other >FX >trunk port has a configuration as shown in config 1. This trunk port has a >FX link to a third Cisco 2924c switch. This switch operates in VLAN 107. >Everything works fine in this switch. I did not have to specify the >"switchport access vlan 107" on either of these ports. > >Is there some incompatibility issue between 2950c and 2924c? Why didn't it >work with config 1 on the Cisco 2950c switch? Can a Cisco 2924c switch have >its two FX ports configured as a trunk like in config 1? Even when those >two >FX ports have physical links to different switches? > >A lot of questions, but I'm just very curious. >To make this a bit more clear I've attached a .txt file with a simple >drawing and configurations of the current situation. > >Thanks in advance, > >Rutger >Sweden > > > > >[demime removed a uuencoded section named site.txt which was 30 lines] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63675&t=63653 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access List help!! [7:63644]
it worked!! thanks!Jason Steig wrote: > > so your saying that my statement > ip access-list 1 permit ip 192.17.73.0 0.191.251.0 will permit > all hosts from network 192.17.73.0 and 192.81.73.0?? > > 17 is 00010001 > 81 is 01010001 > > so the bit it doesn't match on is the 64 bit. so i just have > to switch it around if your saying the ones don't count > > so it would be 0.191.251.0 ?? > > becuase if the zeros must match and ones don't count then that > would be it then?? > > or is is 0.192.252.255 becuase the last octet is 255 so it > allows all hosts? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63676&t=63644 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access List help!! [7:63644]
""Jason Steig"" wrote in message news:[EMAIL PROTECTED] > it worked!! thanks!Jason Steig wrote: > > forgive me for having gotten lost in this thread... > > so your saying that my statement > > ip access-list 1 permit ip 192.17.73.0 0.191.251.0 will permit > > all hosts from network 192.17.73.0 and 192.81.73.0?? > > > > 17 is 00010001 > > 81 is 01010001 mask =0100the "1" in the 64 place allows for either "17" or "81" so the proper mask is 0.0.64.255 "255" allows for all values in the last octet I hope that's what you are saying, because that is the correct answer. > > > > so the bit it doesn't match on is the 64 bit. so i just have > > to switch it around if your saying the ones don't count > > > > so it would be 0.191.251.0 ?? > > > > becuase if the zeros must match and ones don't count then that > > would be it then?? > > > > or is is 0.192.252.255 becuase the last octet is 255 so it > > allows all hosts? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63677&t=63644 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: GRE tunneling in multicast [7:63655]
... don't have much experience with GRE tunnels, but if they operate anything like VPN tunnels, then I would expect the GRE Tunnel needs to be terminated between R1 and R5. The dependency for this is that R1 and R5 can successfully communicated to each other for the GRE Protocol (i.e., there are no ACLs along the way that are filtering out GRE Protocol). HTH's Mark -Original Message- From: Masaru Umetsu [mailto:[EMAIL PROTECTED] Sent: Monday, February 24, 2003 4:17 PM To: [EMAIL PROTECTED] Subject: GRE tunneling in multicast [7:63655] Because I use multicast,I'm considering to use GRE tunneling. The equipments are all cisco. Network diagram is like below. Multicast-R1-passport--LL--passport-R2-LAN-R3--FR--R4--LL--R5--Client Server GRE tunneling LL:leased line Passport:Nortel Passport Do I have to need configuring GRE tunneling only between R1 and R2? Or should I configure GRE tunneling between R2 and R5 ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63679&t=63655 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Strange problem with a 2924XL. [7:63680]
I had a strange problem this evening with a 2924XL. The server attached to port f0/13 had been generating errors and finally the switch stopped talking to it. A shut/no shut combination started everything back up again. The configuration only says to send a trap when a broadcast storm happens. There isn't anything about excessive errors. Any thoughts? I haven't checked CCO. I don't have a good idea what to search for without getting 10,000,000,000 hits. Thanks. Ken Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63680&t=63680 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
HELP!!! [7:63681]
I just got a SUP III (WS-X5530-E3) for my Cat 5005, all the light come up green but I can not get a prompt. I check the cable and everything else.I tried getting a prompt on one of my other switches using the same set up and I get a prompt. I think this SUP might have a bad console port. -- _ The harder you work, the luckier you get! _ The only place success comes before work is in the dictionary!!! _ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63681&t=63681 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Strange problem with new flash memory and old Cisco 3640 [7:63682]
I have a similar site with the same bootstrap version as below as the memory upgrade worked great. Thanks for the input - I actually forgot to check that. Andrew -Original Message- From: Daniel Cotts [mailto:[EMAIL PROTECTED] Sent: 19 February 2003 18:18 To: 'Andrew Larkins'; [EMAIL PROTECTED] Subject: RE: Strange problem with new flash memory and old Cisco 3640 rout er [7:63341] Have you compared the Bootstrap versions between the box in question vs those that successfully use the new flash? > -Original Message- > From: Andrew Larkins [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 19, 2003 6:15 AM > To: [EMAIL PROTECTED] > Subject: Strange problem with new flash memory and old Cisco > 3640 router > [7:63341] > > > Hi all, > > I have a strange one for you guys and would appreciate any > ideas you may > have. > > I have a Cisco 3640 router that is operating normally. It is > however using > IOS 11.1 and we have bought memory to upgrade this (sho ver > below) . We > install the DRAM and all is great. Install the flash and the > router fails to > boot. I don't have any log messages, but the remote support > guy says that it > (router console) says there is no flash installed in the > router. Since this > happened previously, we tried another 2 separate 3640 > chassis', and this > flash memory worked great. Now this leads me to believe there > is something > wrong with the motherboard on the router. Strangely enough > another reboot of > the router and everything comes up with the exception of the > Token Ring > interface - a further look here reports an error about wrong > ring number. > Nothing has changed at all here. Another reload and the flash > vanishes. > Reinstall the old flash memory and router is operational again. > > I know this memory works - used other routers. The ring > number error has me > totally confused. Upgrades to all other exactly configure sites worked > perfectly > > New flash module is 16MB and old is 4MB > > Remote>sho ver > Cisco Internetwork Operating System Software > IOS (tm) 3600 Software (C3640-INR-M), Version 11.1(16)AA, > EARLY DEPLOYMENT > RELEASE SOFTWARE (fc1) > Copyright (c) 1986-1997 by cisco Systems, Inc. > Compiled Wed 17-Dec-97 03:25 by krunyan > Image text-base: 0x600088A0, data-base: 0x60512000 > > ROM: System Bootstrap, Version 11.1(7)AX [kuong (7)AX], EARLY > DEPLOYMENT > RELEASE SOFTWARE (fc2) > > DURBAN uptime is 6 minutes > System restarted by power-on at 13:55:24 UTC Wed Feb 19 2003 > System image file is "flash:c3640-inr-mz.111-16.AA.bin", > booted via flash > > cisco 3640 (R4700) processor (revision 0x00) with > 49152K/16384K bytes of > memory. > Processor board ID 04920558 > R4700 processor, Implementation 33, Revision 1.0 > Bridging software. > X.25 software, Version 2.0, NET2, BFE and GOSIP compliant. > Basic Rate ISDN software, Version 1.0. > 1 Ethernet/IEEE 802.3 interface. > 1 Token Ring/IEEE 802.5 interface. > 1 Serial network interface. > 8 Low-speed serial(sync/async) network interfaces. > 9 ISDN Basic Rate interfaces. > DRAM configuration is 64 bits wide with parity disabled. > 125K bytes of non-volatile configuration memory. > 4096K bytes of processor board System flash (Read/Write) > > Configuration register is 0x2102 > > Any idea's - I am just about to RMA the chassis. > > Thanks > Andrew Larkins > BCom, CCNP, CCDP, CSS1 > Bytes Technology Networks > A Division of Bytes Technology Group : Registration No: 1911/003874/06 > A Member of the Altron Group > P O Box 748, Rivonia, 2128 > 3 Eglin Rd, The Crescent, Sunninghill, South Africa > > > Tel: +27 11 800 9336 > Fax: +27 11 800 9496 > Mobile : +27 83 656 7214 > Email : [EMAIL PROTECTED] > [EMAIL PROTECTED] > > DISCLAIMER: This e-mail and its attachments may contain > information that is > confidential and that may be subject to legal privilege and > copyright. If > you are not the intended recipient you may not peruse, use, disclose, > distribute, copy or retain this message. If you have > received this message > in error, please notify the sender immediately by e-mail, facsimile or > telephone and return and thereafter destroy the original > message. Please > note that e-mails are subject to viruses, data corruption, delay, > interception and unauthorised amendment, and that the sender > does not accept > liability for any damages that may be incurred as a result of > communication > by e-mail. No employee or intermediary is authorised to > conclude a binding > agreement on behalf of the sender by e-mail without express written > confirmation by a duly authorised representative of the sender. By > transmitting this e-mail message over the Internet the sender does not > intend to allow the contents hereof to become part of the > public domain, and > the confidential nature of the contents shall not be altered > or diminished > from by such transmission. Message Posted at:
RE: two 1900 catalyst switches cannot exchange VLAN in [7:63683]
Don't you have to running the Enterprise version of the software for VTP to work?? -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: 24 February 2003 21:35 To: [EMAIL PROTECTED] Subject: RE: two 1900 catalyst switches cannot exchange VLAN in [7:63613] suaveguru wrote: > > all, > > I have 2 cisco catalyst 1900 switches with VLANS > configured on it when I tried to enable trunking on > both of the trunk ports and make the two catalyst 1900 > switched run VTP vlans information just can't travel > across the switches, appreciate if anyone with similar > problems tell me what to do Yes, I'll tell you what to do. :-) Check your configs. Also send us your configs. How can we help without your configs? It sounds like the two switches aren't in the same VTP domain maybe? They must be. Check the spelling and case for the domain name. It is case sensitive. Check for invisible spaces and other weird non-printable characters if there's no obvious typo. Tell us more about the VTP modes in use on the swithces. Are they VTP servers or clients or in transparent mode? Check the version of VTP. There are two versions. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com > > suaveguru > > __ > Do you Yahoo!? > Yahoo! Tax Center - forms, calculators, tips, more > http://taxes.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63683&t=63683 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ospf - rip redistribution issue, [7:63647]
I spent a fun couple of hours setting something up and playing around. some comments below, without giving away answers, because once you discover this for yourself you will have learned another useful tool. ""Casey, Paul (6822)"" wrote in message news:[EMAIL PROTECTED] > Hello, > > > I have ospf in to rip redistribution on a /24 classfull boundary, I > Summarized/ area range(d) all the networks in ospf domain to /24 to get them > to show up in rip.domain. > > No real problems here, though I haved one network in ospf 200.200.0.0/16 > which is not showing up in rip router. there is an interesting command I recently learned about. "show ip rip database" issue this command on the redistribution router and see what you can see > What can I do to make this /16 route cross the classfull boundary, as its > prefix is shorter that the /24 network it need to cross thus cant be > summarised. no doubt the /16 is showing up just fine in the OSPF domain :-> > Or should this route be capable of traversing the /24 classful boundary, > automatically,. in my tet bed: R3R4--R5--R6---200.200.0.0/16 RIP RIPRIP/OSPF OSPF there is indeed someting that has to happen before the /16 shows up in the RIP domain, but here is the proof: C 222.222.222.4 is directly connected, Loopback1001 R199.56.1.0/24 [120/5] via 192.168.1.5, 00:00:13, Serial1 C199.1.1.0/24 is directly connected, TokenRing0 R193.1.1.0/24 [120/1] via 199.1.1.3, 00:00:21, TokenRing0 C192.168.1.0/24 is directly connected, Serial1 R195.1.1.0/24 [120/5] via 192.168.1.5, 00:00:13, Serial1 C194.1.1.0/24 is directly connected, Loopback1 R200.200.0.0/16 [120/5] via 192.168.1.5, 00:00:13, Serial1 Router_4# all routers in question are RIPv1 - the command "version 2" has not been added under any routing process. > Any help greatly appreciated. > > Kind regard. > Paul. > > > > > This E-mail is from O2. The E-mail and any files > transmitted with it are confidential and may also be privileged and intended > solely for the use of the individual or entity to whom they are addressed. > Any unauthorised direct or indirect dissemination, distribution or copying > of this message and any attachments is strictly prohibited. If you have > received the E-mail in error please notify [EMAIL PROTECTED] or > telephone ++ 353 1 6095000. > > * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63684&t=63647 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Strange problem with a 2924XL. [7:63680]
""Ken Diliberto"" wrote in message news:[EMAIL PROTECTED] > I had a strange problem this evening with a 2924XL. The server attached > to port f0/13 had been generating errors and finally the switch stopped > talking to it. A shut/no shut combination started everything back up > again. > > The configuration only says to send a trap when a broadcast storm > happens. There isn't anything about excessive errors. > > Any thoughts? I haven't checked CCO. I don't have a good idea what to > search for without getting 10,000,000,000 hits. what is the exact configuration line used? the documentation talks about default rising and falling thresholds. of course it does not indicate whether or not the default is to shutdown or not. http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/29_35wc3/cref/cl icmds.htm#xtocid51 > > Thanks. > > Ken Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63685&t=63680 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
